Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fake Windows Security Warnings [RESOLVED]

Started by myke , Jun 06 2008 07:14 PM

  • This topic is locked This topic is locked

#1
myke
Posted 06 June 2008 - 07:14 PM

myke

    Member

  • Member
  • PipPip
  • 21 posts
I have been unable to remove this virus that is causing the Fake Windows Security Warnings and is changing the wall paper every time a balloon pops up to tell you you are infected.

I installed updated and ran:

ATF Cleaner

Malwarebytes' Anti-Malware

SUPERAntiSpyware Home Edition

AVG Anti spyware

Webroot spysweeper

Nod32

some of these I ran more then once in safe mode also

They removed allot and the computers performance did improve but the Fake security thingy is still persistent.

Here is my HiJack This log and uninstall logs....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:48 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\a4a9ccd1806461c53ce89bdd6f4591bf\update\update.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\system32\ASKS~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [dzrefgjd] C:\WINDOWS\system32\tcvqhofq.exe
O4 - HKCU\..\Run: [Txvhofdj] "C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\??curity\?hkntfs.exe"
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: dAaYcaxsL - {8C21E6F2-268B-4C58-8B69-56848FA6F64B} - C:\WINDOWS\system32\hxbpb.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 7632 bytes





Adobe Flash Player ActiveX
Adobe Reader 7.0
AIM 6
AIM Toolbar 5.0
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Search
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Blasterball 2 Revolution
Bonjour
Digital Media Reader
DVD Solution
ESET NOD32 Antivirus
Gateway Game Console
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB935448)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
iTunes
J2SE Runtime Environment 5.0 Update 2
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Works
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
OCR Software by I.R.I.S 7.0
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Soft Data Fax Modem with SmartCP
Sonic Encoders
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WildTangent Web Driver
Windows Media Format Runtime
Windows XP Hotfix - KB886185
Windows XP Media Center Edition 2005 KB914548



Thanks for any help!

myke

Edited by myke, 06 June 2008 - 07:18 PM.

  • 0

Advertisements

#2
Mike
Posted 07 June 2008 - 10:34 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi myke,

I am currently reviewing your log and will post back soon.

Please take note of the following points.
  • Please keep in mind that there may be a time difference between us, If you are not in the GMT +1 time zone, than you can expect a slight delay.
  • Please do not run any tools other than what I request of you to run. Some of the tools we will use are very powerful, and using them without the required knowledge could cause more damage and prove to be more troublesome than the problem you are currently facing.
  • If at any time you have a doubt about what you are to do, please stop there and ask. No question is considered dumb here at GeeksToGo!.

Thanks,

Mike :)
  • 0

#3
Mike
Posted 07 June 2008 - 11:01 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi again myke,

You have alot of nasties on your computer.
Please follow my instructions in the order they were given, if you come across something you don't understand or don't feel comfortable doing, don't hesitate to ask and I will get you sorted out :)
If you cannot complete a step in my instructions, please skip it and continue with the rest of my instructions and tell me in your next reply which one you were having trouble with.

Step 1. Fixes with Hijack This

Please go to add or remove programs and uninstall:

Viewpoint Media Player
QdrModule

Viewpoint media player comes bundled with alot of applications and it has been heading torwards being catagorized as Malware. At the moment I still list this as an optional removal, so if you wish to remove it please do, otherwise leave it. Take a look here for some more information.

Please open HijackThis again and choose "Do a system scan only". Please put a check next to each of the following entries (if still present):

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\system32\ASKS~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [dzrefgjd] C:\WINDOWS\system32\tcvqhofq.exe
O4 - HKCU\..\Run: [Txvhofdj] "C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\??curity\?hkntfs.exe"
O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: dAaYcaxsL - {8C21E6F2-268B-4C58-8B69-56848FA6F64B} - C:\WINDOWS\system32\hxbpb.dll (file missing)

Now please close all open windows except HJT and press "Fix checked".

Step 2. Running OTMoveIt2

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [Kill Explorer]
C:\WINDOWS\system32\iftuyszv.exe
C:\windows\system32\ALCMTR.EXE
C:\Program Files\QdrModule
C:\WINDOWS\system32\ASKS~1
C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\??curity /u
C:\WINDOWS\system32\tcvqhofq.exe
cru629.dat /s
C:\WINDOWS\SYSTEM32\WinCtrl32.dll
C:\WINDOWS\system32\hxbpb.dll
purity
EmptyTemp
[Start Explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step 3. Deckards' System Scanner

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.

In your next reply

Please post the log from OTMoveIt.
Please post the log from Deckards' System Scanner. (main and extra.txt)

If the logs are to big to fit in one reply please spread them out over multiple replies.

Edited by Mike, 07 June 2008 - 11:08 AM.

  • 0

#4
myke
Posted 07 June 2008 - 11:53 AM

myke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks Mike,

I am following your instructions now, I was not clear on if I should reboot after I press the fix it button on Hijackthis so I didn't.

Right now the OTMoveIt2 is struggling with the cru629.dat file and I am not sure if it will ever finish, I can wait as long as it takes.

let me know if I should do anything different now that I have mentioned this otherwise I will just let it continue to work.

myke
  • 0

#5
Mike
Posted 07 June 2008 - 12:32 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi myke,

OTMoveIt is scanning for that file at the moment, which is what I had it do as I was not sure where it was located.

I did afterwards find that it was located in system32, but unfortunately I posted to quickly. Please allow it to finish if possible, if it gets to a point where it is scanning for hours try and exit the program and reboot.

then run this script instead:
[Kill Explorer]
C:\WINDOWS\system32\iftuyszv.exe
C:\windows\system32\ALCMTR.EXE
C:\Program Files\QdrModule
C:\WINDOWS\system32\ASKS~1
C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\??curity /u
C:\WINDOWS\system32\tcvqhofq.exe
C:\windows\system32\cru629.dat
C:\WINDOWS\SYSTEM32\WinCtrl32.dll
C:\WINDOWS\system32\hxbpb.dll
purity
EmptyTemp
[Start Explorer]

Edited by Mike, 07 June 2008 - 12:32 PM.

  • 0

#6
myke
Posted 07 June 2008 - 01:06 PM

myke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Ok, I restarted and completed the directions. Here are the log's.

OTMoveIt2 Log:

Explorer killed successfully
C:\WINDOWS\system32\iftuyszv.exe moved successfully.
File/Folder C:\windows\system32\ALCMTR.EXE not found.
File/Folder C:\Program Files\QdrModule not found.
File/Folder C:\WINDOWS\system32\ASKS~1 not found.
< C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\??curity /u >
File/Folder C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\??curity not found.
File/Folder C:\WINDOWS\system32\tcvqhofq.exe not found.
File/Folder C:\windows\system32\cru629.dat not found.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\WinCtrl32.dll
C:\WINDOWS\SYSTEM32\WinCtrl32.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\WinCtrl32.dll moved successfully.
File/Folder C:\WINDOWS\system32\hxbpb.dll not found.
< purity >
C:\Documents and Settings\Owner.YOUR-2BABB7A94C\My Documents\sеcurity moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\~DF15CA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\~DF9F95.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06072008_115814

Files moved on Reboot...
C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\~DF15CA.tmp moved successfully.
File C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\~DF9F95.tmp not found!


Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-07 12:00:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
60: 2008-06-07 19:00:45 UTC - RP60 - Deckard's System Scanner Restore Point
59: 2008-06-05 10:00:25 UTC - RP59 - Software Distribution Service 3.0
58: 2008-06-05 09:29:45 UTC - RP58 - Installed ESET NOD32 Antivirus
57: 2008-06-05 00:27:57 UTC - RP57 - Removed Microsoft Office Standard Edition 2003
56: 2008-04-26 22:10:25 UTC - RP56 - System Checkpoint


-- First Restore Point --
1: 2008-02-22 01:51:09 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 446 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:29 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 4989 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080607-103241-198 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080607-103241-200 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080607-103241-220 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080607-103241-226 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080607-103241-259 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080607-103241-265 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080607-103241-273 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080607-103241-276 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080607-103241-282 O4 - HKCU\..\Run: [Txvhofdj] "C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\??curity\?hkntfs.exe"
backup-20080607-103241-288 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080607-103241-342 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080607-103241-399 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080607-103241-445 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080607-103241-504 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080607-103241-508 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080607-103241-622 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080607-103241-654 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
backup-20080607-103241-673 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080607-103241-694 O4 - HKCU\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe"
backup-20080607-103241-703 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080607-103241-711 O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
backup-20080607-103241-712 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080607-103241-722 O20 - AppInit_DLLs: cru629.dat
backup-20080607-103241-750 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080607-103241-780 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080607-103241-786 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20080607-103241-808 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080607-103241-863 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080607-103241-904 O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
backup-20080607-103241-911 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080607-103241-927 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080607-103241-936 O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\system32\ASKS~1\nopdb.exe" -vt yazb
backup-20080607-103241-945 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080607-103241-997 O4 - HKCU\..\Run: [dzrefgjd] C:\WINDOWS\system32\tcvqhofq.exe
backup-20080607-103242-366 O21 - SSODL: dAaYcaxsL - {8C21E6F2-268B-4C58-8B69-56848FA6F64B} - C:\WINDOWS\system32\hxbpb.dll (file missing)
backup-20080607-115742-109 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080607-115742-125 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
backup-20080607-115742-137 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080607-115742-174 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080607-115742-187 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080607-115742-196 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080607-115742-302 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080607-115742-315 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080607-115742-349 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080607-115742-372 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080607-115742-415 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080607-115742-544 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080607-115742-612 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080607-115742-635 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080607-115742-646 O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
backup-20080607-115742-730 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080607-115742-753 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080607-115742-774 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080607-115742-819 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080607-115742-838 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080607-115742-845 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080607-115742-856 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080607-115742-858 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080607-115742-865 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080607-115742-873 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080607-115742-917 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080607-115742-997 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Ngs28 - c:\windows\system32\drivers\ngs28.sys
R0 Winuu36 - c:\windows\system32\drivers\winuu36.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S1 hcnwg4u - h¸ (file missing)
S1 SASDIFSV - k:\anti virus and anti spyware\super antispyware\sasdifsv.sys (file missing)
S1 SASKUTIL - k:\anti virus and anti spyware\super antispyware\saskutil.sys (file missing)
S3 MBAMCatchMe - c:\windows\system32\drivers\mbamcatchme.sys (file missing)
S3 SASENUM - k:\anti virus and anti spyware\super antispyware\sasenum.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S4 TlntSvrSCardSvr (Telnet TlntSvrSCardSvr) - c:\windows\system32\aamd532h.exe srv


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-24 14:33:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-07 12:00:35 0 d-------- C:\WINDOWS\LastGood
2008-06-07 11:59:15 14336 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-06-06 17:33:05 0 d-------- C:\Program Files\Trend Micro
2008-06-05 16:11:47 8448 --a------ C:\WINDOWS\iexplorer.exe
2008-06-05 16:03:00 22272 --a------ C:\WINDOWS\y.exe
2008-06-05 16:03:00 24064 --a------ C:\WINDOWS\xplugin.dll
2008-06-05 16:02:59 25344 --a------ C:\WINDOWS\x.exe
2008-06-05 16:02:59 27392 --a------ C:\WINDOWS\winmgnt.exe
2008-06-05 16:02:58 18944 --a------ C:\WINDOWS\window.exe
2008-06-05 16:02:58 29696 --a------ C:\WINDOWS\winajbm.dll
2008-06-05 16:02:57 26112 --a------ C:\WINDOWS\win64.exe
2008-06-05 16:02:57 15872 --a------ C:\WINDOWS\win32e.exe
2008-06-05 16:02:56 25600 --a------ C:\WINDOWS\waol.exe
2008-06-05 16:02:56 13056 --a------ C:\WINDOWS\users32.exe
2008-06-05 16:02:56 10496 --a------ C:\WINDOWS\time.exe
2008-06-05 16:02:56 14080 --a------ C:\WINDOWS\systemcritical.exe
2008-06-05 16:02:56 21760 --a------ C:\WINDOWS\systeem.exe
2008-06-05 16:02:55 19200 --a------ C:\WINDOWS\olehelp.exe
2008-06-05 16:02:55 14848 --a------ C:\WINDOWS\notepad32.exe
2008-06-05 16:02:55 19712 --a------ C:\WINDOWS\mtwirl32.dll
2008-06-05 16:02:55 28160 --a------ C:\WINDOWS\loader.exe
2008-06-05 16:02:54 19200 --a------ C:\WINDOWS\cpan.dll
2008-06-05 16:02:53 23296 --a------ C:\WINDOWS\clrssn.exe
2008-06-05 16:02:53 19712 --a------ C:\WINDOWS\avpcc.dll
2008-06-05 16:02:52 22016 --a------ C:\WINDOWS\accesss.exe
2008-06-05 16:01:21 2306 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-05 16:00:35 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-05 16:00:35 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-05 16:00:35 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-05 16:00:35 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-05 16:00:35 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-05 16:00:35 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-05 16:00:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-05 16:00:35 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-05 12:52:39 0 d-------- C:\WINDOWS\pss
2008-06-05 02:29:48 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-04 19:06:36 0 d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\Grisoft
2008-06-04 19:06:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-04 19:00:25 22272 --a------ C:\WINDOWS\svchost32.exe
2008-06-04 19:00:24 14592 --a------ C:\WINDOWS\internet.exe
2008-06-04 19:00:23 16896 --a------ C:\WINDOWS\explore.exe
2008-06-04 18:57:32 4 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-06-04 18:38:29 28672 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-04 17:49:17 0 d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\U3
2008-06-04 17:47:01 12800 --a------ C:\WINDOWS\system32\WinNt32.dll
2008-06-04 17:28:48 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-04 15:07:06 155 --a------ C:\sfygef.bat
2008-06-04 15:05:35 13568 --a------ C:\WINDOWS\svcinit.exe
2008-06-04 15:05:30 21248 --a------ C:\WINDOWS\sistem.exe
2008-06-04 15:05:28 21504 --a------ C:\WINDOWS\searchword.dll
2008-06-04 15:05:24 14592 --a------ C:\WINDOWS\rundll16.exe
2008-06-04 15:05:23 14848 --a------ C:\WINDOWS\quicken.exe
2008-06-04 15:05:22 29952 --a------ C:\WINDOWS\qttasks.exe
2008-06-04 15:05:13 28672 --a------ C:\WINDOWS\mswsc20.dll
2008-06-04 15:05:05 19456 --a------ C:\WINDOWS\mswsc10.dll
2008-06-04 15:04:59 32768 --a------ C:\WINDOWS\msupdate.exe
2008-06-04 15:04:47 26368 --a------ C:\WINDOWS\mssys.exe
2008-06-04 15:04:41 23040 --a------ C:\WINDOWS\msspi.dll
2008-06-04 15:04:35 25600 --a------ C:\WINDOWS\msconfd.dll
2008-06-04 15:03:58 15360 --a------ C:\WINDOWS\inetinf.exe
2008-06-04 15:03:51 10240 --a------ C:\WINDOWS\iedll.exe
2008-06-04 15:03:48 26112 --a------ C:\WINDOWS\helpcvs.exe
2008-06-04 15:03:42 31744 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-04 15:03:38 12288 --a------ C:\WINDOWS\funny.exe
2008-06-04 15:03:37 16640 --a------ C:\WINDOWS\funniest.exe
2008-06-04 15:03:37 21504 --a------ C:\WINDOWS\explorer32.exe
2008-06-04 15:03:36 30208 --a------ C:\WINDOWS\editpad.exe
2008-06-04 15:03:32 26880 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-04 15:03:29 12544 --a------ C:\WINDOWS\directx32.exe
2008-06-04 15:03:28 31232 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-04 15:00:53 0 d-------- C:\WINDOWS\CSC
2008-06-04 14:50:26 0 d-------- C:\Documents and Settings\LocalService\Favorites
2008-06-04 14:49:59 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-06-04 14:49:02 0 d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\Malwarebytes
2008-06-04 14:47:26 0 d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\TmpRecentIcons
2008-06-04 14:35:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-04 14:34:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 12:48:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-04 12:48:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-04 12:47:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-06-04 12:40:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall


-- Find3M Report ---------------------------------------------------------------

2008-06-04 17:33:54 0 d-------- C:\Program Files\Google
2008-06-04 17:28:17 0 d-------- C:\Program Files\Common Files
2008-06-04 17:25:01 0 d-------- C:\Program Files\Common Files\AOL
2008-06-04 15:05:59 2 --a------ C:\-1943935247
2008-06-04 15:04:07 577536 --a------ C:\WINDOWS\system32\user32.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-04 12:29:39 0 d-------- C:\Program Files\BigFix
2008-04-28 13:30:01 16 --a------ C:\s28o
2008-04-21 17:55:45 13824 --a------ C:\hfxp.exe
2008-04-17 14:36:56 136 --a-s---- C:\WINDOWS\system32\1921157472.dat
2008-04-17 14:36:55 20480 --ahs---- C:\WINDOWS\system32\aamd532m.dll
2008-04-17 14:36:49 22016 --ahs---- C:\WINDOWS\system32\adsldpcp.dll
2008-04-17 14:35:39 41984 -r-hs---- C:\WINDOWS\system32\aamd532h.exe
2008-04-06 07:36:09 6656 --a------ C:\WINDOWS\estrictions.dll
2008-03-24 10:18:37 486 --a------ C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 08:56 PM]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [12/09/2005 07:44 PM]
"RTHDCPL"="RTHDCPL.EXE" [04/17/2006 04:34 PM C:\WINDOWS\RTHDCPL.exe]
"CHotkey"="zHotkey.exe" [12/08/2004 06:57 PM C:\WINDOWS\zHotkey.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 03:41 AM]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" []
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [03/13/2008 04:48 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 09:15 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 04:24 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 8:56:20 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 06/07/2008 11:59 AM 14336 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ngs28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuu36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pmbmfkvu]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pmbmfkvu.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"TlntSvrSCardSvr"=2 (0x2)
"TapiSrv"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-06-07 12:02:00 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 445.11 MiB / 76.49 MiB
Pagefile Memory (total/avail): 1050.51 MiB / 743.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.98 MiB

C: is Fixed (NTFS) - 148.1 GiB total, 138.47 GiB free.
D: is Fixed (FAT32) - 5.28 GiB total, 2.12 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - HDT722516DLAT80 - 153.38 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 148.1 GiB - C:
\PARTITION1 - Unknown - 5.29 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall Plus v (McAfee)
AV: McAfee VirusScan v (McAfee)
AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1203644139\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1203644139\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-2BABB7A94C
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner.YOUR-2BABB7A94C
LOGONSERVER=\\YOUR-2BABB7A94C
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp
TMP=C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp
USERDOMAIN=YOUR-2BABB7A94C
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner.YOUR-2BABB7A94C
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner.YOUR-2BABB7A94C (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\aolunins_us.exe
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Search --> C:\Program Files\AOL Search\uninstaller.exe AOL Search
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Blasterball 2 Revolution --> "C:\Program Files\Gateway Games\Blasterball 2 Revolution\Uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DVD Solution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
Gateway Game Console --> "C:\Program Files\WildTangent\Apps\Gateway Game Console\Uninstall.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Step By Step Interactive Training (KB898458) -->
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDBRYCM5K.inf
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows XP Media Center Edition 2005 KB914548 --> "C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type992 / Error
Event Submitted/Written: 06/07/2008 11:59:51 AM
Event ID/Source: 8 / Media Center Phone Service
Event Description:
Initializing the telephony service failed with error 0x80040005.

Event Record #/Type987 / Error
Event Submitted/Written: 06/07/2008 11:47:26 AM
Event ID/Source: 8 / Media Center Phone Service
Event Description:
Initializing the telephony service failed with error 0x80040005.

Event Record #/Type983 / Error
Event Submitted/Written: 06/07/2008 10:24:28 AM
Event ID/Source: 8 / Media Center Phone Service
Event Description:
Initializing the telephony service failed with error 0x80040005.

Event Record #/Type979 / Error
Event Submitted/Written: 06/06/2008 05:31:58 PM
Event ID/Source: 8 / Media Center Phone Service
Event Description:
Initializing the telephony service failed with error 0x80040005.

Event Record #/Type974 / Error
Event Submitted/Written: 06/05/2008 04:10:11 PM
Event ID/Source: 8 / Media Center Phone Service
Event Description:
Initializing the telephony service failed with error 0x80040005.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23921 / Error
Event Submitted/Written: 06/04/2008 06:18:41 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep
SASDIFSV
SASKUTIL

Event Record #/Type23107 / Error
Event Submitted/Written: 06/04/2008 05:52:00 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep
SASDIFSV
SASKUTIL

Event Record #/Type22984 / Error
Event Submitted/Written: 06/04/2008 05:47:24 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep
SASDIFSV
SASKUTIL

Event Record #/Type22765 / Error
Event Submitted/Written: 06/04/2008 05:40:03 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep
SASDIFSV
SASKUTIL

Event Record #/Type22602 / Error
Event Submitted/Written: 06/04/2008 05:34:17 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep
SASDIFSV
SASKUTIL



-- End of Deckard's System Scanner: finished at 2008-06-07 12:02:00 ------------


Thanks Again for the Help!

myke
  • 0

#7
Mike
Posted 08 June 2008 - 04:09 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there myke,

ewww... what a log.

Very Important!

You have a backdoor trojan installed on your computer.
Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned.
All passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

You seem to have two antiviruses running, NOD32 and McAfee. You need to remove one as having more than one antivirus will slow down your computer and could possibly lower your protection. If it was me I would remove McAfee and download a third party firewall (since McAfee runs both your AV and firewall). It's up to you though. Here are two good firewalls if you choose to uninstall McAfee (free as well)

Running Combofix

Please go here to install the recovery console and for a guide on using combofix.
Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, please don't overlook this!

