Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Delf.12.au Keeps Reappearing [RESOLVED]

Started by Gene R , Jun 14 2008 07:46 AM

This topic is locked

#1
Gene R

Posted 14 June 2008 - 07:46 AM

Member

Member
123 posts

hijackthis_6142008.txt 7.88KB 105 downloadsI am working on a machine that had a lot of junk on it. I've ran Ad-Aware, SpyBot, McAfee in both normal mode and safe mode. Got most everything cleaned off and I've even turned create restore points off and then booted into Safe Mode and scanned.
One item keeps appearing in scanbot, Delf.12.au it has info of:
(SB1 $85FB44D5) Library
c:\windows\system32\ctl3dv.dll

Also, as I reboot, the Yahoo Toolbar keeps getting reinstalled.
Here is the System Info:

OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name CUPCAKE
System Manufacturer Dell Computer Corporation
System Model Dimension 4550
System Type X86-based PC
Processor x86 Family 15 Model 2 Stepping 4 GenuineIntel ~1999 Mhz
BIOS Version/Date Dell Computer Corporation A01, 09/17/2002
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
User Name CUPCAKE\C.A. Kyle
Time Zone Eastern Standard Time
Total Physical Memory 384.00 MB
Available Physical Memory 209.69 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 919.93 MB
Page File C:\pagefile.sys

Here is the HiJackThis Report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:34 AM, on 06/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-itnow.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {58A5A572-74DA-4413-9E46-18B694024907} - C:\WINDOWS\System32\CTL3DV.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://fr4-download....2645/dialer.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarest...es2/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spam...ckerutility.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/...5/aolcdt175.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...er/imloader.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8065 bytes

Any Assistance would be greatly appreciated...
Thanks....

#2
Rorschach112

Posted 14 June 2008 - 08:09 AM

Ralphie

Retired Staff
47,710 posts

Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

#3
Gene R

Posted 14 June 2008 - 01:54 PM

Member

Topic Starter
Member
123 posts

Rorschach, Thanks for the reply and I've ran the Combo Fix.

The log file is attached and so is the HiJackThis log ran after I ran ComboFix.

Thanks again....

Attached Files

ComboFix.txt 11.92KB 99 downloads
hijackthis_06142008_1534.txt 7.28KB 104 downloads

#4
Rorschach112

Posted 14 June 2008 - 01:56 PM

Ralphie

Retired Staff
47,710 posts

Post the log here instead of attaching it please

#5
Gene R

Posted 14 June 2008 - 02:26 PM

Member

Topic Starter
Member
123 posts

Combo Fix Log:

ComboFix 08-06-12.2 - C.A. Kyle 2008-06-14 14:26:41.1 - NTFSx86
Running from: C:\Documents and Settings\C.A. Kyle\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\C.A. Kyle\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\Marc Kyle\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Nina Kyle\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\oemji
C:\Redemption.ECF
C:\WINDOWS\system32\ipv6monr.dll
C:\WINDOWS\update.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-14 09:08 . 2008-06-14 09:08 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-14 08:14 . 2008-06-14 08:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-13 20:07 . 2008-06-13 20:08 <DIR> d-------- C:\Program Files\CCleaner
2008-06-13 16:38 . 2008-06-13 16:38 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-13 16:38 . 2008-06-13 16:38 2,546 --a------ C:\WINDOWS\unins000.dat
2008-06-13 05:46 . 2008-06-13 05:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-13 05:46 . 2008-06-13 05:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 05:46 . 2008-06-13 05:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-13 05:35 . 2008-06-13 05:36 <DIR> d-------- C:\Program Files\Google
2008-06-13 05:35 . 2008-06-14 08:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-12 18:13 . 2002-10-17 19:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-12 18:13 . 2008-06-12 18:13 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-11 17:40 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-11 17:37 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2008-06-11 17:37 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
2008-06-11 17:36 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2008-06-11 17:36 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidusb.sys
2008-06-10 09:32 . 2004-08-04 02:08 26,496 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbstor.sys
2008-06-02 20:13 . 2008-06-14 09:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-02 20:13 . 2008-06-14 08:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 15:49 . 2008-06-01 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2008-06-01 15:48 . 2008-06-01 15:44 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2008-06-01 15:48 . 2008-06-01 15:44 16,694 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys
2008-06-01 15:47 . 2008-06-13 05:32 <DIR> d-------- C:\Program Files\Palm
2008-06-01 15:44 . 2008-06-01 15:44 <DIR> d-------- C:\Documents and Settings\Randy Kyle\Application Data\HotSync
2008-05-21 17:34 . 2008-04-22 23:16 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-05-21 17:34 . 2007-04-17 04:32 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-05-21 17:34 . 2007-03-08 00:10 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-05-21 17:34 . 2008-04-22 23:16 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-05-21 17:34 . 2008-04-22 23:16 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-05-21 17:34 . 2008-04-22 23:16 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-05-21 17:34 . 2008-04-22 23:16 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-05-21 17:34 . 2008-04-22 23:16 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-05-21 17:34 . 2008-04-22 02:39 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-05-21 17:27 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-05-14 16:47 . 2008-05-14 16:47 <DIR> d-------- C:\Program Files\DellSupport

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 13:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-14 13:32 --------- d-----w C:\Program Files\Yahoo!
2008-06-14 13:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-14 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 13:26 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-14 13:24 --------- d-----w C:\Program Files\Pure Networks
2008-06-14 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-14 13:22 --------- d-----w C:\Documents and Settings\C.A. Kyle\Application Data\AOL
2008-06-13 21:31 --------- d-----w C:\Program Files\Common Files\PrivacyConductor
2008-06-13 10:32 --------- d-----w C:\Program Files\Modem Helper
2008-06-13 10:32 --------- d-----w C:\Program Files\Microsoft Picture It! 2002
2008-06-13 10:32 --------- d-----w C:\Program Files\dwyco2
2008-06-13 10:32 --------- d-----w C:\Program Files\Creative
2008-06-13 10:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-01 20:44 53,248 ----a-w C:\WINDOWS\SYSTEM32\palmdevc.dll
2008-05-30 21:14 --------- d-----w C:\Documents and Settings\Nina Kyle\Application Data\Gtek
2008-05-21 22:15 --------- d--h--w C:\Documents and Settings\Randy Kyle\Application Data\GTek
2008-05-15 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-15 14:30 --------- d--h--w C:\Documents and Settings\C.A. Kyle\Application Data\GTek
2008-05-14 21:47 --------- d--h--w C:\Documents and Settings\Marion Kyle\Application Data\GTek
2008-05-14 21:47 --------- d-----w C:\Documents and Settings\Marc Kyle\Application Data\Gtek
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-24 03:16 3,591,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-04-14 11:01 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2002-12-25 10:41 64 -c--a-w C:\Program Files\dwyco.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58A5A572-74DA-4413-9E46-18B694024907}]
2001-08-18 06:00 99840 --a------ C:\WINDOWS\System32\CTL3DV.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-13 05:35 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 22:41 28738]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-11-20 17:16 77824]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 18:02 122880]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 21:50 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 11:00 245760]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2003-08-21 18:10 180224]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-08 10:32 180269]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-10-17 19:06:39 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 19:00:18 C:\WINDOWS\Tasks\McAfee.com Update Check (CUPCAKE-C.A. Kyle).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agen
"2008-06-14 19:31:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CUPCAKE-Marc Kyle).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agen
"2008-06-14 19:32:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CUPCAKE-Marion Kyle).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-06-14 19:32:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CUPCAKE-Nina Kyle).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agen
"2008-06-14 19:28:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CUPCAKE-Randy Kyle).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-06-14 17:55:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 14:30:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bpwofrnq]
"ImagePath"="system32\drivers\fbxqvegz.dat"
.
Completion time: 2008-06-14 14:32:39
ComboFix-quarantined-files.txt 2008-06-14 19:32:32

Pre-Run: 71,788,838,912 bytes free
Post-Run: 71,859,712,000 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

182 --- E O F --- 2008-06-11 23:15:44

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:15 PM, on 06/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {58A5A572-74DA-4413-9E46-18B694024907} - C:\WINDOWS\System32\CTL3DV.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://fr4-download....2645/dialer.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarest...es2/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/...5/aolcdt175.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...er/imloader.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7454 bytes

Thanks and sorry, I didn't know it was preferred to paste in the msg instead of attaching....

#6
Rorschach112

Posted 14 June 2008 - 02:29 PM

Ralphie

Retired Staff
47,710 posts

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\System32\CTL3DV.dll

Folder::

Registry::

Driver::
bpwofrnq

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

#7
Gene R

Posted 14 June 2008 - 06:23 PM

Member

Topic Starter
Member
123 posts

Here is the log file:

ComboFix 08-06-12.2 - C.A. Kyle 2008-06-14 15:45:20.2 - NTFSx86
Running from: C:\Documents and Settings\C.A. Kyle\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\C.A. Kyle\Desktop\cfscript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\System32\CTL3DV.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\System32\CTL3DV.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BPWOFRNQ
-------\Service_bpwofrnq

((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-14 08:14 . 2008-06-14 08:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-13 20:07 . 2008-06-13 20:08 <DIR> d-------- C:\Program Files\CCleaner
2008-06-13 16:38 . 2008-06-13 16:38 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-13 16:38 . 2008-06-13 16:38 2,546 --a------ C:\WINDOWS\unins000.dat
2008-06-13 05:46 . 2008-06-13 05:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-13 05:46 . 2008-06-13 05:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 05:46 . 2008-06-13 05:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-13 05:35 . 2008-06-13 05:36 <DIR> d-------- C:\Program Files\Google
2008-06-13 05:35 . 2008-06-14 08:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-12 18:13 . 2002-10-17 19:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-12 18:13 . 2008-06-12 18:13 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-11 17:40 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-11 17:37 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2008-06-11 17:37 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
2008-06-11 17:36 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2008-06-11 17:36 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidusb.sys
2008-06-10 09:32 . 2004-08-04 02:08 26,496 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbstor.sys
2008-06-02 20:13 . 2008-06-14 19:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-02 20:13 . 2008-06-14 08:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 15:49 . 2008-06-01 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2008-06-01 15:48 . 2008-06-01 15:44 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2008-06-01 15:48 . 2008-06-01 15:44 16,694 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys
2008-06-01 15:47 . 2008-06-13 05:32 <DIR> d-------- C:\Program Files\Palm
2008-06-01 15:44 . 2008-06-01 15:44 <DIR> d-------- C:\Documents and Settings\Randy Kyle\Application Data\HotSync
2008-05-21 17:34 . 2008-04-22 23:16 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-05-21 17:34 . 2007-04-17 04:32 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-05-21 17:34 . 2007-03-08 00:10 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-05-21 17:34 . 2008-04-22 23:16 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-05-21 17:34 . 2008-04-22 23:16 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-05-21 17:34 . 2008-04-22 23:16 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-05-21 17:34 . 2008-04-22 23:16 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-05-21 17:34 . 2008-04-22 23:16 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-05-21 17:34 . 2008-04-22 02:39 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-05-21 17:27 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\SYSTEM32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 13:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-14 13:32 --------- d-----w C:\Program Files\Yahoo!
2008-06-14 13:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-14 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 13:26 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-14 13:24 --------- d-----w C:\Program Files\Pure Networks
2008-06-14 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-14 13:22 --------- d-----w C:\Documents and Settings\C.A. Kyle\Application Data\AOL
2008-06-13 21:31 --------- d-----w C:\Program Files\Common Files\PrivacyConductor
2008-06-13 10:32 --------- d-----w C:\Program Files\Modem Helper
2008-06-13 10:32 --------- d-----w C:\Program Files\Microsoft Picture It! 2002
2008-06-13 10:32 --------- d-----w C:\Program Files\dwyco2
2008-06-13 10:32 --------- d-----w C:\Program Files\Creative
2008-06-13 10:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-01 20:44 53,248 ----a-w C:\WINDOWS\SYSTEM32\palmdevc.dll
2008-05-30 21:14 --------- d-----w C:\Documents and Settings\Nina Kyle\Application Data\Gtek
2008-05-21 22:15 --------- d--h--w C:\Documents and Settings\Randy Kyle\Application Data\GTek
2008-05-15 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-15 14:30 --------- d--h--w C:\Documents and Settings\C.A. Kyle\Application Data\GTek
2008-05-14 21:47 --------- d--h--w C:\Documents and Settings\Marion Kyle\Application Data\GTek
2008-05-14 21:47 --------- d-----w C:\Program Files\DellSupport
2008-05-14 21:47 --------- d-----w C:\Documents and Settings\Marc Kyle\Application Data\Gtek
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-24 03:16 3,591,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2002-12-25 10:41 64 -c--a-w C:\Program Files\dwyco.log
.