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3


Please click Start then Run, in the window appears type in Notepad.exe.
Highlight the entire content of the codebox below. Copy (Control + C) and Paste (Control + V) the content into the notepad window:
http://www.geekstogo.com/forum/Fake-Windows-Security-Warnings-t200758.html
 KILLALL::
 
 Collect::
 c:\windows\system32\drivers\winuu36.sys
 c:\windows\system32\drivers\ngs28.sys
 c:\windows\system32\aamd532h.exe
 
 DirLook::
 C:\s28o
 C:\-1943935247
 
 File::
 C:\WINDOWS\system32\WinCtrl32.dll
 C:\WINDOWS\iexplorer.exe
 C:\WINDOWS\y.exe
 C:\WINDOWS\xplugin.dll
 C:\WINDOWS\x.exe
 C:\WINDOWS\winmgnt.exe
 C:\WINDOWS\window.exe
 C:\WINDOWS\winajbm.dll
 C:\WINDOWS\win64.exe
 C:\WINDOWS\win32e.exe
 C:\WINDOWS\waol.exe
 C:\WINDOWS\users32.exe
 C:\WINDOWS\time.exe
 C:\WINDOWS\systemcritical.exe
 C:\WINDOWS\systeem.exe
 C:\WINDOWS\olehelp.exe
 C:\WINDOWS\notepad32.exe
 C:\WINDOWS\mtwirl32.dll
 C:\WINDOWS\loader.exe
 C:\WINDOWS\cpan.dll
 C:\WINDOWS\clrssn.exe
 C:\WINDOWS\avpcc.dll
 C:\WINDOWS\accesss.exe
 C:\WINDOWS\system32\tmp.reg
 C:\WINDOWS\svchost32.exe
 C:\WINDOWS\internet.exe
 C:\WINDOWS\explore.exe
 C:\WINDOWS\system32\WLCtrl32.dll
 C:\WINDOWS\ctrlpan.dll
 C:\WINDOWS\system32\WinNt32.dll
 C:\sfygef.bat
 C:\WINDOWS\svcinit.exe
 C:\WINDOWS\sistem.exe
 C:\WINDOWS\searchword.dll
 C:\WINDOWS\rundll16.exe
 C:\WINDOWS\quicken.exe
 C:\WINDOWS\qttasks.exe
 C:\WINDOWS\mswsc20.dll
 C:\WINDOWS\mswsc10.dll
 C:\WINDOWS\msupdate.exe
 C:\WINDOWS\mssys.exe
 C:\WINDOWS\msspi.dll
 C:\WINDOWS\msconfd.dll
 C:\WINDOWS\inetinf.exe
 C:\WINDOWS\iedll.exe
 C:\WINDOWS\helpcvs.exe
 C:\WINDOWS\gfmnaaa.dll
 C:\WINDOWS\funny.exe
 C:\WINDOWS\funniest.exe
 C:\WINDOWS\explorer32.exe
 C:\WINDOWS\editpad.exe
 C:\WINDOWS\dnsrelay.dll
 C:\WINDOWS\directx32.exe
 C:\WINDOWS\ctfmon32.exe
 C:\WINDOWS\system32\hljwugsf.bin
 C:\hfxp.exe
 C:\WINDOWS\system32\1921157472.dat
 C:\WINDOWS\system32\aamd532m.dll
 C:\WINDOWS\system32\adsldpcp.dll
 C:\WINDOWS\system32\aamd532h.exe
 C:\WINDOWS\estrictions.dll
 C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\wklnhst.dat
 C:\Documents and Settings\All Users\Application Data\pmbmfkvu.dl
 
 Driver::
 Ngs28
 Winuu36
 hcnwg4u
 TlntSvrSCardSvr
 
 Registry::
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
 "DisableTaskMgr"=-
 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
 "DisableTaskMgr"=-
 "DisableRegistryTools"=-
 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
 "Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,"
 [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ngs28.sys]
 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuu36.sys]
 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
 "Viewpoint Manager Service"=-
 "TlntSvrSCardSvr"=-
Now in Notepad, go to File and in the menu that drops down click on Save As...
Save the file as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
Posted Image

After that please reboot your computer if it asks you to and post ComboFix.txt (the report the ComboFix will generate) in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#8
myke
Posted 08 June 2008 - 05:31 AM

myke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Ok, I completed this next step and here are the logs...

1. I decided to use the second option and run the recovery console from the cd rather then install it

2. I was not clear about the combo fix, It appeared as if I should have installed it before dragging the txt file onto the icon so I double clicked it thinking it was going to install but it didnt. the txt file was in the directory with it at the time. I will post both logs, first I double click t he combofix icon and the second I dragged the txt file onto the icon.


Log #1 - I double clicked on combofix

ComboFix 08-06-07.3 - Owner 2008-06-08 4:07:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.92 [GMT -7:00]
Running from: K:\Anti Virus and Anti Spyware\Hijack This\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\bmf.cs
C:\WINDOWS\system32\ccs.so
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\ho.ln
C:\WINDOWS\system32\ko.o
C:\WINDOWS\system32\mn.n
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
D:\Autorun.inf
C:\WINDOWS\system32\WinNt32.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI
-------\Legacy_HCNWG4U
-------\Legacy_ICF
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_tcpsr
-------\Service_hcnwg4u


((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-07 12:00 . 2008-06-07 12:00 <DIR> d-------- C:\Deckard
2008-06-07 11:58 . 2008-06-07 11:58 <DIR> d-------- C:\_OTMoveIt
2008-06-06 17:33 . 2008-06-06 17:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 16:01 . 2008-06-05 16:01 2,306 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-05 16:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-05 16:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-05 16:00 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-05 16:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-05 16:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-05 16:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-05 16:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-05 16:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-05 02:29 . 2008-06-05 02:29 <DIR> d-------- C:\Program Files\ESET
2008-06-05 02:29 . 2008-06-05 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-04 19:06 . 2008-06-04 19:06 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\Grisoft
2008-06-04 19:06 . 2008-06-04 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-04 17:49 . 2008-06-08 04:05 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\U3
2008-06-04 17:47 . 2008-06-08 04:10 12,800 --------- C:\WINDOWS\system32\WinNt32.dll
2008-06-04 15:07 . 2008-06-04 15:07 155 --a------ C:\sfygef.bat
2008-06-04 15:06 . 2004-08-10 12:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-04 14:49 . 2008-06-04 14:49 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\Malwarebytes
2008-06-04 14:35 . 2008-06-04 14:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-04 14:34 . 2008-06-04 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-04 12:47 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-06-04 12:40 . 2008-06-04 12:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-05 09:32 28,928 ----a-w C:\WINDOWS\system32\drivers\Winuu36.sys
2008-06-05 00:33 --------- d-----w C:\Program Files\Google
2008-06-05 00:25 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-05 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\padsbehi
2008-06-04 22:01 28,672 ----a-w C:\WINDOWS\system32\drivers\Ngs28.sys
2008-06-04 19:29 --------- d-----w C:\Program Files\BigFix
2008-04-22 00:55 13,824 ----a-w C:\hfxp.exe
2008-04-06 14:36 6,656 ----a-w C:\WINDOWS\estrictions.dll
2008-03-24 17:18 486 ----a-w C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\wklnhst.dat
.
C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)
577,024 2005-03-03 01:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
577,024 2005-03-03 01:09:30 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
263,547 2004-08-10 19:00:00 C:\WINDOWS\I386\USER32.DL_
577,536 2008-06-04 22:04:07 C:\WINDOWS\system32\user32.DLL
577,536 2008-06-04 22:04:07 C:\WINDOWS\system32\dllcache\user32.dll


------- Sigcheck -------

2005-03-02 18:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 08:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 18:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-06-04 15:04 577536 4c54ef0ee0721c78140ab04e8e252db4 C:\WINDOWS\system32\user32.DLL
2008-06-04 15:04 577536 4c54ef0ee0721c78140ab04e8e252db4 C:\WINDOWS\system32\dllcache\user32.dll

2005-05-25 19:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 12:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2005-05-25 19:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 11:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 19:44 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"CHotkey"="zHotkey.exe" [2004-12-08 18:57 550912 C:\WINDOWS\zHotkey.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [ ]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ngs28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuu36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pmbmfkvu]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\pmbmfkvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"TlntSvrSCardSvr"=2 (0x2)
"TapiSrv"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeeantivirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeefirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1203644139\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 Ngs28;Ngs28;C:\WINDOWS\system32\Drivers\Ngs28.sys [2008-06-04 15:01]
R0 Winuu36;Winuu36;C:\WINDOWS\system32\Drivers\Winuu36.sys [2008-06-05 02:32]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys []
S4 TlntSvrSCardSvr;Telnet TlntSvrSCardSvr;C:\WINDOWS\system32\aamd532h.exe [2008-04-17 14:35]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 21:33:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 04:11:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WinCtrl32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-06-08 4:14:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-08 11:14:39

Pre-Run: 148,592,939,008 bytes free
Post-Run: 148,511,883,264 bytes free

276 --- E O F --- 2008-06-05 10:00:55


Log # 2 - I dragged the txt file onto the icon


ComboFix 08-06-07.3 - Owner 2008-06-08 4:16:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.121 [GMT -7:00]
Running from: K:\Anti Virus and Anti Spyware\Hijack This\ComboFix.exe
Command switches used :: K:\Anti Virus and Anti Spyware\Hijack This\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Application Data\pmbmfkvu.dl
C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\wklnhst.dat
C:\hfxp.exe
C:\sfygef.bat
C:\WINDOWS\accesss.exe
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\estrictions.dll
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\1921157472.dat
C:\WINDOWS\system32\aamd532h.exe
C:\WINDOWS\system32\aamd532m.dll
C:\WINDOWS\system32\adsldpcp.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\WLCtrl32.dll
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\y.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\wklnhst.dat
C:\hfxp.exe
C:\sfygef.bat
C:\WINDOWS\estrictions.dll
C:\WINDOWS\system32\1921157472.dat
c:\windows\system32\aamd532h.exe
C:\WINDOWS\system32\aamd532m.dll
C:\WINDOWS\system32\adsldpcp.dll
c:\windows\system32\drivers\ngs28.sys
c:\windows\system32\drivers\winuu36.sys
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\WinNt32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NGS28
-------\Legacy_TLNTSVRSCARDSVR
-------\Legacy_WINUU36
-------\Service_Ngs28
-------\Service_TlntSvrSCardSvr
-------\Service_Winuu36


((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-07 12:00 . 2008-06-07 12:00 <DIR> d-------- C:\Deckard
2008-06-07 11:58 . 2008-06-07 11:58 <DIR> d-------- C:\_OTMoveIt
2008-06-06 17:33 . 2008-06-06 17:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 16:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-05 16:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-05 16:00 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-05 16:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-05 16:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-05 16:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-05 16:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-05 16:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-05 02:29 . 2008-06-05 02:29 <DIR> d-------- C:\Program Files\ESET
2008-06-05 02:29 . 2008-06-05 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-04 19:06 . 2008-06-04 19:06 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\Grisoft
2008-06-04 19:06 . 2008-06-04 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-04 17:49 . 2008-06-08 04:05 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\U3
2008-06-04 15:06 . 2004-08-10 12:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-04 14:49 . 2008-06-04 14:49 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\Malwarebytes
2008-06-04 14:35 . 2008-06-04 14:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-04 14:34 . 2008-06-04 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-04 12:47 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-06-04 12:40 . 2008-06-04 12:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-05 00:33 --------- d-----w C:\Program Files\Google
2008-06-05 00:25 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-05 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\padsbehi
2008-06-04 19:29 --------- d-----w C:\Program Files\BigFix
.
C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)
577,024 2005-03-03 01:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
577,024 2005-03-03 01:09:30 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
263,547 2004-08-10 19:00:00 C:\WINDOWS\I386\USER32.DL_
577,536 2008-06-04 22:04:07 C:\WINDOWS\system32\user32.DLL
577,536 2008-06-04 22:04:07 C:\WINDOWS\system32\dllcache\user32.dll


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\-1943935247 ----

C:\-1943935247\

---- Directory of C:\s28o ----

C:\s28o\


------- Sigcheck -------

2005-03-02 18:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 08:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 18:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-06-04 15:04 577536 4c54ef0ee0721c78140ab04e8e252db4 C:\WINDOWS\system32\user32.DLL
2008-06-04 15:04 577536 4c54ef0ee0721c78140ab04e8e252db4 C:\WINDOWS\system32\dllcache\user32.dll

2005-05-25 19:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 12:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2005-05-25 19:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 11:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_ 4.14.27.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 11:10:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 11:19:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 19:44 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"CHotkey"="zHotkey.exe" [2004-12-08 18:57 550912 C:\WINDOWS\zHotkey.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [ ]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pmbmfkvu]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\pmbmfkvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"TapiSrv"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeeantivirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeefirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1203644139\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 21:33:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 04:20:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-06-08 4:23:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-08 11:23:11
ComboFix2.txt 2008-06-08 11:14:44

Pre-Run: 148,501,704,704 bytes free
Post-Run: 148,488,085,504 bytes free

276 --- E O F --- 2008-06-05 10:00:55

Edited by myke, 08 June 2008 - 05:32 AM.

  • 0

#9
Mike
Posted 08 June 2008 - 07:41 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there myke,

Remember when I said eww? Ewww. :)

Anyways your logs look better we do have some things to take care of though, including a legitimate file that has been infected, for now please do the following for me.

Step 1. Making a CFScript

Please click Start then Run, in the window appears type in Notepad.exe.
Highlight the entire content of the codebox below. Copy (Control + C) and Paste (Control + V) the content into the notepad window:
File::
C:\Documents and Settings\All Users\Application Data\pmbmfkvu.dll

Folder::
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\-1943935247
C:\s28o
C:\Documents and Settings\All Users\Application Data\padsbehi

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pmbmfkvu]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe"
Now in Notepad, go to File and in the menu that drops down click on Save As...
Save the file as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
Posted Image

After that please reboot your computer if it asks you to and post ComboFix.txt (the report the ComboFix will generate) in your next reply.

Edited by Mike, 08 June 2008 - 08:02 AM.

  • 0

#10
myke
Posted 08 June 2008 - 01:00 PM

myke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks for the help!

Here is the requested log....

ComboFix 08-06-07.3 - Owner 2008-06-08 11:50:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.80 [GMT -7:00]
Running from: K:\Anti Virus and Anti Spyware\Hijack This\ComboFix.exe
Command switches used :: K:\Anti Virus and Anti Spyware\Hijack This\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Application Data\pmbmfkvu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1943935247\
C:\Documents and Settings\All Users\Application Data\padsbehi
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\s28o\

.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-08 11:49 . 2008-06-08 11:49 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-07 12:00 . 2008-06-07 12:00 <DIR> d-------- C:\Deckard
2008-06-07 11:58 . 2008-06-07 11:58 <DIR> d-------- C:\_OTMoveIt
2008-06-06 17:33 . 2008-06-06 17:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 16:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-05 16:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-05 16:00 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-05 16:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-05 16:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-05 16:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-05 16:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-05 16:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-05 02:29 . 2008-06-05 02:29 <DIR> d-------- C:\Program Files\ESET
2008-06-05 02:29 . 2008-06-05 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-04 19:06 . 2008-06-04 19:06 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\Grisoft
2008-06-04 19:06 . 2008-06-04 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-04 17:49 . 2008-06-08 04:05 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\U3
2008-06-04 15:06 . 2004-08-10 12:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-04 14:49 . 2008-06-04 14:49 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\Malwarebytes
2008-06-04 14:35 . 2008-06-04 14:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-04 14:34 . 2008-06-04 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-04 12:47 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-06-04 12:40 . 2008-06-04 12:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 00:33 --------- d-----w C:\Program Files\Google
2008-06-05 00:25 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-04 22:04 577,536 ----a-w C:\WINDOWS\system32\user32.DLL
2008-06-04 19:29 --------- d-----w C:\Program Files\BigFix
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.
C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)
577,024 2005-03-03 01:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
577,024 2005-03-03 01:09:30 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
263,547 2004-08-10 19:00:00 C:\WINDOWS\I386\USER32.DL_
577,536 2008-06-04 22:04:07 C:\WINDOWS\system32\user32.DLL
577,536 2008-06-04 22:04:07 C:\WINDOWS\system32\dllcache\user32.dll


------- Sigcheck -------

2005-03-02 18:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 08:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 18:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-06-04 15:04 577536 4c54ef0ee0721c78140ab04e8e252db4 C:\WINDOWS\system32\user32.DLL
2008-06-04 15:04 577536 4c54ef0ee0721c78140ab04e8e252db4 C:\WINDOWS\system32\dllcache\user32.dll

2005-05-25 19:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 12:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2005-05-25 19:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 11:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_ 4.14.27.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 11:10:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 18:48:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 19:44 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"CHotkey"="zHotkey.exe" [2004-12-08 18:57 550912 C:\WINDOWS\zHotkey.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [ ]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"TapiSrv"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeeantivirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeefirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1203644139\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 21:33:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 11:52:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-08 11:53:00
ComboFix-quarantined-files.txt 2008-06-08 18:52:56
ComboFix2.txt 2008-06-08 11:23:17
ComboFix3.txt 2008-06-08 11:14:44

Pre-Run: 148,478,672,896 bytes free
Post-Run: 148,465,901,568 bytes free

175 --- E O F --- 2008-06-05 10:00:55
  • 0

Advertisements

#11
myke
Posted 08 June 2008 - 08:06 PM

myke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Mike,

I decided to run the malwarebytes again and it detected and removed several items, ran it a second time and it found zero items.

here is a log from Hijackthis scan only and a combofix scan log of the computer currently.

I hope I did not do anything wrong, see what you think of the log now, maybe I am ok now?



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:35 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 4892 bytes



ComboFix 08-06-07.3 - Owner 2008-06-08 19:26:35.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.82 [GMT -7:00]
Running from: K:\Anti Virus and Anti Spyware\Hijack This\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-08 19:18 . 2008-04-14 05:42 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-06-08 19:18 . 2008-04-14 05:42 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-06-08 19:18 . 2008-04-13 22:57 79,872 --------- C:\WINDOWS\system32\msxml6r.dll
2008-06-08 19:18 . 2008-04-13 22:57 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-06-08 19:18 . 2008-04-14 05:42 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-06-08 19:18 . 2008-04-14 05:42 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-06-08 19:18 . 2008-04-14 00:13 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-06-08 19:15 . 2008-06-08 19:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-08 19:12 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002997_.tmp
2008-06-08 18:25 . 2008-03-01 06:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-08 18:25 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-08 18:25 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-08 18:25 . 2008-03-01 06:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-08 18:25 . 2008-03-01 06:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-08 18:25 . 2008-03-01 06:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-08 18:25 . 2008-03-01 06:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-08 18:25 . 2008-03-01 06:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-08 18:25 . 2008-02-22 03:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-07 12:00 . 2008-06-07 12:00 <DIR> d-------- C:\Deckard
2008-06-07 11:58 . 2008-06-07 11:58 <DIR> d-------- C:\_OTMoveIt
2008-06-06 17:33 . 2008-06-06 17:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 16:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-05 16:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-05 16:00 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-05 16:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-05 16:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-05 16:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-05 16:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-05 16:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-05 02:29 . 2008-06-05 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-04 19:06 . 2008-06-04 19:06 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\Grisoft
2008-06-04 19:06 . 2008-06-04 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-04 17:49 . 2008-06-08 04:05 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\U3
2008-06-04 15:06 . 2004-08-10 12:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-04 14:49 . 2008-06-04 14:49 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\Malwarebytes
2008-06-04 14:35 . 2008-06-04 14:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-04 14:34 . 2008-06-04 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-04 12:47 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-06-04 12:40 . 2008-06-04 12:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 00:33 --------- d-----w C:\Program Files\Google
2008-06-05 00:25 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-04 19:29 --------- d-----w C:\Program Files\BigFix
2008-04-14 12:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 12:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 12:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 12:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 12:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 12:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 12:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 12:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 12:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 12:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 12:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 12:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 12:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 08:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 07:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 07:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 07:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 07:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 07:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 07:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 07:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 07:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 07:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 07:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 07:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 07:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 07:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 07:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 07:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 07:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 07:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 07:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 07:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 07:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 07:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 07:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 07:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 07:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 07:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 07:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 07:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 07:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 07:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 07:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 07:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 07:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 07:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 07:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 07:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 07:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 07:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 07:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 07:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-14 07:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-14 07:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 07:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-14 07:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-14 07:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 07:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 07:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-14 07:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-14 07:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-14 07:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-14 07:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-14 07:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-14 07:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-14 07:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-14 07:21 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-14 07:17 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-14 07:16 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-14 07:16 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-14 07:16 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-14 07:16 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-14 07:16 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-14 07:16 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 07:16 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 07:16 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-14 07:16 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-14 07:16 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-14 07:16 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-14 07:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-14 07:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 07:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-14 07:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 07:13 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-14 07:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-14 07:13 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-14 07:11 8,576 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-04-14 07:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 07:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
2008-04-14 07:11 18,560 ----a-w C:\WINDOWS\system32\drivers\i2omp.sys
2008-04-14 07:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-14 07:09 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-14 07:09 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-14 07:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-14 07:09 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-14 07:09 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_ 4.14.27.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-02-25 10:35:05 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
+ 2005-02-25 03:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
- 2005-02-25 10:35:05 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
+ 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
- 2005-06-30 06:54:30 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
+ 2005-06-29 23:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
- 2005-02-25 10:35:05 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
+ 2005-02-25 03:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
- 2005-02-25 10:35:05 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
+ 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
- 2005-02-25 10:35:06 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
+ 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
+ 2008-04-14 12:41:50 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
- 2004-08-10 19:00:00 1,852,416 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
+ 2008-04-14 12:41:50 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2004-08-10 19:00:00 450,048 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2008-04-14 12:41:50 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2004-08-10 19:00:00 137,728 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
+ 2008-04-14 12:41:50 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2004-08-10 19:00:00 244,736 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2008-04-14 12:41:50 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2004-08-10 19:00:00 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2008-04-14 12:41:50 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
- 2006-06-17 09:37:58 8,704 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-06-09 02:20:21 8,704 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
- 2006-06-21 09:05:38 117,248 ----a-w C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2008-06-09 02:26:09 117,248 ----a-w C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
- 2006-06-17 09:37:58 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-06-09 02:20:20 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2006-06-17 09:37:58 34,816 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-06-09 02:20:21 34,816 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2006-06-21 09:05:38 102,400 ----a-w C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2008-06-09 02:26:08 102,400 ----a-w C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
- 2006-06-21 09:05:38 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2008-06-09 02:26:09 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
- 2006-06-21 09:05:38 192,512 ----a-w C:\WINDOWS\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
+ 2008-06-09 02:26:09 192,512 ----a-w C:\WINDOWS\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2006-06-21 09:05:38 868,352 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2008-06-09 02:26:09 868,352 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2006-06-21 09:05:38 126,976 ----a-w C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
+ 2008-06-09 02:26:08 126,976 ----a-w C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2006-06-21 09:05:39 110,592 ----a-w C:\WINDOWS\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2008-06-09 02:26:09 110,592 ----a-w C:\WINDOWS\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
- 2006-06-21 09:05:38 8,192 ----a-w C:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2008-06-09 02:26:08 8,192 ----a-w C:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
- 2006-06-21 09:05:38 73,728 ----a-w C:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2008-06-09 02:26:08 73,728 ----a-w C:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2006-06-21 09:05:38 167,936 ----a-w C:\WINDOWS\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
+ 2008-06-09 02:26:09 167,936 ----a-w C:\WINDOWS\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2006-06-21 09:05:38 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2008-06-09 02:26:09 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2006-06-21 09:05:38 389,120 ----a-w C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2008-06-09 02:26:09 389,120 ----a-w C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2006-06-21 09:05:38 18,944 ----a-w C:\WINDOWS\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2008-06-09 02:26:09 18,944 ----a-w C:\WINDOWS\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2006-06-21 09:05:38 278,528 ----a-w C:\WINDOWS\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2008-06-09 02:26:09 278,528 ----a-w C:\WINDOWS\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2006-06-21 09:05:38 122,880 ----a-w C:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2008-06-09 02:26:08 122,880 ----a-w C:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2006-06-21 09:05:38 53,248 ----a-w C:\WINDOWS\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2008-06-09 02:26:09 53,248 ----a-w C:\WINDOWS\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2006-06-21 09:05:38 389,120 ----a-w C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2008-06-09 02:26:08 389,120 ----a-w C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2006-06-17 09:37:58 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-06-09 02:20:24 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2006-06-17 09:37:58 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-06-09 02:20:25 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
- 2006-06-17 09:37:58 4,096 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-06-09 02:20:25 4,096 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
- 2006-06-17 09:37:58 27,136 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-06-09 02:20:25 27,136 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2006-06-17 09:37:58 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-06-09 02:20:20 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2006-06-21 09:05:38 45,056 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2008-06-09 02:26:09 45,056 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2006-06-17 09:37:58 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-06-09 02:20:20 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2006-06-17 09:37:58 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-06-09 02:20:20 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2006-06-17 09:37:58 5,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2008-06-09 02:20:20 5,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
- 2006-06-17 09:37:58 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-06-09 02:20:19 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2006-06-17 09:37:58 18,944 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-06-09 02:20:19 18,944 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2006-06-17 09:37:58 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-06-09 02:20:19 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2006-06-17 09:37:58 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-06-09 02:20:25 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
- 2006-06-17 09:37:58 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-06-09 02:20:21 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
- 2006-06-21 09:05:38 77,824 ----a-w C:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
+ 2008-06-09 02:26:09 77,824 ----a-w C:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2006-06-17 09:37:58 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-06-09 02:20:22 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2006-06-17 09:37:58 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
+ 2008-06-09 02:20:23 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
- 2006-06-17 09:37:58 1,695,744 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-06-09 02:20:24 1,695,744 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
- 2006-06-17 09:37:58 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-06-09 02:20:22 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2006-06-17 09:37:58 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-06-09 02:20:22 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2006-06-17 09:37:58 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-06-09 02:20:24 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2006-06-17 09:37:58 212,992 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-06-09 02:20:21 212,992 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2006-06-17 09:37:58 48,640 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-06-09 02:20:21 48,640 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2006-06-17 09:37:58 352,256 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-06-09 02:20:25 352,256 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
- 2006-06-17 09:37:58 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-06-09 02:20:24 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2006-06-17 09:37:58 311,296 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-06-09 02:20:26 311,296 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2006-06-17 09:37:58 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-06-09 02:20:26 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2006-06-17 09:37:58 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-06-09 02:20:21 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
- 2006-06-17 09:37:58 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-06-09 02:20:22 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2006-06-17 09:37:58 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-06-09 02:20:23 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2006-06-17 09:37:58 507,904 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-06-09 02:20:23 507,904 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-02-23 19:15:32 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-06-09 02:20:22 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2006-06-17 09:37:58 2,002,944 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-06-09 02:20:23 2,002,944 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
- 2006-06-17 09:37:58 1,302,528 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll
+ 2008-06-09 02:20:23 1,302,528 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll
- 2006-06-17 09:37:58 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-06-09 02:20:24 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-06-09 02:19:13 1,855,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_ab6743a8\System.dll
+ 2008-06-09 02:25:33 258,048 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\6.0.3000.0__31bf3856ad364e35_4f4192eb\BDATunePIA.dll
+ 2008-06-09 02:24:54 159,744 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\6.0.3000.0__31bf3856ad364e35_848a9f45\ehCIR.dll
+ 2008-06-09 02:25:27 2,326,528 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\6.0.3000.0__31bf3856ad364e35_06eb455b\EhCM.dll
+ 2008-06-09 02:25:31 299,008 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\6.0.3000.0__31bf3856ad364e35_ab3466fc\ehcommon.dll
+ 2008-06-09 02:25:18 1,306,624 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\6.0.3000.0__31bf3856ad364e35_55fe2f9d\ehepg.dll
+ 2008-06-09 02:25:00 167,936 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\6.0.3000.0__31bf3856ad364e35_84525841\ehepgdat.dll
+ 2008-06-09 02:25:50 167,936 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\6.0.3000.0__31bf3856ad364e35_f83fa2b7\ehExtCOM.dll
+ 2008-06-09 02:26:06 155,648 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\6.0.3000.0__31bf3856ad364e35_cbc6602a\ehExtHost.exe
+ 2008-06-09 02:24:43 10,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\6.0.3000.0__31bf3856ad364e35_8233a8f4\ehiExtCOM.dll
+ 2008-06-09 02:24:44 102,400 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\6.0.3000.0__31bf3856ad364e35_4df76fa7\ehiExtens.dll
+ 2008-06-09 02:25:11 266,240 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\6.0.3000.0__31bf3856ad364e35_90984a85\ehiMsgr.dll
+ 2008-06-09 02:25:03 380,928 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\6.0.3000.0__31bf3856ad364e35_c7b21d42\ehiPlay.dll
+ 2008-06-09 02:25:06 565,248 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\6.0.3000.0__31bf3856ad364e35_84c8e9f0\ehiProxy.dll
+ 2008-06-09 02:25:07 40,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\6.0.3000.0__31bf3856ad364e35_0ed92d47\ehiUserXp.dll
+ 2008-06-09 02:25:09 458,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\6.0.3000.0__31bf3856ad364e35_1cc35e65\ehiVidCtl.dll
+ 2008-06-09 02:24:43 180,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\6.0.3000.0__31bf3856ad364e35_aba51e14\ehiwmp.dll
+ 2008-06-09 02:25:34 69,632 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\6.0.3000.0__31bf3856ad364e35_786de896\ehiWUapi.dll
+ 2008-06-09 02:24:52 684,032 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\6.0.3000.0__31bf3856ad364e35_27f97edc\ehRecObj.dll
+ 2008-06-09 02:26:06 6,332,416 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\6.0.3000.0__31bf3856ad364e35_3d91b43f\ehshell.exe
+ 2008-06-09 02:25:35 65,536 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35_02e9424d\Microsoft.MediaCenter.dll
+ 2008-06-09 02:25:49 20,480 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0_4b82f73d\SonicMCEBurnEngine.dll
- 2008-06-08 11:10:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-09 02:24:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-10 19:00:00 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2008-04-14 12:42:20 1,033,728 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-10 19:00:00 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
+ 2008-04-14 12:42:08 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
- 2004-08-10 19:00:00 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
+ 2008-04-14 12:42:08 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
- 2004-08-10 19:00:00 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
+ 2008-04-14 12:42:08 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
- 2005-05-27 06:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2008-04-14 12:42:22 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2004-08-10 19:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-10 19:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-10 19:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2008-02-16 09:32:04 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-10 19:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-10 19:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-10 19:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-10 19:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-10 19:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-10 19:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-02-15 09:07:53 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-10 19:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2008-02-16 09:32:04 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-10 19:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-10 19:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-10 19:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-10 19:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2008-02-16 09:32:04 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2008-02-16 09:32:04 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-10 19:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-10 19:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2008-02-16 09:32:06 3,066,880 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-02-16 09:32:06 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-10 19:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-10 19:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2008-02-16 09:32:06 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2008-02-16 09:32:07 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-10 19:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2008-02-16 09:32:07 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-14 01:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-14 01:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-07 00:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-07 00:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-10 19:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2008-02-16 09:32:08 618,496 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-10 19:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2008-02-16 09:32:09 666,112 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-14 01:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-14 01:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-08-14 01:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-08-14 01:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-08-14 01:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-08-14 01:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-08-14 01:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-08-14 01:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-08-14 01:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-08-14 00:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-02-12 23:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-07-11 19:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-08-14 01:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-08-14 01:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-08-14 01:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-08-14 01:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-08-14 01:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-08-14 01:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-08-14 01:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-08-14 01:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-08-14 01:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-08-14 01:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-08-14 01:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-08-14 01:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-08-14 01:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-08-14 01:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2007-08-14 01:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-08-14 01:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-08-14 01:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-08-14 01:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-08-14 01:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2004-08-10 19:00:00 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
+ 2008-04-14 12:42:00 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
- 2004-08-10 19:00:00 130,048 ----a-w C:\WINDOWS\ime\SOFTKBD.DLL
+ 2008-04-14 12:42:08 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll
- 2004-08-10 19:00:00 62,976 ----a-w C:\WINDOWS\ime\SPGRMR.dll
+ 2008-04-14 05:13:20 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll
- 2004-08-10 19:00:00 250,880 ----a-w C:\WINDOWS\ime\SPTIP.dll
+ 2008-04-14 12:42:08 250,368 ----a-w C:\WINDOWS\ime\sptip.dll
+ 2008-01-19 03:43:10 2,247 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 23:03:52 18,917 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 22:36:48 13,801 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 12:41:32 25,600 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscupdc.dll
- 2002-06-22 07:31:20 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_filter.dll
+ 2008-04-14 04:40:00 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_filter.dll
- 2007-01-03 00:34:04 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2008-04-14 04:40:00 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2004-08-04 12:11:06 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
+ 2008-04-14 04:40:02 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
- 2002-06-22 07:31:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2008-04-14 04:40:02 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2007-01-03 00:34:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2008-04-14 04:40:02 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2007-01-16 00:10:00 61,440 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\gacutil.exe
+ 2008-04-14 04:40:34 61,440 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\gacutil.exe
- 2007-01-03 00:28:28 2,273,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2007-12-18 00:28:54 2,273,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2007-01-03 00:28:46 2,281,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2007-12-18 00:29:28 2,281,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2007-01-16 00:11:26 73,728 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
+ 2007-12-18 00:29:54 82,976 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
- 2007-01-16 00:11:30 57,344 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2007-12-18 00:29:56 66,592 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\setregni.exe
- 2004-07-20 08:54:18 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.dll
+ 2007-12-18 00:29:58 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\system.dll
- 2007-01-16 00:11:30 57,344 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2007-12-18 00:30:06 66,592 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\togac.exe
- 2004-08-10 19:00:00 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
+ 2008-04-14 12:41:50 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
- 2004-08-10 19:00:00 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
+ 2008-04-14 12:41:50 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
- 2006-10-12 13:54:18 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2008-04-14 12:41:50 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2007-03-09 13:58:57 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2008-04-14 12:41:50 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-10 19:00:00 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
+ 2008-04-14 12:41:50 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
- 2004-08-10 19:00:00 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
+ 2008-04-14 12:41:50 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
- 2004-08-10 19:00:00 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
+ 2008-04-14 12:41:50 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
- 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2008-04-14 12:42:14 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2004-08-10 19:00:00 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
+ 2008-04-14 12:41:50 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll
+ 2007-04-03 06:56:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll
+ 2007-04-03 06:56:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll
- 2004-08-10 19:00:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll
+ 2007-04-03 06:56:02 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll
- 2004-08-10 19:00:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll
+ 2007-04-03 06:56:02 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll
+ 2008-04-14 06:02:30 19,968 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll
+ 2007-04-03 06:56:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll
- 2004-08-10 19:00:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll
+ 2007-04-03 06:56:02 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll
- 2004-08-10 19:00:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll
+ 2007-04-03 06:56:02 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll
- 2004-08-10 19:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll
+ 2007-04-03 06:56:02 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll
- 2004-08-10 19:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll
+ 2007-04-03 06:56:02 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll
+ 2007-04-03 06:56:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll
+ 2007-04-03 06:56:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll
- 2004-08-10 19:00:00 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll
+ 2007-04-03 06:56:02 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll
+ 2007-04-03 06:56:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll
+ 2007-04-03 06:56:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll
+ 2007-04-03 06:56:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll
- 2004-08-10 19:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll
+ 2007-04-03 06:56:04 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll
- 2004-08-10 19:00:00 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
+ 2007-04-03 06:56:04 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
- 2004-08-10 19:00:00 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
+ 2008-04-14 12:42:02 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
- 2004-08-10 19:00:00 90,624 ----a-w C:\WINDOWS\mui\muisetup.exe
+ 2008-04-14 12:42:30 90,624 ----a-w C:\WINDOWS\mui\muisetup.exe
+ 2008-04-14 12:41:52 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2008-04-14 07:23:34 558,080 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-10 19:00:00 69,120 ----a-w C:\WINDOWS\NOTEPAD.EXE
+ 2008-04-14 12:42:30 69,120 ----a-w C:\WINDOWS\notepad.exe
- 2004-08-10 19:00:00 768,512 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-04-14 12:42:22 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-10 19:00:00 743,936 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 12:42:22 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-10 19:00:00 18,944 ----a-w C:\WINDOWS&

Edited by myke, 08 June 2008 - 08:30 PM.

  • 0

#12
Mike
Posted 09 June 2008 - 11:21 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there myke,

I was hoping you wouldn't run anything will we are trying to clean your computer, not that it was necessarily wrong with what you did, but because I spend a resonable amount of time analysing your log and running other tools just add to my work a bit since I need to start over again. So please allow me to be a bit selfish and try not to run any other tools than what I ask of you. We seem to be close to the finish line anyways!

Your logs look much better, no more eww.

You can fix this line with Hijack This R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

Now, first off I would like to see what MalwareBytes' Anti-Malware found.

Please open the program and click on the "logs" tab.

Please go back to the log where MBAM actually found some items and post it back here for me.

Jotti Scan

Your combofix log got cut off, but it isn't showing an infected user32.dll, which is strange. I want to make sure its ok.

  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\system32\user32.DLL
  • Click on the submit button
  • Please post the results in your next reply.

Do the same for C:\WINDOWS\system32\dllcache\user32.dll

If Jotti is busy, go to www.virustotal.com and do the same please.

Step 2. Running ATF Cleaner

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 3. Running Kaspersky Online Virusscaner

Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
  • In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
  • When you get the Windows dialog asking if you want to install this software, click the "Install" button.
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
  • Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

In your next reply

Please post the log from Jotti or Virustotal.
Please post the log from Kaspersky.

If the logs are to big to fit in one reply please spread them out over multiple replies.

How is your computer running now? Any problems?
  • 0

#13
myke
Posted 09 June 2008 - 01:40 PM

myke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks Again Mike,

I am very sorry I was not patient and jumped the gun :)

I could not hold my sisters computer any longer, she was here all day Sunday pacing the floor.

In the end as I said I ran Malwarebytes until it said zero item's found, after that I finished the windows updates including IE7 and SP3 for Windows XP.

Last I installed a new version of Symantec Norton Antivirus and Windows Defender, updated and ran them both, Norton found one item it didn't like and zero items on the second pass, Windows Defender found none.

The computer is working perfectly and the wallpaper changing spyware is gone.

Please accept my apologies and note the fact that I am a rookie at this, but I am attempting to learn some of the things you know. If nothing else, I have now learned what not to do.

Please Close this thread when you have the time.


myke

Not sure why the last combofix log got cut off but here it is again:

ComboFix 08-06-07.3 - Owner 2008-06-08 19:26:35.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.82 [GMT -7:00]
Running from: K:\Anti Virus and Anti Spyware\Hijack This\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-08 19:18 . 2008-04-14 05:42 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-06-08 19:18 . 2008-04-14 05:42 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-06-08 19:18 . 2008-04-13 22:57 79,872 --------- C:\WINDOWS\system32\msxml6r.dll
2008-06-08 19:18 . 2008-04-13 22:57 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-06-08 19:18 . 2008-04-14 05:42 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-06-08 19:18 . 2008-04-14 05:42 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-06-08 19:18 . 2008-04-14 00:13 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-06-08 19:15 . 2008-06-08 19:18 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-08 19:12 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002997_.tmp
2008-06-08 18:25 . 2008-03-01 06:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-08 18:25 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-08 18:25 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-08 18:25 . 2008-03-01 06:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-08 18:25 . 2008-03-01 06:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-08 18:25 . 2008-03-01 06:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-08 18:25 . 2008-03-01 06:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-08 18:25 . 2008-03-01 06:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-08 18:25 . 2008-02-22 03:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-07 12:00 . 2008-06-07 12:00 <DIR> d-------- C:\Deckard
2008-06-07 11:58 . 2008-06-07 11:58 <DIR> d-------- C:\_OTMoveIt
2008-06-06 17:33 . 2008-06-06 17:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-05 16:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-05 16:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-05 16:00 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-05 16:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-05 16:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-05 16:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-05 16:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-05 16:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-05 02:29 . 2008-06-05 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-04 19:06 . 2008-06-04 19:06 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\Grisoft
2008-06-04 19:06 . 2008-06-04 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-04 17:49 . 2008-06-08 04:05 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\U3
2008-06-04 15:06 . 2004-08-10 12:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-04 14:49 . 2008-06-04 14:49 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-2BABB7A94C\Application Data\Malwarebytes
2008-06-04 14:35 . 2008-06-04 14:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-04 14:34 . 2008-06-04 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-04 12:47 . 2008-06-04 12:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-06-04 12:40 . 2008-06-04 12:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\McAfee.com Personal Firewall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 00:33 --------- d-----w C:\Program Files\Google
2008-06-05 00:25 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-04 19:29 --------- d-----w C:\Program Files\BigFix
2008-04-14 12:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 12:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 12:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 12:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 12:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 12:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 12:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 12:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 12:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 12:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 12:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 12:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 12:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 08:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 07:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 07:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 07:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 07:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 07:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 07:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 07:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 07:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 07:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 07:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 07:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 07:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 07:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 07:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 07:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 07:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 07:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 07:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 07:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 07:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 07:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 07:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 07:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 07:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 07:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 07:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 07:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 07:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 07:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 07:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 07:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 07:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 07:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 07:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 07:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 07:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 07:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 07:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 07:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-14 07:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-14 07:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 07:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-14 07:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-14 07:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 07:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 07:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-14 07:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-14 07:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-14 07:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-14 07:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-14 07:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-14 07:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-14 07:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-14 07:21 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-14 07:17 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-14 07:16 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-14 07:16 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-14 07:16 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-14 07:16 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-14 07:16 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-14 07:16 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 07:16 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 07:16 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-14 07:16 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-14 07:16 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-14 07:16 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-14 07:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-14 07:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 07:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-14 07:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 07:13 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-14 07:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-14 07:13 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-14 07:11 8,576 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-04-14 07:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 07:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
2008-04-14 07:11 18,560 ----a-w C:\WINDOWS\system32\drivers\i2omp.sys
2008-04-14 07:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-14 07:09 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-14 07:09 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-14 07:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-14 07:09 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-14 07:09 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-08_ 4.14.27.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-02-25 10:35:05 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
+ 2005-02-25 03:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
- 2005-02-25 10:35:05 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
+ 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
- 2005-06-30 06:54:30 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
+ 2005-06-29 23:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
- 2005-02-25 10:35:05 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
+ 2005-02-25 03:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
- 2005-02-25 10:35:05 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
+ 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
- 2005-02-25 10:35:06 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
+ 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
+ 2008-04-14 12:41:50 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
- 2004-08-10 19:00:00 1,852,416 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
+ 2008-04-14 12:41:50 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2004-08-10 19:00:00 450,048 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2008-04-14 12:41:50 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2004-08-10 19:00:00 137,728 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
+ 2008-04-14 12:41:50 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2004-08-10 19:00:00 244,736 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2008-04-14 12:41:50 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2004-08-10 19:00:00 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2008-04-14 12:41:50 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
- 2006-06-17 09:37:58 8,704 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-06-09 02:20:21 8,704 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
- 2006-06-21 09:05:38 117,248 ----a-w C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2008-06-09 02:26:09 117,248 ----a-w C:\WINDOWS\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
- 2006-06-17 09:37:58 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-06-09 02:20:20 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2006-06-17 09:37:58 34,816 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-06-09 02:20:21 34,816 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2006-06-21 09:05:38 102,400 ----a-w C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2008-06-09 02:26:08 102,400 ----a-w C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
- 2006-06-21 09:05:38 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2008-06-09 02:26:09 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
- 2006-06-21 09:05:38 192,512 ----a-w C:\WINDOWS\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
+ 2008-06-09 02:26:09 192,512 ----a-w C:\WINDOWS\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2006-06-21 09:05:38 868,352 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2008-06-09 02:26:09 868,352 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2006-06-21 09:05:38 126,976 ----a-w C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
+ 2008-06-09 02:26:08 126,976 ----a-w C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2006-06-21 09:05:39 110,592 ----a-w C:\WINDOWS\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2008-06-09 02:26:09 110,592 ----a-w C:\WINDOWS\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
- 2006-06-21 09:05:38 8,192 ----a-w C:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2008-06-09 02:26:08 8,192 ----a-w C:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
- 2006-06-21 09:05:38 73,728 ----a-w C:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2008-06-09 02:26:08 73,728 ----a-w C:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2006-06-21 09:05:38 167,936 ----a-w C:\WINDOWS\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
+ 2008-06-09 02:26:09 167,936 ----a-w C:\WINDOWS\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2006-06-21 09:05:38 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2008-06-09 02:26:09 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2006-06-21 09:05:38 389,120 ----a-w C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2008-06-09 02:26:09 389,120 ----a-w C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2006-06-21 09:05:38 18,944 ----a-w C:\WINDOWS\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2008-06-09 02:26:09 18,944 ----a-w C:\WINDOWS\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2006-06-21 09:05:38 278,528 ----a-w C:\WINDOWS\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2008-06-09 02:26:09 278,528 ----a-w C:\WINDOWS\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2006-06-21 09:05:38 122,880 ----a-w C:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2008-06-09 02:26:08 122,880 ----a-w C:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2006-06-21 09:05:38 53,248 ----a-w C:\WINDOWS\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2008-06-09 02:26:09 53,248 ----a-w C:\WINDOWS\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2006-06-21 09:05:38 389,120 ----a-w C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2008-06-09 02:26:08 389,120 ----a-w C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2006-06-17 09:37:58 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-06-09 02:20:24 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2006-06-17 09:37:58 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-06-09 02:20:25 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
- 2006-06-17 09:37:58 4,096 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-06-09 02:20:25 4,096 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
- 2006-06-17 09:37:58 27,136 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-06-09 02:20:25 27,136 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2006-06-17 09:37:58 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-06-09 02:20:20 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2006-06-21 09:05:38 45,056 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2008-06-09 02:26:09 45,056 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2006-06-17 09:37:58 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-06-09 02:20:20 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2006-06-17 09:37:58 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-06-09 02:20:20 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2006-06-17 09:37:58 5,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2008-06-09 02:20:20 5,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
- 2006-06-17 09:37:58 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-06-09 02:20:19 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2006-06-17 09:37:58 18,944 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-06-09 02:20:19 18,944 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2006-06-17 09:37:58 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-06-09 02:20:19 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2006-06-17 09:37:58 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-06-09 02:20:25 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
- 2006-06-17 09:37:58 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-06-09 02:20:21 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
- 2006-06-21 09:05:38 77,824 ----a-w C:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
+ 2008-06-09 02:26:09 77,824 ----a-w C:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2006-06-17 09:37:58 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-06-09 02:20:22 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2006-06-17 09:37:58 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
+ 2008-06-09 02:20:23 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
- 2006-06-17 09:37:58 1,695,744 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-06-09 02:20:24 1,695,744 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
- 2006-06-17 09:37:58 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-06-09 02:20:22 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2006-06-17 09:37:58 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-06-09 02:20:22 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2006-06-17 09:37:58 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-06-09 02:20:24 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2006-06-17 09:37:58 212,992 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-06-09 02:20:21 212,992 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2006-06-17 09:37:58 48,640 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-06-09 02:20:21 48,640 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2006-06-17 09:37:58 352,256 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-06-09 02:20:25 352,256 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
- 2006-06-17 09:37:58 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-06-09 02:20:24 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2006-06-17 09:37:58 311,296 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-06-09 02:20:26 311,296 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2006-06-17 09:37:58 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-06-09 02:20:26 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2006-06-17 09:37:58 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-06-09 02:20:21 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
- 2006-06-17 09:37:58 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-06-09 02:20:22 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2006-06-17 09:37:58 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-06-09 02:20:23 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2006-06-17 09:37:58 507,904 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-06-09 02:20:23 507,904 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-02-23 19:15:32 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-06-09 02:20:22 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2006-06-17 09:37:58 2,002,944 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-06-09 02:20:23 2,002,944 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
- 2006-06-17 09:37:58 1,302,528 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll
+ 2008-06-09 02:20:23 1,302,528 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll
- 2006-06-17 09:37:58 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-06-09 02:20:24 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-06-09 02:19:13 1,855,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_ab6743a8\System.dll
+ 2008-06-09 02:25:33 258,048 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\6.0.3000.0__31bf3856ad364e35_4f4192eb\BDATunePIA.dll
+ 2008-06-09 02:24:54 159,744 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\6.0.3000.0__31bf3856ad364e35_848a9f45\ehCIR.dll
+ 2008-06-09 02:25:27 2,326,528 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\6.0.3000.0__31bf3856ad364e35_06eb455b\EhCM.dll
+ 2008-06-09 02:25:31 299,008 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\6.0.3000.0__31bf3856ad364e35_ab3466fc\ehcommon.dll
+ 2008-06-09 02:25:18 1,306,624 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\6.0.3000.0__31bf3856ad364e35_55fe2f9d\ehepg.dll
+ 2008-06-09 02:25:00 167,936 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\6.0.3000.0__31bf3856ad364e35_84525841\ehepgdat.dll
+ 2008-06-09 02:25:50 167,936 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\6.0.3000.0__31bf3856ad364e35_f83fa2b7\ehExtCOM.dll
+ 2008-06-09 02:26:06 155,648 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\6.0.3000.0__31bf3856ad364e35_cbc6602a\ehExtHost.exe
+ 2008-06-09 02:24:43 10,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\6.0.3000.0__31bf3856ad364e35_8233a8f4\ehiExtCOM.dll
+ 2008-06-09 02:24:44 102,400 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\6.0.3000.0__31bf3856ad364e35_4df76fa7\ehiExtens.dll
+ 2008-06-09 02:25:11 266,240 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\6.0.3000.0__31bf3856ad364e35_90984a85\ehiMsgr.dll
+ 2008-06-09 02:25:03 380,928 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\6.0.3000.0__31bf3856ad364e35_c7b21d42\ehiPlay.dll
+ 2008-06-09 02:25:06 565,248 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\6.0.3000.0__31bf3856ad364e35_84c8e9f0\ehiProxy.dll
+ 2008-06-09 02:25:07 40,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\6.0.3000.0__31bf3856ad364e35_0ed92d47\ehiUserXp.dll
+ 2008-06-09 02:25:09 458,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\6.0.3000.0__31bf3856ad364e35_1cc35e65\ehiVidCtl.dll
+ 2008-06-09 02:24:43 180,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\6.0.3000.0__31bf3856ad364e35_aba51e14\ehiwmp.dll
+ 2008-06-09 02:25:34 69,632 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\6.0.3000.0__31bf3856ad364e35_786de896\ehiWUapi.dll
+ 2008-06-09 02:24:52 684,032 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\6.0.3000.0__31bf3856ad364e35_27f97edc\ehRecObj.dll
+ 2008-06-09 02:26:06 6,332,416 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\6.0.3000.0__31bf3856ad364e35_3d91b43f\ehshell.exe
+ 2008-06-09 02:25:35 65,536 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35_02e9424d\Microsoft.MediaCenter.dll
+ 2008-06-09 02:25:49 20,480 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0_4b82f73d\SonicMCEBurnEngine.dll
- 2008-06-08 11:10:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-09 02:24:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-10 19:00:00 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2008-04-14 12:42:20 1,033,728 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-10 19:00:00 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
+ 2008-04-14 12:42:08 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
- 2004-08-10 19:00:00 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
+ 2008-04-14 12:42:08 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
- 2004-08-10 19:00:00 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
+ 2008-04-14 12:42:08 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
- 2005-05-27 06:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2008-04-14 12:42:22 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2004-08-10 19:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-10 19:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-10 19:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2008-02-16 09:32:04 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-10 19:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-10 19:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-10 19:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-10 19:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-10 19:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-10 19:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-02-15 09:07:53 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-10 19:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2008-02-16 09:32:04 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-10 19:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-10 19:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-10 19:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-10 19:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2008-02-16 09:32:04 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2008-02-16 09:32:04 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-10 19:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-10 19:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2008-02-16 09:32:06 3,066,880 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-02-16 09:32:06 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-10 19:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-10 19:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2008-02-16 09:32:06 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2008-02-16 09:32:07 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-10 19:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2008-02-16 09:32:07 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-14 01:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-14 01:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-07 00:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-07 00:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-10 19:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2008-02-16 09:32:08 618,496 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-10 19:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2008-02-16 09:32:09 666,112 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-14 01:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-14 01:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-08-14 01:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-08-14 01:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-08-14 01:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-08-14 01:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-08-14 01:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-08-14 01:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-08-14 01:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-08-14 00:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-02-12 23:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-07-11 19:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-08-14 01:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-08-14 01:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-08-14 01:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-08-14 01:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-08-14 01:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-08-14 01:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-08-14 01:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-08-14 01:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-08-14 01:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-08-14 01:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-08-14 01:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-08-14 01:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-08-14 01:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-08-14 01:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2007-08-14 01:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-08-14 01:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-08-14 01:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-08-14 01:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-08-14 01:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2004-08-10 19:00:00 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
+ 2008-04-14 12:42:00 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
- 2004-08-10 19:00:00 130,048 ----a-w C:\WINDOWS\ime\SOFTKBD.DLL
+ 2008-04-14 12:42:08 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll
- 2004-08-10 19:00:00 62,976 ----a-w C:\WINDOWS\ime\SPGRMR.dll
+ 2008-04-14 05:13:20 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll
- 2004-08-10 19:00:00 250,880 ----a-w C:\WINDOWS\ime\SPTIP.dll
+ 2008-04-14 12:42:08 250,368 ----a-w C:\WINDOWS\ime\sptip.dll
+ 2008-01-19 03:43:10 2,247 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 23:03:52 18,917 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 22:36:48 13,801 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 12:41:32 25,600 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscupdc.dll
- 2002-06-22 07:31:20 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_filter.dll
+ 2008-04-14 04:40:00 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_filter.dll
- 2007-01-03 00:34:04 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2008-04-14 04:40:00 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2004-08-04 12:11:06 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
+ 2008-04-14 04:40:02 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
- 2002-06-22 07:31:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2008-04-14 04:40:02 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2007-01-03 00:34:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2008-04-14 04:40:02 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2007-01-16 00:10:00 61,440 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\gacutil.exe
+ 2008-04-14 04:40:34 61,440 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\gacutil.exe
- 2007-01-03 00:28:28 2,273,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2007-12-18 00:28:54 2,273,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2007-01-03 00:28:46 2,281,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2007-12-18 00:29:28 2,281,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2007-01-16 00:11:26 73,728 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
+ 2007-12-18 00:29:54 82,976 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
- 2007-01-16 00:11:30 57,344 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2007-12-18 00:29:56 66,592 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\setregni.exe
- 2004-07-20 08:54:18 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.dll
+ 2007-12-18 00:29:58 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\system.dll
- 2007-01-16 00:11:30 57,344 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2007-12-18 00:30:06 66,592 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\togac.exe
- 2004-08-10 19:00:00 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
+ 2008-04-14 12:41:50 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
- 2004-08-10 19:00:00 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
+ 2008-04-14 12:41:50 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
- 2006-10-12 13:54:18 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2008-04-14 12:41:50 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2007-03-09 13:58:57 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2008-04-14 12:41:50 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-10 19:00:00 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
+ 2008-04-14 12:41:50 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
- 2004-08-10 19:00:00 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
+ 2008-04-14 12:41:50 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
- 2004-08-10 19:00:00 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
+ 2008-04-14 12:41:50 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
- 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2008-04-14 12:42:14 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2004-08-10 19:00:00 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
+ 2008-04-14 12:41:50 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll
+ 2007-04-03 06:56:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll
+ 2007-04-03 06:56:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll
- 2004-08-10 19:00:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll
+ 2007-04-03 06:56:02 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll
- 2004-08-10 19:00:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll
+ 2007-04-03 06:56:02 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll
+ 2008-04-14 06:02:30 19,968 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll
+ 2007-04-03 06:56:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll
- 2004-08-10 19:00:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll
+ 2007-04-03 06:56:02 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll
- 2004-08-10 19:00:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll
+ 2007-04-03 06:56:02 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll
- 2004-08-10 19:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll
+ 2007-04-03 06:56:02 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll
- 2004-08-10 19:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll
+ 2007-04-03 06:56:02 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll
+ 2007-04-03 06:56:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll
+ 2007-04-03 06:56:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll
- 2004-08-10 19:00:00 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll
+ 2007-04-03 06:56:02 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll
+ 2007-04-03 06:56:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll
+ 2007-04-03 06:56:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll
- 2004-08-10 19:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll
+ 2007-04-03 06:56:02 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll
- 2004-08-10 19:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll
+ 2007-04-03 06:56:04 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll
- 2004-08-10 19:00:00 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
+ 2007-04-03 06:56:04 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
- 2004-08-10 19:00:00 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
+ 2008-04-14 12:42:02 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
- 2004-08-10 19:00:00 90,624 ----a-w C:\WINDOWS\mui\muisetup.exe
+ 2008-04-14 12:42:30 90,624 ----a-w C:\WINDOWS\mui\muisetup.exe
+ 2008-04-14 12:41:52 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2008-04-14 07:23:34 558,080 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-10 19:00:00 69,120 ----a-w C:\WINDOWS\NOTEPAD.EXE
+ 2008-04-14 12:42:30 69,120 ----a-w C:\WINDOWS\notepad.exe
- 2004-08-10 19:00:00 768,512 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-04-14 12:42:22 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-10 19:00:00 743,936 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 12:42:22 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-10 19:00:00 18,944 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe
+ 2008-04-14 12:42:22 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe
- 2005-09-27 07:34:26 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
+ 2008-04-14 12:42:28 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
- 2004-08-10 19:00:00 376,320 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
+ 2008-04-14 12:42:00 376,832 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
- 2004-08-10 19:00:00 102,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
+ 2008-04-14 12:42:04 102,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
- 2004-08-10 19:00:00 38,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 12:42:04 38,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
- 2006-06-19 04:42:25 86,811 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
+ 2008-06-09 02:20:18 86,811 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
- 2006-06-19 04:42:25 2,970 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-06-09 02:20:18 3,708 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
- 2004-08-10 19:00:00 150,528 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 12:42:40 150,528 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe
- 2004-08-10 19:00:00 151,552 ----a-w C:\WINDOWS\PeerNet\sqldb20.dll
+ 2008-04-14 12:42:08 151,552 ----a-w C:\WINDOWS\PeerNet\sqldb20.dll
- 2004-08-10 19:00:00 462,848 ----a-w C:\WINDOWS\PeerNet\sqlqp20.dll
+ 2008-04-14 12:42:08 462,848 ----a-w C:\WINDOWS\PeerNet\sqlqp20.dll
- 2004-08-10 19:00:00 110,592 ----a-w C:\WINDOWS\PeerNet\sqlse20.dll
+ 2008-04-14 12:42:08 110,592 ----a-w C:\WINDOWS\PeerNet\sqlse20.dll
- 2004-08-10 19:00:00 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-14 12:42:34 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-14 07:16:20 53,376 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2008-04-14 07:10:52 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-14 07:16:22 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2008-04-14 12:41:50 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 12:41:50 136,192 ------w C:\WINDOWS\ServicePackFiles\i386\aaclient.dll
+ 2008-04-14 05:06:02 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2008-04-14 05:06:08 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 12:41:50 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 12:42:12 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 12:41:50 1,852,928 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 12:41:50 451,072 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 12:41:50 141,312 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 12:41:50 115,712 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll
+ 2008-04-14 07:06:36 187,776 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 12:41:50 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 12:41:50 193,536 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 12:42:14 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 12:41:50 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 12:41:50 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 12:41:50 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\admexs.dll
+ 2008-04-14 12:41:50 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2008-04-14 12:42:14 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2008-04-14 05:06:02 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 12:41:50 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 12:41:50 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\admwprox.dll
+ 2008-04-14 12:41:50 290,816 ------w C:\WINDOWS\ServicePackFiles\i386\adsiis51.dll
+ 2008-04-14 12:41:50 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 12:41:50 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 12:41:50 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 12:41:50 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 12:41:50 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\adsnw.dll
+ 2007-04-03 01:40:46 85,813 ------w C:\WINDOWS\ServicePackFiles\i386\adsutil.vbs
+ 2008-04-14 12:41:50 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 12:41:50 3,967 ------w C:\WINDOWS\ServicePackFiles\i38
  • 0