((((((((((((((((((((((((((((( snapshot@2008-06-14_14.31.53.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-14 13:58:09 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-14 20:48:16 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58A5A572-74DA-4413-9E46-18B694024907}]
2001-08-18 06:00 99840 --a------ C:\WINDOWS\System32\CTL3DV.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-13 05:35 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 22:41 28738]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-11-20 17:16 77824]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 18:02 122880]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 21:50 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 11:00 245760]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-21 18:10 180224]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-08 10:32 180269]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-10-17 19:06:39 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

*Newly Created Service* - BPWOFRNQ
.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 00:15:27 C:\WINDOWS\Tasks\McAfee.com Update Check (CUPCAKE-C.A. Kyle).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
- C:\PROGRA~1\mcafee.com\agent
"2008-06-15 00:16:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CUPCAKE-Marc Kyle).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agen
"2008-06-15 00:17:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CUPCAKE-Marion Kyle).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-06-15 00:17:01 C:\WINDOWS\Tasks\McAfee.com Update Check (CUPCAKE-Nina Kyle).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agen
"2008-06-15 00:13:00 C:\WINDOWS\Tasks\McAfee.com Update Check (CUPCAKE-Randy Kyle).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-06-14 21:55:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 19:11:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bpwofrnq]
"ImagePath"="system32\drivers\fbxqvegz.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsrte.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
.
**************************************************************************
.
Completion time: 2008-06-14 19:17:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-15 00:17:27
ComboFix2.txt 2008-06-14 19:32:40

Pre-Run: 71,854,178,304 bytes free
Post-Run: 71,774,216,192 bytes free

194 --- E O F --- 2008-06-11 23:15:44

Thanks. Do you need another HiJackThis run/report???

#8
Rorschach112

Posted 15 June 2008 - 06:22 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\System32\CTL3DV.dll

Drivers to delete:
bpwofrnq

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

#9
Gene R

Posted 15 June 2008 - 07:43 AM

Member

Topic Starter
Member
123 posts

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:41 AM, on 06/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {58A5A572-74DA-4413-9E46-18B694024907} - C:\WINDOWS\System32\CTL3DV.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://fr4-download....2645/dialer.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarest...es2/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213490911484
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/...5/aolcdt175.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...er/imloader.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7475 bytes

Avenger Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:41 AM, on 06/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {58A5A572-74DA-4413-9E46-18B694024907} - C:\WINDOWS\System32\CTL3DV.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://fr4-download....2645/dialer.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarest...es2/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213490911484
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/...5/aolcdt175.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...er/imloader.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7475 bytes

Thanks!!!

#10
Rorschach112

Posted 15 June 2008 - 08:55 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {58A5A572-74DA-4413-9E46-18B694024907} - C:\WINDOWS\System32\CTL3DV.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://fr4-download....2645/dialer.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarest...es2/Install.cab

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Then run ComboFix again and post the log along with a new HijackThis log

#11
Gene R

Posted 15 June 2008 - 11:27 AM

Member

Topic Starter
Member
123 posts

Kaspersky Report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 15, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 15, 2008 14:57:52
Records in database: 867406
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 62564
Threat name: 9
Infected objects: 11
Suspicious objects: 5
Duration of the scan: 01:37:52

File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ipv6monr.dll.vir Suspicious: Packed.Win32.Morphine.a 1
C:\QooBox\Quarantine\catchme2008-06-14_154712.09.zip Infected: Rootkit.Win32.Podnuha.by 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0000006.dll Suspicious: Packed.Win32.Morphine.a 1
C:\WINDOWS\2448.exe Infected: Trojan-Spy.Win32.BZub.jz 1
C:\WINDOWS\Adult_Chat.exe Infected: Trojan.Win32.Dialer.k 1
C:\WINDOWS\installer.exe Suspicious: Packed.Win32.Morphine.a 1
C:\WINDOWS\SYSTEM32\CTL3DV.1 Infected: Trojan.Win32.Delf.aik 1
C:\WINDOWS\SYSTEM32\CTL3DV.3 Infected: Trojan-Downloader.Win32.Agent.kpz 1
C:\WINDOWS\SYSTEM32\CTL3DV.4 Infected: Trojan.Win32.Pakes.cdw 1
C:\WINDOWS\SYSTEM32\CTL3DV.5 Infected: Trojan.Win32.Pakes.cdw 1
C:\WINDOWS\SYSTEM32\CTL3DV.6 Infected: Trojan.Win32.Pakes.cdw 1
C:\WINDOWS\SYSTEM32\gxbxrbko.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ay 2
C:\WINDOWS\SYSTEM32\gxbxrbko.exe Infected: not-a-virus:AdWare.Win32.HotBar.bi 1
C:\WINDOWS\update.html Suspicious: Packed.Win32.Morphine.a 1
C:\WINDOWS\update2.html Suspicious: Packed.Win32.Morphine.a 1

The selected area was scanned.

#12
Rorschach112

Posted 15 June 2008 - 12:25 PM

Ralphie

Retired Staff
47,710 posts

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\2448.exe
C:\WINDOWS\Adult_Chat.exe
C:\WINDOWS\installer.exe
C:\WINDOWS\SYSTEM32\CTL3DV.1
C:\WINDOWS\SYSTEM32\CTL3DV.3
C:\WINDOWS\SYSTEM32\CTL3DV.4
C:\WINDOWS\SYSTEM32\CTL3DV.5
C:\WINDOWS\SYSTEM32\CTL3DV.6
C:\WINDOWS\SYSTEM32\gxbxrbko.exe
C:\WINDOWS\update.html
C:\WINDOWS\update2.html

Folder::
C:\WINDOWS\SYSTEM32\CTL3DV.1
C:\WINDOWS\SYSTEM32\CTL3DV.3
C:\WINDOWS\SYSTEM32\CTL3DV.4
C:\WINDOWS\SYSTEM32\CTL3DV.5
C:\WINDOWS\SYSTEM32\CTL3DV.6

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

#13
Gene R

Posted 15 June 2008 - 01:17 PM

Member

Topic Starter
Member
123 posts

This is the HiJackThis Log, the Combofix will be in another post

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:12 PM, on 06/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213490911484
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/...5/aolcdt175.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredim...er/imloader.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7887 bytes

#14
Gene R

Posted 15 June 2008 - 01:26 PM

Member

Topic Starter
Member
123 posts

ComboFix Log to large for one post so here is part 1

ComboFix 08-06-12.2 - C.A. Kyle 2008-06-15 14:42:05.3 - NTFSx86
Running from: C:\Documents and Settings\C.A. Kyle\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\C.A. Kyle\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

FILE ::
C:\WINDOWS\2448.exe
C:\WINDOWS\Adult_Chat.exe
C:\WINDOWS\installer.exe
C:\WINDOWS\SYSTEM32\CTL3DV.1
C:\WINDOWS\SYSTEM32\CTL3DV.3
C:\WINDOWS\SYSTEM32\CTL3DV.4
C:\WINDOWS\SYSTEM32\CTL3DV.5
C:\WINDOWS\SYSTEM32\CTL3DV.6
C:\WINDOWS\SYSTEM32\gxbxrbko.exe
C:\WINDOWS\update.html
C:\WINDOWS\update2.html
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\2448.exe
C:\WINDOWS\Adult_Chat.exe
C:\WINDOWS\installer.exe
C:\WINDOWS\SYSTEM32\CTL3DV.1
C:\WINDOWS\SYSTEM32\CTL3DV.1\
C:\WINDOWS\SYSTEM32\CTL3DV.3
C:\WINDOWS\SYSTEM32\CTL3DV.3\
C:\WINDOWS\SYSTEM32\CTL3DV.4
C:\WINDOWS\SYSTEM32\CTL3DV.4\
C:\WINDOWS\SYSTEM32\CTL3DV.5
C:\WINDOWS\SYSTEM32\CTL3DV.5\
C:\WINDOWS\SYSTEM32\CTL3DV.6
C:\WINDOWS\SYSTEM32\CTL3DV.6\
C:\WINDOWS\SYSTEM32\gxbxrbko.exe
C:\WINDOWS\update.html
C:\WINDOWS\update2.html

.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-15 11:10 . 2008-06-15 11:10 <DIR> d-------- C:\WINDOWS\Sun
2008-06-15 11:10 . 2008-06-15 11:10 <DIR> d-------- C:\Program Files\Sun
2008-06-15 11:10 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-06-15 11:08 . 2008-06-15 11:10 <DIR> d-------- C:\Program Files\Java
2008-06-15 11:08 . 2008-06-15 11:08 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-15 08:40 . 2008-06-15 08:40 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-15 08:30 . 2008-06-15 08:30 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-15 08:30 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-06-15 08:30 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-06-14 22:39 . 2008-06-14 22:39 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-06-14 22:38 . 2008-06-14 22:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-06-14 22:38 . 2008-06-14 22:38 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-14 21:36 . 2008-04-13 20:12 712,704 --------- C:\WINDOWS\SYSTEM32\windowscodecs.dll
2008-06-14 21:36 . 2008-04-13 20:12 346,112 --------- C:\WINDOWS\SYSTEM32\windowscodecsext.dll
2008-06-14 21:36 . 2008-04-13 20:12 276,992 --------- C:\WINDOWS\SYSTEM32\wmphoto.dll
2008-06-14 21:36 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\SYSTEM32\wlanapi.dll
2008-06-14 21:36 . 2008-04-13 20:12 53,248 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-06-14 21:36 . 2008-04-13 20:12 50,688 --------- C:\WINDOWS\SYSTEM32\tspkg.dll
2008-06-14 21:36 . 2008-04-13 20:12 32,768 --------- C:\WINDOWS\SYSTEM32\setupn.exe
2008-06-14 21:36 . 2008-04-13 14:40 10,240 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-06-14 21:34 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\SYSTEM32\mmcex.dll
2008-06-14 21:34 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\SYSTEM32\microsoft.managementconsole.dll
2008-06-14 21:34 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\SYSTEM32\mmcfxcommon.dll
2008-06-14 21:34 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\SYSTEM32\kmsvc.dll
2008-06-14 21:34 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\SYSTEM32\l2gpstore.dll
2008-06-14 21:34 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\SYSTEM32\mmcperf.exe
2008-06-14 21:34 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\SYSTEM32\kbdpash.dll
2008-06-14 21:34 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\SYSTEM32\kbdnepr.dll
2008-06-14 21:34 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\SYSTEM32\kbdiultn.dll
2008-06-14 21:34 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\SYSTEM32\kbdbhc.dll
2008-06-14 21:32 . 2008-04-13 20:11 233,472 --------- C:\WINDOWS\SYSTEM32\azroles.dll
2008-06-14 21:32 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-06-14 09:14 . 2008-06-14 09:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-13 21:07 . 2008-06-13 21:08 <DIR> d-------- C:\Program Files\CCleaner
2008-06-13 17:38 . 2008-06-13 17:38 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-13 17:38 . 2008-06-13 17:38 2,546 --a------ C:\WINDOWS\unins000.dat
2008-06-13 06:46 . 2008-06-13 06:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-13 06:46 . 2008-06-13 06:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 06:46 . 2008-06-13 06:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-13 06:35 . 2008-06-13 06:36 <DIR> d-------- C:\Program Files\Google
2008-06-13 06:35 . 2008-06-15 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-12 19:13 . 2002-10-17 20:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-12 19:13 . 2008-06-12 19:13 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-11 18:40 . 2008-04-14 08:30 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-11 18:40 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-06-11 18:37 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2008-06-11 18:37 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
2008-06-11 18:36 . 2008-04-13 14:45 10,368 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2008-06-02 21:13 . 2008-06-15 11:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-02 21:13 . 2008-06-15 11:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-01 16:49 . 2008-06-01 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2008-06-01 16:48 . 2008-06-01 16:44 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2008-06-01 16:48 . 2008-06-01 16:44 16,694 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys
2008-06-01 16:47 . 2008-06-13 06:32 <DIR> d-------- C:\Program Files\Palm
2008-06-01 16:44 . 2008-06-01 16:44 <DIR> d-------- C:\Documents and Settings\Randy Kyle\Application Data\HotSync
2008-05-21 18:34 . 2008-04-23 00:16 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-05-21 18:34 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-05-21 18:34 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-05-21 18:34 . 2008-04-23 00:16 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-05-21 18:34 . 2008-04-23 00:16 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-05-21 18:34 . 2008-04-23 00:16 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-05-21 18:34 . 2008-04-23 00:16 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-05-21 18:34 . 2008-04-23 00:16 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-05-21 18:34 . 2008-04-22 03:39 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-05-21 18:27 . 2007-08-13 19:54 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
2008-05-16 12:58 . 2008-05-16 12:58 12,632 --a------ C:\WINDOWS\SYSTEM32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 00:47 --------- d-----w C:\Documents and Settings\Marc Kyle\Application Data\Gtek
2008-06-14 13:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-14 13:32 --------- d-----w C:\Program Files\Yahoo!
2008-06-14 13:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-14 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 13:26 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-14 13:24 --------- d-----w C:\Program Files\Pure Networks
2008-06-14 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-14 13:22 --------- d-----w C:\Documents and Settings\C.A. Kyle\Application Data\AOL
2008-06-13 21:31 --------- d-----w C:\Program Files\Common Files\PrivacyConductor
2008-06-13 10:32 --------- d-----w C:\Program Files\Modem Helper
2008-06-13 10:32 --------- d-----w C:\Program Files\Microsoft Picture It! 2002
2008-06-13 10:32 --------- d-----w C:\Program Files\dwyco2
2008-06-13 10:32 --------- d-----w C:\Program Files\Creative
2008-06-13 10:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-01 20:44 53,248 ----a-w C:\WINDOWS\SYSTEM32\palmdevc.dll
2008-05-30 21:14 --------- d-----w C:\Documents and Settings\Nina Kyle\Application Data\Gtek
2008-05-21 22:15 --------- d--h--w C:\Documents and Settings\Randy Kyle\Application Data\GTek
2008-05-15 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-15 14:30 --------- d--h--w C:\Documents and Settings\C.A. Kyle\Application Data\GTek
2008-05-14 21:47 --------- d--h--w C:\Documents and Settings\Marion Kyle\Application Data\GTek
2008-05-14 21:47 --------- d-----w C:\Program Files\DellSupport
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-24 03:16 3,591,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\SYSTEM32\setupapi.dll
2008-04-14 09:42 11,264 ------w C:\WINDOWS\SYSTEM32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\SYSTEM32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\SYSTEM32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\SYSTEM32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\SYSTEM32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\SYSTEM32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\SYSTEM32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\SYSTEM32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\SYSTEM32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\SYSTEM32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\SYSTEM32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\SYSTEM32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\SYSTEM32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\SYSTEM32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\SYSTEM32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\SYSTEM32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\SYSTEM32\msshavmsg.dll
2008-04-13 17:39 438,784 ------w C:\WINDOWS\SYSTEM32\xpob2res.dll
2008-04-13 17:39 2,897,920 ------w C:\WINDOWS\SYSTEM32\xpsp2res.dll
2008-04-13 17:39 187,392 ------w C:\WINDOWS\SYSTEM32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\SYSTEM32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\SYSTEM32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\SYSTEM32\msxml6r.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\SYSTEM32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\SYSTEM32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\SYSTEM32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\SYSTEM32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\SYSTEM32\qedwipes.dll
2008-04-13 17:09 4,096 ------w C:\WINDOWS\SYSTEM32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\SYSTEM32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\SYSTEM32\shdoclc.dll
2008-04-13 16:48 1,647,616 ------w C:\WINDOWS\SYSTEM32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\SYSTEM32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\SYSTEM32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\SYSTEM32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\SYSTEM32\msimsg.dll
2002-12-25 10:41 64 -c--a-w C:\Program Files\dwyco.log
.