#14
myke
Posted 09 June 2008 - 01:44 PM

myke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
+ 2008-04-14 12:41:50 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 12:41:50 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 12:41:50 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 12:41:50 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 12:41:50 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 12:41:50 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 12:41:50 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 12:41:50 617,472 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 12:41:50 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2008-04-14 05:09:24 142,592 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2008-04-14 07:49:24 138,112 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2008-04-14 12:41:50 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 12:41:50 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 12:41:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 12:41:50 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 12:41:50 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 12:41:50 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 12:41:50 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 12:42:14 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-14 07:06:40 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys
+ 2008-04-14 07:06:40 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-03 06:56:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0401.dll
+ 2007-04-03 06:56:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0404.dll
+ 2007-04-03 06:56:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0405.dll
+ 2007-04-03 06:56:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0406.dll
+ 2007-04-03 06:56:02 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt0407.dll
+ 2007-04-03 06:56:02 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\agt0408.dll
+ 2008-04-14 06:02:30 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt0409.dll
+ 2007-04-03 06:56:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040b.dll
+ 2007-04-03 06:56:02 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt040c.dll
+ 2007-04-03 06:56:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040d.dll
+ 2007-04-03 06:56:02 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt040e.dll
+ 2007-04-03 06:56:02 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0410.dll
+ 2007-04-03 06:56:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0411.dll
+ 2007-04-03 06:56:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0412.dll
+ 2007-04-03 06:56:02 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0413.dll
+ 2007-04-03 06:56:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0414.dll
+ 2007-04-03 06:56:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0415.dll
+ 2007-04-03 06:56:02 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0416.dll
+ 2007-04-03 06:56:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0419.dll
+ 2007-04-03 06:56:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041d.dll
+ 2007-04-03 06:56:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041f.dll
+ 2007-04-03 06:56:04 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0804.dll
+ 2007-04-03 06:56:04 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0816.dll
+ 2007-04-03 06:56:04 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 12:41:50 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 12:42:14 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 12:42:14 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2008-04-14 07:06:40 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 12:41:50 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-14 07:06:40 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys
+ 2008-04-14 07:01:34 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2008-04-14 07:01:34 37,760 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 12:41:50 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll
+ 2008-04-14 05:05:30 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2008-04-14 12:41:50 108,544 ------w C:\WINDOWS\ServicePackFiles\i386\appconf.dll
+ 2008-04-14 12:41:50 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 12:41:50 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll
+ 2008-04-14 12:41:50 295,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgr.dll
+ 2008-04-14 12:41:50 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll
+ 2008-04-14 07:21:26 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2008-04-14 12:41:50 369,664 ------w C:\WINDOWS\ServicePackFiles\i386\asp51.dll
+ 2008-04-14 04:40:00 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_filter.dll
+ 2008-04-14 04:40:00 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_isapi.dll
+ 2008-04-14 04:40:02 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe
+ 2008-04-14 04:40:02 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_state.exe
+ 2008-04-14 04:40:02 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe
+ 2008-04-14 12:42:14 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe
+ 2008-04-14 12:42:14 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe
+ 2008-04-14 12:41:50 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-14 07:27:28 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 12:42:14 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2008-04-14 07:10:32 96,512 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2008-04-14 05:04:18 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys
+ 2008-04-14 05:04:18 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys
+ 2008-04-14 05:04:18 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys
+ 2008-04-14 05:04:18 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys
+ 2008-04-14 05:04:18 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
+ 2008-04-14 05:04:18 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys
+ 2008-04-14 05:04:18 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys
+ 2008-04-14 05:04:18 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys
+ 2008-04-14 05:04:20 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys
+ 2008-04-14 05:04:20 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 12:41:50 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 12:41:50 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 12:41:50 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2008-04-14 05:04:16 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2008-04-14 05:04:16 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 12:41:50 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 12:41:50 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 12:41:52 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll
+ 2008-04-14 05:04:18 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2008-04-14 05:04:18 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2008-04-14 05:04:18 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2008-04-14 05:04:18 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2008-04-14 05:04:18 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2008-04-14 05:04:18 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2008-04-14 05:04:18 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2008-04-14 05:04:18 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2008-04-14 05:04:20 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2008-04-14 05:04:20 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 12:41:52 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 12:41:52 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 12:41:52 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2008-04-14 12:42:14 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
+ 2008-04-14 07:21:26 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 12:39:02 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll
+ 2008-04-14 07:21:32 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 12:41:52 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 12:42:14 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 12:41:52 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 12:41:52 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 12:41:52 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 12:41:52 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 12:41:52 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 12:41:52 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 12:42:14 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 12:41:52 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2008-04-14 12:42:14 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2008-04-14 12:41:52 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll
+ 2008-04-14 12:42:14 588,800 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 12:42:14 602,624 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 12:42:14 580,608 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 12:42:14 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2008-04-14 07:16:22 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2008-04-14 07:16:08 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 12:41:52 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 12:41:52 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 12:41:52 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 12:41:52 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 12:41:52 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2008-04-14 07:06:34 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\battc.sys
+ 2008-04-14 07:16:22 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 12:41:52 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 12:41:52 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 12:41:52 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 12:41:52 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx4.dll
+ 2008-04-14 12:42:14 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
+ 2008-04-14 12:42:14 142,848 ------w C:\WINDOWS\ServicePackFiles\i386\bootcfg.exe
+ 2008-04-14 07:23:24 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2008-04-14 05:33:26 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 12:41:52 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2008-04-14 12:41:52 1,025,024 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 12:41:52 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 12:41:52 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll
+ 2008-04-14 07:16:34 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys
+ 2008-04-14 07:16:34 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-14 07:21:36 101,120 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys
+ 2008-04-14 07:16:34 273,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys
+ 2008-04-14 07:16:32 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 12:41:52 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll
+ 2008-04-14 07:16:30 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 12:41:52 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 12:41:52 218,112 ------w C:\WINDOWS\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 12:41:52 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 12:41:52 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 12:42:14 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 12:41:52 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2008-04-14 12:41:52 121,856 ------w C:\WINDOWS\ServicePackFiles\i386\camext30.dll
+ 2008-04-14 12:41:52 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll
+ 2008-04-14 12:41:52 150,016 ------w C:\WINDOWS\ServicePackFiles\i386\capesnpn.dll
+ 2007-06-28 01:23:20 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\caspol.exe
+ 2008-04-14 12:41:52 226,304 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll
+ 2008-04-14 12:41:52 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll
+ 2008-04-14 12:41:52 625,664 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2008-04-14 07:16:24 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
+ 2008-04-14 07:44:22 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
+ 2008-04-14 12:41:52 151,040 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll
+ 2008-04-14 12:41:52 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
+ 2008-04-14 12:41:52 2,091,520 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll
+ 2008-04-14 07:10:48 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
+ 2008-04-14 12:41:52 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
+ 2008-04-14 12:41:52 457,728 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll
+ 2008-04-14 12:41:52 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
+ 2008-04-14 12:39:06 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll
+ 2008-04-14 12:42:16 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
+ 2008-04-14 12:41:52 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll
+ 2008-04-14 07:11:00 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys
+ 2008-04-14 12:41:52 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\cic.dll
+ 2008-04-14 12:41:52 1,358,848 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
+ 2008-04-14 12:41:52 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
+ 2008-04-14 12:42:16 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\cipher.exe
+ 2008-04-14 12:42:16 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
+ 2008-04-14 07:46:24 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
+ 2008-04-14 12:41:52 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll
+ 2008-04-14 12:41:52 498,688 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll
+ 2008-04-14 12:42:16 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 12:41:52 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll
+ 2008-04-14 12:42:16 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
+ 2008-04-14 12:42:16 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 12:42:16 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
+ 2008-04-14 12:41:52 58,368 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll
+ 2008-04-14 07:06:38 13,952 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys
+ 2008-04-14 12:41:52 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll
+ 2008-04-14 12:42:16 389,120 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 12:41:52 344,064 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 12:42:16 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
+ 2008-04-14 12:42:16 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 12:41:52 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll
+ 2008-04-14 12:41:52 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll
+ 2008-04-14 12:42:16 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
+ 2008-04-14 12:41:52 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll
+ 2008-04-14 12:41:52 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll
+ 2008-04-14 12:41:52 79,360 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll
+ 2008-04-14 12:41:52 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\coadmin.dll
+ 2008-04-14 05:14:18 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\cobramsg.dll
+ 2008-04-14 12:41:52 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\colbact.dll
+ 2008-04-14 12:41:52 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\comaddin.dll
+ 2008-04-14 12:41:52 195,072 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll
+ 2008-04-14 12:41:52 617,472 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
+ 2008-04-14 12:41:52 276,992 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
+ 2008-04-14 12:41:52 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll
+ 2008-04-14 07:06:38 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\compbatt.sys
+ 2008-04-14 12:41:52 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\compfilt.dll
+ 2008-04-14 12:41:52 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\compstui.dll
+ 2008-04-14 12:41:52 97,792 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.dll
+ 2008-04-14 12:42:16 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe
+ 2008-04-14 12:42:16 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\comrereg.exe
+ 2008-04-14 12:41:52 792,064 ------w C:\WINDOWS\ServicePackFiles\i386\comres.dll
+ 2008-04-14 07:13:34 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comsdupd.exe
+ 2008-04-14 12:41:52 274,944 ------w C:\WINDOWS\ServicePackFiles\i386\comsetup.dll
+ 2008-04-14 12:41:52 167,424 ------w C:\WINDOWS\ServicePackFiles\i386\comsnap.dll
+ 2008-04-14 12:41:52 1,267,200 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll
+ 2008-04-14 12:41:52 539,648 ------w C:\WINDOWS\ServicePackFiles\i386\comuid.dll
+ 2008-04-14 12:42:16 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
+ 2008-04-14 12:41:52 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\confmrsl.dll
+ 2008-04-14 12:41:52 357,888 ------w C:\WINDOWS\ServicePackFiles\i386\confmsp.dll
+ 2008-04-14 12:42:16 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
+ 2008-04-14 04:40:06 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\corperfmonext.dll
+ 2008-04-14 12:41:52 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\corpol.dll
+ 2008-04-14 12:41:52 12,800 ------w C:\WINDOWS\ServicePackFiles\i386\credssp.dll
+ 2008-04-14 12:41:52 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2008-04-14 07:01:34 36,736 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys
+ 2008-04-14 12:41:52 599,040 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll
+ 2008-04-14 12:41:52 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll
+ 2008-04-14 12:41:52 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdll.dll
+ 2008-04-14 12:41:52 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\cryptext.dll
+ 2008-04-14 12:41:52 64,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptnet.dll
+ 2008-04-14 12:41:52 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
+ 2008-04-14 12:41:52 512,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll
+ 2008-04-14 04:40:14 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\csc.exe
+ 2008-04-14 12:41:52 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\cscdll.dll
+ 2007-06-28 01:23:48 589,824 ------w C:\WINDOWS\ServicePackFiles\i386\cscomp.dll
+ 2008-04-14 12:42:16 139,264 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe
+ 2008-04-14 12:41:52 326,656 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll
+ 2008-04-14 12:41:52 32,256 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll
+ 2008-04-14 12:42:16 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\csrss.exe
+ 2008-04-14 12:42:18 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-14 12:41:52 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\ctmasetp.dll
+ 2008-04-14 12:41:52 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\custsat.dll
+ 2008-04-14 05:06:04 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\cwrwdm.sys
+ 2008-04-14 12:41:52 1,179,648 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll
+ 2008-04-14 12:41:52 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll
+ 2008-04-14 12:41:52 1,689,088 ------w C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
+ 2008-04-14 12:41:52 824,320 ------w C:\WINDOWS\ServicePackFiles\i386\d3dim700.dll
+ 2008-04-14 12:41:52 1,054,208 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll
+ 2008-01-19 23:34:50 554,008 ------w C:\WINDOWS\ServicePackFiles\i386\dao360.dll
+ 2008-04-14 12:41:52 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\dataclen.dll
+ 2008-04-14 12:41:52 165,376 ------w C:\WINDOWS\ServicePackFiles\i386\datime.dll
+ 2008-04-14 12:42:18 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\davcdata.exe
+ 2008-04-14 12:41:52 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\davclnt.dll
+ 2008-04-14 12:41:52 640,000 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll
+ 2008-04-14 12:41:52 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll
+ 2008-04-14 12:41:52 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll
+ 2008-04-14 12:41:52 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll
+ 2008-04-14 12:55:28 1,804 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 12:41:52 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll
+ 2008-04-14 12:41:52 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\dciman32.dll
+ 2008-04-14 12:42:18 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\dcomcnfg.exe
+ 2008-04-14 12:42:18 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe
+ 2008-04-14 12:41:52 279,552 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
+ 2008-04-14 12:41:52 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ddrawex.dll
+ 2008-04-14 12:42:18 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
+ 2008-04-14 12:41:52 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\devenum.dll
+ 2008-04-14 12:41:52 282,624 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll
+ 2008-04-14 12:42:18 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
+ 2008-04-14 12:42:18 105,472 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
+ 2008-04-14 12:41:52 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgsnap.dll
+ 2008-04-14 12:41:52 124,416 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgui.dll
+ 2008-04-14 12:41:52 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dfsshlex.dll
+ 2008-04-14 12:41:52 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dgnet.dll
+ 2008-04-14 12:41:52 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll
+ 2008-04-14 12:41:54 379,904 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpmon.dll
+ 2008-04-14 12:41:54 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpqec.dll
+ 2008-04-14 12:42:18 539,136 ------w C:\WINDOWS\ServicePackFiles\i386\dialer.exe
+ 2008-04-14 12:42:18 87,040 ------w C:\WINDOWS\ServicePackFiles\i386\diantz.exe
+ 2007-04-03 07:04:12 884,712 ------w C:\WINDOWS\ServicePackFiles\i386\digcore.exe
+ 2008-04-14 12:41:54 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\digest.dll
+ 2008-04-14 12:41:54 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\dimsntfy.dll
+ 2008-04-14 12:41:54 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\dimsroam.dll
+ 2008-04-14 12:41:54 158,720 ------w C:\WINDOWS\ServicePackFiles\i386\dinput.dll
+ 2008-04-14 12:41:54 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\dinput8.dll
+ 2008-04-14 12:41:54 86,528 ------w C:\WINDOWS\ServicePackFiles\i386\directdb.dll
+ 2008-04-14 07:10:48 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\disk.sys
+ 2008-04-14 12:41:54 1,504,256 ------w C:\WINDOWS\ServicePackFiles\i386\diskcopy.dll
+ 2008-04-14 07:10:46 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\diskdump.sys
+ 2008-04-14 12:42:18 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\diskpart.exe
+ 2008-04-14 12:41:54 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\dispex.dll
+ 2008-04-14 12:42:18 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\dllhost.exe
+ 2008-04-14 07:10:52 8,320 ------w C:\WINDOWS\ServicePackFiles\i386\dlttape.sys
+ 2008-04-14 12:42:18 224,768 ------w C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe
+ 2008-04-14 12:41:54 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dmband.dll
+ 2008-04-14 07:14:50 799,744 ------w C:\WINDOWS\ServicePackFiles\i386\dmboot.sys
+ 2008-04-14 12:41:54 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\dmcompos.dll
+ 2008-04-14 12:41:54 285,184 ------w C:\WINDOWS\ServicePackFiles\i386\dmdlgs.dll
+ 2008-04-14 12:41:54 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\dmdskmgr.dll
+ 2008-04-14 12:41:54 181,248 ------w C:\WINDOWS\ServicePackFiles\i386\dmime.dll
+ 2008-04-14 07:14:48 153,344 ------w C:\WINDOWS\ServicePackFiles\i386\dmio.sys
+ 2008-04-14 12:41:54 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\dmloader.dll
+ 2008-04-14 12:42:18 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\dmremote.exe
+ 2008-04-14 12:41:54 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dmscript.dll
+ 2008-04-14 12:41:54 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dmserver.dll
+ 2008-04-14 12:41:54 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\dmstyle.dll
+ 2008-04-14 12:41:54 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\dmsynth.dll
+ 2008-04-14 12:41:54 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.dll
+ 2008-04-14 07:15:02 52,864 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.sys
+ 2008-04-14 12:41:54 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\dmutil.dll
+ 2008-04-14 12:41:54 147,968 ------w C:\WINDOWS\ServicePackFiles\i386\dnsapi.dll
+ 2008-04-14 12:41:54 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
+ 2008-04-14 12:41:54 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\docprop2.dll
+ 2008-04-14 05:24:52 53,840 ------w C:\WINDOWS\ServicePackFiles\i386\dosx.exe
+ 2008-04-14 12:41:54 26,112 ------w C:\WINDOWS\ServicePackFiles\i386\dot3api.dll
+ 2008-04-14 12:41:54 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\dot3cfg.dll
+ 2008-04-14 12:41:54 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\dot3clnt.dll
+ 2008-04-14 12:41:54 9,216 ------w C:\WINDOWS\ServicePackFiles\i386\dot3dlg.dll
+ 2008-04-14 12:41:54 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\dot3msm.dll
+ 2008-04-14 12:41:54 132,096 ------w C:\WINDOWS\ServicePackFiles\i386\dot3svc.dll
+ 2008-04-14 12:41:54 650,752 ------w C:\WINDOWS\ServicePackFiles\i386\dot3ui.dll
+ 2008-04-14 07:09:48 206,976 ------w C:\WINDOWS\ServicePackFiles\i386\dot4.sys
+ 2008-04-14 12:41:54 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\dpcdll.dll
+ 2008-04-14 12:42:18 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe
+ 2008-04-14 12:41:54 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\dplayx.dll
+ 2008-04-14 12:41:54 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dpmodemx.dll
+ 2008-04-14 12:39:20 3,072 ------w C:\WINDOWS\ServicePackFiles\i386\dpnaddr.dll
+ 2008-04-14 12:41:54 375,296 ------w C:\WINDOWS\ServicePackFiles\i386\dpnet.dll
+ 2008-04-14 12:41:54 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhpast.dll
+ 2008-04-14 12:41:54 60,928 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhupnp.dll
+ 2008-04-14 12:39:22 3,072 ------w C:\WINDOWS\ServicePackFiles\i386\dpnlobby.dll
+ 2008-04-14 12:42:18 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe
+ 2008-04-14 12:41:54 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\dpvacm.dll
+ 2008-04-14 12:41:54 212,480 ------w C:\WINDOWS\ServicePackFiles\i386\dpvoice.dll
+ 2008-04-14 12:42:20 83,456 ------w C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe
+ 2008-04-14 12:41:54 116,736 ------w C:\WINDOWS\ServicePackFiles\i386\dpvvox.dll
+ 2008-04-14 12:41:54 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\dpwsockx.dll
+ 2008-04-14 07:15:16 60,160 ------w C:\WINDOWS\ServicePackFiles\i386\drmk.sys
+ 2008-04-14 07:15:14 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2008-04-14 12:41:54 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\drprov.dll
+ 2008-04-14 12:42:20 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\drvqry.exe
+ 2007-04-03 02:35:22 4,656 ------w C:\WINDOWS\ServicePackFiles\i386\ds16gt.dll
+ 2008-04-14 12:41:54 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ds32gt.dll
+ 2008-04-14 12:41:54 181,248 ------w C:\WINDOWS\ServicePackFiles\i386\dsdmo.dll
+ 2008-04-14 12:41:54 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\dsdmoprp.dll
+ 2008-04-14 12:41:54 92,672 ------w C:\WINDOWS\ServicePackFiles\i386\dskquota.dll
+ 2008-04-14 12:41:54 155,648 ------w C:\WINDOWS\ServicePackFiles\i386\dskquoui.dll
+ 2008-04-14 12:41:54 367,616 ------w C:\WINDOWS\ServicePackFiles\i386\dsound.dll
+ 2008-04-14 12:41:54 1,293,824 ------w C:\WINDOWS\ServicePackFiles\i386\dsound3d.dll
+ 2008-04-14 12:41:54 142,848 ------w C:\WINDOWS\ServicePackFiles\i386\dsprop.dll
+ 2008-04-14 05:39:32 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\dsprpres.dll
+ 2008-04-14 12:41:54 239,104 ------w C:\WINDOWS\ServicePackFiles\i386\dsquery.dll
+ 2008-04-14 12:41:54 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\dssec.dll
+ 2008-04-14 06:07:58 138,752 ------w C:\WINDOWS\ServicePackFiles\i386\dssenh.dll
+ 2008-04-14 12:41:54 113,152 ------w C:\WINDOWS\ServicePackFiles\i386\dsuiext.dll
+ 2008-04-14 12:41:54 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\dswave.dll
+ 2008-04-14 12:42:20 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\dumprep.exe
+ 2008-04-14 12:41:54 304,128 ------w C:\WINDOWS\ServicePackFiles\i386\duser.dll
+ 2008-04-14 12:42:20 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe
+ 2008-04-14 12:42:20 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\dwwin.exe
+ 2008-04-14 12:41:54 619,008 ------w C:\WINDOWS\ServicePackFiles\i386\dx7vb.dll
+ 2008-04-14 12:41:54 1,227,264 ------w C:\WINDOWS\ServicePackFiles\i386\dx8vb.dll
+ 2008-04-14 12:42:20 1,298,432 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe
+ 2008-04-14 12:41:54 2,113,536 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiagn.dll
+ 2008-04-14 07:08:30 71,168 ------w C:\WINDOWS\ServicePackFiles\i386\dxg.sys
+ 2008-04-14 12:41:54 357,888 ------w C:\WINDOWS\ServicePackFiles\i386\dxtmsft.dll
+ 2008-04-14 12:41:54 205,312 ------w C:\WINDOWS\ServicePackFiles\i386\dxtrans.dll
+ 2008-04-14 12:41:54 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\eapolqec.dll
+ 2008-04-14 12:41:54 184,832 ------w C:\WINDOWS\ServicePackFiles\i386\eapp3hst.dll
+ 2008-04-14 12:41:54 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\eappcfg.dll
+ 2008-04-14 12:41:54 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\eappgnui.dll
+ 2008-04-14 12:41:54 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\eapphost.dll
+ 2008-04-14 12:41:54 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\eappprxy.dll
+ 2008-04-14 12:41:54 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\eapqec.dll
+ 2008-04-14 12:41:54 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\eapsvc.dll
+ 2008-04-14 12:41:54 26,624 ------w C:\WINDOWS\ServicePackFiles\i386\efsadu.dll
+ 2008-04-14 12:41:54 183,296 ------w C:\WINDOWS\ServicePackFiles\i386\els.dll
+ 2008-04-14 12:41:54 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\encapi.dll
+ 2008-04-14 12:41:54 186,880 ------w C:\WINDOWS\ServicePackFiles\i386\encdec.dll
+ 2008-04-14 04:56:04 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\ep9res.dll
+ 2007-04-03 02:57:40 120,320 ------w C:\WINDOWS\ServicePackFiles\i386\epcl5res.dll
+ 2008-04-14 12:41:54 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\ersvc.dll
+ 2008-04-14 12:41:54 246,272 ------w C:\WINDOWS\ServicePackFiles\i386\es.dll
+ 2008-04-14 12:41:54 1,082,368 ------w C:\WINDOWS\ServicePackFiles\i386\esent.dll
+ 2008-04-14 12:41:54 247,808 ------w C:\WINDOWS\ServicePackFiles\i386\esscli.dll
+ 2008-04-14 05:06:06 137,088 ------w C:\WINDOWS\ServicePackFiles\i386\essm2e.sys
+ 2008-04-14 12:42:20 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe
+ 2008-04-14 12:42:20 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\evcreate.exe
+ 2008-04-14 12:41:54 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
+ 2007-06-28 01:24:18 798,720 ------w C:\WINDOWS\ServicePackFiles\i386\eventlogmessages.dll
+ 2008-04-14 12:41:54 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\evntagnt.dll
+ 2008-04-14 12:42:20 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe
+ 2008-04-14 12:41:54 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\evntrprv.dll
+ 2008-04-14 12:42:20 92,160 ------w C:\WINDOWS\ServicePackFiles\i386\evntwin.exe
+ 2008-04-14 12:41:54 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\evtgprov.dll
+ 2008-04-14 12:42:20 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\evtrig.exe
+ 2008-04-14 12:42:20 1,033,728 ------w C:\WINDOWS\ServicePackFiles\i386\explorer.exe
+ 2008-04-14 12:41:54 380,445 ------w C:\WINDOWS\ServicePackFiles\i386\expsrv.dll
+ 2008-04-14 12:41:54 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\exstrace.dll
+ 2008-04-14 12:41:54 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\extmgr.dll
+ 2008-04-14 12:42:20 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\extrac32.exe
+ 2008-04-14 12:41:54 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\exts.dll
+ 2008-04-14 12:39:32 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\f3ahvoas.dll
+ 2008-04-14 07:44:30 143,744 ------w C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
+ 2008-04-14 12:41:54 472,064 ------w C:\WINDOWS\ServicePackFiles\i386\fastprox.dll
+ 2008-04-14 12:41:54 80,384 ------w C:\WINDOWS\ServicePackFiles\i386\faultrep.dll
+ 2008-04-14 12:42:22 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe
+ 2008-04-14 07:10:26 27,392 ------w C:\WINDOWS\ServicePackFiles\i386\fdc.sys
+ 2008-04-14 12:41:54 124,928 ------w C:\WINDOWS\ServicePackFiles\i386\fde.dll
+ 2008-04-14 12:41:54 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\fdeploy.dll
+ 2008-04-14 12:41:54 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\feclient.dll
+ 2008-04-14 12:41:54 337,920 ------w C:\WINDOWS\ServicePackFiles\i386\filemgmt.dll
+ 2008-04-14 12:42:22 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\findstr.exe
+ 2008-04-14 07:03:30 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\fips.sys
+ 2008-04-14 12:41:54 87,552 ------w C:\WINDOWS\ServicePackFiles\i386\fldrclnr.dll
+ 2008-04-14 07:10:26 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\flpydisk.sys
+ 2008-04-14 12:41:54 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\fltlib.dll
+ 2008-04-14 12:42:22 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\fltmc.exe
+ 2008-04-14 07:03:00 129,792 ------w C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys
+ 2008-04-14 12:41:54 382,976 ------w C:\WINDOWS\ServicePackFiles\i386\fontext.dll
+ 2008-04-14 12:41:54 80,896 ------w C:\WINDOWS\ServicePackFiles\i386\fontsub.dll
+ 2008-04-14 12:42:22 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\fontview.exe
+ 2008-04-14 12:42:22 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\forcedos.exe
+ 2008-04-14 05:05:32 34,173 ------w C:\WINDOWS\ServicePackFiles\i386\forehe.sys
+ 2008-04-14 12:42:44 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\format.com
+ 2008-04-14 12:41:54 32,828 ------w C:\WINDOWS\ServicePackFiles\i386\fp40ext.dll
+ 2008-04-14 12:41:54 184,435 ------w C:\WINDOWS\ServicePackFiles\i386\fp4amsft.dll
+ 2008-04-14 12:41:54 82,035 ------w C:\WINDOWS\ServicePackFiles\i386\fp4anscp.dll
+ 2008-04-14 12:41:54 147,513 ------w C:\WINDOWS\ServicePackFiles\i386\fp4apws.dll
+ 2008-04-14 12:41:54 49,210 ------w C:\WINDOWS\ServicePackFiles\i386\fp4areg.dll
+ 2008-04-14 12:41:54 102,509 ------w C:\WINDOWS\ServicePackFiles\i386\fp4atxt.dll
+ 2008-04-14 12:41:54 618,605 ------w C:\WINDOWS\ServicePackFiles\i386\fp4autl.dll
+ 2008-04-14 12:41:54 41,020 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avnb.dll
+ 2008-04-14 12:41:54 32,826 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avss.dll
+ 2008-04-14 12:41:54 49,212 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awebs.dll
+ 2008-04-14 12:41:54 876,653 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awel.dll
+ 2008-04-14 12:42:22 15,120 ------w C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe
+ 2008-04-14 12:42:22 109,840 ------w C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe
+ 2008-04-14 12:42:22 24,632 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe
+ 2008-04-14 12:41:54 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmdll.dll
+ 2008-04-14 12:42:22 188,494 ------w C:\WINDOWS\ServicePackFiles\i386\fpcount.exe
+ 2008-04-14 12:41:54 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\fpencode.dll
+ 2008-04-14 12:41:54 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpexedll.dll
+ 2008-04-14 12:41:54 598,071 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmc.dll
+ 2007-04-03 05:06:06 208,896 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmcsat.dll
+ 2008-04-14 12:42:22 20,538 ------w C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe
+ 2008-04-14 12:42:22 28,728 ------w C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe
+ 2008-04-14 12:39:34 9,344 ------w C:\WINDOWS\ServicePackFiles\i386\framebuf.dll
+ 2008-04-14 12:41:54 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\framedyn.dll
+ 2008-04-14 12:42:22 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\fsquirt.exe
+ 2008-04-14 12:42:22 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\ftp.exe
+ 2008-04-14 12:41:54 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\ftpmib.dll
+ 2008-04-14 12:41:54 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\ftpsv251.dll
+ 2007-06-28 01:24:18 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\fusion.dll
+ 2008-04-14 12:41:54 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\fwcfg.dll
+ 2008-04-14 12:41:54 451,584 ------w C:\WINDOWS\ServicePackFiles\i386\fxsapi.dll
+ 2008-04-14 12:42:22 142,848 ------w C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe
+ 2008-04-14 12:41:56 72,192 ------w C:\WINDOWS\ServicePackFiles\i386\fxscom.dll
+ 2008-04-14 12:41:56 285,184 ------w C:\WINDOWS\ServicePackFiles\i386\fxscomex.dll
+ 2008-04-14 12:42:22 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\fxscover.exe
+ 2008-04-14 12:41:56 26,624 ------w C:\WINDOWS\ServicePackFiles\i386\fxsdrv.dll
+ 2008-04-14 12:41:56 55,296 ------w C:\WINDOWS\ServicePackFiles\i386\fxsevent.dll
+ 2008-04-14 12:41:56 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\fxsext32.dll
+ 2008-04-14 12:41:56 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\fxsmon.dll
+ 2008-04-14 12:41:56 132,608 ------w C:\WINDOWS\ServicePackFiles\i386\fxsocm.dll
+ 2008-04-14 12:41:56 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\fxsperf.dll
+ 2008-04-14 12:39:34 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\fxsres.dll
+ 2008-04-14 12:41:56 562,176 ------w C:\WINDOWS\ServicePackFiles\i386\fxsst.dll
+ 2008-04-14 12:42:22 267,776 ------w C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe
+ 2008-04-14 12:41:56 246,272 ------w C:\WINDOWS\ServicePackFiles\i386\fxst30.dll
+ 2008-04-14 12:41:56 397,312 ------w C:\WINDOWS\ServicePackFiles\i386\fxstiff.dll
+ 2008-04-14 12:41:56 154,112 ------w C:\WINDOWS\ServicePackFiles\i386\fxsui.dll
+ 2008-04-14 12:41:56 192,512 ------w C:\WINDOWS\ServicePackFiles\i386\fxswzrd.dll
+ 2008-04-14 12:41:56 400,384 ------w C:\WINDOWS\ServicePackFiles\i386\fxsxp32.dll
+ 2008-04-14 07:06:42 46,464 ------w C:\WINDOWS\ServicePackFiles\i386\gagp30kx.sys
+ 2008-04-14 07:15:30 10,624 ------w C:\WINDOWS\ServicePackFiles\i386\gameenum.sys
+ 2008-04-14 07:15:34 59,136 ------w C:\WINDOWS\ServicePackFiles\i386\gckernel.sys
+ 2008-04-14 12:41:56 285,184 ------w C:\WINDOWS\ServicePackFiles\i386\gdi32.dll
+ 2008-04-14 12:42:22 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\getmac.exe
+ 2008-04-14 12:41:56 122,880 ------w C:\WINDOWS\ServicePackFiles\i386\glu32.dll
+ 2008-04-14 12:39:36 566,784 ------w C:\WINDOWS\ServicePackFiles\i386\gpedit.dll
+ 2008-04-14 06:08:00 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\gpkcsp.dll
+ 2006-12-31 13:56:46 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\gpkrsrc.dll
+ 2008-04-14 12:42:22 120,832 ------w C:\WINDOWS\ServicePackFiles\i386\gprslt.exe
+ 2008-04-14 12:41:56 199,680 ------w C:\WINDOWS\ServicePackFiles\i386\gptext.dll
+ 2008-04-14 12:42:22 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\grpconv.exe
+ 2008-04-14 07:10:22 28,288 ------w C:\WINDOWS\ServicePackFiles\i386\grserial.sys
+ 2008-04-14 12:41:56 133,120 ------w C:\WINDOWS\ServicePackFiles\i386\guitrn.dll
+ 2008-04-14 12:41:56 115,200 ------w C:\WINDOWS\ServicePackFiles\i386\guitrna.dll
+ 2008-04-14 12:41:56 32,256 ------w C:\WINDOWS\ServicePackFiles\i386\gzip.dll
+ 2008-04-14 12:41:56 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\h323cc.dll
+ 2008-04-14 12:41:56 614,912 ------w C:\WINDOWS\ServicePackFiles\i386\h323msp.dll
+ 2008-04-14 07:01:34 105,344 ------w C:\WINDOWS\ServicePackFiles\i386\hal.dll
+ 2008-04-14 07:01:30 131,840 ------w C:\WINDOWS\ServicePackFiles\i386\halaacpi.dll
+ 2008-04-14 07:01:28 81,152 ------w C:\WINDOWS\ServicePackFiles\i386\halacpi.dll
+ 2008-04-14 07:01:30 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\halapic.dll
+ 2008-04-14 07:01:30 134,400 ------w C:\WINDOWS\ServicePackFiles\i386\halmacpi.dll
+ 2008-04-14 07:01:34 152,576 ------w C:\WINDOWS\ServicePackFiles\i386\halmps.dll
+ 2008-04-14 07:01:32 77,696 ------w C:\WINDOWS\ServicePackFiles\i386\halsp.dll
+ 2008-04-14 12:41:56 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\hccoin.dll
+ 2008-04-14 05:06:06 144,384 ------w C:\WINDOWS\ServicePackFiles\i386\hdaudbus.sys
+ 2008-04-14 12:42:22 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\help.exe
+ 2008-04-14 12:42:22 769,024 ------w C:\WINDOWS\ServicePackFiles\i386\helpctr.exe
+ 2008-04-14 12:42:22 744,448 ------w C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe
+ 2008-04-14 12:42:22 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\hh.exe
+ 2008-04-14 12:41:56 41,472 ------w C:\WINDOWS\ServicePackFiles\i386\hhsetup.dll
+ 2008-04-14 12:41:56 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\hid.dll
+ 2008-04-14 07:06:40 20,352 ------w C:\WINDOWS\ServicePackFiles\i386\hidbatt.sys
+ 2008-04-14 07:16:32 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\hidbth.sys
+ 2008-04-14 07:15:28 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\hidclass.sys
+ 2008-04-14 07:15:28 19,200 ------w C:\WINDOWS\ServicePackFiles\i386\hidir.sys
+ 2008-04-14 07:15:24 24,960 ------w C:\WINDOWS\ServicePackFiles\i386\hidparse.sys
+ 2008-04-14 12:41:56 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\hidserv.dll
+ 2008-04-14 07:15:28 10,368 ------w C:\WINDOWS\ServicePackFiles\i386\hidusb.sys
+ 2008-04-14 12:41:56 72,704 ------w C:\WINDOWS\ServicePackFiles\i386\hlink.dll
+ 2008-04-14 12:41:56 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\hmmapi.dll
+ 2008-04-14 12:41:56 344,064 ------w C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll
+ 2008-04-14 12:41:56 330,752 ------w C:\WINDOWS\ServicePackFiles\i386\hnetwiz.dll
+ 2008-04-14 12:41:56 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\hostmib.dll
+ 2008-04-14 12:41:56 144,896 ------w C:\WINDOWS\ServicePackFiles\i386\hotplug.dll
+ 2008-04-14 12:41:56 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\hpcjrr.dll
+ 2008-04-14 12:41:56 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\hpcjrrps.dll
+ 2008-04-14 12:41:56 87,552 ------w C:\WINDOWS\ServicePackFiles\i386\hpfud50.dll
+ 2008-04-14 12:42:22 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\hscupd.exe
+ 2008-04-14 06:53:50 220,032 ------w C:\WINDOWS\ServicePackFiles\i386\hsfbs2s2.sys
+ 2008-04-14 12:41:56 32,285 ------w C:\WINDOWS\ServicePackFiles\i386\hsfcisp2.dll
+ 2008-04-14 06:53:52 685,056 ------w C:\WINDOWS\ServicePackFiles\i386\hsfcxts2.sys
+ 2008-04-14 06:53:54 1,041,536 ------w C:\WINDOWS\ServicePackFiles\i386\hsfdpsp2.sys
+ 2008-04-14 07:23:54 264,832 ------w C:\WINDOWS\ServicePackFiles\i386\http.sys
+ 2008-04-14 12:41:56 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\httpapi.dll
+ 2008-04-14 12:41:56 268,288 ------w C:\WINDOWS\ServicePackFiles\i386\httpext.dll
+ 2008-04-14 12:41:56 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\httpmb51.dll
+ 2008-04-14 12:41:56 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\httpod51.dll
+ 2008-04-14 12:41:56 41,984 ------w C:\WINDOWS\ServicePackFiles\i386\htui.dll
+ 2008-04-14 12:41:56 347,136 ------w C:\WINDOWS\ServicePackFiles\i386\hypertrm.dll
+ 2008-04-14 07:11:24 8,576 ------w C:\WINDOWS\ServicePackFiles\i386\i2omgmt.sys
+ 2008-04-14 07:11:24 18,560 ------w C:\WINDOWS\ServicePackFiles\i386\i2omp.sys
+ 2008-04-14 07:48:02 52,480 ------w C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
+ 2008-04-14 12:41:56 702,845 ------w C:\WINDOWS\ServicePackFiles\i386\i81xdnt5.dll
+ 2008-04-14 05:04:28 161,020 ------w C:\WINDOWS\ServicePackFiles\i386\i81xnt5.sys
+ 2008-04-14 12:41:56 119,808 ------w C:\WINDOWS\ServicePackFiles\i386\iasrad.dll
+ 2008-04-14 12:41:56 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\icaapi.dll
+ 2008-04-14 12:41:56 80,384 ------w C:\WINDOWS\ServicePackFiles\i386\iccvid.dll
+ 2008-04-14 12:41:56 254,976 ------w C:\WINDOWS\ServicePackFiles\i386\icm32.dll
+ 2008-04-14 12:39:42 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\icmp.dll
+ 2008-04-14 05:14:30 2,560 ------w C:\WINDOWS\ServicePackFiles\i386\iconlib.dll
+ 2008-04-14 12:41:56 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn.dll
+ 2008-04-14 12:42:24 214,528 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe
+ 2008-04-14 12:42:24 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn2.exe
+ 2008-04-14 12:41:56 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\icwdial.dll
+ 2008-04-14 12:41:56 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\icwdl.dll
+ 2008-04-14 12:41:56 172,032 ------w C:\WINDOWS\ServicePackFiles\i386\icwhelp.dll
+ 2008-04-14 12:41:56 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\icwphbk.dll
+ 2008-04-14 12:42:24 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\icwrmind.exe
+ 2008-04-14 12:41:56 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\icwutil.dll
+ 2008-04-14 12:41:56 120,832 ------w C:\WINDOWS\ServicePackFiles\i386\idq.dll
+ 2008-04-14 12:42:24 34,304 ------w C:\WINDOWS\ServicePackFiles\i386\ie4uinit.exe
+ 2008-04-14 12:41:56 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\ieakeng.dll
+ 2008-04-14 12:41:56 216,576 ------w C:\WINDOWS\ServicePackFiles\i386\ieaksie.dll
+ 2008-04-14 12:41:56 323,584 ------w C:\WINDOWS\ServicePackFiles\i386\iedkcs32.dll
+ 2008-04-14 12:42:24 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\iedw.exe
+ 2008-04-14 12:41:56 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\ieencode.dll
+ 2007-12-18 00:28:36 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\ieexec.exe
+ 2007-06-28 01:24:24 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\ieexecremote.dll
+ 2007-06-28 01:24:24 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\iehost.dll
+ 2008-04-14 12:41:56 251,904 ------w C:\WINDOWS\ServicePackFiles\i386\iepeers.dll
+ 2008-04-14 12:41:56 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\iernonce.dll
+ 2008-04-14 12:41:56 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\iesetup.dll
+ 2008-04-14 12:42:24 93,184 ------w C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
+ 2008-04-14 12:42:24 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\iexpress.exe
+ 2008-04-14 12:41:56 135,680 ------w C:\WINDOWS\ServicePackFiles\i386\ifmon.dll
+ 2008-04-14 12:41:56 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\igmpagnt.dll
+ 2008-04-14 12:41:56 505,344 ------w C:\WINDOWS\ServicePackFiles\i386\iis.dll
+ 2008-04-14 12:41:56 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\iisadmin.dll
+ 2008-04-14 12:41:56 145,408 ------w C:\WINDOWS\ServicePackFiles\i386\iische51.dll
+ 2008-04-14 12:41:56 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\iisext51.dll
+ 2008-04-14 12:41:56 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\iisfecnv.dll
+ 2008-04-14 12:41:56 79,872 ------w C:\WINDOWS\ServicePackFiles\i386\iislog51.dll
+ 2008-04-14 12:41:56 64,512 ------w C:\WINDOWS\ServicePackFiles\i386\iismap.dll
+ 2008-04-14 12:42:24 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\iisrstas.exe
+ 2008-04-14 12:41:56 133,632 ------w C:\WINDOWS\ServicePackFiles\i386\iisrtl.dll
+ 2008-04-14 04:40:34 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\ilasm.exe
+ 2008-04-14 12:41:56 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\ils.dll
+ 2008-04-14 12:41:56 144,384 ------w C:\WINDOWS\ServicePackFiles\i386\imagehlp.dll
+ 2008-04-14 12:42:24 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\imapi.exe
+ 2008-04-14 07:11:00 42,112 ------w C:\WINDOWS\ServicePackFiles\i386\imapi.sys
+ 2008-04-14 12:41:56 36,921 ------w C:\WINDOWS\ServicePackFiles\i386\imeshare.dll
+ 2008-04-14 12:41:56 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\imgutil.dll
+ 2008-04-14 12:41:56 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\imm32.dll
+ 2008-04-14 12:41:56 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\imsinsnt.dll
+ 2008-04-14 12:41:56 274,432 ------w C:\WINDOWS\ServicePackFiles\i386\inetcfg.dll
+ 2008-04-14 12:41:56 691,712 ------w C:\WINDOWS\ServicePackFiles\i386\inetcomm.dll
+ 2008-04-14 12:42:24 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\inetin51.exe
+ 2008-04-14 12:41:56 829,440 ------w C:\WINDOWS\ServicePackFiles\i386\inetmgr.dll
+ 2008-04-14 12:41:56 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\inetmib1.dll
+ 2008-04-14 12:41:56 75,264 ------w C:\WINDOWS\ServicePackFiles\i386\inetpp.dll
+ 2008-04-14 12:41:56 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\inetppui.dll
+ 2008-04-14 04:52:14 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\inetres.dll
+ 2008-04-14 12:42:24 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\inetwiz.exe
+ 2008-04-14 12:41:56 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\infoadmn.dll
+ 2008-04-14 12:41:56 257,024 ------w C:\WINDOWS\ServicePackFiles\i386\infocomm.dll
+ 2008-04-14 12:41:56 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\initpki.dll
+ 2008-04-14 12:41:56 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\input.dll
+ 2008-04-14 12:41:56 96,256 ------w C:\WINDOWS\ServicePackFiles\i386\inseng.dll
+ 2007-06-28 01:2
  • 0