((((((((((((((((((((((((((((( snapshot@2008-06-14_14.31.53.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-12-20 22:44:10 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\1394bus.sys
+ 2004-08-04 06:10:06 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\1394bus.sys
+ 2004-08-04 06:00:03 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\4mmdat.sys
+ 2004-08-04 06:10:10 48,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\61883.sys
- 2001-08-18 11:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll
- 2001-08-18 11:00:00 179,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe
+ 2004-08-04 07:56:47 183,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe
- 2002-03-25 19:01:52 1,801,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll
+ 2004-08-04 07:56:41 1,852,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll
+ 2004-08-04 07:56:41 1,852,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll.000
- 2002-03-25 19:01:46 382,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll
+ 2004-08-04 07:56:41 450,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll
+ 2004-08-04 07:56:41 450,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll.000
- 2001-08-18 11:00:00 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclua.dll
+ 2004-08-04 07:56:41 137,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclua.dll
+ 2004-08-04 07:56:41 137,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclua.dll.000
- 2001-08-18 11:00:00 107,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclui.dll
+ 2004-08-04 07:56:41 114,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclui.dll
- 2001-08-18 11:00:00 179,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
+ 2004-08-04 06:07:38 187,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
- 2002-03-25 19:01:50 207,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll
+ 2004-08-04 07:56:41 244,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll
+ 2004-08-04 07:56:41 244,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll.000
- 2001-08-18 11:00:00 181,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\activeds.dll
+ 2004-08-04 07:56:41 194,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\activeds.dll
- 2001-08-18 11:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe
+ 2004-08-04 07:56:47 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe
- 2001-08-18 11:00:00 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\actxprxy.dll
+ 2004-08-04 07:56:41 101,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\actxprxy.dll
- 2002-03-25 19:01:52 107,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll
+ 2004-08-04 07:56:41 116,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll
+ 2004-08-04 07:56:41 116,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll.000
+ 2004-08-04 07:56:41 20,540 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.dll
+ 2004-08-04 07:56:47 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.exe
- 2001-08-18 11:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\admparse.dll
+ 2004-08-04 07:56:41 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\admparse.dll
- 2001-08-18 11:00:00 160,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldp.dll
+ 2004-08-04 07:56:41 175,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldp.dll
- 2001-08-18 11:00:00 139,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldpc.dll
+ 2004-08-04 07:56:41 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldpc.dll
- 2001-08-18 11:00:00 62,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsmsext.dll
+ 2004-08-04 07:56:41 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsmsext.dll
- 2001-08-18 11:00:00 239,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsnt.dll
+ 2004-08-04 07:56:41 263,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsnt.dll
+ 2004-08-04 07:56:41 4,255 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv01nt5.dll
+ 2004-08-04 07:56:41 3,967 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv02nt5.dll
+ 2004-08-04 07:56:41 3,615 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv05nt5.dll
+ 2004-08-04 07:56:41 3,647 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv07nt5.dll
+ 2004-08-04 07:56:41 3,135 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv08nt5.dll
+ 2004-08-04 07:56:41 3,711 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv09nt5.dll
+ 2004-08-04 07:56:41 3,775 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv11nt5.dll
- 2001-08-18 11:00:00 549,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\advapi32.dll
+ 2004-08-04 07:56:41 616,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\advapi32.dll
- 2001-08-18 11:00:00 91,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\advpack.dll
+ 2004-08-04 07:56:41 99,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\advpack.dll
- 2001-07-23 22:25:14 122,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\aec.sys
+ 2006-02-15 00:22:26 142,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\aec.sys
+ 2006-02-15 00:22:26 142,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\aec.sys.001
- 2001-08-18 11:00:00 130,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\afd.sys
+ 2004-08-04 06:14:14 138,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\afd.sys
- 2001-08-18 11:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentanm.dll
+ 2004-08-04 07:56:41 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentanm.dll
- 2001-08-18 11:00:00 204,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentctl.dll
+ 2004-08-04 07:56:41 214,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentctl.dll
- 2001-08-18 11:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdp2.dll
- 2001-08-18 11:00:00 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdpv.dll
- 2001-08-18 11:00:00 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentmpx.dll
+ 2004-08-04 07:56:41 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentmpx.dll
- 2001-08-18 11:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentpsh.dll
+ 2004-08-04 07:56:41 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentpsh.dll
- 2001-08-18 11:00:00 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsr.dll
+ 2004-08-04 07:56:41 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsr.dll
- 2001-08-18 11:00:00 235,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe
- 2001-08-17 18:58:00 25,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
+ 2004-08-04 06:07:41 42,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
- 2001-08-17 18:58:02 29,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\agpcpq.sys
+ 2004-08-04 06:07:42 44,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\agpcpq.sys
+ 2001-08-18 11:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0405.dll
+ 2001-08-18 11:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0406.dll
+ 2001-08-18 11:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0407.dll
+ 2001-08-18 11:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0408.dll
+ 2001-08-18 11:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0409.dll
+ 2001-08-18 11:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt040b.dll
+ 2001-08-18 11:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt040c.dll
+ 2001-08-18 11:00:00 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt040e.dll
+ 2001-08-18 11:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0410.dll
+ 2001-08-18 11:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0413.dll
+ 2001-08-18 11:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0414.dll
+ 2001-08-18 11:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0415.dll
+ 2001-08-18 11:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0416.dll
+ 2001-08-18 11:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0419.dll
+ 2001-08-18 11:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt041d.dll
+ 2001-08-18 11:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt041f.dll
+ 2001-08-18 11:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0816.dll
+ 2001-08-18 11:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0c0a.dll
- 2001-08-18 11:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agtintl.dll
+ 2004-08-04 07:56:41 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\agtintl.dll
- 2001-08-18 11:00:00 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\ahui.exe
+ 2004-08-04 07:56:47 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\ahui.exe
- 2001-08-18 11:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\alg.exe
+ 2004-08-04 07:56:47 44,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\alg.exe
- 2001-08-17 18:58:00 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\alim1541.sys
+ 2004-08-04 06:07:41 42,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\alim1541.sys
- 2001-08-18 11:00:00 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\alrsvc.dll
+ 2004-08-04 07:56:41 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\alrsvc.dll
- 2001-08-17 18:58:02 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdagp.sys
+ 2004-08-04 06:07:42 43,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdagp.sys
- 2001-08-18 11:00:00 32,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk6.sys
+ 2004-08-04 05:59:19 36,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk6.sys
+ 2004-08-04 05:59:20 37,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk7.sys
- 2002-12-12 05:14:32 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\amstream.dll
+ 2004-08-04 07:56:41 70,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\amstream.dll
- 2001-08-18 11:00:00 104,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\apphelp.dll
+ 2004-08-04 07:56:41 126,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\apphelp.dll
+ 2004-08-04 07:56:41 331,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\aqueue.dll
- 2001-08-18 11:00:00 54,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\arp1394.sys
+ 2004-08-04 05:58:29 60,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\arp1394.sys
- 2001-08-18 11:00:00 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\asycfilt.dll
+ 2004-08-04 07:56:41 65,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\asycfilt.dll
- 2001-08-18 11:00:00 13,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys
+ 2004-08-04 06:05:03 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys
- 2001-08-18 11:00:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\at.exe
+ 2004-08-04 07:56:47 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\at.exe
- 2002-08-16 15:31:24 87,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
+ 2004-08-04 05:59:42 95,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
+ 2004-08-04 07:56:41 229,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati2cqag.dll
+ 2004-08-04 07:56:41 377,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati2dvaa.dll
+ 2004-08-04 07:56:41 201,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati2dvag.dll
+ 2004-08-04 07:56:41 870,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati3d1ag.dll
+ 2004-08-04 07:56:41 1,057,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati3d2ag.dll
+ 2004-08-04 07:56:41 1,888,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati3duag.dll
+ 2004-08-04 07:56:41 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\ativtmxx.dll
+ 2004-08-04 07:56:41 516,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\ativvaxx.dll
- 2001-08-18 11:00:00 74,802 -c----w C:\WINDOWS\$NtServicePackUninstall$\atl.dll
+ 2004-08-04 07:56:41 58,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\atl.dll
- 2001-08-18 11:00:00 10,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe
+ 2004-08-04 07:56:47 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe
- 2001-08-18 11:00:00 57,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmarpc.sys
+ 2004-08-04 05:58:30 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmarpc.sys
- 2001-08-18 11:00:00 272,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmfd.dll
+ 2004-08-04 07:55:59 285,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmfd.dll
- 2001-08-18 11:00:00 53,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlane.sys
+ 2004-08-04 05:58:34 55,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlane.sys
- 2001-08-18 11:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlib.dll
+ 2004-08-04 07:56:41 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlib.dll
+ 2001-08-18 11:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\attrib.exe
+ 2004-08-04 07:56:41 21,183 -c----w C:\WINDOWS\$NtServicePackUninstall$\atv01nt5.dll
+ 2004-08-04 07:56:41 11,359 -c----w C:\WINDOWS\$NtServicePackUninstall$\atv02nt5.dll
+ 2004-08-04 07:56:41 25,471 -c----w C:\WINDOWS\$NtServicePackUninstall$\atv04nt5.dll
+ 2004-08-04 07:56:41 14,143 -c----w C:\WINDOWS\$NtServicePackUninstall$\atv06nt5.dll
+ 2004-08-04 07:56:41 17,279 -c----w C:\WINDOWS\$NtServicePackUninstall$\atv10nt5.dll
- 2001-08-18 11:00:00 37,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll
+ 2004-08-04 07:56:41 42,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll
+ 2004-08-04 07:56:47 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\auditusr.exe
+ 2004-08-04 07:56:41 20,540 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.dll
+ 2004-08-04 07:56:47 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.exe
- 2001-08-18 11:00:00 51,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\authz.dll
+ 2005-03-02 18:09:29 56,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\authz.dll
- 2001-08-18 11:00:00 565,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
+ 2004-08-04 07:56:47 588,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
- 2001-08-18 11:00:00 578,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\autoconv.exe
+ 2004-08-04 07:56:47 602,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\autoconv.exe
- 2001-08-18 11:00:00 558,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\autofmt.exe
+ 2004-08-04 07:56:47 580,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\autofmt.exe
- 2001-08-18 11:00:00 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\autolfn.exe
+ 2004-08-04 07:56:47 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\autolfn.exe
+ 2004-08-04 06:10:10 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\avc.sys
+ 2004-08-04 06:09:58 13,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\avcstrm.sys
- 2001-08-18 11:00:00 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\avifil32.dll
+ 2004-08-04 07:56:41 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\avifil32.dll
- 2004-06-17 17:55:23 48,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\basesrv.dll
+ 2004-08-04 07:56:41 52,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\basesrv.dll
- 2001-08-18 11:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\batmeter.dll
+ 2004-08-04 07:56:41 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\batmeter.dll
- 2001-08-18 11:00:00 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\batt.dll
+ 2004-08-04 07:56:41 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\batt.dll
- 2002-12-04 07:03:54 11,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\bdasup.sys
+ 2004-08-04 06:10:12 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\bdasup.sys
- 2001-08-18 11:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\bidispl.dll
+ 2004-08-04 07:56:41 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\bidispl.dll
- 2004-07-01 22:08:18 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx2.dll
+ 2004-08-04 07:56:41 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx2.dll
- 2004-07-01 22:08:18 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx3.dll
+ 2004-08-04 07:56:41 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx3.dll
+ 2004-08-04 07:56:47 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\blastcln.exe
- 2001-08-18 11:00:00 53,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\bridge.sys
+ 2004-08-04 05:59:57 71,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\bridge.sys
- 2001-08-18 11:00:00 62,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\browselc.dll
+ 2004-08-04 07:55:59 63,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\browselc.dll
- 2004-06-08 22:01:32 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\browser.dll
+ 2004-08-04 07:56:41 77,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\browser.dll
- 2004-01-16 07:29:32 1,024,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\browseui.dll
- 2001-08-18 11:00:00 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\browsewm.dll
+ 2004-08-04 07:56:41 78,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\browsewm.dll
+ 2004-08-04 07:56:41 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthci.dll
+ 2004-08-04 06:10:38 17,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthenum.sys
+ 2004-08-04 06:10:38 38,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthmodem.sys
+ 2004-08-04 05:58:38 100,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthpan.sys
+ 2008-04-14 11:01:02 272,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthport.sys
+ 2008-04-14 11:01:02 272,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthport.sys.001
+ 2004-08-04 06:10:37 35,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthprint.sys
+ 2004-08-04 07:56:41 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthserv.dll
+ 2004-08-04 06:10:34 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthusb.sys
+ 2004-08-04 07:56:41 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\btpanui.dll
- 2001-08-18 11:00:00 58,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabinet.dll
+ 2004-08-04 07:56:41 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabinet.dll
- 2001-08-18 11:00:00 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabview.dll
+ 2004-08-04 07:56:41 84,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabview.dll
+ 2001-08-18 11:00:00 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\cacls.exe
- 2004-03-30 01:25:39 364,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\callcont.dll
+ 2004-08-04 07:56:41 385,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\callcont.dll
- 2001-08-18 11:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\camocx.dll
+ 2004-08-04 07:56:41 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\camocx.dll
+ 2001-08-18 11:00:00 142,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\capesnpn.dll
- 2004-03-06 02:04:56 225,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll
+ 2005-07-26 04:39:42 225,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll
- 2001-08-18 11:00:00 85,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvps.dll
+ 2004-08-04 07:56:41 85,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvps.dll
- 2004-03-06 02:04:57 596,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll
- 2002-12-04 07:04:12 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys
+ 2004-08-04 06:10:16 17,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys
- 2001-08-18 11:00:00 62,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys
+ 2004-08-04 06:14:10 63,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys
- 2001-08-18 11:00:00 142,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfview.dll
+ 2008-02-16 08:59:35 151,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfview.dll
+ 2004-08-04 07:56:41 66,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdm.dll
- 2001-08-18 11:00:00 2,028,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdosys.dll
- 2001-08-18 11:00:00 47,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
+ 2004-08-04 05:59:52 49,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
- 2001-08-18 11:00:00 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\certcli.dll
+ 2004-08-04 07:56:41 194,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\certcli.dll
- 2001-08-18 11:00:00 436,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\certmgr.dll
+ 2004-08-04 07:56:41 457,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\certmgr.dll
- 2001-08-18 11:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgbkend.dll
+ 2004-08-04 07:56:41 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgbkend.dll
- 2001-08-18 11:00:00 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgmgr32.dll
+ 2004-08-04 07:56:00 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgmgr32.dll
+ 2004-08-04 07:56:47 188,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe
+ 2004-08-04 07:56:41 15,423 -c----w C:\WINDOWS\$NtServicePackUninstall$\ch7xxnt5.dll
+ 2004-08-04 06:00:12 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\changer.sys
+ 2004-08-04 05:31:51 97,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\chtmbx.dll
+ 2004-08-04 05:31:52 56,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\chtskdic.dll
+ 2004-08-04 05:31:53 173,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\chtskf.dll
+ 2001-08-18 11:00:00 109,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\cic.dll
- 2001-08-18 11:00:00 1,266,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\cimwin32.dll
+ 2004-08-04 07:56:41 1,352,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\cimwin32.dll
+ 2004-08-04 05:31:52 198,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\cintime.dll
- 2001-08-18 11:00:00 62,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\ciodm.dll
+ 2006-06-22 05:06:29 69,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\ciodm.dll
- 2001-08-18 11:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe
+ 2004-08-04 07:56:47 5,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe
- 2001-08-18 11:00:00 44,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
+ 2004-08-04 06:14:26 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
- 2004-03-06 02:04:57 110,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll
- 2004-03-05 22:05:00 499,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll
- 2001-08-18 11:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
+ 2004-08-04 07:56:47 64,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
- 2001-08-18 11:00:00 127,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.dll
+ 2004-08-04 07:56:41 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.dll
- 2001-08-18 11:00:00 45,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe
+ 2004-08-04 07:56:47 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe
- 2001-08-18 11:00:00 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe
+ 2004-08-04 07:56:47 102,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe
- 2001-08-18 11:00:00 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
+ 2004-08-04 07:56:47 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
- 2001-08-18 11:00:00 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\clusapi.dll
+ 2004-08-04 07:56:41 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\clusapi.dll
+ 2004-08-04 06:07:39 14,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmbatt.sys
- 2001-08-18 11:00:00 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmcfg32.dll
+ 2004-08-04 07:56:41 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmcfg32.dll
- 2001-08-18 11:00:00 375,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
+ 2004-08-04 07:56:48 388,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
- 2001-08-18 11:00:00 314,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdial32.dll
+ 2004-08-04 07:56:41 343,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdial32.dll
- 2001-08-18 11:00:00 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe
+ 2004-08-04 07:56:48 47,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe
- 2001-08-18 11:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe
+ 2004-08-04 07:56:48 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe
- 2001-08-18 11:00:00 174,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmprops.dll
+ 2004-08-04 07:56:41 185,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmprops.dll
+ 2004-08-04 07:56:41 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmsetacl.dll
- 2001-08-18 11:00:00 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe
+ 2004-08-04 07:56:48 63,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe
- 2001-08-18 11:00:00 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmutil.dll
+ 2004-08-04 07:56:41 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmutil.dll
- 2001-08-18 11:00:00 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\cnbjmon.dll
+ 2004-08-04 07:56:41 47,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\cnbjmon.dll
+ 2004-08-04 07:56:41 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\cnbjmon2.dll
- 2004-03-06 02:04:59 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\colbact.dll
+ 2005-07-26 04:39:43 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\colbact.dll
+ 2001-08-18 11:00:00 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\comaddin.dll
- 2004-03-06 02:05:00 187,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll
+ 2005-07-26 04:39:44 195,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll
- 2001-08-18 11:00:00 557,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll
+ 2006-08-25 15:45:58 617,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll
- 2001-08-18 11:00:00 258,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\comdlg32.dll
+ 2004-08-04 07:56:41 276,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\comdlg32.dll
- 2001-08-18 11:00:00 238,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\compatui.dll
+ 2004-08-04 07:56:41 252,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\compatui.dll
- 2001-08-18 11:00:00 222,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\compstui.dll
+ 2004-08-04 07:56:41 229,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\compstui.dll
+ 2005-07-26 04:39:44 97,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.dll
- 2004-02-17 18:49:58 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe
+ 2004-08-04 07:56:48 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe
+ 2001-08-18 11:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrereg.exe
- 2001-08-18 11:00:00 792,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\comres.dll
+ 2004-08-04 07:56:41 792,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\comres.dll
+ 2001-08-18 11:00:00 259,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsetup.dll
+ 2001-08-18 11:00:00 147,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsnap.dll
- 2004-03-06 02:05:02 1,177,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll
- 2004-03-06 02:05:03 499,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\comuid.dll
+ 2005-07-26 04:39:45 540,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\comuid.dll
- 2001-08-18 11:00:00 995,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\conf.exe
+ 2004-08-04 07:56:48 1,032,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\conf.exe
- 2001-08-18 11:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\confmrsl.dll
+ 2004-08-04 07:56:41 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\confmrsl.dll
+ 2001-08-18 11:00:00 345,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\confmsp.dll
- 2001-08-18 11:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\conime.exe
+ 2004-08-04 07:56:48 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\conime.exe
- 2001-08-18 11:00:00 14,877 -c----w C:\WINDOWS\$NtServicePackUninstall$\corpol.dll
+ 2004-08-04 07:56:41 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\corpol.dll
- 2001-08-18 11:00:00 161,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\credui.dll
+ 2004-08-04 07:56:41 163,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\credui.dll
- 2001-08-18 11:00:00 31,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\crusoe.sys
+ 2004-08-04 05:59:20 36,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\crusoe.sys
- 2002-09-23 20:10:26 544,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll
+ 2004-08-04 07:56:41 597,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll
- 2001-08-18 11:00:00 70,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdlg.dll
+ 2004-08-04 07:56:41 74,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdlg.dll
- 2001-08-18 11:00:00 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdll.dll
+ 2004-08-04 07:56:41 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdll.dll
- 2001-08-18 11:00:00 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptext.dll
+ 2004-08-04 07:56:41 53,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptext.dll
- 2001-08-18 11:00:00 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptnet.dll
+ 2004-08-04 07:56:41 63,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptnet.dll
- 2001-08-18 11:00:00 51,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
+ 2004-08-04 07:56:41 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
- 2003-07-24 20:43:14 476,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptui.dll
+ 2004-08-04 07:56:41 512,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptui.dll
- 2001-08-18 11:00:00 89,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscdll.dll
+ 2004-08-04 07:56:41 101,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscdll.dll
- 2001-08-18 11:00:00 102,450 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscript.exe
+ 2004-08-04 07:56:48 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscript.exe
- 2001-08-18 11:00:00 305,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscui.dll
+ 2004-08-04 07:56:41 326,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscui.dll
- 2001-08-18 11:00:00 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrsrv.dll
+ 2004-08-04 07:56:41 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrsrv.dll
- 2001-08-18 11:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
+ 2004-08-04 07:56:48 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
- 2001-08-18 11:00:00 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
+ 2004-08-04 07:56:48 15,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
+ 2004-08-04 07:56:41 249,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctmasetp.dll
- 2004-08-11 05:45:04 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\custsat.dll
+ 2006-06-03 11:40:49 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\custsat.dll
- 2002-12-12 05:14:32 1,177,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8.dll
+ 2004-08-04 07:56:41 1,179,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8.dll
- 2002-12-12 05:14:32 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll
+ 2004-08-04 07:56:41 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll
- 2002-12-12 05:14:32 1,634,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll
+ 2004-08-04 07:56:41 1,689,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll
- 2002-12-12 05:14:32 797,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3dim700.dll
+ 2004-08-04 07:56:41 825,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3dim700.dll
- 2001-08-18 11:00:00 986,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\danim.dll
+ 2008-02-16 08:59:35 1,054,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\danim.dll
- 2004-03-01 18:55:22 561,179 -c----w C:\WINDOWS\$NtServicePackUninstall$\dao360.dll
+ 2004-08-04 07:56:42 561,179 -c----w C:\WINDOWS\$NtServicePackUninstall$\dao360.dll
- 2001-08-18 11:00:00 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\dataclen.dll
+ 2004-08-04 07:56:42 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\dataclen.dll
+ 2001-08-18 11:00:00 152,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\datime.dll
- 2001-08-18 11:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\davclnt.dll
+ 2004-08-04 07:56:42 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\davclnt.dll
- 2001-08-18 11:00:00 486,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbghelp.dll
+ 2004-08-04 07:56:42 640,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbghelp.dll
- 2001-08-18 11:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbmsrpcn.dll
+ 2004-08-04 07:56:42 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbmsrpcn.dll
- 2003-10-28 02:09:08 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll
+ 2004-08-04 07:56:42 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll
- 2001-08-18 11:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnmpntw.dll
+ 2004-08-04 07:56:42 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnmpntw.dll
+ 2004-08-04 08:07:21 1,788 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
- 2001-08-18 11:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcap32.dll
+ 2004-08-04 07:56:42 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcap32.dll
- 2001-08-18 11:00:00 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\dciman32.dll
+ 2004-08-04 07:56:42 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\dciman32.dll
+ 2001-08-18 11:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcomcnfg.exe
- 2001-08-18 11:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe
+ 2004-08-04 07:56:48 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe
- 2002-12-12 05:14:32 284,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll
+ 2004-08-04 07:56:42 266,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll
- 2002-12-12 05:14:32 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddrawex.dll
+ 2004-08-04 07:56:42 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddrawex.dll
- 2001-08-18 11:00:00 109,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\defrag.exe
+ 2004-08-04 07:56:48 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\defrag.exe
- 2002-12-12 05:14:32 132,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\devenum.dll
+ 2004-08-04 07:56:42 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\devenum.dll
- 2001-08-18 11:00:00 263,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\devmgr.dll
+ 2004-08-04 07:56:42 282,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\devmgr.dll
- 2001-08-18 11:00:00 73,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe
+ 2004-08-04 07:56:48 82,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe
- 2001-08-18 11:00:00 85,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe
+ 2004-08-04 07:56:48 104,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe
- 2001-08-18 11:00:00 41,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgsnap.dll
+ 2004-08-04 07:56:42 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgsnap.dll
- 2001-08-18 11:00:00 124,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgui.dll
+ 2004-08-04 07:56:42 123,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgui.dll
- 2001-08-18 11:00:00 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfsshlex.dll
+ 2004-08-04 07:56:42 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfsshlex.dll
- 2001-08-18 11:00:00 103,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\dgnet.dll
+ 2004-08-04 07:56:42 111,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\dgnet.dll
- 2001-08-18 11:00:00 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2006-05-19 12:59:41 111,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2001-08-18 11:00:00 370,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\dhcpmon.dll
- 2001-08-18 11:00:00 522,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\dialer.exe
+ 2004-08-04 07:56:48 539,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\dialer.exe
- 2001-08-18 11:00:00 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\diantz.exe
+ 2004-08-04 07:56:48 85,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\diantz.exe
- 2001-08-18 11:00:00 55,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\digest.dll
+ 2004-08-04 07:56:42 68,608

#15
Gene R

Posted 15 June 2008 - 01:29 PM

Member

Topic Starter
Member
123 posts

ComboFix Log - Part 2

-c----w C:\WINDOWS\$NtServicePackUninstall$\racpldlg.dll
+ 2004-08-04 07:56:44 43,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\racpldlg.dll
+ 2004-08-04 06:00:51 20,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\ramdisk.sys
- 2001-08-18 11:00:00 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasadhlp.dll
+ 2006-06-26 17:37:10 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasadhlp.dll
- 2002-02-12 23:14:04 218,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasapi32.dll
+ 2004-08-04 07:56:44 236,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasapi32.dll
- 2001-08-18 11:00:00 82,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasauto.dll
+ 2004-08-04 07:56:44 89,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasauto.dll
- 2001-08-18 11:00:00 34,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\raschap.dll
+ 2004-08-04 07:56:44 69,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\raschap.dll
- 2002-02-12 23:14:12 630,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasdlg.dll
+ 2004-08-04 07:56:44 657,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasdlg.dll
- 2001-08-18 11:00:00 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasl2tp.sys
+ 2004-08-04 06:14:22 51,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasl2tp.sys
- 2001-08-18 11:00:00 55,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasman.dll
+ 2004-08-04 07:56:44 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasman.dll
- 2001-08-18 11:00:00 159,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasmans.dll
+ 2006-06-22 10:47:18 181,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasmans.dll
- 2001-08-18 11:00:00 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasphone.exe
+ 2004-08-04 07:56:55 56,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasphone.exe
- 2001-08-18 11:00:00 193,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasppp.dll
+ 2004-08-04 07:56:44 206,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\rasppp.dll
- 2001-08-18 11:00:00 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\raspppoe.sys
+ 2004-08-04 06:05:07 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\raspppoe.sys
- 2002-10-01 23:43:52 46,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\raspptp.sys
+ 2004-08-04 06:14:26 48,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\raspptp.sys
- 2002-02-12 23:14:06 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\rassapi.dll
+ 2004-08-04 07:56:44 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\rassapi.dll
- 2001-08-18 11:00:00 53,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\rastapi.dll
+ 2004-08-04 07:56:44 58,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\rastapi.dll
- 2001-08-18 11:00:00 52,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\rastls.dll
+ 2004-08-04 07:56:44 112,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\rastls.dll
- 2001-08-18 11:00:00 96,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcbdyctl.dll
+ 2004-08-04 07:56:44 102,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcbdyctl.dll
- 2001-08-18 11:00:00 34,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcimlby.exe
+ 2004-08-04 07:56:55 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcimlby.exe
- 2001-08-18 11:00:00 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcp.exe
+ 2004-08-04 07:56:55 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\rcp.exe
- 2001-08-18 11:00:00 163,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdbss.sys
+ 2006-05-05 09:47:57 174,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdbss.sys
- 2001-08-18 11:00:00 134,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdchost.dll
+ 2004-08-04 07:56:44 147,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdchost.dll
- 2001-08-18 11:00:00 41,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe
+ 2004-08-04 07:56:55 62,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe
- 2002-07-18 23:54:20 87,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpdd.dll
+ 2004-08-04 08:01:07 92,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpdd.dll
- 2001-08-17 18:50:48 181,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpdr.sys
+ 2004-08-04 06:01:15 196,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpdr.sys
- 2001-08-18 11:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpsnd.dll
+ 2004-08-04 07:56:44 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpsnd.dll
- 2002-07-18 23:54:20 108,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys
+ 2005-06-10 04:09:46 139,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys
- 2001-08-18 11:00:00 73,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpwsx.dll
+ 2004-08-04 08:01:08 87,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdpwsx.dll
- 2001-08-18 11:00:00 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdsaddin.exe
+ 2004-08-04 07:56:55 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdsaddin.exe
- 2001-08-18 11:00:00 61,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdshost.exe
+ 2004-08-04 07:56:55 67,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\rdshost.exe
- 2001-10-01 21:21:32 55,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\redbook.sys
+ 2004-08-04 05:59:37 57,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\redbook.sys
- 2001-08-18 11:00:00 48,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\reg.exe
+ 2004-08-04 07:56:55 50,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\reg.exe
- 2001-08-18 11:00:00 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\regapi.dll
+ 2004-08-04 07:56:44 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\regapi.dll
- 2001-08-18 11:00:00 134,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
+ 2004-08-04 07:56:55 146,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
- 2001-08-18 11:00:00 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\regsvc.dll
+ 2004-08-04 07:56:44 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\regsvc.dll
- 2001-08-18 11:00:00 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe
+ 2004-08-04 07:56:55 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe
- 2001-08-18 11:00:00 387,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\regwizc.dll
+ 2004-08-04 07:56:44 397,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\regwizc.dll
- 2001-08-18 11:00:00 56,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\remotepg.dll
+ 2004-08-04 07:56:44 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\remotepg.dll
- 2001-08-18 11:00:00 137,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\repdrvfs.dll
+ 2004-08-04 07:56:44 177,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\repdrvfs.dll
- 2001-08-18 11:00:00 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\resutils.dll
+ 2004-08-04 07:56:44 58,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\resutils.dll
- 2001-08-18 11:00:00 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\rexec.exe
+ 2004-08-04 07:56:55 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\rexec.exe
+ 2004-08-04 06:10:39 59,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\rfcomm.sys
+ 2004-08-04 07:56:44 123,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\riafres.dll
+ 2004-08-04 07:56:44 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\riafui1.dll
+ 2004-08-04 07:56:44 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\riafui2.dll
- 2001-08-18 11:00:00 426,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\riched20.dll
+ 2006-11-27 14:54:06 433,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\riched20.dll
+ 2008-05-08 12:28:49 202,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\rmcast.sys
- 2001-08-18 11:00:00 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\rndismp.sys
+ 2004-08-04 06:04:31 30,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\rndismp.sys
+ 2004-08-04 06:04:31 30,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\rndismpx.sys
+ 2004-08-04 05:59:10 79,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\rocket.sys
- 2004-03-06 02:05:13 442,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\rpcrt4.dll
- 2004-03-06 02:05:16 214,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
+ 2005-07-26 04:39:49 397,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
- 2001-08-18 11:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\rrcm.dll
+ 2004-08-04 07:56:44 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\rrcm.dll
- 2001-08-18 11:00:00 131,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsaenh.dll
+ 2004-08-04 05:31:43 152,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsaenh.dll
- 2001-08-18 11:00:00 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsh.exe
+ 2004-08-04 07:56:55 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsh.exe
- 2001-08-18 11:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\rshx32.dll
+ 2004-08-04 07:56:44 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\rshx32.dll
- 2001-08-18 11:00:00 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsmps.dll
+ 2004-08-04 07:56:44 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsmps.dll
- 2001-08-18 11:00:00 366,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe
+ 2004-08-04 07:56:55 380,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe
+ 2001-08-18 11:00:00 90,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\rsvpsp.dll
- 2001-08-18 11:00:00 74,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\rtcshare.exe
+ 2004-08-04 07:56:55 77,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\rtcshare.exe
- 2001-08-18 11:00:00 29,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\rtipxmib.dll
+ 2004-08-04 07:56:44 31,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\rtipxmib.dll
- 2001-08-18 11:00:00 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\rtutils.dll
+ 2004-08-04 07:56:44 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\rtutils.dll
- 2001-08-18 11:00:00 31,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe
+ 2004-08-04 07:56:55 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe
- 2001-08-18 11:00:00 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\runonce.exe
+ 2004-08-04 07:56:55 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\runonce.exe
+ 2004-08-04 07:56:44 397,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\s3gnb.dll
- 2001-08-18 11:00:00 39,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\safrcdlg.dll
+ 2004-08-04 07:56:44 43,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\safrcdlg.dll
- 2001-08-18 11:00:00 26,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\safrdm.dll
+ 2004-08-04 07:56:44 29,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\safrdm.dll
- 2001-08-18 11:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\safrslv.dll
+ 2004-08-04 07:56:44 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\safrslv.dll
- 2001-08-18 11:00:00 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\samlib.dll
+ 2004-08-04 07:56:44 64,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\samlib.dll
- 2001-08-18 11:00:00 411,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\samsrv.dll
+ 2004-08-04 07:56:44 415,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\samsrv.dll
- 2001-08-18 11:00:00 696,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\sapi.dll
+ 2004-08-04 07:56:44 741,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\sapi.dll
- 2001-08-18 11:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\savedump.exe
+ 2004-08-04 07:56:55 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\savedump.exe
+ 2004-08-04 07:56:44 270,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\sbe.dll
+ 2004-08-04 07:56:44 159,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\sbeio.dll
+ 2004-08-04 05:59:56 43,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\sbp2port.sys
- 2001-08-18 11:00:00 66,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\scarddlg.dll
+ 2004-08-04 07:56:44 69,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\scarddlg.dll
- 2001-08-18 11:00:00 93,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe
+ 2004-08-04 07:56:55 95,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\scardsvr.exe
- 2001-08-18 11:00:00 171,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\sccsccp.dll
+ 2004-08-04 07:56:44 171,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\sccsccp.dll
- 2001-08-18 11:00:00 174,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
+ 2004-08-04 07:56:44 180,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
- 2001-08-18 11:00:00 295,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\scesrv.dll
+ 2004-08-04 07:56:44 313,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\scesrv.dll
- 2004-03-30 01:25:48 136,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\schannel.dll
+ 2007-04-25 14:21:15 144,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\schannel.dll
- 2004-06-08 22:01:32 159,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll
+ 2004-08-04 07:56:44 190,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\schedsvc.dll
- 2001-08-18 11:00:00 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\sclgntfy.dll
+ 2004-08-04 07:56:44 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\sclgntfy.dll
- 2001-08-18 11:00:00 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrcons.exe
+ 2004-08-04 07:56:55 36,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrcons.exe
- 2001-08-18 11:00:00 186,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\script.dll
+ 2004-08-04 07:56:44 202,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\script.dll
- 2002-02-20 23:50:26 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr
+ 2004-08-04 07:56:57 9,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr
- 2001-08-18 11:00:00 155,675 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrobj.dll
+ 2004-08-04 07:56:44 159,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrobj.dll
- 2001-08-23 12:00:00 147,483 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrrun.dll
+ 2004-08-04 07:56:44 151,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\scrrun.dll
- 2001-08-18 11:00:00 89,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\scsiport.sys
+ 2004-08-04 05:59:41 96,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\scsiport.sys
- 2001-08-18 11:00:00 37,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\sdbinst.exe
+ 2004-08-04 07:56:55 77,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\sdbinst.exe
+ 2004-08-04 06:07:47 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\sdbus.sys
+ 2004-08-04 07:56:44 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\sdhcinst.dll
+ 2001-08-18 11:00:00 27,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\secdrv.sys
- 2001-08-18 11:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\seclogon.dll
+ 2004-08-04 07:56:44 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\seclogon.dll
- 2001-08-18 11:00:00 52,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\secur32.dll
+ 2004-08-04 07:56:44 55,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\secur32.dll
- 2001-08-18 11:00:00 5,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\security.dll
+ 2004-08-04 07:56:44 5,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\security.dll
- 2001-08-18 11:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\sendcmsg.dll
+ 2004-08-04 07:56:44 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\sendcmsg.dll
- 2001-08-18 11:00:00 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\sendmail.dll
+ 2004-08-04 07:56:44 55,296 -c----w C:\WINDOWS\$NtServicePackUninstall$\sendmail.dll
- 2001-08-18 11:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\sens.dll
+ 2004-08-04 07:56:44 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\sens.dll
- 2001-08-18 11:00:00 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\sensapi.dll
+ 2004-08-04 07:56:44 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\sensapi.dll
- 2001-08-18 11:00:00 14,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\serenum.sys
+ 2004-08-04 05:59:07 15,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\serenum.sys
- 2001-08-18 11:00:00 62,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\serial.sys
+ 2004-08-04 06:15:52 64,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\serial.sys
- 2001-08-18 11:00:00 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\servdeps.dll
+ 2004-08-04 07:56:44 56,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\servdeps.dll
- 2001-08-18 11:00:00 101,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\services.exe
+ 2004-08-04 07:56:55 108,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\services.exe
- 2001-08-18 11:00:00 130,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe
+ 2004-08-04 07:56:56 140,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe
- 2001-08-18 11:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\sethc.exe
+ 2004-08-04 07:56:56 31,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\sethc.exe
- 2001-08-18 11:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\setup.exe
+ 2004-08-04 07:56:56 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\setup.exe
- 2001-08-18 11:00:00 66,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\setup50.exe
+ 2004-08-04 07:56:56 73,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\setup50.exe
- 2001-08-18 11:00:00 922,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\setupapi.dll
+ 2004-08-04 04:56:46 983,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\setupapi.dll
- 2001-08-18 11:00:00 96,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\setupqry.dll
+ 2004-08-04 07:56:44 101,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\setupqry.dll
- 2001-08-18 11:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\sfc.dll
+ 2004-08-04 07:56:44 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\sfc.dll
- 2001-08-18 11:00:00 132,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\sfc_os.dll
+ 2004-08-04 07:56:44 140,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\sfc_os.dll
- 2001-10-16 14:37:06 1,560,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
+ 2004-08-04 07:56:45 1,580,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
+ 2004-08-04 05:59:54 11,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\sffdisk.sys
+ 2004-08-04 05:59:54 10,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\sffp_sd.sys
- 2001-08-18 11:00:00 10,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys
+ 2004-08-04 05:59:54 11,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys
- 2002-03-05 00:09:46 548,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\shdoclc.dll
+ 2004-08-04 07:56:27 549,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\shdoclc.dll
- 2004-08-27 16:57:18 1,332,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\shdocvw.dll
- 2001-12-19 00:46:38 8,222,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\shell32.dll
- 2001-08-18 11:00:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\shfolder.dll
+ 2004-08-04 07:56:45 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\shfolder.dll
- 2001-08-18 11:00:00 62,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\shgina.dll
+ 2004-08-04 07:56:45 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\shgina.dll
- 2001-08-18 11:00:00 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\shimeng.dll
+ 2004-08-04 07:56:45 65,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\shimeng.dll
- 2001-08-18 11:00:00 419,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\shimgvw.dll
+ 2004-08-04 07:56:45 438,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\shimgvw.dll
- 2004-08-20 18:41:40 393,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\shlwapi.dll
- 2002-09-19 16:27:40 126,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\shmedia.dll
+ 2004-08-04 07:56:45 151,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\shmedia.dll
- 2001-08-18 11:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\shmgrate.exe
+ 2004-08-04 07:56:56 42,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\shmgrate.exe
- 2001-08-18 11:00:00 69,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\shrpubw.exe
+ 2004-08-04 07:56:56 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\shrpubw.exe
- 2001-08-18 11:00:00 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\shscrap.dll
+ 2004-08-04 07:56:45 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\shscrap.dll
- 2001-08-18 11:00:00 114,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\shsvcs.dll
+ 2004-08-04 07:56:45 20,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\shtml.dll
+ 2004-08-04 07:56:56 16,437 -c----w C:\WINDOWS\$NtServicePackUninstall$\shtml.exe
- 2001-08-18 11:00:00 17,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\shutdown.exe
+ 2004-08-04 07:56:56 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\shutdown.exe
- 2001-08-18 11:00:00 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\sigtab.dll
+ 2004-08-04 07:56:45 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\sigtab.dll
- 2001-08-18 11:00:00 66,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\sigverif.exe
+ 2004-08-04 07:56:56 70,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\sigverif.exe
+ 2004-08-04 07:56:45 3,901 -c----w C:\WINDOWS\$NtServicePackUninstall$\siint5.dll
- 2001-08-17 18:58:02 26,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\sisagp.sys
+ 2004-08-04 06:07:42 41,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\sisagp.sys
- 2001-08-18 11:00:00 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\skeys.exe
+ 2004-08-04 07:56:56 26,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\skeys.exe
- 2001-08-18 11:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\slayerxp.dll
+ 2004-08-04 07:56:45 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\slayerxp.dll
- 2001-08-18 11:00:00 89,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\slbiop.dll
+ 2004-08-04 07:56:45 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\slbiop.dll
+ 2004-08-04 07:56:45 73,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\slcoinst.dll
+ 2004-08-04 07:56:45 286,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\slextspk.dll
+ 2004-08-04 07:56:45 188,508 -c----w C:\WINDOWS\$NtServicePackUninstall$\slgen.dll
- 2002-12-04 07:03:56 10,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\slip.sys
+ 2004-08-04 06:10:16 11,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\slip.sys
+ 2004-08-04 07:56:56 32,866 -c----w C:\WINDOWS\$NtServicePackUninstall$\slrundll.exe
+ 2004-08-04 07:56:56 73,796 -c----w C:\WINDOWS\$NtServicePackUninstall$\slserv.exe
+ 2004-08-04 06:07:36 6,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\smbali.sys
+ 2004-08-04 06:07:35 16,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\smbbatt.sys
+ 2004-08-04 06:07:35 6,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\smbclass.sys
+ 2004-08-04 07:56:56 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\smbinst.exe
+ 2004-08-04 07:56:56 236,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\smi2smir.exe
- 2001-08-18 11:00:00 332,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\smlogcfg.dll
+ 2004-08-04 07:56:45 363,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\smlogcfg.dll
- 2001-08-18 11:00:00 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\smlogsvc.exe
+ 2004-08-04 07:56:56 89,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\smlogsvc.exe
- 2001-08-18 11:00:00 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\smss.exe
+ 2004-08-04 07:56:56 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\smss.exe
+ 2004-08-04 07:56:45 456,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\smtpsvc.dll
- 2001-08-18 11:00:00 124,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe
+ 2004-08-04 07:56:56 131,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe
- 2001-08-18 11:00:00 32,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\sniffpol.dll
+ 2004-08-04 07:56:45 34,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\sniffpol.dll
+ 2004-08-04 07:56:56 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmp.exe
- 2002-02-13 03:03:02 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmpapi.dll
+ 2004-08-04 07:56:45 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmpapi.dll
+ 2004-08-04 07:56:45 259,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmpcl.dll
+ 2004-08-04 07:56:45 358,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmpincl.dll
+ 2004-08-04 07:56:45 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmpmib.dll
+ 2004-08-04 07:56:45 188,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmpsmir.dll
- 2001-08-18 11:00:00 172,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmpsnap.dll
+ 2004-08-04 07:56:45 182,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmpsnap.dll
+ 2004-08-04 07:56:45 40,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmpthrd.dll
+ 2004-08-04 07:56:56 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe
- 2001-08-18 11:00:00 160,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\softkbd.dll
+ 2004-08-04 07:56:45 130,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\softkbd.dll
+ 2004-08-04 06:00:05 7,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\sonyait.sys
- 2001-08-18 11:00:00 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\sonydcam.sys
+ 2004-08-04 06:09:55 25,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\sonydcam.sys
+ 2001-08-18 11:00:00 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\sort.exe
+ 2004-08-04 07:56:56 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\spdwnwxp.exe
+ 2004-08-04 07:56:29 62,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\spgrmr.dll
- 2001-08-18 11:00:00 534,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\spider.exe
+ 2004-08-04 07:56:57 538,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\spider.exe
- 2001-08-17 19:00:46 5,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\splitter.sys
+ 2006-06-14 08:47:46 6,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\splitter.sys
+ 2006-06-14 08:47:46 6,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\splitter.sys.001
+ 2004-08-04 04:56:58 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\spnpinst.exe
- 2001-08-18 11:00:00 66,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\spoolss.dll
+ 2004-08-04 07:56:45 74,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\spoolss.dll
- 2001-08-18 11:00:00 51,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
+ 2004-08-04 07:56:29 193,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\spra041b.dll
+ 2004-08-04 07:56:29 192,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\spra0424.dll
+ 2004-08-04 07:56:29 757,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\sprb041b.dll
+ 2004-08-04 07:56:30 732,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\sprb0424.dll
- 2001-08-18 11:00:00 256,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\sptip.dll
+ 2004-08-04 07:56:45 250,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\sptip.dll
+ 2008-04-14 09:42:08 438,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\spuninst\spcompat.dll
- 2004-08-04 02:42:32 170,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
+ 2007-08-11 00:46:18 231,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
+ 2007-08-11 00:46:28 382,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\spuninst\updspapi.dll
+ 2004-08-04 07:56:57 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\spupdwxp.exe
+ 2004-08-04 07:56:45 151,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\sqldb20.dll
- 2003-10-28 02:09:08 450,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\sqloledb.dll
+ 2004-08-04 07:56:45 528,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\sqloledb.dll
+ 2004-08-04 07:56:45 462,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\sqlqp20.dll
+ 2004-08-04 07:56:45 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\sqlse20.dll
- 2003-10-28 02:09:08 356,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\sqlsrv32.dll
+ 2004-08-04 07:56:45 442,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\sqlsrv32.dll
- 2001-08-18 11:00:00 180,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\sqlunirl.dll
+ 2004-08-04 07:56:45 180,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\sqlunirl.dll
- 2001-08-18 11:00:00 213,075 -c----w C:\WINDOWS\$NtServicePackUninstall$\sqlxmlx.dll
+ 2004-08-04 07:56:45 217,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\sqlxmlx.dll
- 2001-08-18 11:00:00 70,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\sr.sys
+ 2004-08-04 06:06:25 73,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\sr.sys
- 2001-08-18 11:00:00 106,562 -c----w C:\WINDOWS\$NtServicePackUninstall$\srchctls.dll
+ 2004-08-04 07:56:45 58,434 -c----w C:\WINDOWS\$NtServicePackUninstall$\srchctls.dll
- 2001-08-18 11:00:00 794,686 -c----w C:\WINDOWS\$NtServicePackUninstall$\srchui.dll
+ 2004-08-04 07:56:45 725,566 -c----w C:\WINDOWS\$NtServicePackUninstall$\srchui.dll
- 2001-08-18 11:00:00 61,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\srclient.dll
+ 2004-08-04 07:56:45 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\srclient.dll
- 2002-11-14 15:42:34 218,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\srrstr.dll
+ 2004-08-04 07:56:45 239,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\srrstr.dll
- 2001-11-26 18:50:36 155,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
+ 2004-08-04 07:56:45 170,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
- 2003-03-28 19:02:22 322,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\srv.sys
+ 2006-08-14 10:34:41 332,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\srv.sys
- 2001-08-18 11:00:00 87,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\srvsvc.dll
+ 2004-12-07 19:32:34 96,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\srvsvc.dll
- 2002-02-20 23:51:02 667,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr
+ 2004-08-04 07:56:57 704,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr
- 2002-02-20 23:50:26 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr
+ 2004-08-04 07:56:57 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr
- 2001-12-17 23:02:16 26,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssdpapi.dll
+ 2004-08-04 07:56:45 34,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssdpapi.dll
- 2001-12-17 23:02:16 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssdpsrv.dll
+ 2004-08-04 07:56:45 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssdpsrv.dll
- 2002-02-20 23:51:00 364,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr
+ 2004-08-04 07:56:57 393,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr
- 2002-02-20 23:51:06 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr
+ 2004-08-04 07:56:57 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr
- 2001-08-18 11:00:00 43,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmypics.scr
+ 2004-08-04 07:56:57 47,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmypics.scr
- 2002-02-20 23:51:10 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr
+ 2004-08-04 07:56:57 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr
- 2002-02-20 23:51:30 569,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\sspipes.scr
+ 2004-08-04 07:56:57 610,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\sspipes.scr
- 2002-02-20 23:51:14 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssstars.scr
+ 2004-08-04 07:56:57 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\ssstars.scr
- 2002-02-20 23:51:38 638,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr
+ 2004-08-04 07:56:57 679,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr
- 2001-08-18 11:00:00 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\sstub.dll
+ 2004-08-04 07:56:45 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\sstub.dll
+ 2004-08-04 07:56:45 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\startoc.dll
+ 2001-08-18 11:00:00 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\stclient.dll
- 2001-08-18 11:00:00 80,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\stdprov.dll
+ 2004-08-04 07:56:45 86,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\stdprov.dll
- 2001-08-18 11:00:00 60,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\sti.dll
+ 2004-08-04 07:56:45 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\sti.dll
- 2001-08-18 11:00:00 132,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\sti_ci.dll
+ 2004-08-04 07:56:45 136,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\sti_ci.dll
- 2001-08-18 11:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\stimon.exe
+ 2004-08-04 07:56:57 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\stimon.exe
- 2001-08-18 11:00:00 117,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\stobject.dll
+ 2004-08-04 07:56:45 121,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\stobject.dll
- 2001-08-18 03:36:32 70,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\storprop.dll
+ 2004-08-04 07:56:45 74,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\storprop.dll
- 2002-12-12 05:14:32 45,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\stream.sys
+ 2004-08-04 06:08:02 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\stream.sys
- 2002-12-04 07:03:54 14,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\streamip.sys
+ 2004-08-04 06:10:12 15,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\streamip.sys
- 2001-08-18 11:00:00 246,302 -c----w C:\WINDOWS\$NtServicePackUninstall$\strmdll.dll
+ 2006-08-21 13:52:08 246,814 -c----w C:\WINDOWS\$NtServicePackUninstall$\strmdll.dll
+ 2004-08-04 07:56:45 75,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\strmfilt.dll
+ 2004-08-04 07:56:57 16,449 -c----w C:\WINDOWS\$NtServicePackUninstall$\stub_fpsrvadm.exe
+ 2004-08-04 07:56:57 65,601 -c----w C:\WINDOWS\$NtServicePackUninstall$\stub_fpsrvwin.exe
- 2001-08-18 11:00:00 12,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
+ 2004-08-04 07:56:57 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
- 2002-12-12 05:14:32 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\swenum.sys
+ 2004-08-04 05:58:41 4,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\swenum.sys
+ 2001-08-17 19:00:52 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys
- 2004-03-09 01:58:42 646,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\sxs.dll
+ 2006-10-19 13:56:32 713,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\sxs.dll
- 2001-08-18 11:00:00 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\synceng.dll
+ 2004-08-04 07:56:46 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\synceng.dll
- 2001-08-18 11:00:00 183,296 -c----w C:\WINDOWS\$NtServicePackUninstall$\syncui.dll
+ 2004-08-04 07:56:46 191,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\syncui.dll
- 2001-08-18 03:24:44 57,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\sysaudio.sys
+ 2004-08-04 06:15:55 60,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\sysaudio.sys
- 2001-08-18 11:00:00 141,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\sysmod.dll
+ 2004-08-04 07:56:46 168,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\sysmod.dll
- 2001-08-18 11:00:00 103,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\sysocmgr.exe
+ 2004-08-04 07:56:57 105,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\sysocmgr.exe
- 2002-01-31 00:07:20 927,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\syssetup.dll
+ 2004-08-04 07:56:46 984,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\syssetup.dll
- 2001-08-18 11:00:00 198,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\t2embed.dll
+ 2005-10-17 21:14:46 118,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\t2embed.dll
- 2001-08-18 11:00:00 13,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\tape.sys
+ 2004-08-04 05:59:59 14,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\tape.sys
- 2001-08-18 11:00:00 829,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\tapi3.dll
+ 2004-08-04 07:56:46 858,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\tapi3.dll
- 2001-08-18 11:00:00 163,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\tapi32.dll
+ 2004-08-04 07:56:46 181,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\tapi32.dll
- 2001-08-18 11:00:00 233,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll
+ 2005-07-08 16:27:56 249,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\tapisrv.dll
- 2001-08-18 11:00:00 128,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe
+ 2004-08-04 07:56:57 135,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe
- 2001-08-18 11:00:00 327,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
- 2001-08-18 11:00:00 180,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcpip6.sys
- 2001-08-18 11:00:00 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcpmib.dll
+ 2004-08-04 07:56:46 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcpmib.dll
- 2001-08-18 11:00:00 40,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcpmon.dll
+ 2004-08-04 07:56:46 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcpmon.dll
- 2001-08-18 11:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcpmonui.dll
+ 2004-08-04 07:56:46 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcpmonui.dll
+ 2004-08-04 07:56:57 32,827 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcptest.exe
+ 2004-08-04 07:56:34 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\tcptsat.dll
- 2001-08-18 11:00:00 16,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\tdi.sys
+ 2004-08-04 06:07:48 18,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\tdi.sys
- 2001-08-18 11:00:00 11,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys
+ 2004-08-04 08:01:07 12,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys
- 2001-08-18 11:00:00 20,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys
+ 2004-08-04 08:01:07 21,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys
- 2001-08-18 11:00:00 70,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\telnet.exe
+ 2005-05-10 23:45:48 75,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\telnet.exe
- 2001-08-18 03:38:00 37,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\termdd.sys
+ 2004-08-04 08:01:07 40,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\termdd.sys
- 2001-08-18 11:00:00 343,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\termmgr.dll
+ 2004-08-04 07:56:46 358,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\termmgr.dll
- 2001-11-02 22:05:40 197,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
+ 2004-08-04 07:56:46 295,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
+ 2004-08-04 06:00:04 149,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\tffsport.sys
- 2001-08-18 11:00:00 383,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\themeui.dll
+ 2004-08-04 07:56:46 385,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\themeui.dll
+ 2004-08-04 05:32:13 10,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\tmigrate.dll
- 2001-08-18 11:00:00 346,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe
+ 2004-08-04 07:56:57 347,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe
+ 2004-08-04 07:56:57 347,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\tourstrt.exe
+ 2004-08-04 07:56:57 82,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\tp4mon.exe
- 2001-08-18 11:00:00 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\tracert.exe
+ 2004-08-04 07:56:57 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\tracert.exe
+ 2001-08-18 11:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\tree.com
- 2001-08-18 11:00:00 145,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\triedit.dll
+ 2004-08-04 07:56:46 153,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\triedit.dll
- 2001-08-18 11:00:00 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\trkwks.dll
+ 2004-08-04 07:56:46 90,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\trkwks.dll
- 2001-08-18 11:00:00 88,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\tscfgwmi.dll
+ 2004-08-04 07:56:46 93,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\tscfgwmi.dll
- 2001-08-18 11:00:00 8,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\tsddd.dll
+ 2004-08-04 08:01:07 12,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\tsddd.dll
- 2001-08-18 11:00:00 262,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\tshoot.dll
+ 2004-08-04 07:56:46 279,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\tshoot.dll
- 2001-08-18 11:00:00 99,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\tsoc.dll
+ 2004-08-04 07:56:46 121,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\tsoc.dll
+ 2004-08-04 07:56:46 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\tty.dll
+ 2004-08-04 07:56:34 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\ttyres.dll
+ 2004-08-04 07:56:46 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ttyui.dll
+ 2004-08-04 06:03:17 12,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\tunmp.sys
- 2001-08-18 11:00:00 46,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\twain_32.dll
+ 2004-08-04 07:56:46 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\twain_32.dll
+ 2004-08-04 07:56:46 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\twext.dll
- 2004-03-06 02:05:17 97,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\txflog.dll
+ 2005-07-26 04:39:49 101,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\txflog.dll
+ 2007-11-13 11:31:11 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\tzchange.exe
+ 2004-08-04 06:07:43 44,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\uagp35.sys
- 2001-08-18 11:00:00 63,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\udfs.sys
+ 2004-08-04 06:00:31 66,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\udfs.sys
- 2001-08-18 11:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\udhisapi.dll
+ 2004-08-04 07:56:46 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\udhisapi.dll
- 2001-08-18 11:00:00 268,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\ulib.dll
+ 2004-08-04 07:56:46 275,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\ulib.dll
- 2001-08-18 11:00:00 31,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\umandlg.dll
+ 2004-08-04 07:56:46 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\umandlg.dll
- 2001-08-18 11:00:00 105,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\umpnpmgr.dll
+ 2005-08-23 03:35:42 123,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\umpnpmgr.dll
- 2001-08-18 02:36:34 251,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\unidrv.dll
+ 2004-08-04 07:56:46 264,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\unidrv.dll
- 2001-08-18 02:36:34 196,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\unidrvui.dll
+ 2004-08-04 07:56:46 197,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\unidrvui.dll
+ 2004-08-04 06:04:11 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\uniime.dll
- 2001-08-18 11:00:00 69,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\unimdmat.dll
+ 2004-08-04 07:56:46 74,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\unimdmat.dll
- 2001-08-18 11:00:00 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\uniplat.dll
+ 2004-08-04 07:56:46 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\uniplat.dll
- 2001-08-18 02:33:14 619,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\unires.dll
+ 2004-08-04 07:56:34 619,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\unires.dll
- 2001-08-18 11:00:00 302,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\untfs.dll
+ 2004-08-04 07:56:46 316,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\untfs.dll
- 2001-08-18 11:00:00 137,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\update.sys
+ 2007-04-23 10:32:54 364,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\update.sys
- 2001-08-18 11:00:00 138,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\uploadm.exe
+ 2004-08-04 07:56:57 150,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\uploadm.exe
- 2001-12-17 23:02:20 119,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\upnp.dll
+ 2004-08-04 07:56:46 132,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\upnp.dll
- 2001-08-18 11:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\upnpcont.exe
+ 2004-08-04 07:56:57 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\upnpcont.exe
- 2001-08-18 11:00:00 162,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\upnphost.dll
+ 2007-02-05 20:17:02 185,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\upnphost.dll
- 2001-08-18 11:00:00 231,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\upnpui.dll
+ 2004-08-04 07:56:46 239,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\upnpui.dll
- 2001-08-18 11:00:00 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ups.exe
+ 2004-08-04 07:56:57 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\ups.exe
- 2002-03-05 23:15:48 109,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\url.dll
+ 2004-08-04 07:56:46 37,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\url.dll
- 2004-09-23 20:07:20 485,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\urlmon.dll
+ 2004-08-04 07:56:46 601,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\urlmon.dll
- 2001-08-18 11:00:00 11,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\usb8023.sys
+ 2004-08-04 06:04:32 12,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\usb8023.sys
+ 2004-08-04 06:04:33 12,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\usb8023x.sys
+ 2004-08-04 06:07:55 59,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbaudio.sys
+ 2001-08-18 11:00:00 23,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbcamd.sys
+ 2001-08-18 11:00:00 23,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbcamd2.sys
- 2001-08-17 19:03:32 24,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbccgp.sys
+ 2004-08-04 06:08:46 31,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbccgp.sys
- 2002-04-01 19:42:14 19,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbehci.sys
+ 2004-08-04 06:08:37 26,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbehci.sys
- 2002-04-01 19:37:36 51,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbhub.sys
+ 2004-08-04 06:08:42 57,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbhub.sys
- 2001-08-18 11:00:00 15,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbintel.sys
+ 2004-08-04 06:08:57 16,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbintel.sys
- 2001-08-18 11:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbmon.dll
+ 2004-08-04 07:56:46 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbmon.dll
+ 2004-08-04 06:08:36 17,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbohci.sys
- 2002-04-01 19:36:42 134,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbport.sys
+ 2004-08-04 06:08:42 142,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbport.sys
+ 2004-08-04 06:01:24 25,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys
+ 2004-08-04 05:58:45 15,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys
+ 2004-08-04 06:08:42 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbser.sys
+ 2004-08-04 07:08:46 26,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
- 2001-08-17 19:03:08 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbuhci.sys
+ 2004-08-04 06:08:37 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbuhci.sys
- 2001-08-18 03:36:34 67,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbui.dll
+ 2004-08-04 07:56:46 74,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbui.dll
+ 2004-08-04 06:10:10 78,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\usbvideo.sys
- 2002-11-22 17:16:00 528,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\user32.dll
+ 2007-03-08 15:36:28 577,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\user32.dll
- 2001-12-12 21:27:38 656,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\userenv.dll
+ 2004-08-04 07:56:46 723,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\userenv.dll
- 2001-08-18 11:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
+ 2004-08-04 07:56:57 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
- 2001-08-18 11:00:00 339,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\usp10.dll
+ 2004-08-04 07:56:46 406,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\usp10.dll
- 2001-08-18 11:00:00 46,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\utilman.exe
+ 2004-08-04 07:56:57 50,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\utilman.exe
- 2001-08-18 11:00:00 202,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll
+ 2004-08-04 07:56:46 218,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll
- 2004-03-16 18:44:16 30,749 -c----w C:\WINDOWS\$NtServicePackUninstall$\vbajet32.dll
+ 2004-08-04 07:56:46 30,749 -c----w C:\WINDOWS\$NtServicePackUninstall$\vbajet32.dll
- 2002-02-26 19:58:06 462,906 -c----w C:\WINDOWS\$NtServicePackUninstall$\vbscript.dll
+ 2007-08-13 23:54:10 413,6