#15
myke
Posted 09 June 2008 - 01:45 PM

myke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
+ 2008-04-14 12:41:56 96,256 ------w C:\WINDOWS\ServicePackFiles\i386\inseng.dll
+ 2007-06-28 01:24:30 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\installutil.exe
+ 2008-04-14 07:10:30 5,504 ------w C:\WINDOWS\ServicePackFiles\i386\intelide.sys
+ 2008-04-14 07:01:34 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\intelppm.sys
+ 2008-04-14 07:23:36 36,608 ------w C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
+ 2008-04-14 12:42:24 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\ipconfig.exe
+ 2008-04-14 12:39:32 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\ipevldpc.dll
+ 2008-04-14 12:39:24 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\ipevlpid.dll
+ 2008-04-14 12:41:56 94,720 ------w C:\WINDOWS\ServicePackFiles\i386\iphlpapi.dll
+ 2008-04-14 07:27:08 20,864 ------w C:\WINDOWS\ServicePackFiles\i386\ipinip.sys
+ 2008-04-14 12:41:56 161,280 ------w C:\WINDOWS\ServicePackFiles\i386\ipmontr.dll
+ 2008-04-14 07:27:16 152,832 ------w C:\WINDOWS\ServicePackFiles\i386\ipnat.sys
+ 2008-04-14 12:41:56 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
+ 2008-04-14 12:41:56 330,752 ------w C:\WINDOWS\ServicePackFiles\i386\ippromon.dll
+ 2008-04-14 12:41:56 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\iprip.dll
+ 2008-04-14 12:41:56 177,152 ------w C:\WINDOWS\ServicePackFiles\i386\iprtrmgr.dll
+ 2008-04-14 07:49:44 75,264 ------w C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
+ 2008-04-14 12:41:56 349,696 ------w C:\WINDOWS\ServicePackFiles\i386\ipsecsnp.dll
+ 2008-04-14 12:41:56 183,808 ------w C:\WINDOWS\ServicePackFiles\i386\ipsecsvc.dll
+ 2008-04-14 12:40:46 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\ipseldpc.dll
+ 2008-04-14 12:39:26 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\ipselpid.dll
+ 2008-04-14 12:41:56 384,000 ------w C:\WINDOWS\ServicePackFiles\i386\ipsmsnap.dll
+ 2008-04-14 12:42:24 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\ipv6.exe
+ 2008-04-14 12:41:56 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\ipv6mon.dll
+ 2008-04-14 12:42:24 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\ipxroute.exe
+ 2008-04-14 12:41:56 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\ipxwan.dll
+ 2008-04-14 12:41:56 120,320 ------w C:\WINDOWS\ServicePackFiles\i386\ir41_qc.dll
+ 2008-04-14 12:41:56 338,432 ------w C:\WINDOWS\ServicePackFiles\i386\ir41_qcx.dll
+ 2008-04-14 12:41:56 755,200 ------w C:\WINDOWS\ServicePackFiles\i386\ir50_32.dll
+ 2008-04-14 12:41:56 200,192 ------w C:\WINDOWS\ServicePackFiles\i386\ir50_qc.dll
+ 2008-04-14 12:41:56 183,808 ------w C:\WINDOWS\ServicePackFiles\i386\ir50_qcx.dll
+ 2008-04-14 07:15:36 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\irbus.sys
+ 2008-04-14 07:24:38 88,192 ------w C:\WINDOWS\ServicePackFiles\i386\irda.sys
+ 2008-04-14 07:24:30 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\irenum.sys
+ 2008-04-14 12:42:24 151,552 ------w C:\WINDOWS\ServicePackFiles\i386\irftp.exe
+ 2008-04-14 12:41:56 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\irmon.dll
+ 2008-04-14 07:06:42 37,248 ------w C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
+ 2008-04-14 12:41:56 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\isatq.dll
+ 2008-04-14 12:41:56 26,624 ------w C:\WINDOWS\ServicePackFiles\i386\iscomlog.dll
+ 2008-04-14 12:40:34 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\isdpc.dll
+ 2008-04-14 12:40:56 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\isendpc.dll
+ 2008-04-14 12:40:56 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\isenpid.dll
+ 2008-04-14 12:41:56 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\isign32.dll
+ 2008-04-14 12:40:34 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\ispid.dll
+ 2008-04-14 12:41:56 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\isrdbg32.dll
+ 2008-04-14 12:41:56 155,136 ------w C:\WINDOWS\ServicePackFiles\i386\itircl.dll
+ 2008-04-14 12:41:56 138,240 ------w C:\WINDOWS\ServicePackFiles\i386\itss.dll
+ 2008-04-14 12:41:56 191,488 ------w C:\WINDOWS\ServicePackFiles\i386\iuengine.dll
+ 2008-04-14 12:41:56 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\ixsso.dll
+ 2008-04-14 12:41:56 47,616 ------w C:\WINDOWS\ServicePackFiles\i386\iyuv_32.dll
+ 2008-04-14 12:41:56 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\jgdw400.dll
+ 2008-04-14 12:41:56 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\jgpl400.dll
+ 2007-06-28 01:24:36 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\jsc.exe
+ 2008-04-14 12:41:58 512,000 ------w C:\WINDOWS\ServicePackFiles\i386\jscript.dll
+ 2008-04-14 12:41:58 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\jsproxy.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbd101.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbd106.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbd106n.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdax2.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdbhc.dll
+ 2008-04-14 07:09:48 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
+ 2008-04-14 12:39:56 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\kbdfi1.dll
+ 2008-04-14 07:09:50 14,592 ------w C:\WINDOWS\ServicePackFiles\i386\kbdhid.sys
+ 2008-04-14 12:39:56 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\kbdibm02.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdinbe1.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdinben.dll
+ 2008-04-14 12:39:56 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\kbdinmal.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdiultn.dll
+ 2008-04-14 12:39:56 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\kbdlk41a.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdlk41j.dll
+ 2008-04-14 12:39:56 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\kbdmaori.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdmlt47.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdmlt48.dll
+ 2008-04-14 12:39:56 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\kbdnec.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdnepr.dll
+ 2008-04-14 12:39:56 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\kbdno1.dll
+ 2008-04-14 12:39:56 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\kbdpash.dll
+ 2008-04-14 12:39:56 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\kbdsmsfi.dll
+ 2008-04-14 12:39:56 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\kbdsmsno.dll
+ 2008-04-14 12:39:56 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\kbdukx.dll
+ 2008-04-14 07:01:36 7,424 ------w C:\WINDOWS\ServicePackFiles\i386\kd1394.dll
+ 2008-04-14 12:41:58 184,832 ------w C:\WINDOWS\ServicePackFiles\i386\kdcsvc.dll
+ 2008-04-14 12:41:58 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\kdsui.dll
+ 2008-04-14 12:41:58 253,952 ------w C:\WINDOWS\ServicePackFiles\i386\kdsusd.dll
+ 2008-04-14 12:41:58 299,520 ------w C:\WINDOWS\ServicePackFiles\i386\kerberos.dll
+ 2008-04-14 12:41:58 989,696 ------w C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
+ 2008-04-14 05:20:56 42,537 ------w C:\WINDOWS\ServicePackFiles\i386\keyboard.sys
+ 2008-04-14 12:41:58 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\keymgr.dll
+ 2008-04-14 07:15:10 172,416 ------w C:\WINDOWS\ServicePackFiles\i386\kmixer.sys
+ 2008-04-14 12:41:58 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\kmsvc.dll
+ 2008-04-14 12:39:58 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\knperdpc.dll
+ 2008-04-14 12:39:58 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\knperpid.dll
+ 2008-04-14 12:39:58 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\knprodpc.dll
+ 2008-04-14 12:39:58 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\knpropid.dll
+ 2008-04-14 12:41:58 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\koc.dll
+ 2008-04-14 12:39:58 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\kperdpc.dll
+ 2008-04-14 12:39:58 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\kperpid.dll
+ 2008-04-14 12:39:58 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\kprodpc.dll
+ 2008-04-14 12:39:58 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\kpropid.dll
+ 2008-04-14 05:23:14 92,224 ------w C:\WINDOWS\ServicePackFiles\i386\krnl386.exe
+ 2008-04-14 12:41:58 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\krnlprov.dll
+ 2008-04-14 07:46:38 141,056 ------w C:\WINDOWS\ServicePackFiles\i386\ks.sys
+ 2008-04-14 07:01:44 92,288 ------w C:\WINDOWS\ServicePackFiles\i386\ksecdd.sys
+ 2008-04-14 12:41:58 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\ksuser.dll
+ 2008-04-14 12:41:58 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\l2store.dll
+ 2008-04-14 12:39:06 97,792 ------w C:\WINDOWS\ServicePackFiles\i386\lang\chtmbx.dll
+ 2008-04-14 12:39:06 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\lang\chtskdic.dll
+ 2008-04-14 12:39:06 173,568 ------w C:\WINDOWS\ServicePackFiles\i386\lang\chtskf.dll
+ 2008-04-14 12:39:08 198,656 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cintime.dll
+ 2008-04-14 05:13:40 480,256 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cintsetp.exe
+ 2008-04-14 05:13:34 57,399 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cplexe.exe
+ 2008-04-14 12:39:40 13,463,552 ------w C:\WINDOWS\ServicePackFiles\i386\lang\hwxjpn.dll
+ 2008-04-14 12:39:44 106,496 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imekrcic.dll
+ 2008-04-14 12:39:44 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imekrmbx.dll
+ 2008-04-14 12:39:46 811,064 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjp81k.dll
+ 2008-04-14 12:39:46 368,696 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpcic.dll
+ 2008-04-14 12:39:46 716,856 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpcus.dll
+ 2008-04-14 12:39:46 81,976 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.dll
+ 2008-04-14 05:13:46 307,257 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe
+ 2008-04-14 05:13:48 155,705 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdsvr.exe
+ 2008-04-14 05:13:50 196,665 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpinst.exe
+ 2008-04-14 05:13:52 208,952 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe
+ 2008-04-14 05:14:00 233,527 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjprw.exe
+ 2008-04-14 05:14:02 262,200 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe
+ 2008-04-14 12:39:48 274,489 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjputyc.dll
+ 2008-04-14 12:39:48 102,456 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imlang.dll
+ 2008-04-14 05:13:38 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imscinst.exe
+ 2008-04-14 12:39:48 315,455 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imskf.dll
+ 2008-04-14 12:40:34 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\lang\padrs404.dll
+ 2008-04-14 12:40:34 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\lang\padrs804.dll
+ 2008-04-14 12:40:36 175,104 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlcsa.dll
+ 2008-04-14 12:40:36 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlcsd.dll
+ 2008-04-14 05:13:38 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlphr.exe
+ 2008-04-14 12:40:36 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pmigrate.dll
+ 2008-04-14 05:13:52 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tintlphr.exe
+ 2008-04-14 05:13:54 455,168 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe
+ 2008-04-14 12:41:00 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tmigrate.dll
+ 2008-04-14 12:41:02 76,288 ------w C:\WINDOWS\ServicePackFiles\i386\lang\uniime.dll
+ 2008-04-14 12:41:06 426,041 ------w C:\WINDOWS\ServicePackFiles\i386\lang\voicepad.dll
+ 2008-04-14 12:41:06 86,073 ------w C:\WINDOWS\ServicePackFiles\i386\lang\voicesub.dll
+ 2008-04-14 07:10:28 34,688 ------w C:\WINDOWS\ServicePackFiles\i386\lbrtfdc.sys
+ 2008-04-14 12:42:24 677,888 ------w C:\WINDOWS\ServicePackFiles\i386\lhmstsc.exe
+ 2008-04-14 12:41:58 2,061,824 ------w C:\WINDOWS\ServicePackFiles\i386\lhmstscx.dll
+ 2008-04-14 12:41:58 423,936 ------w C:\WINDOWS\ServicePackFiles\i386\licdll.dll
+ 2008-04-14 12:41:58 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\licmgr10.dll
+ 2008-04-14 12:41:58 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\licwmi.dll
+ 2008-04-14 12:41:58 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
+ 2008-04-14 12:41:58 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\lmhsvc.dll
+ 2008-04-14 12:41:58 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\lmmib2.dll
+ 2008-04-14 12:41:58 399,872 ------w C:\WINDOWS\ServicePackFiles\i386\lmrt.dll
+ 2008-04-14 12:41:58 97,280 ------w C:\WINDOWS\ServicePackFiles\i386\loadperf.dll
+ 2008-04-14 12:41:58 221,696 ------w C:\WINDOWS\ServicePackFiles\i386\localsec.dll
+ 2008-04-14 12:41:58 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\localspl.dll
+ 2008-04-14 12:41:58 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\localui.dll
+ 2008-04-14 12:42:26 75,264 ------w C:\WINDOWS\ServicePackFiles\i386\locator.exe
+ 2008-04-14 12:41:58 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\log.dll
+ 2008-04-14 12:42:26 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\logman.exe
+ 2008-04-14 12:42:44 220,672 ------w C:\WINDOWS\ServicePackFiles\i386\logon.scr
+ 2008-04-14 12:42:26 514,560 ------w C:\WINDOWS\ServicePackFiles\i386\logonui.exe
+ 2008-04-14 12:41:58 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\lonsint.dll
+ 2008-04-14 12:41:58 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\lpdsvc.dll
+ 2008-04-14 12:41:58 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\lpk.dll
+ 2008-04-14 12:41:58 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\lprhelp.dll
+ 2008-04-14 12:41:58 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\lprmon.dll
+ 2008-04-14 12:41:58 728,064 ------w C:\WINDOWS\ServicePackFiles\i386\lsasrv.dll
+ 2008-04-14 12:42:26 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\lsass.exe
+ 2008-04-14 06:53:36 606,684 ------w C:\WINDOWS\ServicePackFiles\i386\ltmdmnt.sys
+ 2008-04-14 06:53:38 420,992 ------w C:\WINDOWS\ServicePackFiles\i386\ltmdmntt.sys
+ 2008-04-14 07:10:54 7,040 ------w C:\WINDOWS\ServicePackFiles\i386\ltotape.sys
+ 2008-04-14 05:09:14 20,864 ------w C:\WINDOWS\ServicePackFiles\i386\lwadihid.sys
+ 2008-04-14 12:42:26 72,704 ------w C:\WINDOWS\ServicePackFiles\i386\magnify.exe
+ 2008-04-14 12:42:26 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\makecab.exe
+ 2008-04-14 12:41:58 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\mcastmib.dll
+ 2008-04-14 12:41:58 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\mciavi32.dll
+ 2008-04-14 12:41:58 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\mciqtz32.dll
+ 2008-04-14 12:41:58 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\mciseq.dll
+ 2008-04-14 12:41:58 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\mciwave.dll
+ 2008-04-14 12:41:58 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\md5filt.dll
+ 2008-04-14 12:41:58 118,272 ------w C:\WINDOWS\ServicePackFiles\i386\mdminst.dll
+ 2008-04-14 12:41:58 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\mdmxsdk.dll
+ 2008-04-14 06:53:58 11,868 ------w C:\WINDOWS\ServicePackFiles\i386\mdmxsdk.sys
+ 2008-04-14 12:41:58 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\medctroc.dll
+ 2008-04-14 07:11:22 26,112 ------w C:\WINDOWS\ServicePackFiles\i386\memstpci.sys
+ 2008-04-14 12:41:58 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\metada51.dll
+ 2008-04-14 07:06:42 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\mf.sys
+ 2008-04-14 12:41:58 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\mf3216.dll
+ 2008-04-14 12:41:58 927,504 ------w C:\WINDOWS\ServicePackFiles\i386\mfc40u.dll
+ 2008-04-14 12:41:58 1,028,096 ------w C:\WINDOWS\ServicePackFiles\i386\mfc42.dll
+ 2007-04-03 15:44:48 981,760 ------w C:\WINDOWS\ServicePackFiles\i386\mfc42u.dll
+ 2008-04-14 12:41:58 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\mfcsubs.dll
+ 2008-04-14 12:41:58 14,848 ------w C:\WINDOWS\ServicePackFiles\i386\mgmtapi.dll
+ 2007-06-28 01:24:44 712,704 ------w C:\WINDOWS\ServicePackFiles\i386\microsoft.jscript.dll
+ 2007-06-28 01:24:50 286,720 ------w C:\WINDOWS\ServicePackFiles\i386\microsoft.visualbasic.dll
+ 2008-04-14 12:41:58 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\midimap.dll
+ 2008-04-14 12:41:58 274,432 ------w C:\WINDOWS\ServicePackFiles\i386\migism.dll
+ 2008-04-14 12:41:58 261,120 ------w C:\WINDOWS\ServicePackFiles\i386\migisma.dll
+ 2008-04-14 12:41:58 60,928 ------w C:\WINDOWS\ServicePackFiles\i386\miglibnt.dll
+ 2008-04-14 12:42:26 103,936 ------w C:\WINDOWS\ServicePackFiles\i386\migload.exe
+ 2008-04-14 12:42:26 7,680 ------w C:\WINDOWS\ServicePackFiles\i386\migregdb.exe
+ 2008-04-14 12:42:26 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\migwiz.exe
+ 2008-04-14 12:42:26 241,152 ------w C:\WINDOWS\ServicePackFiles\i386\migwiza.exe
+ 2008-04-14 12:41:58 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\mimefilt.dll
+ 2008-04-14 12:41:58 586,240 ------w C:\WINDOWS\ServicePackFiles\i386\mlang.dll
+ 2008-04-14 12:42:26 1,414,656 ------w C:\WINDOWS\ServicePackFiles\i386\mmc.exe
+ 2008-04-14 12:41:58 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\mmc30.dll
+ 2008-04-14 12:41:58 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\mmc30r.dll
+ 2008-04-14 12:41:58 163,328 ------w C:\WINDOWS\ServicePackFiles\i386\mmcbase.dll
+ 2008-04-14 12:41:58 397,312 ------w C:\WINDOWS\ServicePackFiles\i386\mmcex.dll
+ 2008-04-14 12:41:58 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\mmcexr.dll
+ 2008-04-14 12:41:58 106,496 ------w C:\WINDOWS\ServicePackFiles\i386\mmcfxc.dll
+ 2008-04-14 12:41:58 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\mmcfxcr.dll
+ 2008-04-14 12:41:58 1,872,896 ------w C:\WINDOWS\ServicePackFiles\i386\mmcndmgr.dll
+ 2008-04-14 12:42:26 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\mmcperf.exe
+ 2008-04-14 12:41:58 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\mmcshext.dll
+ 2008-04-14 12:41:58 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\mmfutil.dll
+ 2008-04-14 05:24:42 68,768 ------w C:\WINDOWS\ServicePackFiles\i386\mmsystem.dll
+ 2008-04-14 12:41:58 34,560 ------w C:\WINDOWS\ServicePackFiles\i386\mnmdd.dll
+ 2008-04-14 12:42:26 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\mnmsrvc.exe
+ 2008-04-14 12:41:58 207,360 ------w C:\WINDOWS\ServicePackFiles\i386\mobsync.dll
+ 2008-04-14 12:42:28 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mobsync.exe
+ 2008-04-14 07:30:20 30,080 ------w C:\WINDOWS\ServicePackFiles\i386\modem.sys
+ 2008-04-14 12:41:58 153,600 ------w C:\WINDOWS\ServicePackFiles\i386\modemui.dll
+ 2008-04-14 12:42:28 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\mofcomp.exe
+ 2008-04-14 12:41:58 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\mofd.dll
+ 2008-04-14 12:42:44 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\more.com
+ 2008-04-14 05:15:32 216,064 ------w C:\WINDOWS\ServicePackFiles\i386\moricons.dll
+ 2008-04-14 07:09:48 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\mouclass.sys
+ 2008-04-14 07:09:48 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys
+ 2008-04-14 12:42:28 3,558,912 ------w C:\WINDOWS\ServicePackFiles\i386\moviemk.exe
+ 2008-04-14 07:16:24 15,232 ------w C:\WINDOWS\ServicePackFiles\i386\mpe.sys
+ 2008-04-14 12:42:28 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\mplay32.exe
+ 2008-04-14 12:41:58 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\mpr.dll
+ 2008-04-14 12:41:58 87,040 ------w C:\WINDOWS\ServicePackFiles\i386\mprapi.dll
+ 2008-04-14 12:41:58 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\mprdim.dll
+ 2008-04-14 07:09:46 92,544 ------w C:\WINDOWS\ServicePackFiles\i386\mqac.sys
+ 2008-04-14 12:41:58 138,240 ------w C:\WINDOWS\ServicePackFiles\i386\mqad.dll
+ 2008-04-14 12:42:28 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\mqbkup.exe
+ 2008-04-14 12:41:58 47,616 ------w C:\WINDOWS\ServicePackFiles\i386\mqdscli.dll
+ 2008-04-14 12:41:58 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\mqise.dll
+ 2008-04-14 12:41:58 89,088 ------w C:\WINDOWS\ServicePackFiles\i386\mqlogmgr.dll
+ 2008-04-14 12:41:58 225,280 ------w C:\WINDOWS\ServicePackFiles\i386\mqoa.dll
+ 2008-04-14 12:41:58 663,040 ------w C:\WINDOWS\ServicePackFiles\i386\mqqm.dll
+ 2008-04-14 12:41:58 177,152 ------w C:\WINDOWS\ServicePackFiles\i386\mqrt.dll
+ 2008-04-14 12:41:58 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\mqrtdep.dll
+ 2008-04-14 12:41:58 95,744 ------w C:\WINDOWS\ServicePackFiles\i386\mqsec.dll
+ 2008-04-14 12:42:00 517,632 ------w C:\WINDOWS\ServicePackFiles\i386\mqsnap.dll
+ 2008-04-14 12:42:28 4,608 ------w C:\WINDOWS\ServicePackFiles\i386\mqsvc.exe
+ 2008-04-14 12:42:28 117,248 ------w C:\WINDOWS\ServicePackFiles\i386\mqtgsvc.exe
+ 2008-04-14 12:42:00 187,392 ------w C:\WINDOWS\ServicePackFiles\i386\mqtrig.dll
+ 2008-04-14 12:42:00 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\mqupgrd.dll
+ 2008-04-14 12:42:00 471,552 ------w C:\WINDOWS\ServicePackFiles\i386\mqutil.dll
+ 2008-04-14 07:02:46 180,608 ------w C:\WINDOWS\ServicePackFiles\i386\mrxdav.sys
+ 2008-04-14 07:47:02 456,576 ------w C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
+ 2008-04-14 12:42:00 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\msacm32.dll
+ 2008-04-14 12:42:00 331,776 ------w C:\WINDOWS\ServicePackFiles\i386\msadce.dll
+ 2008-04-14 05:55:58 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\msadcer.dll
+ 2008-04-14 12:42:00 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\msadcf.dll
+ 2008-04-14 05:55:58 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msadcfr.dll
+ 2008-04-14 12:42:00 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\msadco.dll
+ 2008-04-14 05:55:58 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msadcor.dll
+ 2008-04-14 12:42:00 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\msadcs.dll
+ 2008-04-14 12:42:00 155,648 ------w C:\WINDOWS\ServicePackFiles\i386\msadds.dll
+ 2008-04-14 05:56:00 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\msaddsr.dll
+ 2008-04-14 05:56:18 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\msader15.dll
+ 2008-04-14 12:42:00 536,576 ------w C:\WINDOWS\ServicePackFiles\i386\msado15.dll
+ 2008-04-14 12:42:00 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\msadomd.dll
+ 2008-04-14 12:42:00 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msador15.dll
+ 2008-04-14 12:42:00 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\msadox.dll
+ 2008-04-14 12:42:00 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msadrh15.dll
+ 2008-04-14 12:40:08 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\msafd.dll
+ 2008-04-14 12:42:00 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\msapsspc.dll
+ 2008-04-14 12:42:00 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msasn1.dll
+ 2008-04-14 12:42:00 220,160 ------w C:\WINDOWS\ServicePackFiles\i386\mscandui.dll
+ 2008-04-14 12:42:00 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\mscms.dll
+ 2008-04-14 12:42:00 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\msconf.dll
+ 2008-04-14 12:42:28 169,984 ------w C:\WINDOWS\ServicePackFiles\i386\msconfig.exe
+ 2007-04-03 08:31:08 116,288 ------w C:\WINDOWS\ServicePackFiles\i386\msconv97.dll
+ 2007-06-28 01:24:58 1,564,672 ------w C:\WINDOWS\ServicePackFiles\i386\mscorcfg.dll
+ 2008-04-14 04:40:42 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\mscordbc.dll
+ 2008-04-14 04:40:44 221,184 ------w C:\WINDOWS\ServicePackFiles\i386\mscordbi.dll
+ 2007-06-28 01:25:12 131,072 ------w C:\WINDOWS\ServicePackFiles\i386\mscoree.dll
+ 2008-04-14 04:40:46 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\mscorie.dll
+ 2007-06-28 01:25:22 303,104 ------w C:\WINDOWS\ServicePackFiles\i386\mscorjit.dll
+ 2008-04-14 04:40:50 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\mscorld.dll
+ 2007-12-18 00:28:44 1,998,848 ------w C:\WINDOWS\ServicePackFiles\i386\mscorlib.dll
+ 2008-04-14 04:40:54 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\mscorpe.dll
+ 2008-04-14 04:40:54 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.chs.dll
+ 2008-04-14 04:40:56 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.cht.dll
+ 2008-04-14 04:40:56 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.dll
+ 2008-04-14 04:40:56 172,032 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.es.dll
+ 2008-04-14 04:40:56 172,032 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.fr.dll
+ 2008-04-14 04:40:56 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.ger.dll
+ 2008-04-14 04:40:56 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.it.dll
+ 2008-04-14 04:40:56 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.ja.dll
+ 2008-04-14 04:40:56 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\mscorrc.kor.dll
+ 2008-04-14 04:40:56 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\mscorsec.dll
+ 2008-04-14 04:40:56 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\mscorsn.dll
+ 2007-12-18 00:28:54 2,273,280 ------w C:\WINDOWS\ServicePackFiles\i386\mscorsvr.dll
+ 2008-04-14 04:41:00 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\mscortim.dll
+ 2007-12-18 00:29:28 2,281,472 ------w C:\WINDOWS\ServicePackFiles\i386\mscorwks.dll
+ 2008-04-14 05:56:08 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\mscpx32r.dll
+ 2008-04-14 12:42:00 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\mscpxl32.dll
+ 2008-04-14 12:42:00 297,984 ------w C:\WINDOWS\ServicePackFiles\i386\msctf.dll
+ 2008-04-14 12:42:00 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\msctfp.dll
+ 2008-04-14 12:42:00 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdadc.dll
+ 2008-04-14 12:42:00 118,784 ------w C:\WINDOWS\ServicePackFiles\i386\msdadiag.dll
+ 2008-04-14 12:42:00 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdaenum.dll
+ 2008-04-14 12:42:00 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdaer.dll
+ 2008-04-14 12:42:00 532,480 ------w C:\WINDOWS\ServicePackFiles\i386\msdaipp.dll
+ 2008-04-14 12:42:00 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\msdaora.dll
+ 2008-04-14 05:54:16 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msdaorar.dll
+ 2008-04-14 12:42:00 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\msdaosp.dll
+ 2008-04-14 05:56:00 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msdaprsr.dll
+ 2008-04-14 12:42:00 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\msdaprst.dll
+ 2008-04-14 12:42:00 204,800 ------w C:\WINDOWS\ServicePackFiles\i386\msdaps.dll
+ 2008-04-14 12:42:00 118,784 ------w C:\WINDOWS\ServicePackFiles\i386\msdarem.dll
+ 2008-04-14 05:56:00 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msdaremr.dll
+ 2008-04-14 12:42:00 151,552 ------w C:\WINDOWS\ServicePackFiles\i386\msdart.dll
+ 2008-04-14 12:42:00 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdasc.dll
+ 2008-04-14 12:42:00 315,392 ------w C:\WINDOWS\ServicePackFiles\i386\msdasql.dll
+ 2008-04-14 05:56:08 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msdasqlr.dll
+ 2008-04-14 12:42:00 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\msdatl3.dll
+ 2008-04-14 12:42:00 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\msdatt.dll
+ 2008-04-14 12:42:00 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdaurl.dll
+ 2008-04-14 12:42:00 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\msdfmap.dll
+ 2008-04-14 12:42:00 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\msdmo.dll
+ 2008-04-14 12:42:28 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\msdtc.exe
+ 2008-04-14 12:42:00 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\msdtclog.dll
+ 2008-04-14 12:42:00 427,008 ------w C:\WINDOWS\ServicePackFiles\i386\msdtcprx.dll
+ 2008-04-14 12:42:00 90,112 ------w C:\WINDOWS\ServicePackFiles\i386\msdtcstp.dll
+ 2008-04-14 12:42:00 956,928 ------w C:\WINDOWS\ServicePackFiles\i386\msdtctm.dll
+ 2008-04-14 12:42:00 161,792 ------w C:\WINDOWS\ServicePackFiles\i386\msdtcuiu.dll
+ 2008-04-14 07:16:10 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\msdv.sys
+ 2007-04-03 01:17:44 518,944 ------w C:\WINDOWS\ServicePackFiles\i386\msexch40.dll
+ 2007-04-03 01:18:00 326,432 ------w C:\WINDOWS\ServicePackFiles\i386\msexcl40.dll
+ 2008-04-14 07:02:40 19,072 ------w C:\WINDOWS\ServicePackFiles\i386\msfs.sys
+ 2008-04-14 12:42:00 539,136 ------w C:\WINDOWS\ServicePackFiles\i386\msftedit.dll
+ 2008-04-14 12:42:00 997,376 ------w C:\WINDOWS\ServicePackFiles\i386\msgina.dll
+ 2008-04-14 07:26:34 35,072 ------w C:\WINDOWS\ServicePackFiles\i386\msgpc.sys
+ 2008-04-14 12:42:00 3,166,208 ------w C:\WINDOWS\ServicePackFiles\i386\msgr3en.dll
+ 2008-04-14 12:42:00 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\msgrocm.dll
+ 2008-04-14 12:42:00 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\msgsc.dll
+ 2008-04-14 06:00:30 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\msgslang.dll
+ 2008-04-14 12:42:00 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll
+ 2008-04-14 12:42:46 188,416 ------w C:\WINDOWS\ServicePackFiles\i386\msh261.drv
+ 2008-04-14 12:42:46 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\msh263.drv
+ 2008-04-14 12:42:28 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\mshta.exe
+ 2008-04-14 12:42:00 3,066,880 ------w C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
+ 2008-04-14 12:42:00 449,024 ------w C:\WINDOWS\ServicePackFiles\i386\mshtmled.dll
+ 2008-04-14 04:56:28 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\mshtmler.dll
+ 2008-04-14 12:42:00 2,843,136 ------w C:\WINDOWS\ServicePackFiles\i386\msi.dll
+ 2008-04-14 12:42:00 51,712 ------w C:\WINDOWS\ServicePackFiles\i386\msident.dll
+ 2008-04-14 12:42:00 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\msidle.dll
+ 2008-04-14 12:42:00 248,832 ------w C:\WINDOWS\ServicePackFiles\i386\msieftp.dll
+ 2008-04-14 12:42:30 78,848 ------w C:\WINDOWS\ServicePackFiles\i386\msiexec.exe
+ 2008-04-14 12:42:00 271,360 ------w C:\WINDOWS\ServicePackFiles\i386\msihnd.dll
+ 2008-04-14 12:42:00 4,608 ------w C:\WINDOWS\ServicePackFiles\i386\msimg32.dll
+ 2008-04-14 12:42:30 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
+ 2008-04-14 04:09:44 884,736 ------w C:\WINDOWS\ServicePackFiles\i386\msimsg.dll
+ 2008-04-14 12:42:00 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\msimtf.dll
+ 2008-04-14 12:42:00 376,832 ------w C:\WINDOWS\ServicePackFiles\i386\msinfo.dll
+ 2008-04-14 07:24:30 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\msircomm.sys
+ 2008-04-14 12:42:30 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\msiregmv.exe
+ 2008-04-14 12:42:00 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\msisip.dll
+ 2007-10-22 22:00:52 1,516,568 ------w C:\WINDOWS\ServicePackFiles\i386\msjet40.dll
+ 2007-04-03 01:19:22 355,112 ------w C:\WINDOWS\ServicePackFiles\i386\msjetol1.dll
+ 2008-04-14 12:42:02 151,583 ------w C:\WINDOWS\ServicePackFiles\i386\msjint40.dll
+ 2008-04-14 12:42:02 102,400 ------w C:\WINDOWS\ServicePackFiles\i386\msjro.dll
+ 2007-04-03 01:19:34 60,192 ------w C:\WINDOWS\ServicePackFiles\i386\msjter40.dll
+ 2007-04-03 01:19:38 248,608 ------w C:\WINDOWS\ServicePackFiles\i386\msjtes40.dll
+ 2008-04-14 07:09:54 7,552 ------w C:\WINDOWS\ServicePackFiles\i386\mskssrv.sys
+ 2008-04-14 12:42:02 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\mslbui.dll
+ 2007-04-03 01:19:52 219,936 ------w C:\WINDOWS\ServicePackFiles\i386\msltus40.dll
+ 2008-04-14 12:42:02 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\mslwvtts.dll
+ 2008-04-14 12:42:02 170,496 ------w C:\WINDOWS\ServicePackFiles\i386\msmqocm.dll
+ 2008-04-14 12:42:30 1,695,232 ------w C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
+ 2007-04-03 07:09:44 11,053,008 ------w C:\WINDOWS\ServicePackFiles\i386\msncli.exe
+ 2008-04-14 12:42:02 290,816 ------w C:\WINDOWS\ServicePackFiles\i386\msnsspc.dll
+ 2007-04-03 07:12:38 1,327,320 ------w C:\WINDOWS\ServicePackFiles\i386\msnsusii.exe
+ 2008-04-14 12:42:02 122,368 ------w C:\WINDOWS\ServicePackFiles\i386\msobcomm.dll
+ 2008-04-14 12:42:02 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msobdl.dll
+ 2008-04-14 12:42:02 565,248 ------w C:\WINDOWS\ServicePackFiles\i386\msobmain.dll
+ 2008-04-14 12:42:02 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\msobshel.dll
+ 2008-04-14 12:42:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\msobweb.dll
+ 2008-04-14 12:42:02 1,314,816 ------w C:\WINDOWS\ServicePackFiles\i386\msoe.dll
+ 2008-04-14 12:42:02 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\msoeacct.dll
+ 2008-04-14 04:53:56 2,479,616 ------w C:\WINDOWS\ServicePackFiles\i386\msoeres.dll
+ 2008-04-14 12:42:02 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\msoert2.dll
+ 2008-04-14 12:42:30 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\msoobe.exe
+ 2008-04-14 05:54:16 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\msorc32r.dll
+ 2008-04-14 12:42:02 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\msorcl32.dll
+ 2008-04-14 12:42:30 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\mspaint.exe
+ 2008-04-14 12:42:02 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\mspatcha.dll
+ 2007-04-03 01:20:06 355,104 ------w C:\WINDOWS\ServicePackFiles\i386\mspbde40.dll
+ 2008-04-14 07:09:52 5,376 ------w C:\WINDOWS\ServicePackFiles\i386\mspclock.sys
+ 2008-04-14 07:09:52 4,992 ------w C:\WINDOWS\ServicePackFiles\i386\mspqm.sys
+ 2008-04-14 04:53:32 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\msprivs.dll
+ 2008-04-14 12:42:02 146,432 ------w C:\WINDOWS\ServicePackFiles\i386\msrating.dll
+ 2007-04-03 01:20:28 432,928 ------w C:\WINDOWS\ServicePackFiles\i386\msrd2x40.dll
+ 2007-04-03 01:20:44 322,336 ------w C:\WINDOWS\ServicePackFiles\i386\msrd3x40.dll
+ 2007-04-03 01:21:06 559,904 ------w C:\WINDOWS\ServicePackFiles\i386\msrepl40.dll
+ 2008-04-14 12:42:02 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\msrle32.dll
+ 2008-04-14 12:42:02 134,656 ------w C:\WINDOWS\ServicePackFiles\i386\mssap.dll
+ 2008-04-14 12:42:02 155,136 ------w C:\WINDOWS\ServicePackFiles\i386\mssha.dll
+ 2008-04-14 06:45:00 76,800 ------w C:\WINDOWS\ServicePackFiles\i386\msshamsg.dll
+ 2008-04-14 07:06:48 15,488 ------w C:\WINDOWS\ServicePackFiles\i386\mssmbios.sys
+ 2008-04-14 12:42:02 274,432 ------w C:\WINDOWS\ServicePackFiles\i386\mst120.dll
+ 2008-04-14 12:42:02 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\mst123.dll
+ 2008-04-14 07:16:10 49,024 ------w C:\WINDOWS\ServicePackFiles\i386\mstape.sys
+ 2008-04-14 12:42:02 274,944 ------w C:\WINDOWS\ServicePackFiles\i386\mstask.dll
+ 2008-04-14 07:09:52 5,504 ------w C:\WINDOWS\ServicePackFiles\i386\mstee.sys
+ 2007-04-03 01:21:28 264,992 ------w C:\WINDOWS\ServicePackFiles\i386\mstext40.dll
+ 2008-04-14 12:42:02 532,480 ------w C:\WINDOWS\ServicePackFiles\i386\mstime.dll
+ 2008-04-14 12:42:30 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\mstinit.exe
+ 2008-04-14 12:42:02 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\mstlsapi.dll
+ 2008-04-14 12:42:02 195,072 ------w C:\WINDOWS\ServicePackFiles\i386\msutb.dll
+ 2008-04-14 12:42:02 132,608 ------w C:\WINDOWS\ServicePackFiles\i386\msv1_0.dll
+ 2008-04-14 12:42:02 1,384,479 ------w C:\WINDOWS\ServicePackFiles\i386\msvbvm60.dll
+ 2008-04-14 12:42:02 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msvcirt.dll
+ 2008-04-14 12:42:02 413,696 ------w C:\WINDOWS\ServicePackFiles\i386\msvcp60.dll
+ 2008-04-14 12:42:02 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
+ 2008-04-14 07:00:48 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\msvcrt40.dll
+ 2008-04-14 12:42:02 121,344 ------w C:\WINDOWS\ServicePackFiles\i386\msvfw32.dll
+ 2008-04-14 12:42:02 1,428,992 ------w C:\WINDOWS\ServicePackFiles\i386\msvidctl.dll
+ 2008-04-14 12:42:02 72,704 ------w C:\WINDOWS\ServicePackFiles\i386\msw3prt.dll
+ 2007-04-03 01:21:48 838,432 ------w C:\WINDOWS\ServicePackFiles\i386\mswdat10.dll
+ 2008-04-14 12:42:02 203,776 ------w C:\WINDOWS\ServicePackFiles\i386\mswebdvd.dll
+ 2008-04-14 12:42:02 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
+ 2007-04-03 01:21:54 621,344 ------w C:\WINDOWS\ServicePackFiles\i386\mswstr10.dll
+ 2008-04-14 12:42:02 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\msxactps.dll
+ 2007-04-03 01:22:02 355,104 ------w C:\WINDOWS\ServicePackFiles\i386\msxbde40.dll
+ 2008-04-14 12:42:02 506,368 ------w C:\WINDOWS\ServicePackFiles\i386\msxml.dll
+ 2008-04-14 12:42:02 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\msxml2.dll
+ 2008-04-14 12:42:02 1,104,896 ------w C:\WINDOWS\ServicePackFiles\i386\msxml3.dll
+ 2008-04-14 12:42:02 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\msyuv.dll
+ 2008-04-14 06:53:42 126,686 ------w C:\WINDOWS\ServicePackFiles\i386\mtlmnt5.sys
+ 2008-04-14 06:53:40 1,309,184 ------w C:\WINDOWS\ServicePackFiles\i386\mtlstrm.sys
+ 2008-04-14 12:42:30 119,808 ------w C:\WINDOWS\ServicePackFiles\i386\mtstocom.exe
+ 2008-04-14 12:42:02 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\mtxclu.dll
+ 2008-04-14 12:42:02 30,720 ------w C:\WINDOWS\ServicePackFiles\i386\mtxdm.dll
+ 2008-04-14 12:42:02 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\mtxex.dll
+ 2008-04-14 12:42:02 34,304 ------w C:\WINDOWS\ServicePackFiles\i386\mtxlegih.dll
+ 2008-04-14 12:42:02 91,648 ------w C:\WINDOWS\ServicePackFiles\i386\mtxoci.dll
+ 2008-04-14 12:42:02 1,737,856 ------w C:\WINDOWS\ServicePackFiles\i386\mtxparhd.dll
+ 2008-04-14 05:04:28 452,736 ------w C:\WINDOWS\ServicePackFiles\i386\mtxparhm.sys
+ 2008-04-14 12:42:30 90,624 ------w C:\WINDOWS\ServicePackFiles\i386\muisetup.exe
+ 2008-04-14 07:47:06 105,344 ------w C:\WINDOWS\ServicePackFiles\i386\mup.sys
+ 2008-04-14 07:13:56 12,672 ------w C:\WINDOWS\ServicePackFiles\i386\mutohpen.sys
+ 2008-04-14 12:42:02 90,624 ------w C:\WINDOWS\ServicePackFiles\i386\mydocs.dll
+ 2008-04-14 07:16:26 85,248 ------w C:\WINDOWS\ServicePackFiles\i386\nabtsfec.sys
+ 2008-04-14 12:42:02 221,184 ------w C:\WINDOWS\ServicePackFiles\i386\nac.dll
+ 2008-04-14 12:42:02 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\napipsec.dll
+ 2008-04-14 12:42:02 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\napmontr.dll
+ 2008-04-14 12:42:30 176,640 ------w C:\WINDOWS\ServicePackFiles\i386\napstat.exe
+ 2008-04-14 12:42:30 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\narrator.exe
+ 2008-04-14 12:42:02 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\ncobjapi.dll
+ 2008-04-14 12:42:02 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\ncprov.dll
+ 2008-04-14 12:42:02 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\ncpsres.dll
+ 2008-04-14 12:42:02 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\nddeapi.dll
+ 2008-04-14 12:42:30 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\nddeapir.exe
+ 2008-04-14 12:42:02 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\nddenb32.dll
+ 2008-04-14 07:50:38 182,656 ------w C:\WINDOWS\ServicePackFiles\i386\ndis.sys
+ 2008-04-14 07:16:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\ndisip.sys
+ 2008-04-14 12:42:02 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\ndisnpp.dll
+ 2008-04-14 07:27:28 10,112 ------w C:\WINDOWS\ServicePackFiles\i386\ndistapi.sys
+ 2008-04-14 07:26:00 14,592 ------w C:\WINDOWS\ServicePackFiles\i386\ndisuio.sys
+ 2008-04-14 07:50:44 91,520 ------w C:\WINDOWS\ServicePackFiles\i386\ndiswan.sys
+ 2008-04-14 07:27:30 40,576 ------w C:\WINDOWS\ServicePackFiles\i386\ndproxy.sys
+ 2008-04-14 12:42:30 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\net.exe
+ 2008-04-14 12:42:30 124,928 ------w C:\WINDOWS\ServicePackFiles\i386\net1.exe
+ 2008-04-14 12:42:02 337,408 ------w C:\WINDOWS\ServicePackFiles\i386\netapi32.dll
+ 2008-04-14 07:26:04 34,688 ------w C:\WINDOWS\ServicePackFiles\i386\netbios.sys
+ 2008-04-14 07:51:02 162,816 ------w C:\WINDOWS\ServicePackFiles\i386\netbt.sys
+ 2008-04-14 12:42:02 622,592 ------w C:\WINDOWS\ServicePackFiles\i386\netcfgx.dll
+ 2008-04-14 12:42:30 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\netdde.exe
+ 2008-04-14 04:39:58 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\netfxocm.dll
+ 2007-12-18 00:29:54 82,976 ------w C:\WINDOWS\ServicePackFiles\i386\netfxupdate.exe
+ 2008-04-14 12:42:02 139,264 ------w C:\WINDOWS\ServicePackFiles\i386\netid.dll
+ 2008-04-14 12:42:02 407,040 ------w C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
+ 2008-04-14 12:42:02 198,144 ------w C:\WINDOWS\ServicePackFiles\i386\netman.dll
+ 2008-04-14 12:42:02 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\netoc.dll
+ 2008-04-14 12:42:02 875,008 ------w C:\WINDOWS\ServicePackFiles\i386\netplwiz.dll
+ 2008-04-14 12:42:02 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\netrap.dll
+ 2008-04-14 12:46:52 329,728 ------w C:\WINDOWS\ServicePackFiles\i386\netsetup.exe
+ 2008-04-14 12:42:30 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\netsh.exe
+ 2008-04-14 12:42:04 1,703,936 ------w C:\WINDOWS\ServicePackFiles\i386\netshell.dll
+ 2008-04-14 12:42:30 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\netstat.exe
+ 2008-04-14 12:42:04 80,896 ------w C:\WINDOWS\ServicePackFiles\i386\netui0.dll
+ 2008-04-14 12:42:04 245,760 ------w C:\WINDOWS\ServicePackFiles\i386\netui1.dll
+ 2008-04-14 05:05:40 132,695 ------w C:\WINDOWS\ServicePackFiles\i386\netwlan5.sys
+ 2008-04-14 12:42:04 247,808 ------w C:\WINDOWS\ServicePackFiles\i386\newdev.dll
+ 2008-04-14 04:41:08 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\ngen.exe
+ 2008-04-14 07:21:26 61,824 ------w C:\WINDOWS\ServicePackFiles\i386\nic1394.sys
+ 2008-04-14 12:42:04 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\nlhtml.dll
+ 2008-04-14 12:42:04 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\nmas.dll
+ 2008-04-14 12:42:04 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\nmasnt.dll
+ 2008-04-14 12:42:04 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\nmchat.dll
+ 2008-04-14 12:42:04 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\nmcom.dll
+ 2008-04-14 12:42:04 151,552 ------w C:\WINDOWS\ServicePackFiles\i386\nmft.dll
+ 2008-04-14 12:42:04 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\nmmkcert.dll
+ 2008-04-14 07:23:10 40,320 ------w C:\WINDOWS\ServicePackFiles\i386\nmnt.sys
+ 2008-04-14 12:42:04 172,032 ------w C:\WINDOWS\ServicePackFiles\i386\nmoldwb.dll
+ 2008-04-14 12:42:04 188,416 ------w C:\WINDOWS\ServicePackFiles\i386\nmwb.dll
+ 2008-04-14 12:42:30 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\notepad.exe
+ 2008-04-14 07:02:40 30,848 ------w C:\WINDOWS\ServicePackFiles\i386\npfs.sys
+ 2008-04-14 12:42:30 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\nppagent.exe
+ 2008-04-14 12:42:04 54,784 ------w C:\WINDOWS\ServicePackFiles\i386\npptools.dll
+ 2008-04-14 07:24:38 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\nscirda.sys
+ 2008-04-14 12:42:04 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\nsepm.dll
+ 2008-04-14 12:42:30 76,800 ------w C:\WINDOWS\ServicePackFiles\i386\nslookup.exe
+ 2008-04-14 12:42:32 1,200,640 ------w C:\WINDOWS\ServicePackFiles\i386\ntbackup.exe
+ 2008-04-14 05:13:04 47,564 ------w C:\WINDOWS\ServicePackFiles\i386\ntdetect.com
+ 2008-04-14 12:41:26 706,048 ------w C:\WINDOWS\ServicePackFiles\i386\ntdll.dll
+ 2008-04-14 12:42:04 67,072 ------w C:\WINDOWS\ServicePackFiles\i386\ntdsapi.dll
+ 2008-04-14 12:42:04 212,992 ------w C:\WINDOWS\ServicePackFiles\i386\ntevt.dll
+ 2008-04-14 07:45:54 574,976 ------w C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
+ 2008-04-14 05:19:40 33,840 ------w C:\WINDOWS\ServicePackFiles\i386\ntio.sys
+ 2008-04-14 05:19:44 34,560 ------w C:\WINDOWS\ServicePackFiles\i386\ntio404.sys
+ 2008-04-14 05:19:40 35,648 ------w C:\WINDOWS\ServicePackFiles\i386\ntio411.sys
+ 2008-04-14 05:19:44 35,424 ------w C:\WINDOWS\ServicePackFiles\i386\ntio412.sys
+ 2008-04-14 05:19:42 34,560 ------w C:\WINDOWS\ServicePackFiles\i386\ntio804.sys
+ 2008-04-14 07:54:38 2,145,280 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrnlmp.exe
+ 2008-04-14 07:01:22 2,065,792 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
+ 2008-04-14 07:01:22 2,023,936 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrpamp.exe
+ 2008-04-14 12:42:04 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\ntlanman.dll
+ 2008-04-14 12:42:04 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\ntlsapi.dll
+ 2008-04-14 12:42:04 118,784 ------w C:\WINDOWS\ServicePackFiles\i386\ntmarta.dll
+ 2008-04-14 12:42:04 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsapi.dll
+ 2008-04-14 12:42:04 179,200 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsdba.dll
+ 2008-04-14 12:42:04 488,448 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsmgr.dll
+ 2008-04-14 12:42:04 435,200 ------w C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
+ 2008-04-14 06:53:42 180,360 ------w C:\WINDOWS\ServicePackFiles\i386\ntmtlfax.sys
+ 2008-04-14 12:42:04 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\ntoc.dll
+ 2008-04-14 07:57:54 2,188,928 ------w C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
+ 2008-04-14 12:42:04 91,136 ------w C:\WINDOWS\ServicePackFiles\i386\ntprint.dll
+ 2008-04-14 12:42:04 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\ntshrui.dll
+ 2008-04-14 12:42:32 420,864 ------w C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe
+ 2008-04-14 12:42:04 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ntvdmd.dll
+ 2008-04-14 12:42:04 4,274,816 ------w C:\WINDOWS\ServicePackFiles\i386\nv4_disp.dll
+ 2008-04-14 05:04:32 1,897,408 ------w C:\WINDOWS\ServicePackFiles\i386\nv4_mini.sys
+ 2008-04-14 12:42:04 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\nwapi32.dll
+ 2008-04-14 07:26:08 88,320 ------w C:\WINDOWS\ServicePackFiles\i386\nwlnkipx.sys
+ 2008-04-14 12:42:04 142,336 ------w C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
+ 2008-04-14 07:04:14 163,584 ------w C:\WINDOWS\ServicePackFiles\i386\nwrdr.sys
+ 2008-04-14 12:42:04 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\nwwks.dll
+ 2008-04-14 12:42:04 270,336 ------w C:\WINDOWS\ServicePackFiles\i386\oakley.dll
+ 2008-04-14 12:40:32 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\obelog.dll
+ 2008-04-14 12:40:32 966,656 ------w C:\WINDOWS\ServicePackFiles\i386\obemetal.dll
+ 2007-04-03 07:14:12 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\obemtllc.dll
+ 2008-04-14 12:40:32 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\obepopc.dll
+ 2008-04-14 12:42:04 286,208 ------w C:\WINDOWS\ServicePackFiles\i386\objsel.dll
+ 2008-04-14 07:10:08 393,728 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0401.dll
+ 2008-04-14 07:10:24 212,480 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0404.dll
+ 2008-04-14 07:10:26 428,032 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0405.dll
+ 2008-04-14 07:10:28 418,816 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0406.dll
+ 2008-04-14 07:10:36 403,456 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0407.dll
+ 2008-04-14 07:10:32 419,328 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0408.dll
+ 2008-04-14 07:10:34 405,504 ------w C:\WINDOWS\ServicePackFiles\i386\obrb040b.dll
+ 2008-04-14 07:10:34 410,624 ------w C:\WINDOWS\ServicePackFiles\i386\obrb040c.dll
+ 2008-04-14 07:10:34 384,000 ------w C:\WINDOWS\ServicePackFiles\i386\obrb040d.dll
+ 2008-04-14 07:10:40 434,176 ------w C:\WINDOWS\ServicePackFiles\i386\obrb040e.dll
+ 2008-04-14 07:10:40 413,696 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0410.dll
+ 2008-04-14 07:10:46 275,456 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0411.dll
+ 2008-04-14 07:10:50 306,688 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0412.dll
+ 2008-04-14 07:10:46 401,920 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0413.dll
+ 2008-04-14 07:10:46 353,792 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0414.dll
+ 2008-04-14 07:10:48 391,680 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0415.dll
+ 2008-04-14 07:10:12 409,600 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0416.dll
+ 2008-04-14 07:10:52 427,008 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0419.dll
+ 2008-04-14 07:10:54 405,504 ------w C:\WINDOWS\ServicePackFiles\i386\obrb041b.dll
+ 2008-04-14 07:10:58 363,008 ------w C:\WINDOWS\ServicePackFiles\i386\obrb041d.dll
+ 2008-04-14 07:11:02 390,144 ------w C:\WINDOWS\ServicePackFiles\i386\obrb041f.dll
+ 2008-04-14 07:10:58 408,576 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0424.dll
+ 2008-04-14 07:10:26 270,336 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0804.dll
+ 2008-04-14 07:10:50 435,200 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0816.dll
+ 2008-04-14 07:10:32 446,464 ------w C:\WINDOWS\ServicePackFiles\i386\obrb0c0a.dll
+ 2008-04-14 12:42:04 96,256 ------w C:\WINDOWS\ServicePackFiles\i386\occache.dll
+ 2008-04-14 12:42:04 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ocgen.dll
+ 2008-04-14 12:42:04 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\ocmanage.dll
+ 2008-04-14 12:42:04 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\ocmsn.dll
+ 2007-04-03 02:35:22 26,224 ------w C:\WINDOWS\ServicePackFiles\i386\odbc16gt.dll
+ 2008-04-14 12:42:04 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\odbc32.dll
+ 2008-04-14 12:42:04 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\odbc32gt.dll
+ 2008-04-14 12:42:32 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\odbcad32.exe
+ 2008-04-14 12:42:04 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\odbcbcp.dll
+ 2008-04-14 12:42:04 135,168 ------w C:\WINDOWS\ServicePackFiles\i386\odbcconf.dll
+ 2008-04-14 12:42:32 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\odbcconf.exe
+ 2008-04-14 12:42:04 106,496 ------w C:\WINDOWS\ServicePackFiles\i386\odbccp32.dll
+ 2008-04-14 12:42:04 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\odbccr32.dll
+ 2008-04-14 12:42:04 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\odbccu32.dll
+ 2008-04-14 05:56:06 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\odbcint.dll
+ 2008-04-14 12:40:32 53,279 ------w C:\WINDOWS\ServicePackFiles\i386\odbcji32.dll
+ 2008-04-14 12:42:04 278,559 ------w C:\WINDOWS\ServicePackFiles\i386\odbcjt32.dll
+ 2008-04-14 05:56:06 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\odbcp32r.dll
+ 2008-04-14 12:42:04 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\odbctrac.dll
+ 2008-04-14 12:42:04 20,511 ------w C:\WINDOWS\ServicePackFiles\i386\oddbse32.dll
+ 2008-04-14 12:42:04 20,510 ------w C:\WINDOWS\ServicePackFiles\i386\odexl32.dll
+ 2008-04-14 12:42:04 20,510 ------w C:\WINDOWS\ServicePackFiles\i386\odfox32.dll
+ 2008-04-14 12:42:04 20,510 ------w C:\WINDOWS\ServicePackFiles\i386\odpdx32.dll
+ 2008-04-14 12:42:04 20,511 ------w C:\WINDOWS\ServicePackFiles\i386\odtext32.dll
+ 2008-04-14 12:42:04 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\oeimport.dll
+ 2008-04-14 12:42:32 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\oemig50.exe
+ 2008-04-14 12:42:04 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\oemiglib.dll
+ 2008-04-14 12:42:04 192,000 ------w C:\WINDOWS\ServicePackFiles\i386\offfilt.dll
+ 2008-04-14 07:16:20 61,696 ------w C:\WINDOWS\ServicePackFiles\i386\ohci1394.sys
+ 2008-04-14 12:42:04 1,287,168 ------w C:\WINDOWS\ServicePackFiles\i386\ole32.dll
+ 2008-04-14 12:42:04 551,936 ------w C:\WINDOWS\ServicePackFiles\i386\olea
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP