Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan-Smitfraud I think! [CLOSED]


  • This topic is locked This topic is locked

#1
jbd1270

jbd1270

    Member

  • Member
  • PipPip
  • 29 posts
jbd1270

(Trojan-spy.html.banfraud.dq,win32.keylogger.aa, win32.greenscreen)
I have been working on this trojan for a few days now! Everytime it looks clean either though a reboot or mainly through IE web browser activation the trojan re turns. Ive tried trojan-remover, smitfraudfix, combofix, highjackthis, several registry cleaners(ie ARD,etc), still no luck at total removal. I know I'm missing something! Any help would be appreciated!!!!

Opsys= XP-home

last combofix:

ComboFix 08-08-23.01 - BRETT 2008-08-24 0:02:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.186 [GMT -4:00]
Running from: C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\BRETT\Application Data\macromedia\Flash Player\#SharedObjects\4A8K8BDC\interclick.com
C:\Documents and Settings\BRETT\Application Data\macromedia\Flash Player\#SharedObjects\4A8K8BDC\interclick.com\ud.sol
C:\Documents and Settings\BRETT\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\BRETT\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\smp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-23 22:45 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-23 22:45 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-23 22:45 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe.vir
2008-08-23 20:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-23 20:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-23 20:09 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-23 20:09 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-23 20:09 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-23 20:09 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-23 13:40 . 2008-08-21 23:41 87,552 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-22 19:18 . 2008-08-22 19:18 <DIR> d-------- C:\Documents and Settings\BRETT\Application Data\Symantec
2008-08-20 23:37 . 2008-08-20 23:37 186,880 --a------ C:\WINDOWS\system32\zotkhqjk.exe
2008-08-20 23:37 . 2008-08-20 23:37 86,016 --a------ C:\WINDOWS\system32\vydcnknq.exe
2008-08-20 21:33 . 2008-08-23 22:46 4,186 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-20 20:32 . 2008-08-20 20:32 81,920 --a------ C:\WINDOWS\system32\javmvgda.exe
2008-08-20 18:58 . 2008-08-20 18:59 <DIR> d-------- C:\Program Files\Advanced Registry Doctor
2008-08-20 17:28 . 2008-08-20 17:28 94,208 --a------ C:\WINDOWS\system32\rgxadede.exe
2008-08-20 12:04 . 2008-08-20 12:04 187,392 --a------ C:\WINDOWS\system32\alofifmb.exe
2008-08-20 12:04 . 2008-08-20 12:04 81,920 --a------ C:\WINDOWS\system32\ybixazkx.exe
2008-08-20 11:23 . 2008-08-20 11:23 245 --a------ C:\WINDOWS\tmp119984.bat
2008-08-20 11:22 . 2008-08-20 11:22 81,920 --a------ C:\WINDOWS\system32\hingfyrw.exe
2008-08-20 10:51 . 2008-08-21 01:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-20 10:51 . 2008-08-20 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 14:26 . 2008-08-19 14:26 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-19 14:26 . 2008-08-19 14:26 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-19 14:26 . 2008-08-19 14:26 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-19 14:26 . 2008-08-19 14:26 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-19 14:25 . 2008-08-24 00:10 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-08-19 13:03 . 2008-08-19 13:05 608 --a------ C:\WINDOWS\PrintScreen.INI
2008-08-19 13:02 . 2008-08-19 13:02 <DIR> d-------- C:\Program Files\Gadwin Systems
2008-08-19 11:05 . 2008-08-19 11:05 187,904 --a------ C:\WINDOWS\system32\yhuzanaj.exe
2008-08-19 10:58 . 2008-08-19 10:58 187,904 --a------ C:\WINDOWS\system32\ynojaloh.exe
2008-08-19 09:49 . 2008-08-23 23:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-19 09:48 . 2008-08-23 17:33 <DIR> d-------- C:\Program Files\Trojan Remover
2008-08-19 09:48 . 2008-08-19 09:48 <DIR> d-------- C:\Documents and Settings\BRETT\Application Data\Simply Super Software
2008-08-19 09:48 . 2008-08-19 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-19 09:48 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-19 09:48 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-19 09:48 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-19 09:48 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-19 09:38 . 2008-08-19 09:52 <DIR> d-------- C:\Program Files\EndItAll
2008-08-18 12:28 . 2008-08-18 12:28 <DIR> d-------- C:\Program Files\AVG
2008-08-18 12:28 . 2008-08-19 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-18 10:38 . 2008-08-23 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\jszsvqhm
2008-08-18 10:38 . 2008-08-18 10:38 86,016 --a------ C:\WINDOWS\system32\xwjatsze.exe
2008-08-13 18:14 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 00:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-23 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-22 02:32 --------- d-----w C:\Program Files\America Online 9.0
2008-08-22 02:18 --------- d-----w C:\Program Files\CoreFTP
2008-08-20 22:57 --------- d-----w C:\Documents and Settings\BRETT\Application Data\U3
2008-08-19 18:26 --------- d-----w C:\Program Files\Symantec
2008-08-19 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-17 18:33 --------- d-----w C:\Documents and Settings\BRETT\Application Data\FUJIFILM
2008-08-05 21:37 --------- d-----w C:\Documents and Settings\BRETT\Application Data\SiteAdvisor
2008-07-16 01:23 --------- d-----w C:\Program Files\MSBuild
2008-07-16 01:23 --------- d-----w C:\Program Files\Microsoft Works
2008-07-15 12:07 --------- d-----w C:\Program Files\Dell Support Center
2008-07-15 12:07 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-07-15 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-15 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2006-12-18 04:39 0 -c--a-w C:\Documents and Settings\BRETT\Application Data\wklnhst.dat
2007-02-09 23:42 88 -csh--r C:\WINDOWS\system32\7515257F65.sys
2007-02-09 23:42 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-08-04 05:00 17408 8c6804797251aa5afdd9faea8c7df5fa C:\WINDOWS\system32\svchost.exe

2004-08-04 05:00 506368 c810d1558e9bec0275f218190e241693 C:\WINDOWS\system32\winlogon.exe

2007-06-13 06:23 1035776 56a8974040f314c08ac3fc768837dfca C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 05:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2004-08-04 05:00 110592 a8a93338e71e24798606fd0019d0ed94 C:\WINDOWS\system32\services.exe

2004-08-04 05:00 14848 990559e8616b14c14df837815f039c31 C:\WINDOWS\system32\lsass.exe

2005-06-10 20:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 19:53 58880 532bc473ba896151392b1a584558c783 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 02:18 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
"ActInfoWin"="C:\WINDOWS\system32\hingfyrw.exe" [2008-08-20 11:22 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-09-18 13:42 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-18 13:42 98304]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 19:20 110592]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-18 13:49 169984]
"DellHelp"="C:\Dell\DellHelp\DellHelp.exe" [2004-04-01 15:51 1589248]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 18:34 106496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-02-08 22:39 36904]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49 1121280]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-23 17:33 914512]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 18:17 282624 C:\WINDOWS\stsystra.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="C:\WINDOWS\system32\advpack.dll" [2004-08-04 05:00 99840]
"wextract_cleanup1"="C:\WINDOWS\system32\advpack.dll" [2004-08-04 05:00 99840]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-09-18 13:41:40 156784]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-11-04 18:58:00 200704]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]
Veritrax AS-215.lnk - C:\Program Files\Rosslare\Veritrax AS-215\VeriTrax.exe [2008-04-13 19:16:01 9244672]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-09-21 20:57:14 122880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActInfoWin]
--a------ 2008-08-20 11:22 81920 C:\WINDOWS\system32\hingfyrw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\utilactweb]
--a------ 2008-08-18 10:38 86016 C:\WINDOWS\system32\xwjatsze.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WPORTAL\\JRE\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
MSConfigStartUp-ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
MSConfigStartUp-lphc1llj0e1dr - C:\WINDOWS\system32\lphc1llj0e1dr.exe
MSConfigStartUp-Somefox - C:\DOCUME~1\BRETT\LOCALS~1\Temp\16A8.tmp.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O18 -: Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files\CoreFTP\pftpns.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 00:12:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-08-24 0:18:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-24 04:17:55

Pre-Run: 52,795,285,504 bytes free
Post-Run: 53,243,609,088 bytes free

233 --- E O F --- 2008-08-20 21:17:19


last Smitfraudfix.exe:

SmitFraudFix v2.339

Scan done at 2:22:19.48, Sun 08/24/2008
Run from C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix




»»»»»»»»»»»»»»»»»»»»»»»» 404Fix



»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 24.25.5.148
DNS Server Search Order: 24.25.5.147

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BB6C5234-0461-497C-A2CB-AF1E9B0677A7}: DhcpNameServer=24.25.5.148 24.25.5.147
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BB6C5234-0461-497C-A2CB-AF1E9B0677A7}: DhcpNameServer=24.25.5.148 24.25.5.147
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BB6C5234-0461-497C-A2CB-AF1E9B0677A7}: DhcpNameServer=24.25.5.148 24.25.5.147
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.148 24.25.5.147
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.148 24.25.5.147
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.148 24.25.5.147


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Last Highjackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:41:58, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\hingfyrw.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\BRETT\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\BRETT\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ActInfoWin] C:\WINDOWS\system32\hingfyrw.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Veritrax AS-215.lnk = C:\Program Files\Rosslare\Veritrax AS-215\VeriTrax.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11491 bytes




If anyone can, I would really appreciate!
Thanks,
jbd1270
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello jbd1270,

I am having a look at this. I will get back to you in a bit.

emeralnzl
  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello jbd1270,

Do not use ComboFix unless under expert supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable. We refuse help to people who disregard requirements. You will likely be refused help if you do this again.

Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\system32\zotkhqjk.exe
C:\WINDOWS\system32\rgxadede.exe
C:\WINDOWS\system32\alofifmb.exe
C:\WINDOWS\system32\ybixazkx.exe
C:\WINDOWS\tmp119984.bat
C:\WINDOWS\PrintScreen.INI
C:\WINDOWS\system32\yhuzanaj.exe
C:\WINDOWS\system32\ynojaloh.exe
C:\Documents and Settings\All Users\Application Data\jszsvqhm
C:\WINDOWS\system32\xwjatsze.exe
C:\WINDOWS\system32\hingfyrw.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActInfoWin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\utilactweb]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#4
jbd1270

jbd1270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Did what you said and here is the file ComboFix.txt:

ComboFix 08-08-23.01 - BRETT 2008-08-24 18:52:45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.211 [GMT -4:00]
Running from: C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\BRETT\My Documents\Billy Downloads\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Application Data\jszsvqhm
C:\WINDOWS\PrintScreen.INI
C:\WINDOWS\system32\alofifmb.exe
C:\WINDOWS\system32\hingfyrw.exe
C:\WINDOWS\system32\rgxadede.exe
C:\WINDOWS\system32\xwjatsze.exe
C:\WINDOWS\system32\ybixazkx.exe
C:\WINDOWS\system32\yhuzanaj.exe
C:\WINDOWS\system32\ynojaloh.exe
C:\WINDOWS\system32\zotkhqjk.exe
C:\WINDOWS\tmp119984.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\PrintScreen.INI
C:\WINDOWS\system32\alofifmb.exe
C:\WINDOWS\system32\hingfyrw.exe
C:\WINDOWS\system32\rgxadede.exe
C:\WINDOWS\system32\xwjatsze.exe
C:\WINDOWS\system32\ybixazkx.exe
C:\WINDOWS\system32\yhuzanaj.exe
C:\WINDOWS\system32\ynojaloh.exe
C:\WINDOWS\system32\zotkhqjk.exe
C:\WINDOWS\tmp119984.bat

.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-24 02:41 . 2008-08-24 02:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-24 02:22 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-24 01:23 . 2008-08-24 01:23 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-24 01:23 . 2008-08-24 01:23 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-24 01:23 . 2008-08-24 01:23 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-24 01:23 . 2008-08-24 01:23 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-24 00:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-24 00:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-23 20:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-23 20:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-23 20:09 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-23 13:40 . 2008-08-21 23:41 87,552 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-22 19:18 . 2008-08-22 19:18 <DIR> d-------- C:\Documents and Settings\BRETT\Application Data\Symantec
2008-08-20 21:33 . 2008-08-24 02:22 4,182 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-20 20:32 . 2008-08-20 20:32 81,920 --a------ C:\WINDOWS\system32\javmvgda.exe
2008-08-20 18:58 . 2008-08-20 18:59 <DIR> d-------- C:\Program Files\Advanced Registry Doctor
2008-08-20 10:51 . 2008-08-21 01:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-20 10:51 . 2008-08-20 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 14:25 . 2008-08-24 01:36 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-08-19 13:02 . 2008-08-19 13:02 <DIR> d-------- C:\Program Files\Gadwin Systems
2008-08-19 09:49 . 2008-08-24 01:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-19 09:48 . 2008-08-23 17:33 <DIR> d-------- C:\Program Files\Trojan Remover
2008-08-19 09:48 . 2008-08-19 09:48 <DIR> d-------- C:\Documents and Settings\BRETT\Application Data\Simply Super Software
2008-08-19 09:48 . 2008-08-19 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-19 09:48 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-19 09:48 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-19 09:48 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-19 09:48 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-19 09:38 . 2008-08-19 09:52 <DIR> d-------- C:\Program Files\EndItAll
2008-08-18 12:28 . 2008-08-18 12:28 <DIR> d-------- C:\Program Files\AVG
2008-08-18 12:28 . 2008-08-19 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-18 10:38 . 2008-08-23 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\jszsvqhm
2008-08-13 18:14 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 05:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-24 05:23 --------- d-----w C:\Program Files\Symantec
2008-08-24 05:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-22 02:32 --------- d-----w C:\Program Files\America Online 9.0
2008-08-22 02:18 --------- d-----w C:\Program Files\CoreFTP
2008-08-20 22:57 --------- d-----w C:\Documents and Settings\BRETT\Application Data\U3
2008-08-19 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-17 18:33 --------- d-----w C:\Documents and Settings\BRETT\Application Data\FUJIFILM
2008-08-05 21:37 --------- d-----w C:\Documents and Settings\BRETT\Application Data\SiteAdvisor
2008-07-16 01:23 --------- d-----w C:\Program Files\MSBuild
2008-07-16 01:23 --------- d-----w C:\Program Files\Microsoft Works
2008-07-15 12:07 --------- d-----w C:\Program Files\Dell Support Center
2008-07-15 12:07 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-07-15 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-15 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2006-12-18 04:39 0 -c--a-w C:\Documents and Settings\BRETT\Application Data\wklnhst.dat
2007-02-09 23:42 88 -csh--r C:\WINDOWS\system32\7515257F65.sys
2007-02-09 23:42 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-08-04 05:00 17408 8c6804797251aa5afdd9faea8c7df5fa C:\WINDOWS\system32\svchost.exe

2004-08-04 05:00 506368 c810d1558e9bec0275f218190e241693 C:\WINDOWS\system32\winlogon.exe

2007-06-13 06:23 1035776 56a8974040f314c08ac3fc768837dfca C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 05:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2004-08-04 05:00 110592 a8a93338e71e24798606fd0019d0ed94 C:\WINDOWS\system32\services.exe

2004-08-04 05:00 14848 990559e8616b14c14df837815f039c31 C:\WINDOWS\system32\lsass.exe

2005-06-10 20:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 19:53 58880 532bc473ba896151392b1a584558c783 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( [email protected]_ 0.17.30.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-19 18:27:09 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
+ 2008-08-24 05:24:21 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
- 2008-08-19 18:27:09 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-08-24 05:24:21 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-08-19 18:27:09 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-08-24 05:24:21 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-08-24 02:08:21 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-24 20:38:51 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-24 02:08:21 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-24 20:38:51 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-24 02:08:21 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-24 20:38:51 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-24 22:59:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_614.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 02:18 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-09-18 13:42 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-18 13:42 98304]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 19:20 110592]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-18 13:49 169984]
"DellHelp"="C:\Dell\DellHelp\DellHelp.exe" [2004-04-01 15:51 1589248]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 18:34 106496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-02-08 22:39 36904]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49 1121280]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-23 17:33 914512]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 18:17 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-09-18 13:41:40 156784]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-11-04 18:58:00 200704]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]
Veritrax AS-215.lnk - C:\Program Files\Rosslare\Veritrax AS-215\VeriTrax.exe [2008-04-13 19:16:01 9244672]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-09-21 20:57:14 122880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WPORTAL\\JRE\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ActInfoWin - C:\WINDOWS\system32\hingfyrw.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 18:59:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-08-24 19:06:14 - machine was rebooted [BRETT]
ComboFix-quarantined-files.txt 2008-08-24 23:06:04
ComboFix2.txt 2008-08-24 04:18:02

Pre-Run: 53,034,987,520 bytes free
Post-Run: 53,122,551,808 bytes free

232 --- E O F --- 2008-08-20 21:17:19

Thanks Again for your help!
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again jbd1270,

Moving along.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\javmvgda.exe

Folder::
C:\Documents and Settings\All Users\Application Data\jszsvqhm

SysRst::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    * Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post.

So when you come back please post
  • ComboFix text
  • Kaspersky scan results

  • 0

#6
jbd1270

jbd1270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ComboFix Results

ComboFix 08-08-23.03 - BRETT 2008-08-24 21:58:33.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.130 [GMT -4:00]
Running from: C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\BRETT\My Documents\Billy Downloads\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\javmvgda.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\jszsvqhm
C:\WINDOWS\system32\javmvgda.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.

2008-08-24 02:41 . 2008-08-24 02:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-24 02:22 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-24 01:23 . 2008-08-24 01:23 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-24 01:23 . 2008-08-24 01:23 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-24 01:23 . 2008-08-24 01:23 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-24 01:23 . 2008-08-24 01:23 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-24 00:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-24 00:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-23 20:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-23 20:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-23 20:09 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-23 13:40 . 2008-08-21 23:41 87,552 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-22 19:18 . 2008-08-22 19:18 <DIR> d-------- C:\Documents and Settings\BRETT\Application Data\Symantec
2008-08-20 21:33 . 2008-08-24 02:22 4,182 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-20 18:58 . 2008-08-20 18:59 <DIR> d-------- C:\Program Files\Advanced Registry Doctor
2008-08-20 10:51 . 2008-08-21 01:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-20 10:51 . 2008-08-20 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 14:25 . 2008-08-24 01:36 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-08-19 13:02 . 2008-08-19 13:02 <DIR> d-------- C:\Program Files\Gadwin Systems
2008-08-19 09:49 . 2008-08-24 01:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-19 09:48 . 2008-08-23 17:33 <DIR> d-------- C:\Program Files\Trojan Remover
2008-08-19 09:48 . 2008-08-19 09:48 <DIR> d-------- C:\Documents and Settings\BRETT\Application Data\Simply Super Software
2008-08-19 09:48 . 2008-08-19 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-19 09:48 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-19 09:48 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-19 09:48 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-19 09:48 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-19 09:38 . 2008-08-19 09:52 <DIR> d-------- C:\Program Files\EndItAll
2008-08-18 12:28 . 2008-08-18 12:28 <DIR> d-------- C:\Program Files\AVG
2008-08-18 12:28 . 2008-08-19 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-13 18:14 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 05:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-24 05:23 --------- d-----w C:\Program Files\Symantec
2008-08-24 05:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-22 02:32 --------- d-----w C:\Program Files\America Online 9.0
2008-08-22 02:18 --------- d-----w C:\Program Files\CoreFTP
2008-08-20 22:57 --------- d-----w C:\Documents and Settings\BRETT\Application Data\U3
2008-08-19 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-17 18:33 --------- d-----w C:\Documents and Settings\BRETT\Application Data\FUJIFILM
2008-08-05 21:37 --------- d-----w C:\Documents and Settings\BRETT\Application Data\SiteAdvisor
2008-07-16 01:23 --------- d-----w C:\Program Files\MSBuild
2008-07-16 01:23 --------- d-----w C:\Program Files\Microsoft Works
2008-07-15 12:07 --------- d-----w C:\Program Files\Dell Support Center
2008-07-15 12:07 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-07-15 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-15 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2006-12-18 04:39 0 -c--a-w C:\Documents and Settings\BRETT\Application Data\wklnhst.dat
2007-02-09 23:42 88 -csh--r C:\WINDOWS\system32\7515257F65.sys
2007-02-09 23:42 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2004-08-04 05:00 17408 8c6804797251aa5afdd9faea8c7df5fa C:\WINDOWS\system32\svchost.exe

2004-08-04 05:00 506368 c810d1558e9bec0275f218190e241693 C:\WINDOWS\system32\winlogon.exe

2007-06-13 06:23 1035776 56a8974040f314c08ac3fc768837dfca C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 05:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2004-08-04 05:00 110592 a8a93338e71e24798606fd0019d0ed94 C:\WINDOWS\system32\services.exe

2004-08-04 05:00 14848 990559e8616b14c14df837815f039c31 C:\WINDOWS\system32\lsass.exe

2005-06-10 20:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 19:53 58880 532bc473ba896151392b1a584558c783 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( [email protected]8-08-24_ 0.17.30.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-19 18:27:09 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
+ 2008-08-25 01:43:23 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
- 2008-08-19 18:27:09 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-08-25 01:43:23 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-08-19 18:27:09 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-08-25 01:43:23 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-08-24 02:08:21 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-25 01:07:59 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-24 02:08:21 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-25 01:07:59 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-25 02:03:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_51c.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\jszsvqhm\xuhcnwhm.exe
2008-08-18 10:38 65536 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001978.exe

2008-08-24 22:09 1428 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegBHO-Global.reg
2008-08-24 00:14 1428 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002529.reg
2008-08-24 21:48 1428 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002860.reg

2008-08-24 22:09 4345 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegDPF-Global.reg
2008-08-24 00:14 4345 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002528.reg
2008-08-24 21:48 4345 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002859.reg

2008-08-24 22:09 60 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegDummy-BRETT.reg
2008-08-24 00:14 60 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002539.reg
2008-08-24 21:48 60 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002871.reg

2008-08-24 22:08 77 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtBat-Global.reg
2008-08-24 00:14 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002514.reg
2008-08-24 21:48 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002844.reg

2008-08-24 22:08 77 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtCmd-Global.reg
2008-08-24 00:14 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002508.reg
2008-08-24 21:48 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002838.reg

2008-08-24 22:08 77 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtCom-Global.reg
2008-08-24 00:14 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002513.reg
2008-08-24 21:48 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002843.reg

2008-08-24 22:08 77 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtExe-Global.reg
2008-08-24 00:14 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002512.reg
2008-08-24 21:48 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002842.reg

2008-08-24 22:08 77 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtPif-Global.reg
2008-08-24 00:14 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002511.reg
2008-08-24 21:48 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002841.reg

2008-08-24 22:08 86 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtReg-Global.reg
2008-08-24 00:14 86 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002509.reg
2008-08-24 21:48 86 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002839.reg

2008-08-24 22:08 77 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtScr-Global.reg
2008-08-24 00:14 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002510.reg
2008-08-24 21:48 77 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002840.reg

2008-08-24 22:08 81 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBME-Global.reg
2008-08-24 00:14 81 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002524.reg
2008-08-24 21:48 81 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002855.reg

2008-08-24 22:08 116 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP1-Global.reg
2008-08-24 00:14 116 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002519.reg
2008-08-24 21:48 116 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002849.reg

2008-08-24 22:08 276 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP2a-Global.reg
2008-08-24 00:14 276 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0002242.reg
2008-08-24 21:48 276 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002848.reg

2008-08-24 22:08 496 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP2b-Global.reg
2008-08-23 13:56 517 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001974.reg
2008-08-24 21:48 496 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002847.reg

2008-08-24 22:08 241 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP3-Global.reg
2008-08-23 13:56 241 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001975.reg
2008-08-24 21:48 241 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002846.reg

2008-08-24 22:08 116 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP4-Global.reg
2008-08-24 00:14 83 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002515.reg
2008-08-24 21:48 116 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002845.reg

2008-08-24 22:09 193 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBTB1-Global.reg
2008-08-24 00:14 193 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002530.reg
2008-08-24 21:48 193 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002861.reg

2008-08-24 22:08 399 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBTB2-Global.reg
2008-08-24 00:14 399 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002526.reg
2008-08-24 21:48 399 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002857.reg

2008-08-24 22:08 114 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGCP-Global.reg
2008-08-24 00:14 114 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002506.reg
2008-08-24 21:48 114 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002836.reg

2008-08-24 22:08 88 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGIESH-Global.reg
2008-08-24 00:14 88 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002495.reg
2008-08-24 21:48 88 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002824.reg

2008-08-24 22:08 89 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGNTCVW-Global.reg
2008-08-24 00:14 89 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002504.reg
2008-08-24 21:48 244 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002834.reg

2008-08-24 22:08 336 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGNTCVWL-Global.reg
2008-08-24 00:14 336 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002502.reg
2008-08-24 21:48 336 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002832.reg

2008-08-24 22:09 2066 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS1-Global.reg
2008-08-23 14:22 2068 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001996.reg
2008-08-24 21:48 2066 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002866.reg

2008-08-24 22:08 205 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS1SM-Global.reg
2008-08-24 00:14 205 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002478.reg
2008-08-24 21:48 205 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002829.reg

2008-08-24 22:09 86 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS2-Global.reg
2008-08-23 14:22 509 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001942.reg
2008-08-24 21:48 86 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002865.reg

2008-08-24 22:08 180 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS2SM-Global.reg
2008-08-24 00:14 81 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002499.reg
2008-08-24 21:48 180 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002828.reg

2008-08-24 22:09 90 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS3-Global.reg
2008-08-24 00:14 90 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002533.reg
2008-08-24 21:48 90 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002864.reg

2008-08-24 22:08 205 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS3SM-Global.reg
2008-08-24 00:14 205 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002498.reg
2008-08-24 21:48 205 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002827.reg

2008-08-24 22:09 94 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS4-Global.reg
2008-08-24 00:14 94 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002532.reg
2008-08-24 21:48 94 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002863.reg

2008-08-24 22:08 13783 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGSS-Global.reg
2008-08-24 00:14 13783 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002493.reg
2008-08-24 21:48 13757 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002820.reg

2008-08-24 22:08 323 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGSSODL-Global.reg
2008-08-20 11:23 323 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0002139.reg
2008-08-24 21:48 323 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002830.reg

2008-08-24 22:08 6293 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGWLN-Global.reg
2008-08-24 00:14 6293 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002494.reg
2008-08-24 21:48 6293 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002823.reg

2008-08-24 22:08 262 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBME-BRETT.reg
2008-08-24 00:14 262 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002525.reg
2008-08-24 21:48 262 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002856.reg

2008-08-24 22:08 115 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP1-BRETT.reg
2008-08-24 00:14 115 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002523.reg
2008-08-24 21:48 115 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002854.reg

2008-08-24 22:08 249 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2a-BRETT.reg
2008-08-23 13:55 249 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0002143.reg
2008-08-24 21:48 249 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002853.reg

2008-08-24 22:08 438 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-BRETT.reg
2008-08-23 13:55 438 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001972.reg
2008-08-24 21:48 438 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002852.reg

2008-08-24 22:08 174 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP3-BRETT.reg
2008-08-23 12:02 177 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0001918.reg
2008-08-24 21:48 174 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002851.reg

2008-08-24 22:08 121 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP4-BRETT.reg
2008-08-23 13:56 121 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001973.reg
2008-08-24 21:48 121 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002850.reg

2008-08-24 22:09 4078 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBTB1-BRETT.reg
2008-08-24 00:14 4078 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002531.reg
2008-08-24 21:48 4078 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002862.reg

2008-08-24 22:09 694 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBTB2-BRETT.reg
2008-08-24 00:14 694 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002527.reg
2008-08-24 21:48 694 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002858.reg

2008-08-24 22:08 113 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUCP-BRETT.reg
2008-08-24 00:14 113 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002507.reg
2008-08-24 21:48 113 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002837.reg

2008-08-24 22:08 136 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUDesk-BRETT.reg
2008-08-20 23:37 136 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001921.reg
2008-08-24 21:48 136 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002826.reg

2008-08-24 22:08 132 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUIESH-BRETT.reg
2008-08-24 00:14 132 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002496.reg
2008-08-24 21:48 132 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002825.reg

2008-08-24 22:08 235 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUNTCVW-BRETT.reg
2008-08-24 00:14 235 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002505.reg
2008-08-24 21:48 235 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002835.reg

2008-08-24 22:08 390 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUNTCVWL-BRETT.reg
2008-08-24 00:14 390 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002503.reg
2008-08-24 21:48 390 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002833.reg

2008-08-24 22:09 611 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS1-BRETT.reg
2008-08-23 14:22 611 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0002144.reg
2008-08-24 21:48 611 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002870.reg

2008-08-24 22:09 85 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS2-BRETT.reg
2008-08-24 00:14 85 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002537.reg
2008-08-24 21:48 85 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002869.reg

2008-08-24 22:09 89 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS3-BRETT.reg
2008-08-24 00:14 89 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002536.reg
2008-08-24 21:48 89 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002868.reg

2008-08-24 22:09 93 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS4-BRETT.reg
2008-08-24 00:14 93 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002535.reg
2008-08-24 21:48 93 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002867.reg

2008-08-24 22:08 105 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUSSODL-BRETT.reg
2008-08-24 00:14 105 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002501.reg
2008-08-24 21:48 105 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002831.reg

C:\Documents and Settings\BRETT\Application Data\Simply Super Software\Trojan Remover\boi103.exe
2008-08-21 16:29 2548288 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001984.exe

C:\Documents and Settings\BRETT\Application Data\Simply Super Software\Trojan Remover\dkxE3.exe
2008-08-03 16:13 2540096 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001944.exe

C:\Documents and Settings\BRETT\Application Data\Simply Super Software\Trojan Remover\exs4F.exe
2008-08-03 16:13 2540096 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001956.exe

C:\Documents and Settings\BRETT\Application Data\Simply Super Software\Trojan Remover\itb31.exe
2008-08-21 16:29 2548288 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002079.exe

C:\Documents and Settings\BRETT\Application Data\Simply Super Software\Trojan Remover\qkl13.exe
2008-08-21 16:29 2548288 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002012.exe

C:\Documents and Settings\BRETT\Application Data\Simply Super Software\Trojan Remover\vbv13.exe
2008-08-21 16:29 2548288 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0002200.exe

C:\Documents and Settings\BRETT\Application Data\Simply Super Software\Trojan Remover\ykb12.exe
2008-08-03 16:13 2540096 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001970.exe

2005-01-25 08:33 1049088 C:\Program Files\Common Files\Microsoft Shared\SFPCA Cache\msxml3.dll
2005-01-25 08:33 1049088 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002467.dll

2005-02-10 21:04 44032 C:\Program Files\Common Files\Microsoft Shared\SFPCA Cache\msxml3r.dll
2005-02-10 21:04 44032 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002468.dll

2008-08-23 04:00 371248 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2008-08-19 04:00 371248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002297.sys
2008-08-23 04:00 371248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002491.sys

C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys
2008-08-23 04:00 99376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0002611.sys

2008-08-23 04:00 99376 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2008-08-19 04:00 99376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002296.sys

2006-11-15 20:52 403152 C:\Program Files\Common Files\Symantec Shared\sevinst.exe
2006-11-15 20:52 403152 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002310.exe

2007-02-13 02:00 2524984 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070213.051\CCERASER.DLL
2007-02-13 02:00 2524984 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002261.DLL

2007-02-13 02:00 272040 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070213.051\ECMSVR32.DLL
2007-02-13 02:00 272040 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002263.DLL

2007-02-13 02:00 383800 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070213.051\EECTRL.SYS
2007-02-13 02:00 383800 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002264.SYS

2007-02-13 02:00 102712 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070213.051\ERASER.SYS
2007-02-13 02:00 102712 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002266.SYS

2007-02-13 02:00 80472 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070213.051\NAVENG.SYS
2007-02-13 02:00 80472 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002267.SYS

2007-02-13 02:00 124536 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070213.051\NAVENG32.DLL
2007-02-13 02:00 124536 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002269.DLL

2007-02-13 02:00 852600 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070213.051\NAVEX15.SYS
2007-02-13 02:00 852600 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002270.SYS

2007-02-13 02:00 902776 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070213.051\NAVEX32A.DLL
2007-02-13 02:00 902776 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002272.DLL

C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080819.003\CCERASER.DLL
2008-08-19 04:00 2389552 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002244.DLL

C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080819.003\ECMSVR32.DLL
2008-07-16 11:16 259440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002246.DLL

C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080819.003\EECTRL.SYS
2008-08-19 04:00 371248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002247.SYS

C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080819.003\ERASER.SYS
2008-08-19 04:00 99376 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002249.SYS

C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080819.003\NAVENG.SYS
2008-07-16 11:16 89936 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002250.SYS

C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080819.003\NAVENG32.DLL
2008-07-16 11:16 177520 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002252.DLL

C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080819.003\NAVEX15.SYS
2008-07-16 11:16 856336 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002253.SYS

C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080819.003\NAVEX32A.DLL
2008-07-16 11:16 1164656 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002255.DLL

2008-07-16 11:16 2561072 C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\cceraser.dll
2008-07-16 11:16 2561072 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002278.dll

2008-07-16 11:16 259440 C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ecmsvr32.dll
2008-07-16 11:16 259440 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002280.dll

2008-07-16 11:16 385072 C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\eeCtrl.sys
2008-07-16 11:16 385072 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002281.sys

2008-07-16 11:16 109616 C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.sys
2008-07-16 11:16 109616 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002283.sys

2008-07-16 11:16 89936 C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.sys
2008-07-16 11:16 89936 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002284.sys

2008-07-16 11:16 177520 C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng32.dll
2008-07-16 11:16 177520 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002286.dll

2008-07-16 11:16 856336 C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.sys
2008-07-16 11:16 856336 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002287.sys

2008-07-16 11:16 1164656 C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex32a.dll
2008-07-16 11:16 1164656 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002289.dll

2008-08-24 01:23 48768 C:\Program Files\Symantec\S32EVNT1.DLL
2008-08-19 14:26 48768 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002301.DLL

2008-08-24 01:23 110952 C:\Program Files\Symantec\SYMEVENT.SYS
2008-08-19 14:26 110952 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002304.SYS

2008-08-16 16:29 1028672 C:\Program Files\Trojan Remover\Rmvtrjan.exe
2008-07-21 19:53 971328 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001976.exe

2008-08-23 17:33 914512 C:\Program Files\Trojan Remover\Trjscan.exe
2008-07-30 15:00 909904 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001977.exe

2008-08-24 21:43 25214 C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
2008-08-24 00:34 25214 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002466.exe

2008-08-24 21:43 40960 C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
2008-08-24 00:34 40960 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002465.exe

C:\WINDOWS\system32\404Fix.exe
{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002024.exe
{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002475.exe

C:\WINDOWS\system32\alofifmb.exe
2008-08-20 12:04 187392 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0002596.exe

2004-08-04 05:00 29184 C:\WINDOWS\system32\dllcache\mshta.exe
2004-08-04 05:00 29184 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002033.exe
2004-08-04 05:00 29184 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002034.exe

2004-08-04 05:00 111104 C:\WINDOWS\system32\dllcache\netdde.exe
2004-08-04 05:00 111104 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002037.exe
2004-08-04 05:00 111104 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002038.exe

2008-08-24 01:23 110952 C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-19 14:26 110952 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002303.SYS

2004-07-31 18:50 51200 C:\WINDOWS\system32\dumphive.exe
2004-07-31 18:50 51200 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002019.exe

C:\WINDOWS\system32\hingfyrw.exe
2008-08-20 11:22 81920 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0002597.exe

C:\WINDOWS\system32\IEDFix.C.exe
{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002025.exe
{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002476.exe

C:\WINDOWS\system32\IEDFix.exe
{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002022.exe
{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002477.exe

C:\WINDOWS\system32\javmvgda.exe
2008-08-20 20:32 81920 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0002802.exe

C:\WINDOWS\system32\jmzuxwrg.exe
2008-08-23 14:22 90112 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002032.exe

C:\WINDOWS\system32\lphc1llj0e1dr.exe
2008-08-23 14:22 195584 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001934.exe

2004-08-04 05:00 407552 C:\WINDOWS\system32\mstsc.exe
2004-08-04 05:00 407552 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001992.exe

2007-02-28 05:15 2017280 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 05:15 2017280 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002039.exe

2007-02-28 05:53 2137600 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 05:53 2137600 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002040.exe

2003-06-05 21:13 53248 C:\WINDOWS\system32\Process.exe
2003-06-05 21:13 53248 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002016.exe

2004-08-04 05:00 3338 C:\WINDOWS\system32\redir.exe
2004-08-04 05:00 3338 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002041.exe

C:\WINDOWS\system32\rgxadede.exe
2008-08-20 17:28 94208 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0002598.exe

2008-08-24 01:23 48768 C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-19 14:26 48768 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0002302.DLL

2006-04-27 17:49 288417 C:\WINDOWS\system32\SrchSTS.exe
2006-04-27 17:49 288417 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002018.exe

2008-08-24 02:22 4182 C:\WINDOWS\system32\tmp.reg
2008-08-23 13:48 4186 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0001971.reg
2008-08-24 00:58 4174 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002543.reg

2008-05-29 09:35 86528 C:\WINDOWS\system32\VACFix.exe
2008-05-29 09:35 86528 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002023.exe

2007-09-06 00:22 289144 C:\WINDOWS\system32\VCCLSID.exe
2007-09-06 00:22 289144 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002021.exe

C:\WINDOWS\system32\vydcnknq.exe
2008-08-20 23:37 86016 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0002546.exe

2007-10-04 00:36 25600 C:\WINDOWS\system32\WS2Fix.exe
2007-10-04 00:36 25600 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0002080.exe

C:\WINDOWS\system32\xwjatsze.exe
2008-08-18 10:38 86016 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0002599.exe

C:\WINDOWS\system32\ybixazkx.exe
2008-08-20 12:04 81920 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0002600.exe

C:\WINDOWS\system32\yhuzanaj.exe
2008-08-19 11:05 187904 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0002601.exe

C:\WINDOWS\system32\ynojaloh.exe
2008-08-19 10:58 187904 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0002602.exe

C:\WINDOWS\system32\zotkhqjk.exe
2008-08-20 23:37 186880 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0002603.exe

C:\WINDOWS\tmp119984.bat
2008-08-20 11:23 245 {202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0002604.bat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 02:18 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"ActInfoWin"="C:\WINDOWS\system32\hingfyrw.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12 94208]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-09-18 13:42 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-18 13:42 98304]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 19:20 110592]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-18 13:49 169984]
"DellHelp"="C:\Dell\DellHelp\DellHelp.exe" [2004-04-01 15:51 1589248]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 18:34 106496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-02-08 22:39 36904]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49 1121280]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-23 17:33 914512]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 18:17 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-09-18 13:41:40 156784]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-11-04 18:58:00 200704]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]
Veritrax AS-215.lnk - C:\Program Files\Rosslare\Veritrax AS-215\VeriTrax.exe [2008-04-13 19:16:01 9244672]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-09-21 20:57:14 122880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WPORTAL\\JRE\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 22:06:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\BRETT\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
-> ?:\WINDOWS\system32\odbcint.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-24 22:13:21 - machine was rebooted [BRETT]
ComboFix-quarantined-files.txt 2008-08-25 02:13:12
ComboFix2.txt 2008-08-24 23:06:15
ComboFix3.txt 2008-08-24 04:18:02

Pre-Run: 53,083,013,120 bytes free
Post-Run: 53,091,065,856 bytes free

524 --- E O F --- 2008-08-20 21:17:19
________________________________________________________________________________
____________

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, August 25, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 25, 2008 01:16:13
Records in database: 1141788


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\

Scan statistics
Files scanned 107826
Threat name 5
Infected objects 27
Suspicious objects 0
Duration of the scan 02:35:09

File name Threat name Threats count
C:\WINDOWS\system32\winlogon.exe/C:\WINDOWS\system32\winlogon.exe Infected: Trojan.Win32.Patched.aa 1

C:\WINDOWS\system32\services.exe/C:\WINDOWS\system32\services.exe Infected: Trojan.Win32.Patched.aa 1

C:\WINDOWS\system32\lsass.exe/C:\WINDOWS\system32\lsass.exe Infected: Trojan.Win32.Patched.aa 1

C:\WINDOWS\system32\svchost.exe/C:\WINDOWS\system32\svchost.exe Infected: Trojan.Win32.Patched.aa 5

C:\WINDOWS\System32\svchost.exe/C:\WINDOWS\System32\svchost.exe Infected: Trojan.Win32.Patched.aa 2

C:\WINDOWS\system32\spoolsv.exe/C:\WINDOWS\system32\spoolsv.exe Infected: Trojan.Win32.Patched.aa 1

C:\WINDOWS\explorer.exe/C:\WINDOWS\explorer.exe Infected: Trojan.Win32.Patched.aa 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AE40003.VBN Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AE40004.VBN Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Sygate Personal Firewall Pro 5.6.3408+ Keygen & Patch\Keygen\Keygen.exe Infected: Trojan-Downloader.Win32.Agent.yrj 1

C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Sygate Personal Firewall Pro 5.6.3408+ Keygen & Patch\spfp_setup_5_6_3408.exe Infected: Trojan-Downloader.Win32.Agent.yrj 1

C:\Documents and Settings\BRETT\My Documents\Temp Program File\MISC\reset2.exe Infected: Trojan.BAT.Small.ai 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yhuzanaj.exe.vir Infected: Trojan-Downloader.Win32.Small.abnp 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ynojaloh.exe.vir Infected: Trojan-Downloader.Win32.Small.abnp 1

C:\WINDOWS\explorer.exe Infected: Trojan.Win32.Patched.aa 1

C:\WINDOWS\system32\lsass.exe Infected: Trojan.Win32.Patched.aa 1

C:\WINDOWS\system32\services.exe Infected: Trojan.Win32.Patched.aa 1

C:\WINDOWS\system32\spoolsv.exe Infected: Trojan.Win32.Patched.aa 1

C:\WINDOWS\system32\svchost.exe Infected: Trojan.Win32.Patched.aa 1

C:\WINDOWS\system32\winlogon.exe Infected: Trojan.Win32.Patched.aa 1

The selected area was scanned.
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello jbd1270,

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Come back to me after you have it installed.
  • 0

#8
jbd1270

jbd1270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OK, Recovery console installed and booted normal
  • 0

#9
jbd1270

jbd1270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I have to go out of town for work until fri evening. I hope this is not going to be a problem.
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hi jbd1270,

Nope we will still be here.

You have a very invasive infection on your computer.

By then we will have the next answer for you.
  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello jbd1270,

Cracks and Keygens always result in infection. You will not be helped on this site if you persist in using these programs.

Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

DirLook::
C:\Documents and Settings\BRETT\My Documents\Billy Downloads

FCopy::
C:\Windows\ServicePackFiles\i386\explorer.exe | C:\WINDOWS\explorer.exe
C:\Windows\ServicePackFiles\i386\lsass.exe | C:\WINDOWS\system32\lsass.exe
C:\Windows\ServicePackFiles\i386\services.exe | C:\WINDOWS\system32\services.exe
C:\Windows\ServicePackFiles\i386\spoolsv.exe | C:\WINDOWS\system32\spoolsv.exe
C:\Windows\ServicePackFiles\i386\svchost.exe | C:\WINDOWS\system32\svchost.exe
C:\Windows\ServicePackFiles\i386\winlogon.exe | C:\WINDOWS\system32\winlogon.exe

File::
C:\WINDOWS\system32\hingfyrw.exe
C:\WINDOWS\system32\javmvgda.exe
C:\WINDOWS\system32\jmzuxwrg.exe
C:\WINDOWS\system32\lphc1llj0e1dr.exe
C:\WINDOWS\system32\rgxadede.exe
C:\WINDOWS\system32\vydcnknq.exe
C:\WINDOWS\system32\xwjatsze.exe
C:\WINDOWS\system32\ybixazkx.exe
C:\WINDOWS\system32\yhuzanaj.exe
C:\WINDOWS\system32\ynojaloh.exe
C:\WINDOWS\system32\zotkhqjk.exe
C:\WINDOWS\tmp119984.bat
C:\Documents and Settings\BRETT\My Documents\Temp Program File\MISC\reset2.exe

Folder::
C:\Documents and Settings\All Users\Application Data\jszsvqhm
C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Sygate Personal Firewall Pro 5.6.3408+ Keygen & Patch
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ActInfoWin"=-


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#12
jbd1270

jbd1270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ComboFix 08-08-29.02 - BRETT 2008-08-29 21:45:34.4 - NTFSx86
Running from: C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\BRETT\My Documents\Billy Downloads\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\BRETT\My Documents\Temp Program File\MISC\reset2.exe
C:\WINDOWS\system32\hingfyrw.exe
C:\WINDOWS\system32\javmvgda.exe
C:\WINDOWS\system32\jmzuxwrg.exe
C:\WINDOWS\system32\lphc1llj0e1dr.exe
C:\WINDOWS\system32\rgxadede.exe
C:\WINDOWS\system32\vydcnknq.exe
C:\WINDOWS\system32\xwjatsze.exe
C:\WINDOWS\system32\ybixazkx.exe
C:\WINDOWS\system32\yhuzanaj.exe
C:\WINDOWS\system32\ynojaloh.exe
C:\WINDOWS\system32\zotkhqjk.exe
C:\WINDOWS\tmp119984.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\BRETT\Application Data\macromedia\Flash Player\#SharedObjects\4A8K8BDC\bin.clearspring.com
C:\Documents and Settings\BRETT\Application Data\macromedia\Flash Player\#SharedObjects\4A8K8BDC\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\BRETT\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\BRETT\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\BRETT\My Documents\Temp Program File\MISC\reset2.exe

.
--------------- FCopy ---------------

C:\Windows\ServicePackFiles\i386\explorer.exe --> C:\WINDOWS\explorer.exe
C:\Windows\ServicePackFiles\i386\lsass.exe --> C:\WINDOWS\system32\lsass.exe
C:\Windows\ServicePackFiles\i386\services.exe --> C:\WINDOWS\system32\services.exe
C:\Windows\ServicePackFiles\i386\spoolsv.exe --> C:\WINDOWS\system32\spoolsv.exe
C:\Windows\ServicePackFiles\i386\svchost.exe --> C:\WINDOWS\system32\svchost.exe
C:\Windows\ServicePackFiles\i386\winlogon.exe --> C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))
.

2008-08-29 21:07 . 2008-08-29 21:07 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-29 21:07 . 2008-08-29 21:07 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-29 21:07 . 2008-08-29 21:07 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-29 21:07 . 2008-08-29 21:07 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-29 21:05 . 2008-08-29 21:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-29 20:58 . 2008-08-29 20:58 <DIR> d-------- C:\WINDOWS\EHome
2008-08-29 19:28 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-29 19:27 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-25 22:55 . 2008-08-29 21:51 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-08-25 22:55 . 2008-08-25 22:55 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-25 22:55 . 2008-08-25 22:55 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-25 22:55 . 2008-08-25 22:55 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-25 22:55 . 2008-08-25 22:55 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-24 02:41 . 2008-08-24 02:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-24 02:22 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-24 00:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-24 00:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-23 20:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-23 20:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-23 20:09 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-23 13:40 . 2008-08-21 23:41 87,552 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-22 19:18 . 2008-08-22 19:18 <DIR> d-------- C:\Documents and Settings\BRETT\Application Data\Symantec
2008-08-20 21:33 . 2008-08-24 02:22 4,182 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-20 18:58 . 2008-08-20 18:59 <DIR> d-------- C:\Program Files\Advanced Registry Doctor
2008-08-20 10:51 . 2008-08-21 01:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-20 10:51 . 2008-08-20 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 13:02 . 2008-08-19 13:02 <DIR> d-------- C:\Program Files\Gadwin Systems
2008-08-19 09:49 . 2008-08-24 01:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-19 09:48 . 2008-08-23 17:33 <DIR> d-------- C:\Program Files\Trojan Remover
2008-08-19 09:48 . 2008-08-19 09:48 <DIR> d-------- C:\Documents and Settings\BRETT\Application Data\Simply Super Software
2008-08-19 09:48 . 2008-08-19 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-19 09:48 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-19 09:48 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-19 09:48 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-19 09:48 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-19 09:38 . 2008-08-19 09:52 <DIR> d-------- C:\Program Files\EndItAll
2008-08-18 12:28 . 2008-08-18 12:28 <DIR> d-------- C:\Program Files\AVG
2008-08-18 12:28 . 2008-08-19 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-13 18:14 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 18:14 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-07-15 21:23 . 2008-07-15 21:23 <DIR> d-------- C:\Program Files\MSBuild
2008-07-15 08:07 . 2008-07-15 08:07 <DIR> d-------- C:\Program Files\Dell Support Center
2008-07-15 08:07 . 2008-07-15 08:07 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-07-15 08:07 . 2008-07-15 08:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-09 03:02 . 2008-07-09 03:02 <DIR> d-------- C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
2008-07-07 16:26 . 2008-07-07 16:26 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 02:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-26 02:55 --------- d-----w C:\Program Files\Symantec
2008-08-26 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-22 02:32 --------- d-----w C:\Program Files\America Online 9.0
2008-08-22 02:18 --------- d-----w C:\Program Files\CoreFTP
2008-08-20 22:57 --------- d-----w C:\Documents and Settings\BRETT\Application Data\U3
2008-08-19 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-17 18:33 --------- d-----w C:\Documents and Settings\BRETT\Application Data\FUJIFILM
2008-08-05 21:37 --------- d-----w C:\Documents and Settings\BRETT\Application Data\SiteAdvisor
2008-07-16 01:23 --------- d-----w C:\Program Files\Microsoft Works
2008-07-15 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2006-12-18 04:39 0 -c--a-w C:\Documents and Settings\BRETT\Application Data\wklnhst.dat
2007-02-09 23:42 88 -csh--r C:\WINDOWS\system32\7515257F65.sys
2007-02-09 23:42 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\BRETT\My Documents\Billy Downloads ----

2008-08-29 21:43 2840459 -ra------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ComboFix.exe
2008-08-29 21:40 1351 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\CFScript.txt
2008-08-25 08:56 7582 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\Kaspersky Error Log 1.html
2008-08-24 22:15 42173 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\CFScript Log.txt
2008-08-24 19:07 16156 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\ComboFix.txt
2008-08-24 02:42 11493 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\hijackthis_errorlog_2.txt
2008-08-24 02:40 812344 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\HJTInstall.exe
2008-08-24 02:36 12368 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\hijackthis_errorlog_1
2008-08-24 00:19 16768 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\ComboFix_1_log.txt
2008-08-23 23:21 338 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\backups\backup-20080823-232146-889
2008-08-23 23:16 251392 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\hijackthis_sfx.exe
2008-08-22 16:54 1854986 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\SmitfraudFix.cmd
2008-08-21 23:41 87552 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\AntiXPVSTFix.exe
2008-08-20 19:35 1486224 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix.exe
2008-08-19 09:46 7341360 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\trsetup.exe
2008-08-07 16:27 4080 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\beep_2K_original.sys
2008-08-06 18:57 14966160 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\spybotsd160.exe
2008-07-22 12:27 82432 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\GenericRenosFix.exe
2008-05-29 09:35 86528 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\VACFix.exe
2008-05-27 23:17 3584 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\Policies.exe
2008-03-03 00:38 77312 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\UIFix.exe
2007-10-04 00:36 25600 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\WS2Fix.exe
2007-09-24 13:57 317 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ARD\serial.txt
2007-09-24 09:20 780 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ARD\ARD.reg
2007-09-24 09:10 5070627 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ARD\Setup.exe
2007-09-06 00:22 289144 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\VCCLSID.exe
2007-08-21 08:00 1536 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\exit.exe
2007-03-28 18:38 77824 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\HostsChk.exe
2006-12-01 07:20 79360 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\swxcacls.exe
2006-09-19 22:13 20480 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\SmiUpdate.exe
2006-09-15 00:34 167936 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\unzip.exe
2006-08-29 19:43 135168 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\swreg.exe
2006-04-27 17:49 288417 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\SrchSTS.exe
2006-03-07 23:45 16384 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\restart.exe
2006-01-09 11:36 40960 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\swsc.exe
2005-02-16 11:06 218112 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\HijackThis.exe
2005-01-13 22:41 24576 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\Reboot.exe
2004-07-31 18:50 51200 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\dumphive.exe
2003-06-05 21:13 53248 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\Process.exe
2001-08-28 14:00 4224 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\beep_XP_original.sys


((((((((((((((((((((((((((((( [email protected]_ 0.17.30.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 05:06:34 82,944 -c----w C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll
- 2008-02-16 09:32:06 3,066,880 -c----w C:\WINDOWS\$NtUninstallKB950759$\mshtml.dll
- 2008-02-16 09:32:09 666,112 -c----w C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
+ 2008-02-16 09:32:03 1,024,000 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\browseui.dll
+ 2008-02-16 09:32:03 151,040 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\cdfview.dll
+ 2008-02-16 09:32:03 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\danim.dll
+ 2008-02-16 09:32:04 357,888 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\extmgr.dll
+ 2008-02-15 09:07:53 18,432 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\iedw.exe
+ 2008-02-16 09:32:04 251,904 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\iepeers.dll
+ 2008-02-16 09:32:04 96,256 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\inseng.dll
+ 2008-02-16 09:32:04 16,384 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\jsproxy.dll
+ 2008-02-16 09:32:06 3,066,880 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\mshtml.dll
+ 2008-02-16 09:32:06 449,024 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\mshtmled.dll
+ 2008-02-16 09:32:06 146,432 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\msrating.dll
+ 2008-02-16 09:32:07 532,480 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\mstime.dll
+ 2008-02-16 09:32:07 39,424 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\pngfilt.dll
+ 2008-02-16 09:32:08 1,499,136 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\shdocvw.dll
+ 2008-02-16 09:32:08 474,112 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\shlwapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\spuninst\updspapi.dll
+ 2008-02-16 09:32:08 618,496 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\urlmon.dll
+ 2008-02-16 09:32:09 666,112 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\wininet.dll
+ 2008-02-15 09:06:21 351,744 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\xpsp3res.dll
- 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys
+ 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\rmcast.sys
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\spuninst\updspapi.dll
- 2005-07-26 04:39:45 243,200 -c----w C:\WINDOWS\$NtUninstallKB950974$\es.dll
- 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll
- 2008-04-14 11:01:02 272,128 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys
+ 2008-04-14 11:01:02 272,128 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376_0$\spuninst\updspapi.dll
- 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\quartz.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\spuninst\updspapi.dll
- 2004-08-04 09:00:00 138,496 -c----w C:\WINDOWS\$NtUninstallKB951748$\afd.sys
- 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll
- 2004-08-04 09:00:00 245,248 -c----w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
- 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys
- 2004-08-04 09:00:00 331,776 -c----w C:\WINDOWS\$NtUninstallKB952287$\msadce.dll
- 2005-06-29 01:46:00 74,240 -c----w C:\WINDOWS\$NtUninstallKB952954$\mscms.dll
- 2008-04-21 06:56:57 3,066,880 -c----w C:\WINDOWS\$NtUninstallKB953838$\mshtml.dll
- 2008-04-21 06:56:58 1,499,136 -c----w C:\WINDOWS\$NtUninstallKB953838$\shdocvw.dll
- 2008-04-21 06:56:58 618,496 -c----w C:\WINDOWS\$NtUninstallKB953838$\urlmon.dll
- 2008-04-21 06:56:59 666,624 -c----w C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
+ 2008-04-14 00:11:48 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
- 2004-08-04 09:00:00 1,852,416 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
+ 2008-04-14 00:11:48 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2004-08-04 09:00:00 450,048 -c--a-w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2008-04-14 00:11:48 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2004-08-04 09:00:00 137,728 -c--a-w C:\WINDOWS\AppPatch\AcLua.dll
+ 2008-04-14 00:11:48 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2004-08-04 09:00:00 244,736 -c--a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2008-04-14 00:11:48 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2004-08-04 09:00:00 116,224 -c--a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2008-04-14 00:11:48 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
- 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 11:05:51 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2004-08-04 09:00:00 34,816 -c--a-w C:\WINDOWS\Help\sniffpol.dll
+ 2008-04-14 00:12:06 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
- 2004-08-04 09:00:00 33,280 -c--a-w C:\WINDOWS\Help\sstub.dll
+ 2008-04-14 00:12:07 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
- 2004-08-04 09:00:00 279,040 -c--a-w C:\WINDOWS\Help\tshoot.dll
+ 2008-04-14 00:12:07 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
- 2005-05-26 23:22:01 10,752 -c--a-w C:\WINDOWS\hh.exe
+ 2008-04-14 00:12:21 10,752 ----a-w C:\WINDOWS\hh.exe
- 2004-08-04 09:00:00 220,160 -c--a-w C:\WINDOWS\ime\mscandui.dll
+ 2008-04-14 00:11:58 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
- 2004-08-04 09:00:00 130,048 -c--a-w C:\WINDOWS\ime\SOFTKBD.DLL
+ 2008-04-14 00:12:06 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll
- 2004-08-04 09:00:00 62,976 ----a-w C:\WINDOWS\ime\SPGRMR.dll
+ 2008-04-13 16:43:18 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll
- 2004-08-04 09:00:00 250,880 ----a-w C:\WINDOWS\ime\SPTIP.dll
+ 2008-04-14 00:12:06 250,368 ----a-w C:\WINDOWS\ime\sptip.dll
- 2008-08-19 18:27:09 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
+ 2008-08-26 02:56:26 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
- 2008-08-19 18:27:09 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-08-26 02:56:26 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-08-19 18:27:09 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-08-26 02:56:26 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-01-18 15:13:09 2,247 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 10:33:51 18,917 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 10:06:46 13,801 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 00:11:31 25,600 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscupdc.dll
- 2004-08-04 09:00:00 24,064 -c--a-w C:\WINDOWS\msagent\agentanm.dll
+ 2008-04-14 00:11:48 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
- 2004-08-04 09:00:00 214,016 -c--a-w C:\WINDOWS\msagent\agentctl.dll
+ 2008-04-14 00:11:48 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
- 2006-10-12 13:54:18 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2008-04-14 00:11:48 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2007-03-09 13:58:57 57,344 -c--a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2008-04-14 00:11:48 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-04 09:00:00 49,152 -c--a-w C:\WINDOWS\msagent\agentmpx.dll
+ 2008-04-14 00:11:48 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
- 2004-08-04 09:00:00 24,064 -c--a-w C:\WINDOWS\msagent\agentpsh.dll
+ 2008-04-14 00:11:48 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
- 2004-08-04 09:00:00 44,032 -c--a-w C:\WINDOWS\msagent\agentsr.dll
+ 2008-04-14 00:11:48 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
- 2006-10-12 11:54:07 256,512 -c--a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2008-04-14 00:12:12 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2004-08-04 09:00:00 24,064 -c--a-w C:\WINDOWS\msagent\agtintl.dll
+ 2008-04-14 00:11:49 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0406.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll
- 2004-08-04 09:00:00 21,504 -c--a-w C:\WINDOWS\msagent\intl\agt0407.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll
- 2004-08-04 09:00:00 22,016 -c--a-w C:\WINDOWS\msagent\intl\agt0408.dll
+ 2007-04-02 18:26:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0409.dll
+ 2008-04-13 17:32:28 19,968 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt040b.dll
+ 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll
- 2004-08-04 09:00:00 21,504 -c--a-w C:\WINDOWS\msagent\intl\agt040c.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll
- 2004-08-04 09:00:00 19,968 -c--a-w C:\WINDOWS\msagent\intl\agt040e.dll
+ 2007-04-02 18:26:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll
- 2004-08-04 09:00:00 20,992 -c--a-w C:\WINDOWS\msagent\intl\agt0410.dll
+ 2007-04-02 18:26:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll
- 2004-08-04 09:00:00 20,992 -c--a-w C:\WINDOWS\msagent\intl\agt0413.dll
+ 2007-04-02 18:26:01 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0415.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll
- 2004-08-04 09:00:00 20,480 -c--a-w C:\WINDOWS\msagent\intl\agt0416.dll
+ 2007-04-02 18:26:01 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt041f.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll
- 2004-08-04 09:00:00 20,992 -c--a-w C:\WINDOWS\msagent\intl\agt0816.dll
+ 2007-04-02 18:26:02 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll
- 2004-08-04 09:00:00 20,480 -c--a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
+ 2007-04-02 18:26:02 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
- 2004-08-04 09:00:00 39,936 -c--a-w C:\WINDOWS\msagent\mslwvtts.dll
+ 2008-04-14 00:12:00 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
+ 2008-04-14 00:11:51 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2008-04-13 18:53:32 558,080 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-04 09:00:00 69,120 -c--a-w C:\WINDOWS\NOTEPAD.EXE
+ 2008-04-14 00:12:29 69,120 ----a-w C:\WINDOWS\notepad.exe
- 2004-08-04 09:00:00 768,512 -c--a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-04-14 00:12:21 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-04 09:00:00 743,936 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 00:12:21 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-04 09:00:00 18,944 -c--a-w C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe
+ 2008-04-14 00:12:21 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe
- 2005-09-27 00:34:26 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
+ 2008-04-14 00:12:27 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
- 2004-08-04 09:00:00 376,320 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
+ 2008-04-14 00:11:59 376,832 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
- 2004-08-04 09:00:00 102,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
+ 2008-04-14 00:12:02 102,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
- 2004-08-04 09:00:00 38,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 00:12:02 38,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
- 2006-09-18 17:33:03 77,859 -c--a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
+ 2008-08-30 01:11:13 77,859 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
- 2006-09-18 17:33:03 3,538 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-08-30 01:11:13 3,908 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
- 2004-08-04 09:00:00 150,528 -c--a-w C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 00:12:38 150,528 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe
- 2004-08-04 09:00:00 151,552 -c--a-w C:\WINDOWS\PeerNet\sqldb20.dll
+ 2008-04-14 00:12:06 151,552 ----a-w C:\WINDOWS\PeerNet\sqldb20.dll
- 2004-08-04 09:00:00 462,848 -c--a-w C:\WINDOWS\PeerNet\sqlqp20.dll
+ 2008-04-14 00:12:06 462,848 ----a-w C:\WINDOWS\PeerNet\sqlqp20.dll
- 2004-08-04 09:00:00 110,592 -c--a-w C:\WINDOWS\PeerNet\sqlse20.dll
+ 2008-04-14 00:12:06 110,592 ----a-w C:\WINDOWS\PeerNet\sqlse20.dll
- 2004-08-04 09:00:00 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-14 00:12:32 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-13 18:46:18 53,376 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 18:40:50 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 18:46:20 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2008-04-14 00:11:48 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 00:11:48 136,192 ------w C:\WINDOWS\ServicePackFiles\i386\aaclient.dll
+ 2004-08-04 02:32:22 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-04 02:32:32 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 00:11:48 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 00:12:11 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 00:11:48 1,852,928 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 00:11:48 451,072 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 00:11:48 141,312 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 00:11:48 115,712 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll
+ 2008-04-13 18:36:35 187,776 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 00:11:48 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 00:11:48 193,536 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 00:12:12 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 00:11:48 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 00:11:48 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 00:11:48 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2008-04-14 00:12:12 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2004-08-04 02:32:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 00:11:48 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 00:11:48 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 00:11:48 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 00:11:48 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 00:11:48 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 00:11:48 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 00:11:48 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 00:11:48 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 00:11:48 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 00:11:48 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 00:11:48 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 00:11:48 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 00:11:48 617,472 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 00:11:48 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 16:39:23 142,592 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2008-04-13 19:19:23 138,112 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2008-04-14 00:11:48 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 00:11:48 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 00:11:48 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 00:11:48 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 00:11:48 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 00:11:48 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 00:11:48 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 00:12:12 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 18:36:38 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 18:36:39 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 18:26:00 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0410.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0412.dll
+ 2007-04-02 18:26:01 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041f.dll
+ 2007-04-02 18:26:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0804.dll
+ 2007-04-02 18:26:02 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 00:11:49 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 00:12:12 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 00:12:12 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2008-04-13 18:36:38 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 00:11:49 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-13 18:36:39 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys
+ 2008-04-13 18:31:32 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2008-04-13 18:31:33 37,760 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 00:11:49 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll
+ 2004-08-04 02:31:20 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2008-04-14 00:11:49 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 00:11:49 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll
+ 2008-04-13 18:51:25 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2008-04-14 00:11:49 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-13 18:57:27 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 00:12:12 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2008-04-13 18:40:30 96,512 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2004-08-04 02:29:30 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-04 02:29:30 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-04 02:29:30 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-04 02:29:32 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-04 02:29:32 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-04 02:29:32 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-04 02:29:32 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-04 02:29:32 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-04 02:29:32 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-04 02:29:32 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 00:11:49 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 00:11:49 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 00:11:49 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-04 02:29:28 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-04 02:29:28 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 00:11:49 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 00:11:49 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 00:11:50 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-04 02:29:28 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-04 02:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-04 02:29:30 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-04 02:29:30 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-04 02:29:32 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-04 02:29:32 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-04 02:29:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-04 02:29:32 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-04 02:29:32 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-04 02:29:32 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 00:11:50 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 00:11:50 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 00:11:50 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2008-04-14 00:12:12 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
+ 2008-04-13 18:51:25 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 00:09:01 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll
+ 2008-04-13 18:51:30 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 00:11:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 00:12:12 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 00:11:50 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 00:11:50 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 00:11:50 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 00:11:50 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 00:11:50 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 00:11:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 00:12:12 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 00:11:50 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2008-04-14 00:12:12 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2008-04-14 00:11:50 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll
+ 2008-04-14 00:12:12 588,800 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 00:12:12 602,624 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 00:12:13 580,608 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 00:12:13 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2008-04-13 18:46:20 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2008-04-13 18:46:07 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 00:11:50 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 00:11:50 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 00:11:50 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 00:11:50 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 00:11:50 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2008-04-13 18:36:32 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\battc.sys
+ 2008-04-13 18:46:21 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 00:11:50 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 00:11:50 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 00:11:50 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 00:11:50 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx4.dll
+ 2008-04-14 00:12:13 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
+ 2008-04-13 18:53:23 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2008-04-13 17:03:24 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 00:11:50 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2008-04-14 00:11:50 1,025,024 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 00:11:50 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 00:11:50 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll
+ 2008-04-13 18:46:33 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys
+ 2008-04-13 18:46:32 273,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 00:11:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll
+ 2008-04-13 18:46:29 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 00:11:50 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 00:11:50 218,112 ------w C:\WINDOWS\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 00:11:50 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 00:11:50 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 00:12:13 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 00:11:50 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2008-04-14 00:11:50 121,856 ------w C:\WINDOWS\ServicePackFiles\i386\camext30.dll
+ 2008-04-14 00:11:50 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll
+ 2008-04-14 00:11:50 150,016 ------w C:\WINDOWS\ServicePackFiles\i386\capesnpn.dll
+ 2008-04-14 00:11:50 226,304 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll
+ 2008-04-14 00:11:50 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll
+ 2008-04-14 00:11:50 625,664 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2008-04-13 18:46:23 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
+ 2008-04-13 19:14:21 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
+ 2008-04-14 00:11:50 151,040 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll
+ 2008-04-14 00:11:50 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
+ 2008-04-14 00:11:50 2,091,520 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll
+ 2008-04-13 18:40:46 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
+ 2008-04-14 00:11:50 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
+ 2008-04-14 00:11:50 457,728 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll
+ 2008-04-14 00:11:50 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
+ 2008-04-14 00:09:05 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll
+ 2008-04-14 00:12:14 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
+ 2008-04-14 00:11:50 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll
+ 2008-04-13 18:40:58 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys
+ 2008-04-14 00:11:50 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\cic.dll
+ 2008-04-14 00:11:50 1,358,848 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
+ 2008-04-14 00:11:50 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
+ 2008-04-14 00:12:14 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
+ 2008-04-13 19:16:22 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
+ 2008-04-14 00:11:50 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll
+ 2008-04-14 00:11:50 498,688 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll
+ 2008-04-14 00:12:14 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 00:11:50 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll
+ 2008-04-14 00:12:14 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
+ 2008-04-14 00:12:14 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 00:12:14 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
+ 2008-04-14 00:11:50 58,368 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll
+ 2008-04-13 18:36:37 13,952 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys
+ 2008-04-14 00:11:50 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll
+ 2008-04-14 00:12:14 389,120 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 00:11:50 344,064 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 00:12:14 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
+ 2008-04-14 00:12:15 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 00:11:50 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll
+ 2008-04-14 00:11:50 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll
+ 2008-04-14 00:12:15 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
+ 2008-04-14 00:11:50 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll
+ 2008-04-14 00:11:50 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll
+ 2008-04-14 00:11:50 79,360 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll
+ 2008-04-13 16:44:16 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\cobramsg.dll
+ 2008-04-14 00:11:51 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\colbact.dll
+ 2008-04-14 00:11:51 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\comaddin.dll
+ 2008-04-14 00:11:51 195,072 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll
+ 2008-04-14 00:11:51 617,472 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
+ 2008-04-14 00:11:51 276,992 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
+ 2008-04-14 00:11:51 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll
+ 2008-04-13 18:36:37 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\compbatt.sys
+ 2008-04-14 00:11:51 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\compstui.dll
+ 2008-04-14 00:11:51 97,792 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.dll
+ 2008-04-14 00:12:15 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe
+ 2008-04-14 00:12:15 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\comrereg.exe
+ 2008-04-14 00:11:51 792,064 ------w C:\WINDOWS\ServicePackFiles\i386\comres.dll
+ 2008-04-14 00:11:51 274,944 ------w C:\WINDOWS\ServicePackFiles\i386\comsetup.dll
+ 2008-04-14 00:11:51 167,424 ------w C:\WINDOWS\ServicePackFiles\i386\comsnap.dll
+ 2008-04-14 00:11:51 1,267,200 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll
+ 2008-04-14 00:11:51 539,648 ------w C:\WINDOWS\ServicePackFiles\i386\comuid.dll
+ 2008-04-14 00:12:15 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
+ 2008-04-14 00:11:51 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\confmrsl.dll
+ 2008-04-14 00:11:51 357,888 ------w C:\WINDOWS\ServicePackFiles\i386\confmsp.dll
+ 2008-04-14 00:12:15 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
+ 2008-04-14 00:11:51 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\corpol.dll
+ 2008-04-14 00:11:51 12,800 ------w C:\WINDOWS\ServicePackFiles\i386\credssp.dll
+ 2008-04-14 00:11:51 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2008-04-13 18:31:32 36,736 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys
+ 2008-04-14 00:11:51 599,040 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll
+ 2008-04-14 00:11:51 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll
+ 2008-04-14 00:11:51 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdll.dll
+ 2008-04-14 00:11:51 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\cryptext.dll
+ 2008-04-14 00:11:51 64,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptnet.dll
+ 2008-04-14 00:11:51 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
+ 2008-04-14 00:11:51 512,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll
+ 2008-04-14 00:11:51 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\cscdll.dll
+ 2008-04-14 00:12:15 139,264 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe
+ 2008-04-14 00:11:51 326,656 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll
+ 2008-04-14 00:11:51 32,256 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll
+ 2008-04-14 00:12:15 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\csrss.exe
+ 2008-04-14 00:12:16 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-14 00:11:51 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\ctmasetp.dll
+ 2008-04-14 00:11:51 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\custsat.dll
+ 2004-08-04 02:32:26 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\cwrwdm.sys
+ 2008-04-14 00:11:51 1,179,648 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll
+ 2008-04-14 00:11:51 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll
+ 2008-04-14 00:11:51 1,689,088 ------w C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
+ 2008-04-14 00:11:51 824,320 ------w C:\WINDOWS\ServicePackFiles\i386\d3dim700.dll
+ 2008-04-14 00:11:51 1,054,208 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll
+ 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\ServicePackFiles\i386\dao360.dll
+ 2008-04-14 00:11:51 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\dataclen.dll
+ 2008-04-14 00:11:51 165,376 ------w C:\WINDOWS\ServicePackFiles\i386\datime.dll
+ 2008-04-14 00:11:51 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\davclnt.dll
+ 2008-04-14 00:11:51 640,000 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll
+ 2008-04-14 00:11:51 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll
+ 2008-04-14 00:11:51 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll
+ 2008-04-14 00:11:51 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll
+ 2008-04-14 00:25:26 1,804 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 00:11:51 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll
+ 2008-04-14 00:11:51 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\dciman32.dll
+ 2008-04-14 00:12:16 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\dcomcnfg.exe
+ 2008-04-14 00:12:16 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe
+ 2008-04-14 00:11:51 279,552 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
+ 2008-04-14 00:11:51 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ddrawex.dll
+ 2008-04-14 00:12:16 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
+ 2008-04-14 00:11:51 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\devenum.dll
+ 2008-04-14 00:11:51 282,624 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll
+ 2008-04-14 00:12:16 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
+ 2008-04-14 00:12:16 105,472 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
+ 2008-04-14 00:11:51 39,424 ------w C:\WINDOWS\Serv
  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hi jbd1270,

Doesn't look as though you got the whole log posted. Got cut off.

Have a look please and post the bit that we are missing.

regards
emeraldnzl
  • 0

#14
jbd1270

jbd1270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ComboFix 08-08-29.02 - BRETT 2008-08-29 21:45:34.4 - NTFSx86
Running from: C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\BRETT\My Documents\Billy Downloads\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\BRETT\My Documents\Temp Program File\MISC\reset2.exe
C:\WINDOWS\system32\hingfyrw.exe
C:\WINDOWS\system32\javmvgda.exe
C:\WINDOWS\system32\jmzuxwrg.exe
C:\WINDOWS\system32\lphc1llj0e1dr.exe
C:\WINDOWS\system32\rgxadede.exe
C:\WINDOWS\system32\vydcnknq.exe
C:\WINDOWS\system32\xwjatsze.exe
C:\WINDOWS\system32\ybixazkx.exe
C:\WINDOWS\system32\yhuzanaj.exe
C:\WINDOWS\system32\ynojaloh.exe
C:\WINDOWS\system32\zotkhqjk.exe
C:\WINDOWS\tmp119984.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\BRETT\Application Data\macromedia\Flash Player\#SharedObjects\4A8K8BDC\bin.clearspring.com
C:\Documents and Settings\BRETT\Application Data\macromedia\Flash Player\#SharedObjects\4A8K8BDC\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\BRETT\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\BRETT\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\BRETT\My Documents\Temp Program File\MISC\reset2.exe

.
--------------- FCopy ---------------

C:\Windows\ServicePackFiles\i386\explorer.exe --> C:\WINDOWS\explorer.exe
C:\Windows\ServicePackFiles\i386\lsass.exe --> C:\WINDOWS\system32\lsass.exe
C:\Windows\ServicePackFiles\i386\services.exe --> C:\WINDOWS\system32\services.exe
C:\Windows\ServicePackFiles\i386\spoolsv.exe --> C:\WINDOWS\system32\spoolsv.exe
C:\Windows\ServicePackFiles\i386\svchost.exe --> C:\WINDOWS\system32\svchost.exe
C:\Windows\ServicePackFiles\i386\winlogon.exe --> C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))
.

2008-08-29 21:07 . 2008-08-29 21:07 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-29 21:07 . 2008-08-29 21:07 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-29 21:07 . 2008-08-29 21:07 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-29 21:07 . 2008-08-29 21:07 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-29 21:05 . 2008-08-29 21:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-29 20:58 . 2008-08-29 20:58 <DIR> d-------- C:\WINDOWS\EHome
2008-08-29 19:28 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-29 19:27 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-25 22:55 . 2008-08-29 21:51 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-08-25 22:55 . 2008-08-25 22:55 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-25 22:55 . 2008-08-25 22:55 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-25 22:55 . 2008-08-25 22:55 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-25 22:55 . 2008-08-25 22:55 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-24 02:41 . 2008-08-24 02:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-24 02:22 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-24 00:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-24 00:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-23 20:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-23 20:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-23 20:09 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-23 13:40 . 2008-08-21 23:41 87,552 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-22 19:18 . 2008-08-22 19:18 <DIR> d-------- C:\Documents and Settings\BRETT\Application Data\Symantec
2008-08-20 21:33 . 2008-08-24 02:22 4,182 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-20 18:58 . 2008-08-20 18:59 <DIR> d-------- C:\Program Files\Advanced Registry Doctor
2008-08-20 10:51 . 2008-08-21 01:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-20 10:51 . 2008-08-20 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 13:02 . 2008-08-19 13:02 <DIR> d-------- C:\Program Files\Gadwin Systems
2008-08-19 09:49 . 2008-08-24 01:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-19 09:48 . 2008-08-23 17:33 <DIR> d-------- C:\Program Files\Trojan Remover
2008-08-19 09:48 . 2008-08-19 09:48 <DIR> d-------- C:\Documents and Settings\BRETT\Application Data\Simply Super Software
2008-08-19 09:48 . 2008-08-19 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-19 09:48 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-19 09:48 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-19 09:48 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-19 09:48 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-19 09:38 . 2008-08-19 09:52 <DIR> d-------- C:\Program Files\EndItAll
2008-08-18 12:28 . 2008-08-18 12:28 <DIR> d-------- C:\Program Files\AVG
2008-08-18 12:28 . 2008-08-19 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-13 18:14 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 18:14 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-07-15 21:23 . 2008-07-15 21:23 <DIR> d-------- C:\Program Files\MSBuild
2008-07-15 08:07 . 2008-07-15 08:07 <DIR> d-------- C:\Program Files\Dell Support Center
2008-07-15 08:07 . 2008-07-15 08:07 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-07-15 08:07 . 2008-07-15 08:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-09 03:02 . 2008-07-09 03:02 <DIR> d-------- C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
2008-07-07 16:26 . 2008-07-07 16:26 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 02:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-26 02:55 --------- d-----w C:\Program Files\Symantec
2008-08-26 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-22 02:32 --------- d-----w C:\Program Files\America Online 9.0
2008-08-22 02:18 --------- d-----w C:\Program Files\CoreFTP
2008-08-20 22:57 --------- d-----w C:\Documents and Settings\BRETT\Application Data\U3
2008-08-19 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-17 18:33 --------- d-----w C:\Documents and Settings\BRETT\Application Data\FUJIFILM
2008-08-05 21:37 --------- d-----w C:\Documents and Settings\BRETT\Application Data\SiteAdvisor
2008-07-16 01:23 --------- d-----w C:\Program Files\Microsoft Works
2008-07-15 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2006-12-18 04:39 0 -c--a-w C:\Documents and Settings\BRETT\Application Data\wklnhst.dat
2007-02-09 23:42 88 -csh--r C:\WINDOWS\system32\7515257F65.sys
2007-02-09 23:42 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\BRETT\My Documents\Billy Downloads ----

2008-08-29 21:43 2840459 -ra------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ComboFix.exe
2008-08-29 21:40 1351 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\CFScript.txt
2008-08-25 08:56 7582 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\Kaspersky Error Log 1.html
2008-08-24 22:15 42173 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\CFScript Log.txt
2008-08-24 19:07 16156 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\ComboFix.txt
2008-08-24 02:42 11493 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\hijackthis_errorlog_2.txt
2008-08-24 02:40 812344 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\HJTInstall.exe
2008-08-24 02:36 12368 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\hijackthis_errorlog_1
2008-08-24 00:19 16768 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\Error Logs\ComboFix_1_log.txt
2008-08-23 23:21 338 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\backups\backup-20080823-232146-889
2008-08-23 23:16 251392 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\hijackthis_sfx.exe
2008-08-22 16:54 1854986 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\SmitfraudFix.cmd
2008-08-21 23:41 87552 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\AntiXPVSTFix.exe
2008-08-20 19:35 1486224 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix.exe
2008-08-19 09:46 7341360 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\trsetup.exe
2008-08-07 16:27 4080 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\beep_2K_original.sys
2008-08-06 18:57 14966160 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\spybotsd160.exe
2008-07-22 12:27 82432 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\GenericRenosFix.exe
2008-05-29 09:35 86528 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\VACFix.exe
2008-05-27 23:17 3584 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\Policies.exe
2008-03-03 00:38 77312 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\UIFix.exe
2007-10-04 00:36 25600 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\WS2Fix.exe
2007-09-24 13:57 317 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ARD\serial.txt
2007-09-24 09:20 780 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ARD\ARD.reg
2007-09-24 09:10 5070627 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\ARD\Setup.exe
2007-09-06 00:22 289144 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\VCCLSID.exe
2007-08-21 08:00 1536 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\exit.exe
2007-03-28 18:38 77824 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\HostsChk.exe
2006-12-01 07:20 79360 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\swxcacls.exe
2006-09-19 22:13 20480 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\SmiUpdate.exe
2006-09-15 00:34 167936 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\unzip.exe
2006-08-29 19:43 135168 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\swreg.exe
2006-04-27 17:49 288417 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\SrchSTS.exe
2006-03-07 23:45 16384 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\restart.exe
2006-01-09 11:36 40960 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\swsc.exe
2005-02-16 11:06 218112 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\HijackThis.exe
2005-01-13 22:41 24576 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\Reboot.exe
2004-07-31 18:50 51200 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\dumphive.exe
2003-06-05 21:13 53248 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\Process.exe
2001-08-28 14:00 4224 --a------ C:\Documents and Settings\BRETT\My Documents\Billy Downloads\SmitfraudFix\beep_XP_original.sys


((((((((((((((((((((((((((((( [email protected]_ 0.17.30.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 05:06:34 82,944 -c----w C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll
- 2008-02-16 09:32:06 3,066,880 -c----w C:\WINDOWS\$NtUninstallKB950759$\mshtml.dll
- 2008-02-16 09:32:09 666,112 -c----w C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
+ 2008-02-16 09:32:03 1,024,000 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\browseui.dll
+ 2008-02-16 09:32:03 151,040 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\cdfview.dll
+ 2008-02-16 09:32:03 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\danim.dll
+ 2008-02-16 09:32:04 357,888 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\extmgr.dll
+ 2008-02-15 09:07:53 18,432 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\iedw.exe
+ 2008-02-16 09:32:04 251,904 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\iepeers.dll
+ 2008-02-16 09:32:04 96,256 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\inseng.dll
+ 2008-02-16 09:32:04 16,384 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\jsproxy.dll
+ 2008-02-16 09:32:06 3,066,880 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\mshtml.dll
+ 2008-02-16 09:32:06 449,024 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\mshtmled.dll
+ 2008-02-16 09:32:06 146,432 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\msrating.dll
+ 2008-02-16 09:32:07 532,480 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\mstime.dll
+ 2008-02-16 09:32:07 39,424 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\pngfilt.dll
+ 2008-02-16 09:32:08 1,499,136 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\shdocvw.dll
+ 2008-02-16 09:32:08 474,112 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\shlwapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\spuninst\updspapi.dll
+ 2008-02-16 09:32:08 618,496 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\urlmon.dll
+ 2008-02-16 09:32:09 666,112 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\wininet.dll
+ 2008-02-15 09:06:21 351,744 -c----w C:\WINDOWS\$NtUninstallKB950759_0$\xpsp3res.dll
- 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys
+ 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\rmcast.sys
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\spuninst\updspapi.dll
- 2005-07-26 04:39:45 243,200 -c----w C:\WINDOWS\$NtUninstallKB950974$\es.dll
- 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll
- 2008-04-14 11:01:02 272,128 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys
+ 2008-04-14 11:01:02 272,128 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376_0$\spuninst\updspapi.dll
- 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\quartz.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\spuninst\updspapi.dll
- 2004-08-04 09:00:00 138,496 -c----w C:\WINDOWS\$NtUninstallKB951748$\afd.sys
- 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll
- 2004-08-04 09:00:00 245,248 -c----w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
- 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys
- 2004-08-04 09:00:00 331,776 -c----w C:\WINDOWS\$NtUninstallKB952287$\msadce.dll
- 2005-06-29 01:46:00 74,240 -c----w C:\WINDOWS\$NtUninstallKB952954$\mscms.dll
- 2008-04-21 06:56:57 3,066,880 -c----w C:\WINDOWS\$NtUninstallKB953838$\mshtml.dll
- 2008-04-21 06:56:58 1,499,136 -c----w C:\WINDOWS\$NtUninstallKB953838$\shdocvw.dll
- 2008-04-21 06:56:58 618,496 -c----w C:\WINDOWS\$NtUninstallKB953838$\urlmon.dll
- 2008-04-21 06:56:59 666,624 -c----w C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
+ 2008-04-14 00:11:48 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
- 2004-08-04 09:00:00 1,852,416 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
+ 2008-04-14 00:11:48 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2004-08-04 09:00:00 450,048 -c--a-w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2008-04-14 00:11:48 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2004-08-04 09:00:00 137,728 -c--a-w C:\WINDOWS\AppPatch\AcLua.dll
+ 2008-04-14 00:11:48 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2004-08-04 09:00:00 244,736 -c--a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2008-04-14 00:11:48 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2004-08-04 09:00:00 116,224 -c--a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2008-04-14 00:11:48 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
- 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 11:05:51 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2004-08-04 09:00:00 34,816 -c--a-w C:\WINDOWS\Help\sniffpol.dll
+ 2008-04-14 00:12:06 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
- 2004-08-04 09:00:00 33,280 -c--a-w C:\WINDOWS\Help\sstub.dll
+ 2008-04-14 00:12:07 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
- 2004-08-04 09:00:00 279,040 -c--a-w C:\WINDOWS\Help\tshoot.dll
+ 2008-04-14 00:12:07 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
- 2005-05-26 23:22:01 10,752 -c--a-w C:\WINDOWS\hh.exe
+ 2008-04-14 00:12:21 10,752 ----a-w C:\WINDOWS\hh.exe
- 2004-08-04 09:00:00 220,160 -c--a-w C:\WINDOWS\ime\mscandui.dll
+ 2008-04-14 00:11:58 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
- 2004-08-04 09:00:00 130,048 -c--a-w C:\WINDOWS\ime\SOFTKBD.DLL
+ 2008-04-14 00:12:06 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll
- 2004-08-04 09:00:00 62,976 ----a-w C:\WINDOWS\ime\SPGRMR.dll
+ 2008-04-13 16:43:18 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll
- 2004-08-04 09:00:00 250,880 ----a-w C:\WINDOWS\ime\SPTIP.dll
+ 2008-04-14 00:12:06 250,368 ----a-w C:\WINDOWS\ime\sptip.dll
- 2008-08-19 18:27:09 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
+ 2008-08-26 02:56:26 25,214 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\ARPPRODUCTICON.exe
- 2008-08-19 18:27:09 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-08-26 02:56:26 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-08-19 18:27:09 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-08-26 02:56:26 40,960 ----a-r C:\WINDOWS\Installer\{50E125D1-88E5-48CE-80AE-98EC9698E639}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-01-18 15:13:09 2,247 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 10:33:51 18,917 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 10:06:46 13,801 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 00:11:31 25,600 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscupdc.dll
- 2004-08-04 09:00:00 24,064 -c--a-w C:\WINDOWS\msagent\agentanm.dll
+ 2008-04-14 00:11:48 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
- 2004-08-04 09:00:00 214,016 -c--a-w C:\WINDOWS\msagent\agentctl.dll
+ 2008-04-14 00:11:48 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
- 2006-10-12 13:54:18 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2008-04-14 00:11:48 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2007-03-09 13:58:57 57,344 -c--a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2008-04-14 00:11:48 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-04 09:00:00 49,152 -c--a-w C:\WINDOWS\msagent\agentmpx.dll
+ 2008-04-14 00:11:48 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
- 2004-08-04 09:00:00 24,064 -c--a-w C:\WINDOWS\msagent\agentpsh.dll
+ 2008-04-14 00:11:48 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
- 2004-08-04 09:00:00 44,032 -c--a-w C:\WINDOWS\msagent\agentsr.dll
+ 2008-04-14 00:11:48 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
- 2006-10-12 11:54:07 256,512 -c--a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2008-04-14 00:12:12 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2004-08-04 09:00:00 24,064 -c--a-w C:\WINDOWS\msagent\agtintl.dll
+ 2008-04-14 00:11:49 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0406.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll
- 2004-08-04 09:00:00 21,504 -c--a-w C:\WINDOWS\msagent\intl\agt0407.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll
- 2004-08-04 09:00:00 22,016 -c--a-w C:\WINDOWS\msagent\intl\agt0408.dll
+ 2007-04-02 18:26:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0409.dll
+ 2008-04-13 17:32:28 19,968 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt040b.dll
+ 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll
- 2004-08-04 09:00:00 21,504 -c--a-w C:\WINDOWS\msagent\intl\agt040c.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll
- 2004-08-04 09:00:00 19,968 -c--a-w C:\WINDOWS\msagent\intl\agt040e.dll
+ 2007-04-02 18:26:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll
- 2004-08-04 09:00:00 20,992 -c--a-w C:\WINDOWS\msagent\intl\agt0410.dll
+ 2007-04-02 18:26:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll
- 2004-08-04 09:00:00 20,992 -c--a-w C:\WINDOWS\msagent\intl\agt0413.dll
+ 2007-04-02 18:26:01 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0415.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll
- 2004-08-04 09:00:00 20,480 -c--a-w C:\WINDOWS\msagent\intl\agt0416.dll
+ 2007-04-02 18:26:01 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\msagent\intl\agt041f.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll
- 2004-08-04 09:00:00 20,992 -c--a-w C:\WINDOWS\msagent\intl\agt0816.dll
+ 2007-04-02 18:26:02 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll
- 2004-08-04 09:00:00 20,480 -c--a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
+ 2007-04-02 18:26:02 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
- 2004-08-04 09:00:00 39,936 -c--a-w C:\WINDOWS\msagent\mslwvtts.dll
+ 2008-04-14 00:12:00 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
+ 2008-04-14 00:11:51 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2008-04-13 18:53:32 558,080 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-04 09:00:00 69,120 -c--a-w C:\WINDOWS\NOTEPAD.EXE
+ 2008-04-14 00:12:29 69,120 ----a-w C:\WINDOWS\notepad.exe
- 2004-08-04 09:00:00 768,512 -c--a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-04-14 00:12:21 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-04 09:00:00 743,936 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 00:12:21 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-04 09:00:00 18,944 -c--a-w C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe
+ 2008-04-14 00:12:21 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe
- 2005-09-27 00:34:26 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
+ 2008-04-14 00:12:27 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
- 2004-08-04 09:00:00 376,320 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
+ 2008-04-14 00:11:59 376,832 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
- 2004-08-04 09:00:00 102,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
+ 2008-04-14 00:12:02 102,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
- 2004-08-04 09:00:00 38,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 00:12:02 38,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
- 2006-09-18 17:33:03 77,859 -c--a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
+ 2008-08-30 01:11:13 77,859 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
- 2006-09-18 17:33:03 3,538 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-08-30 01:11:13 3,908 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
- 2004-08-04 09:00:00 150,528 -c--a-w C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 00:12:38 150,528 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe
- 2004-08-04 09:00:00 151,552 -c--a-w C:\WINDOWS\PeerNet\sqldb20.dll
+ 2008-04-14 00:12:06 151,552 ----a-w C:\WINDOWS\PeerNet\sqldb20.dll
- 2004-08-04 09:00:00 462,848 -c--a-w C:\WINDOWS\PeerNet\sqlqp20.dll
+ 2008-04-14 00:12:06 462,848 ----a-w C:\WINDOWS\PeerNet\sqlqp20.dll
- 2004-08-04 09:00:00 110,592 -c--a-w C:\WINDOWS\PeerNet\sqlse20.dll
+ 2008-04-14 00:12:06 110,592 ----a-w C:\WINDOWS\PeerNet\sqlse20.dll
- 2004-08-04 09:00:00 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-14 00:12:32 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-13 18:46:18 53,376 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 18:40:50 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 18:46:20 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2008-04-14 00:11:48 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 00:11:48 136,192 ------w C:\WINDOWS\ServicePackFiles\i386\aaclient.dll
+ 2004-08-04 02:32:22 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-04 02:32:32 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 00:11:48 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 00:12:11 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 00:11:48 1,852,928 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 00:11:48 451,072 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 00:11:48 141,312 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 00:11:48 115,712 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll
+ 2008-04-13 18:36:35 187,776 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 00:11:48 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 00:11:48 193,536 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 00:12:12 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 00:11:48 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 00:11:48 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 00:11:48 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2008-04-14 00:12:12 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2004-08-04 02:32:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 00:11:48 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 00:11:48 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 00:11:48 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 00:11:48 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 00:11:48 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 00:11:48 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 00:11:48 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 00:11:48 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 00:11:48 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 00:11:48 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 00:11:48 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 00:11:48 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 00:11:48 617,472 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 00:11:48 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 16:39:23 142,592 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2008-04-13 19:19:23 138,112 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2008-04-14 00:11:48 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 00:11:48 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 00:11:48 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 00:11:48 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 00:11:48 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 00:11:48 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 00:11:48 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 00:12:12 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 18:36:38 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 18:36:39 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 18:26:00 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0410.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0412.dll
+ 2007-04-02 18:26:01 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041f.dll
+ 2007-04-02 18:26:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0804.dll
+ 2007-04-02 18:26:02 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 00:11:49 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 00:12:12 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 00:12:12 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2008-04-13 18:36:38 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 00:11:49 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-13 18:36:39 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys
+ 2008-04-13 18:31:32 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2008-04-13 18:31:33 37,760 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 00:11:49 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll
+ 2004-08-04 02:31:20 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2008-04-14 00:11:49 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 00:11:49 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll
+ 2008-04-13 18:51:25 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2008-04-14 00:11:49 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-13 18:57:27 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 00:12:12 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2008-04-13 18:40:30 96,512 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2004-08-04 02:29:30 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-04 02:29:30 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-04 02:29:30 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-04 02:29:32 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-04 02:29:32 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-04 02:29:32 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-04 02:29:32 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-04 02:29:32 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-04 02:29:32 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-04 02:29:32 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 00:11:49 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 00:11:49 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 00:11:49 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-04 02:29:28 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-04 02:29:28 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 00:11:49 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 00:11:49 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 00:11:50 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-04 02:29:28 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-04 02:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-04 02:29:30 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-04 02:29:30 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-04 02:29:32 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-04 02:29:32 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-04 02:29:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-04 02:29:32 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-04 02:29:32 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-04 02:29:32 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 00:11:50 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 00:11:50 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 00:11:50 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2008-04-14 00:12:12 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
+ 2008-04-13 18:51:25 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 00:09:01 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll
+ 2008-04-13 18:51:30 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 00:11:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 00:12:12 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 00:11:50 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 00:11:50 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 00:11:50 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 00:11:50 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 00:11:50 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 00:11:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 00:12:12 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 00:11:50 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2008-04-14 00:12:12 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2008-04-14 00:11:50 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll
+ 2008-04-14 00:12:12 588,800 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 00:12:12 602,624 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 00:12:13 580,608 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 00:12:13 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2008-04-13 18:46:20 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2008-04-13 18:46:07 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 00:11:50 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 00:11:50 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 00:11:50 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 00:11:50 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 00:11:50 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2008-04-13 18:36:32 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\battc.sys
+ 2008-04-13 18:46:21 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 00:11:50 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 00:11:50 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 00:11:50 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 00:11:50 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx4.dll
+ 2008-04-14 00:12:13 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
+ 2008-04-13 18:53:23 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2008-04-13 17:03:24 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 00:11:50 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2008-04-14 00:11:50 1,025,024 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 00:11:50 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 00:11:50 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll
+ 2008-04-13 18:46:33 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys
+ 2008-04-13 18:46:32 273,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 00:11:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll
+ 2008-04-13 18:46:29 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 00:11:50 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 00:11:50 218,112 ------w C:\WINDOWS\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 00:11:50 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 00:11:50 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 00:12:13 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 00:11:50 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2008-04-14 00:11:50 121,856 ------w C:\WINDOWS\ServicePackFiles\i386\camext30.dll
+ 2008-04-14 00:11:50 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll
+ 2008-04-14 00:11:50 150,016 ------w C:\WINDOWS\ServicePackFiles\i386\capesnpn.dll
+ 2008-04-14 00:11:50 226,304 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll
+ 2008-04-14 00:11:50 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll
+ 2008-04-14 00:11:50 625,664 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2008-04-13 18:46:23 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
+ 2008-04-13 19:14:21 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
+ 2008-04-14 00:11:50 151,040 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll
+ 2008-04-14 00:11:50 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
+ 2008-04-14 00:11:50 2,091,520 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll
+ 2008-04-13 18:40:46 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
+ 2008-04-14 00:11:50 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
+ 2008-04-14 00:11:50 457,728 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll
+ 2008-04-14 00:11:50 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
+ 2008-04-14 00:09:05 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll
+ 2008-04-14 00:12:14 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
+ 2008-04-14 00:11:50 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll
+ 2008-04-13 18:40:58 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys
+ 2008-04-14 00:11:50 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\cic.dll
+ 2008-04-14 00:11:50 1,358,848 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
+ 2008-04-14 00:11:50 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
+ 2008-04-14 00:12:14 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
+ 2008-04-13 19:16:22 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
+ 2008-04-14 00:11:50 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll
+ 2008-04-14 00:11:50 498,688 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll
+ 2008-04-14 00:12:14 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 00:11:50 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll
+ 2008-04-14 00:12:14 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
+ 2008-04-14 00:12:14 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 00:12:14 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
+ 2008-04-14 00:11:50 58,368 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll
+ 2008-04-13 18:36:37 13,952 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys
+ 2008-04-14 00:11:50 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll
+ 2008-04-14 00:12:14 389,120 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 00:11:50 344,064 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 00:12:14 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
+ 2008-04-14 00:12:15 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 00:11:50 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll
+ 2008-04-14 00:11:50 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll
+ 2008-04-14 00:12:15 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
+ 2008-04-14 00:11:50 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll
+ 2008-04-14 00:11:50 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll
+ 2008-04-14 00:11:50 79,360 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll
+ 2008-04-13 16:44:16 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\cobramsg.dll
+ 2008-04-14 00:11:51 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\colbact.dll
+ 2008-04-14 00:11:51 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\comaddin.dll
+ 2008-04-14 00:11:51 195,072 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll
+ 2008-04-14 00:11:51 617,472 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
+ 2008-04-14 00:11:51 276,992 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
+ 2008-04-14 00:11:51 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll
+ 2008-04-13 18:36:37 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\compbatt.sys
+ 2008-04-14 00:11:51 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\compstui.dll
+ 2008-04-14 00:11:51 97,792 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.dll
+ 2008-04-14 00:12:15 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe
+ 2008-04-14 00:12:15 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\comrereg.exe
+ 2008-04-14 00:11:51 792,064 ------w C:\WINDOWS\ServicePackFiles\i386\comres.dll
+ 2008-04-14 00:11:51 274,944 ------w C:\WINDOWS\ServicePackFiles\i386\comsetup.dll
+ 2008-04-14 00:11:51 167,424 ------w C:\WINDOWS\ServicePackFiles\i386\comsnap.dll
+ 2008-04-14 00:11:51 1,267,200 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll
+ 2008-04-14 00:11:51 539,648 ------w C:\WINDOWS\ServicePackFiles\i386\comuid.dll
+ 2008-04-14 00:12:15 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
+ 2008-04-14 00:11:51 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\confmrsl.dll
+ 2008-04-14 00:11:51 357,888 ------w C:\WINDOWS\ServicePackFiles\i386\confmsp.dll
+ 2008-04-14 00:12:15 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
+ 2008-04-14 00:11:51 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\corpol.dll
+ 2008-04-14 00:11:51 12,800 ------w C:\WINDOWS\ServicePackFiles\i386\credssp.dll
+ 2008-04-14 00:11:51 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2008-04-13 18:31:32 36,736 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys
+ 2008-04-14 00:11:51 599,040 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll
+ 2008-04-14 00:11:51 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll
+ 2008-04-14 00:11:51 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdll.dll
+ 2008-04-14 00:11:51 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\cryptext.dll
+ 2008-04-14 00:11:51 64,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptnet.dll
+ 2008-04-14 00:11:51 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
+ 2008-04-14 00:11:51 512,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll
+ 2008-04-14 00:11:51 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\cscdll.dll
+ 2008-04-14 00:12:15 139,264 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe
+ 2008-04-14 00:11:51 326,656 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll
+ 2008-04-14 00:11:51 32,256 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll
+ 2008-04-14 00:12:15 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\csrss.exe
+ 2008-04-14 00:12:16 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-14 00:11:51 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\ctmasetp.dll
+ 2008-04-14 00:11:51 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\custsat.dll
+ 2004-08-04 02:32:26 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\cwrwdm.sys
+ 2008-04-14 00:11:51 1,179,648 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll
+ 2008-04-14 00:11:51 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll
+ 2008-04-14 00:11:51 1,689,088 ------w C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
+ 2008-04-14 00:11:51 824,320 ------w C:\WINDOWS\ServicePackFiles\i386\d3dim700.dll
+ 2008-04-14 00:11:51 1,054,208 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll
+ 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\ServicePackFiles\i386\dao360.dll
+ 2008-04-14 00:11:51 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\dataclen.dll
+ 2008-04-14 00:11:51 165,376 ------w C:\WINDOWS\ServicePackFiles\i386\datime.dll
+ 2008-04-14 00:11:51 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\davclnt.dll
+ 2008-04-14 00:11:51 640,000 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll
+ 2008-04-14 00:11:51 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll
+ 2008-04-14 00:11:51 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll
+ 2008-04-14 00:11:51 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll
+ 2008-04-14 00:25:26 1,804 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 00:11:51 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll
+ 2008-04-14 00:11:51 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\dciman32.dll
+ 2008-04-14 00:12:16 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\dcomcnfg.exe
+ 2008-04-14 00:12:16 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe
+ 2008-04-14 00:11:51 279,552 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
+ 2008-04-14 00:11:51 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ddrawex.dll
+ 2008-04-14 00:12:16 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
+ 2008-04-14 00:11:51 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\devenum.dll
+ 2008-04-14 00:11:51 282,624 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll
+ 2008-04-14 00:12:16 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
+ 2008-04-14 00:12:16 105,472 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
+ 2008-04-14 00:11:51 39,424 ------w C:\WINDOWS\Serv
  • 0

#15
jbd1270

jbd1270

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
- 2004-08-04 09:00:00 82,432 -c--a-w C:\WINDOWS\system32\dfrgfat.exe
+ 2008-04-14 00:12:16 82,944 ----a-w C:\WINDOWS\system32\dfrgfat.exe
- 2004-08-04 09:00:00 104,960 ----a-w C:\WINDOWS\system32\dfrgntfs.exe
+ 2008-04-14 00:12:16 105,472 ----a-w C:\WINDOWS\system32\dfrgntfs.exe
- 2004-08-04 09:00:00 38,912 -c--a-w C:\WINDOWS\system32\dfrgsnap.dll
+ 2008-04-14 00:11:51 39,424 ----a-w C:\WINDOWS\system32\dfrgsnap.dll
- 2004-08-04 09:00:00 123,904 -c--a-w C:\WINDOWS\system32\dfrgui.dll
+ 2008-04-14 00:11:51 124,416 ----a-w C:\WINDOWS\system32\dfrgui.dll
- 2004-08-04 09:00:00 28,672 ----a-w C:\WINDOWS\system32\dfsshlex.dll
+ 2008-04-14 00:11:51 28,672 ----a-w C:\WINDOWS\system32\dfsshlex.dll
- 2004-08-04 09:00:00 111,104 -c--a-w C:\WINDOWS\system32\dgnet.dll
+ 2008-04-14 00:11:51 111,104 ----a-w C:\WINDOWS\system32\dgnet.dll
- 2006-05-19 12:59:41 111,616 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2008-04-14 00:11:51 126,976 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
- 2004-08-04 09:00:00 370,176 -c--a-w C:\WINDOWS\system32\dhcpmon.dll
+ 2008-04-14 00:11:52 379,904 ----a-w C:\WINDOWS\system32\dhcpmon.dll
+ 2008-04-14 00:11:52 48,640 ------w C:\WINDOWS\system32\dhcpqec.dll
- 2004-08-04 09:00:00 85,504 -c--a-w C:\WINDOWS\system32\diantz.exe
+ 2008-04-14 00:12:17 87,040 ----a-w C:\WINDOWS\system32\diantz.exe
- 2004-08-04 09:00:00 68,608 -c--a-w C:\WINDOWS\system32\digest.dll
+ 2008-04-14 00:11:52 68,608 ----a-w C:\WINDOWS\system32\digest.dll
+ 2008-04-14 00:11:52 19,456 ------w C:\WINDOWS\system32\dimsntfy.dll
+ 2008-04-14 00:11:52 39,936 ------w C:\WINDOWS\system32\dimsroam.dll
- 2004-08-04 09:00:00 159,232 -c--a-w C:\WINDOWS\system32\dinput.dll
+ 2008-04-14 00:11:52 158,720 ----a-w C:\WINDOWS\system32\dinput.dll
- 2004-08-04 09:00:00 181,760 -c--a-w C:\WINDOWS\system32\dinput8.dll
+ 2008-04-14 00:11:52 181,760 ----a-w C:\WINDOWS\system32\dinput8.dll
- 2004-08-04 09:00:00 1,501,696 ----a-w C:\WINDOWS\system32\diskcopy.dll
+ 2008-04-14 00:11:52 1,504,256 ----a-w C:\WINDOWS\system32\diskcopy.dll
- 2004-08-04 09:00:00 163,840 -c--a-w C:\WINDOWS\system32\diskpart.exe
+ 2008-04-14 00:12:17 163,840 ----a-w C:\WINDOWS\system32\diskpart.exe
- 2004-08-04 09:00:00 45,083 ----a-w C:\WINDOWS\system32\dispex.dll
+ 2008-04-14 00:11:52 32,768 ----a-w C:\WINDOWS\system32\dispex.dll
- 2008-06-20 10:44:38 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 11:40:08 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-06-13 11:05:51 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
- 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:46:57 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2006-08-22 09:05:26 498,742 -c----w C:\WINDOWS\system32\dllcache\dxmasf.dll
+ 2008-04-14 00:11:52 498,742 ------w C:\WINDOWS\system32\dllcache\dxmasf.dll
+ 2008-04-14 00:12:19 1,033,728 ----a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2008-04-14 00:12:24 13,312 ----a-w C:\WINDOWS\system32\dllcache\lsass.exe
- 2004-08-04 09:00:00 4,639 -c--a-w C:\WINDOWS\system32\dllcache\mplayer2.exe
+ 2008-04-14 00:12:27 4,639 ----a-w C:\WINDOWS\system32\dllcache\mplayer2.exe
- 2008-06-24 16:23:05 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2008-06-24 16:43:16 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
- 2008-06-23 16:11:58 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-23 15:09:27 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-20 17:41:10 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:46:57 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-04-14 00:12:01 1,306,624 ------w C:\WINDOWS\system32\dllcache\msxml6.dll
+ 2008-04-13 17:27:18 79,872 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
- 2004-08-04 09:00:00 226,816 -c--a-w C:\WINDOWS\system32\dllcache\npdrmv2.dll
+ 2008-04-14 00:12:56 226,816 ----a-w C:\WINDOWS\system32\dllcache\npdrmv2.dll
- 2005-11-29 20:27:06 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
+ 2008-04-14 00:12:02 364,544 ----a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
- 2008-05-07 05:18:48 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
- 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-04-14 00:12:34 108,544 ----a-w C:\WINDOWS\system32\dllcache\services.exe
- 2008-06-23 16:12:05 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-06-26 08:15:29 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-14 00:12:36 57,856 ----a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
- 2006-08-21 14:52:08 246,814 -c----w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2008-04-14 00:12:07 246,814 ------w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2008-04-14 00:12:36 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
- 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 11:51:12 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 11:08:27 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-06-23 16:12:06 618,496 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-26 08:15:30 619,520 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 16:12:08 667,136 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 15:09:27 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-14 00:12:39 507,904 ----a-w C:\WINDOWS\system32\dllcache\winlogon.exe
- 2004-08-04 09:00:00 5,120 ----a-w C:\WINDOWS\system32\dllhost.exe
+ 2008-04-14 00:12:17 5,120 ----a-w C:\WINDOWS\system32\dllhost.exe
- 2004-08-04 09:00:00 224,768 ----a-w C:\WINDOWS\system32\dmadmin.exe
+ 2008-04-14 00:12:17 224,768 ----a-w C:\WINDOWS\system32\dmadmin.exe
- 2004-08-04 09:00:00 28,672 -c--a-w C:\WINDOWS\system32\dmband.dll
+ 2008-04-14 00:11:52 28,672 ----a-w C:\WINDOWS\system32\dmband.dll
- 2004-08-04 09:00:00 61,440 -c--a-w C:\WINDOWS\system32\dmcompos.dll
+ 2008-04-14 00:11:52 61,440 ----a-w C:\WINDOWS\system32\dmcompos.dll
- 2004-08-04 09:00:00 273,920 -c--a-w C:\WINDOWS\system32\dmdlgs.dll
+ 2008-04-14 00:11:52 285,184 ----a-w C:\WINDOWS\system32\dmdlgs.dll
- 2004-08-04 09:00:00 200,704 -c--a-w C:\WINDOWS\system32\dmdskmgr.dll
+ 2008-04-14 00:11:52 200,704 ----a-w C:\WINDOWS\system32\dmdskmgr.dll
- 2004-08-04 09:00:00 181,248 -c--a-w C:\WINDOWS\system32\dmime.dll
+ 2008-04-14 00:11:52 181,248 ----a-w C:\WINDOWS\system32\dmime.dll
- 2004-08-04 09:00:00 35,840 -c--a-w C:\WINDOWS\system32\dmloader.dll
+ 2008-04-14 00:11:52 35,840 ----a-w C:\WINDOWS\system32\dmloader.dll
- 2004-08-04 09:00:00 15,872 -c--a-w C:\WINDOWS\system32\dmremote.exe
+ 2008-04-14 00:12:17 15,872 ----a-w C:\WINDOWS\system32\dmremote.exe
- 2004-08-04 09:00:00 82,432 -c--a-w C:\WINDOWS\system32\dmscript.dll
+ 2008-04-14 00:11:52 82,432 ----a-w C:\WINDOWS\system32\dmscript.dll
- 2004-08-04 09:00:00 23,552 ----a-w C:\WINDOWS\system32\dmserver.dll
+ 2008-04-14 00:11:52 23,552 ----a-w C:\WINDOWS\system32\dmserver.dll
- 2004-08-04 09:00:00 105,984 -c--a-w C:\WINDOWS\system32\dmstyle.dll
+ 2008-04-14 00:11:52 105,984 ----a-w C:\WINDOWS\system32\dmstyle.dll
- 2004-08-04 09:00:00 103,424 -c--a-w C:\WINDOWS\system32\dmsynth.dll
+ 2008-04-14 00:11:52 103,424 ----a-w C:\WINDOWS\system32\dmsynth.dll
- 2004-08-04 09:00:00 104,448 -c--a-w C:\WINDOWS\system32\dmusic.dll
+ 2008-04-14 00:11:52 104,448 ----a-w C:\WINDOWS\system32\dmusic.dll
- 2004-08-04 09:00:00 52,224 -c--a-w C:\WINDOWS\system32\dmutil.dll
+ 2008-04-14 00:11:52 52,224 ----a-w C:\WINDOWS\system32\dmutil.dll
- 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-04-14 00:11:52 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2004-08-04 09:00:00 48,128 ----a-w C:\WINDOWS\system32\docprop2.dll
+ 2008-04-14 00:11:52 48,128 ----a-w C:\WINDOWS\system32\docprop2.dll
+ 2008-04-14 00:11:52 26,112 ------w C:\WINDOWS\system32\dot3api.dll
+ 2008-04-14 00:11:52 57,856 ------w C:\WINDOWS\system32\dot3cfg.dll
+ 2008-04-14 00:11:52 9,216 ------w C:\WINDOWS\system32\dot3dlg.dll
+ 2008-04-14 00:11:52 39,936 ------w C:\WINDOWS\system32\dot3gpclnt.dll
+ 2008-04-14 00:11:52 56,320 ------w C:\WINDOWS\system32\dot3msm.dll
+ 2008-04-14 00:11:52 132,096 ------w C:\WINDOWS\system32\dot3svc.dll
+ 2008-04-14 00:11:52 650,752 ------w C:\WINDOWS\system32\dot3ui.dll
- 2004-08-04 09:00:00 97,280 ----a-w C:\WINDOWS\system32\dpcdll.dll
+ 2008-04-13 21:00:49 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
- 2004-08-04 09:00:00 30,208 -c--a-w C:\WINDOWS\system32\dplaysvr.exe
+ 2008-04-14 00:12:17 29,696 ----a-w C:\WINDOWS\system32\dplaysvr.exe
- 2004-08-04 09:00:00 229,888 ----a-w C:\WINDOWS\system32\dplayx.dll
+ 2008-04-14 00:11:52 229,888 ----a-w C:\WINDOWS\system32\dplayx.dll
- 2004-08-04 09:00:00 23,552 -c--a-w C:\WINDOWS\system32\dpmodemx.dll
+ 2008-04-14 00:11:52 23,552 ----a-w C:\WINDOWS\system32\dpmodemx.dll
- 2004-08-04 09:00:00 3,584 -c--a-w C:\WINDOWS\system32\dpnaddr.dll
+ 2008-04-14 00:09:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
- 2004-08-04 09:00:00 375,296 ----a-w C:\WINDOWS\system32\dpnet.dll
+ 2008-04-14 00:11:52 375,296 ----a-w C:\WINDOWS\system32\dpnet.dll
- 2004-08-04 09:00:00 35,328 -c--a-w C:\WINDOWS\system32\dpnhpast.dll
+ 2008-04-14 00:11:52 35,328 ----a-w C:\WINDOWS\system32\dpnhpast.dll
- 2004-08-04 09:00:00 60,928 -c--a-w C:\WINDOWS\system32\dpnhupnp.dll
+ 2008-04-14 00:11:52 60,928 ----a-w C:\WINDOWS\system32\dpnhupnp.dll
- 2004-08-04 09:00:00 3,584 -c--a-w C:\WINDOWS\system32\dpnlobby.dll
+ 2008-04-14 00:09:20 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
- 2004-08-04 09:00:00 18,432 -c--a-w C:\WINDOWS\system32\dpnsvr.exe
+ 2008-04-14 00:12:17 17,920 ----a-w C:\WINDOWS\system32\dpnsvr.exe
- 2004-08-04 09:00:00 21,504 -c--a-w C:\WINDOWS\system32\dpvacm.dll
+ 2008-04-14 00:11:52 21,504 ----a-w C:\WINDOWS\system32\dpvacm.dll
- 2004-08-04 09:00:00 212,480 -c--a-w C:\WINDOWS\system32\dpvoice.dll
+ 2008-04-14 00:11:52 212,480 ----a-w C:\WINDOWS\system32\dpvoice.dll
- 2004-08-04 09:00:00 83,456 -c--a-w C:\WINDOWS\system32\dpvsetup.exe
+ 2008-04-14 00:12:18 83,456 ----a-w C:\WINDOWS\system32\dpvsetup.exe
- 2004-08-04 09:00:00 116,736 -c--a-w C:\WINDOWS\system32\dpvvox.dll
+ 2008-04-14 00:11:52 116,736 ----a-w C:\WINDOWS\system32\dpvvox.dll
- 2004-08-04 09:00:00 57,344 -c--a-w C:\WINDOWS\system32\dpwsockx.dll
+ 2008-04-14 00:11:52 57,344 ----a-w C:\WINDOWS\system32\dpwsockx.dll
- 2004-08-04 09:00:00 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
+ 2008-04-13 18:36:35 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
+ 2008-04-14 00:11:48 4,255 ------w C:\WINDOWS\system32\drivers\adv01nt5.dll
+ 2008-04-14 00:11:48 3,967 ------w C:\WINDOWS\system32\drivers\adv02nt5.dll
+ 2008-04-14 00:11:48 3,615 ------w C:\WINDOWS\system32\drivers\adv05nt5.dll
+ 2008-04-14 00:11:48 3,647 ------w C:\WINDOWS\system32\drivers\adv07nt5.dll
+ 2008-04-14 00:11:48 3,135 ------w C:\WINDOWS\system32\drivers\adv08nt5.dll
+ 2008-04-14 00:11:48 3,711 ------w C:\WINDOWS\system32\drivers\adv09nt5.dll
+ 2008-04-14 00:11:48 3,775 ------w C:\WINDOWS\system32\drivers\adv11nt5.dll
- 2006-02-15 00:22:26 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2008-04-13 16:39:23 142,592 ----a-w C:\WINDOWS\system32\drivers\aec.sys
- 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2004-08-04 03:07:42 42,368 ----a-w C:\WINDOWS\system32\drivers\AGP440.SYS
+ 2008-04-13 18:36:38 42,368 ----a-w C:\WINDOWS\system32\drivers\agp440.sys
- 2004-08-04 03:07:44 44,928 ----a-w C:\WINDOWS\system32\drivers\AGPCPQ.SYS
+ 2008-04-13 18:36:39 44,928 ----a-w C:\WINDOWS\system32\drivers\agpcpq.sys
- 2004-08-04 03:07:42 42,752 ----a-w C:\WINDOWS\system32\drivers\ALIM1541.SYS
+ 2008-04-13 18:36:38 42,752 ----a-w C:\WINDOWS\system32\drivers\alim1541.sys
- 2004-08-04 03:07:44 43,008 ----a-w C:\WINDOWS\system32\drivers\AMDAGP.SYS
+ 2008-04-13 18:36:39 43,008 ----a-w C:\WINDOWS\system32\drivers\amdagp.sys
- 2004-08-04 09:00:00 36,992 -c--a-w C:\WINDOWS\system32\drivers\amdk6.sys
+ 2008-04-13 18:31:32 37,376 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
- 2004-08-04 09:00:00 37,376 -c--a-w C:\WINDOWS\system32\drivers\amdk7.sys
+ 2008-04-13 18:31:33 37,760 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
- 2004-08-04 09:00:00 60,800 -c--a-w C:\WINDOWS\system32\drivers\arp1394.sys
+ 2008-04-13 18:51:25 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
- 2004-08-04 09:00:00 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
+ 2008-04-13 18:57:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
- 2004-08-04 02:59:44 95,360 ----a-w C:\WINDOWS\system32\drivers\atapi.sys
+ 2008-04-13 18:40:30 96,512 ----a-w C:\WINDOWS\system32\drivers\atapi.sys
+ 2004-08-04 02:29:30 56,623 ------w C:\WINDOWS\system32\drivers\ati1btxx.sys
+ 2004-08-04 02:29:30 11,615 ------w C:\WINDOWS\system32\drivers\ati1mdxx.sys
+ 2004-08-04 02:29:30 12,047 ------w C:\WINDOWS\system32\drivers\ati1pdxx.sys
+ 2004-08-04 02:29:32 30,671 ------w C:\WINDOWS\system32\drivers\ati1raxx.sys
+ 2004-08-04 02:29:32 63,663 ------w C:\WINDOWS\system32\drivers\ati1rvxx.sys
+ 2004-08-04 02:29:32 26,367 ------w C:\WINDOWS\system32\drivers\ati1snxx.sys
+ 2004-08-04 02:29:32 21,343 ------w C:\WINDOWS\system32\drivers\ati1ttxx.sys
+ 2004-08-04 02:29:32 36,463 ------w C:\WINDOWS\system32\drivers\ati1tuxx.sys
+ 2004-08-04 02:29:32 29,455 ------w C:\WINDOWS\system32\drivers\ati1xbxx.sys
+ 2004-08-04 02:29:32 34,735 ------w C:\WINDOWS\system32\drivers\ati1xsxx.sys
+ 2004-08-04 02:29:28 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
+ 2004-08-04 02:29:28 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
+ 2004-08-04 02:29:28 57,856 ------w C:\WINDOWS\system32\drivers\atinbtxx.sys
+ 2004-08-04 02:29:30 13,824 ------w C:\WINDOWS\system32\drivers\atinmdxx.sys
+ 2004-08-04 02:29:30 14,336 ------w C:\WINDOWS\system32\drivers\atinpdxx.sys
+ 2004-08-04 02:29:30 52,224 ------w C:\WINDOWS\system32\drivers\atinraxx.sys
+ 2004-08-04 02:29:32 104,960 ------w C:\WINDOWS\system32\drivers\atinrvxx.sys
+ 2004-08-04 02:29:32 28,672 ------w C:\WINDOWS\system32\drivers\atinsnxx.sys
+ 2004-08-04 02:29:32 13,824 ------w C:\WINDOWS\system32\drivers\atinttxx.sys
+ 2004-08-04 02:29:32 73,216 ------w C:\WINDOWS\system32\drivers\atintuxx.sys
+ 2004-08-04 02:29:32 31,744 ------w C:\WINDOWS\system32\drivers\atinxbxx.sys
+ 2004-08-04 02:29:32 63,488 ------w C:\WINDOWS\system32\drivers\atinxsxx.sys
- 2004-08-04 09:00:00 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
+ 2008-04-13 18:51:25 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
- 2004-08-04 09:00:00 55,936 -c--a-w C:\WINDOWS\system32\drivers\atmlane.sys
+ 2008-04-13 18:51:30 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
+ 2008-04-14 00:11:50 21,183 ------w C:\WINDOWS\system32\drivers\atv01nt5.dll
+ 2008-04-14 00:11:50 11,359 ------w C:\WINDOWS\system32\drivers\atv02nt5.dll
+ 2008-04-14 00:11:50 25,471 ------w C:\WINDOWS\system32\drivers\atv04nt5.dll
+ 2008-04-14 00:11:50 14,143 ------w C:\WINDOWS\system32\drivers\atv06nt5.dll
+ 2008-04-14 00:11:50 17,279 ------w C:\WINDOWS\system32\drivers\atv10nt5.dll
- 2004-08-04 09:00:00 71,552 -c--a-w C:\WINDOWS\system32\drivers\bridge.sys
+ 2008-04-13 18:53:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
+ 2008-04-13 18:46:33 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
- 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-06-13 11:05:51 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
+ 2008-04-13 18:46:29 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
- 2004-08-04 09:00:00 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
+ 2008-04-13 19:14:21 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
- 2004-08-04 09:00:00 49,536 ----a-w C:\WINDOWS\system32\drivers\cdrom.sys
+ 2008-04-13 18:40:46 62,976 ----a-w C:\WINDOWS\system32\drivers\cdrom.sys
+ 2008-04-14 00:11:50 15,423 ------w C:\WINDOWS\system32\drivers\ch7xxnt5.dll
- 2004-08-04 09:00:00 49,664 -c--a-w C:\WINDOWS\system32\drivers\classpnp.sys
+ 2008-04-13 19:16:22 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
- 2004-08-04 09:00:00 36,480 -c--a-w C:\WINDOWS\system32\drivers\crusoe.sys
+ 2008-04-13 18:31:32 36,736 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
- 2004-08-04 09:00:00 36,352 ----a-w C:\WINDOWS\system32\drivers\disk.sys
+ 2008-04-13 18:40:47 36,352 ----a-w C:\WINDOWS\system32\drivers\disk.sys
- 2004-08-04 09:00:00 14,208 -c--a-w C:\WINDOWS\system32\drivers\diskdump.sys
+ 2008-04-13 18:40:44 14,208 ----a-w C:\WINDOWS\system32\drivers\diskdump.sys
- 2004-08-04 09:00:00 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
+ 2008-04-13 18:44:48 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
- 2004-08-04 09:00:00 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
+ 2008-04-13 18:44:46 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
- 2004-08-04 03:07:40 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys
+ 2008-04-13 18:45:01 52,864 ----a-w C:\WINDOWS\system32\drivers\dmusic.sys
- 2004-08-04 02:58:30 207,360 ----a-w C:\WINDOWS\system32\drivers\Dot4.sys
+ 2008-04-13 18:39:46 206,976 ----a-w C:\WINDOWS\system32\drivers\dot4.sys
- 2004-08-04 03:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2008-04-13 18:45:14 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2004-08-04 03:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2008-04-13 18:45:13 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2004-08-04 09:00:00 71,040 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
+ 2008-04-13 18:38:29 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
- 2004-08-04 09:00:00 143,360 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
+ 2008-04-13 19:14:29 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
- 2004-08-04 09:00:00 27,392 ----a-w C:\WINDOWS\system32\drivers\fdc.sys
+ 2008-04-13 18:40:25 27,392 ----a-w C:\WINDOWS\system32\drivers\fdc.sys
- 2004-08-04 09:00:00 34,944 ----a-w C:\WINDOWS\system32\drivers\fips.sys
+ 2008-04-13 18:33:28 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
- 2004-08-04 09:00:00 20,480 ----a-w C:\WINDOWS\system32\drivers\flpydisk.sys
+ 2008-04-13 18:40:25 20,480 ----a-w C:\WINDOWS\system32\drivers\flpydisk.sys
- 2006-08-21 09:14:58 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
+ 2008-04-13 18:32:59 129,792 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
+ 2008-04-13 18:36:40 46,464 ------w C:\WINDOWS\system32\drivers\gagp30kx.sys
- 2004-08-12 21:45:54 137,728 ------w C:\WINDOWS\system32\drivers\Hdaudbus.sys
+ 2008-04-13 16:36:05 144,384 ------w C:\WINDOWS\system32\drivers\hdaudbus.sys
+ 2008-04-13 18:46:30 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
- 2004-08-04 09:00:00 36,224 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
+ 2008-04-13 18:45:26 36,864 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
+ 2008-04-13 18:45:26 19,200 ------w C:\WINDOWS\system32\drivers\hidir.sys
- 2004-08-04 09:00:00 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
+ 2008-04-13 18:45:22 24,960 ----a-w C:\WINDOWS\system32\drivers\hidparse.sys
- 2001-08-17 18:02:20 9,600 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
+ 2008-04-13 18:45:27 10,368 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
+ 2004-08-04 02:41:48 220,032 ------w C:\WINDOWS\system32\drivers\hsfbs2s2.sys
+ 2004-08-04 02:41:50 685,056 ------w C:\WINDOWS\system32\drivers\hsfcxts2.sys
+ 2004-08-04 02:41:56 1,041,536 ------w C:\WINDOWS\system32\drivers\hsfdpsp2.sys
- 2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
+ 2008-04-13 18:53:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
- 2004-08-04 03:00:52 8,192 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys
+ 2008-04-13 18:41:22 8,576 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys
- 2004-08-04 03:00:52 18,560 ----a-w C:\WINDOWS\system32\drivers\i2omp.sys
+ 2008-04-13 18:41:22 18,560 ----a-w C:\WINDOWS\system32\drivers\i2omp.sys
- 2004-08-04 09:00:00 52,736 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
+ 2008-04-13 19:18:00 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
- 2004-08-04 09:00:00 41,856 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
+ 2008-04-13 18:40:58 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
- 2004-08-04 02:59:42 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
+ 2008-04-13 18:40:29 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
- 2004-08-04 09:00:00 36,096 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
+ 2008-04-13 18:31:32 36,352 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
- 2004-08-04 09:00:00 29,056 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
+ 2008-04-13 18:53:34 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
- 2004-08-04 09:00:00 20,992 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
+ 2008-04-13 18:57:07 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
- 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2008-04-13 18:57:15 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
- 2004-08-04 09:00:00 74,752 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
+ 2008-04-13 19:19:42 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
- 2004-08-04 09:00:00 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
+ 2008-04-13 18:54:28 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
- 2001-08-17 17:58:02 35,840 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
+ 2008-04-13 18:36:41 37,248 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
- 2004-08-04 02:58:34 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2008-04-13 18:39:47 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
- 2004-08-04 02:58:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
+ 2008-04-13 18:39:48 14,592 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
- 2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2008-04-13 18:45:09 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
- 2004-08-04 09:00:00 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2008-04-13 19:16:36 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2004-08-04 09:00:00 92,032 -c--a-w C:\WINDOWS\system32\drivers\ksecdd.sys
+ 2008-04-13 18:31:43 92,288 ----a-w C:\WINDOWS\system32\drivers\ksecdd.sys
+ 2004-08-04 02:41:56 11,868 ------w C:\WINDOWS\system32\drivers\mdmxsdk.sys
- 2004-08-04 09:00:00 63,744 -c--a-w C:\WINDOWS\system32\drivers\mf.sys
+ 2008-04-13 18:36:41 63,744 ----a-w C:\WINDOWS\system32\drivers\mf.sys
- 2004-08-04 09:00:00 30,080 -c--a-w C:\WINDOWS\system32\drivers\modem.sys
+ 2008-04-13 19:00:19 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
- 2004-08-04 02:58:34 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
+ 2008-04-13 18:39:47 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
- 2004-08-04 09:00:00 42,240 -c--a-w C:\WINDOWS\system32\drivers\mountmgr.sys
+ 2008-04-13 18:39:46 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
- 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2008-04-13 18:32:44 180,608 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2008-04-13 19:17:01 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2004-08-04 09:00:00 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys
+ 2008-04-13 18:32:39 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys
- 2004-08-04 09:00:00 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
+ 2008-04-13 18:56:32 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
- 2004-08-04 02:58:42 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
+ 2008-04-13 18:39:52 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
- 2004-08-04 02:58:40 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
+ 2008-04-13 18:39:50 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
- 2004-08-04 02:58:42 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys
+ 2008-04-13 18:39:51 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
- 2004-08-04 03:07:48 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
+ 2008-04-13 18:36:46 15,488 ----a-w C:\WINDOWS\system32\drivers\mssmbios.sys
+ 2004-08-04 02:41:40 126,686 ------w C:\WINDOWS\system32\drivers\mtlmnt5.sys
+ 2004-08-04 02:41:38 1,309,184 ------w C:\WINDOWS\system32\drivers\mtlstrm.sys
+ 2004-08-04 02:29:38 452,736 ------w C:\WINDOWS\system32\drivers\mtxparhm.sys
- 2004-08-04 09:00:00 107,904 -c--a-w C:\WINDOWS\system32\drivers\mup.sys
+ 2008-04-13 19:17:05 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
+ 2008-04-13 18:43:55 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
- 2004-08-04 09:00:00 182,912 -c--a-w C:\WINDOWS\system32\drivers\ndis.sys
+ 2008-04-13 19:20:37 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
- 2004-08-04 09:00:00 9,600 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
+ 2008-04-13 18:57:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
- 2004-08-04 09:00:00 12,928 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
+ 2008-04-13 18:55:58 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
- 2004-08-04 09:00:00 91,776 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
+ 2008-04-13 19:20:42 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
- 2004-08-04 09:00:00 38,016 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
+ 2008-04-13 18:57:29 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
- 2004-08-04 09:00:00 34,560 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
+ 2008-04-13 18:56:02 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
- 2004-08-04 09:00:00 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
+ 2008-04-13 19:21:00 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
- 2004-08-04 09:00:00 61,824 -c--a-w C:\WINDOWS\system32\drivers\nic1394.sys
+ 2008-04-13 18:51:25 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
- 2004-08-04 09:00:00 40,320 -c--a-w C:\WINDOWS\system32\drivers\nmnt.sys
+ 2008-04-13 18:53:09 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
- 2004-08-04 09:00:00 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys
+ 2008-04-13 18:32:39 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys
- 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2008-04-13 19:15:53 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2004-08-04 02:41:40 180,360 ------w C:\WINDOWS\system32\drivers\ntmtlfax.sys
- 2004-08-04 09:00:00 88,448 -c--a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
+ 2008-04-13 18:56:06 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
- 2004-08-04 09:00:00 42,496 -c--a-w C:\WINDOWS\system32\drivers\p3.sys
+ 2008-04-13 18:31:31 42,752 ----a-w C:\WINDOWS\system32\drivers\p3.sys
- 2004-08-04 09:00:00 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys
+ 2008-04-13 18:40:10 80,128 ----a-w C:\WINDOWS\system32\drivers\parport.sys
- 2004-08-04 09:00:00 18,688 -c--a-w C:\WINDOWS\system32\drivers\partmgr.sys
+ 2008-04-13 18:40:49 19,712 ----a-w C:\WINDOWS\system32\drivers\partmgr.sys
- 2004-08-04 03:07:48 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
+ 2008-04-13 18:36:44 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
- 2004-08-04 02:59:42 25,088 ----a-w C:\WINDOWS\system32\drivers\pciidex.sys
+ 2008-04-13 18:40:29 24,960 ----a-w C:\WINDOWS\system32\drivers\pciidex.sys
- 2004-08-04 09:00:00 119,936 -c--a-w C:\WINDOWS\system32\drivers\pcmcia.sys
+ 2008-04-13 18:36:43 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
- 2004-03-16 15:58:20 136,960 ------w C:\WINDOWS\system32\drivers\portcls.sys
+ 2008-04-13 19:19:41 146,048 ------w C:\WINDOWS\system32\drivers\portcls.sys
- 2004-08-04 09:00:00 35,328 -c--a-w C:\WINDOWS\system32\drivers\processr.sys
+ 2008-04-13 18:31:30 35,840 ----a-w C:\WINDOWS\system32\drivers\processr.sys
- 2004-08-04 09:00:00 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
+ 2008-04-13 18:56:38 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
- 2004-08-04 09:00:00 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
+ 2008-04-13 19:19:43 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
- 2004-08-04 09:00:00 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
+ 2008-04-13 18:57:32 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
- 2004-08-04 09:00:00 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
+ 2008-04-13 19:19:48 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
- 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2008-04-13 19:28:39 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2004-08-04 03:01:16 196,864 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
+ 2008-04-13 18:32:51 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
- 2005-06-10 04:09:46 139,528 -c--a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2008-04-14 00:13:22 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2004-08-04 02:41:40 13,776 ------w C:\WINDOWS\system32\drivers\recagent.sys
- 2004-08-04 02:59:38 57,472 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
+ 2008-04-13 18:40:27 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
+ 2008-04-13 18:46:32 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
- 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2004-08-04 09:00:00 30,080 -c--a-w C:\WINDOWS\system32\drivers\rndismp.sys
+ 2008-04-13 18:56:49 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
+ 2008-04-13 18:56:49 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
+ 2004-08-04 02:29:52 166,912 ------w C:\WINDOWS\system32\drivers\s3gnbm.sys
- 2004-08-04 09:00:00 96,256 -c--a-w C:\WINDOWS\system32\drivers\scsiport.sys
+ 2008-04-13 18:40:30 96,384 ----a-w C:\WINDOWS\system32\drivers\scsiport.sys
- 2004-08-04 09:00:00 67,584 -c--a-w C:\WINDOWS\system32\drivers\sdbus.sys
+ 2008-04-13 18:36:44 79,232 ----a-w C:\WINDOWS\system32\drivers\sdbus.sys
- 2004-08-04 09:00:00 15,488 ----a-w C:\WINDOWS\system32\drivers\serenum.sys
+ 2008-04-13 18:40:12 15,744 ----a-w C:\WINDOWS\system32\drivers\serenum.sys
- 2004-08-04 09:00:00 64,896 ----a-w C:\WINDOWS\system32\drivers\serial.sys
+ 2008-04-13 19:15:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
- 2004-08-04 09:00:00 11,136 -c--a-w C:\WINDOWS\system32\drivers\sffdisk.sys
+ 2008-04-13 18:40:47 11,904 ----a-w C:\WINDOWS\system32\drivers\sffdisk.sys
+ 2008-04-13 18:40:48 10,240 ------w C:\WINDOWS\system32\drivers\sffp_mmc.sys
- 2004-08-04 09:00:00 10,240 -c--a-w C:\WINDOWS\system32\drivers\sffp_sd.sys
+ 2008-04-13 18:40:47 11,008 ----a-w C:\WINDOWS\system32\drivers\sffp_sd.sys
- 2004-08-04 09:00:00 11,392 ----a-w C:\WINDOWS\system32\drivers\sfloppy.sys
+ 2008-04-13 18:40:48 11,392 ----a-w C:\WINDOWS\system32\drivers\sfloppy.sys
+ 2008-04-14 00:12:05 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
- 2004-08-04 03:07:44 41,088 ----a-w C:\WINDOWS\system32\drivers\SISAGP.SYS
+ 2008-04-13 18:36:39 40,960 ----a-w C:\WINDOWS\system32\drivers\sisagp.sys
+ 2004-08-04 02:41:42 129,535 ------w C:\WINDOWS\system32\drivers\slnt7554.sys
+ 2004-08-04 02:41:44 404,990 ------w C:\WINDOWS\system32\drivers\slntamr.sys
+ 2004-08-04 02:41:46 95,424 ------w C:\WINDOWS\system32\drivers\slnthal.sys
+ 2004-08-04 02:41:46 13,240 ------w C:\WINDOWS\system32\drivers\slwdmsup.sys
+ 2008-04-13 18:36:34 5,888 ------w C:\WINDOWS\system32\drivers\smbali.sys
- 2004-08-04 09:00:00 25,472 -c--a-w C:\WINDOWS\system32\drivers\sonydcam.sys
+ 2008-04-13 18:46:07 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
- 2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2008-04-13 18:45:07 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
- 2004-08-04 09:00:00 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
+ 2008-04-13 18:36:52 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
- 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2008-04-13 19:15:11 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2004-08-04 09:00:00 48,640 -c--a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2008-04-13 18:45:15 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2004-08-04 02:58:42 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
+ 2008-04-13 18:39:53 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
- 2001-08-17 18:00:52 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
+ 2008-04-13 18:45:09 56,576 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
- 2004-08-04 03:15:56 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
+ 2008-04-13 19:15:55 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
- 2004-08-04 09:00:00 14,976 -c--a-w C:\WINDOWS\system32\drivers\tape.sys
+ 2008-04-13 18:40:50 14,976 ----a-w C:\WINDOWS\system32\drivers\tape.sys
- 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2004-08-04 09:00:00 18,560 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
+ 2008-04-13 19:00:05 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
- 2004-08-04 09:00:00 12,040 -c--a-w C:\WINDOWS\system32\drivers\tdpipe.sys
+ 2008-04-14 00:13:20 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
- 2004-08-04 09:00:00 21,896 -c--a-w C:\WINDOWS\system32\drivers\tdtcp.sys
+ 2008-04-14 00:13:21 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
- 2004-08-04 05:01:08 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
+ 2008-04-14 00:13:20 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
- 2004-08-04 09:00:00 12,416 -c--a-w C:\WINDOWS\system32\drivers\tunmp.sys
+ 2008-04-13 18:56:01 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
+ 2008-04-13 18:36:40 44,672 ------w C:\WINDOWS\system32\drivers\uagp35.sys
- 2004-08-04 09:00:00 66,176 ----a-w C:\WINDOWS\system32\drivers\udfs.sys
+ 2008-04-13 18:32:36 66,048 ----a-w C:\WINDOWS\system32\drivers\udfs.sys
- 2007-04-23 10:32:54 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
+ 2008-04-13 18:39:46 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys
- 2004-08-04 09:00:00 12,672 -c--a-w C:\WINDOWS\system32\drivers\usb8023.sys
+ 2008-04-13 18:56:49 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
+ 2008-04-13 18:56:49 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
- 2004-08-04 09:00:00 23,808 -c--a-w C:\WINDOWS\system32\drivers\usbcamd.sys
+ 2008-04-13 18:45:40 25,600 ----a-w C:\WINDOWS\system32\drivers\usbcamd.sys
- 2004-08-04 09:00:00 23,936 -c--a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
+ 2008-04-13 18:45:41 25,728 ----a-w C:\WINDOWS\system32\drivers\usbcamd2.sys
- 2004-08-04 03:08:48 31,616 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
+ 2008-04-13 18:45:39 32,128 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
- 2005-10-25 23:39:41 27,264 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
+ 2008-04-13 18:45:35 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
- 2004-08-04 03:08:44 57,600 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
+ 2008-04-13 18:45:37 59,520 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
- 2004-08-04 09:00:00 16,000 -c--a-w C:\WINDOWS\system32\drivers\usbintel.sys
+ 2008-04-13 18:45:43 15,872 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
- 2005-10-25 23:39:41 143,104 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
+ 2008-04-13 18:45:36 143,872 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
- 2004-08-04 03:01:26 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
+ 2008-04-13 18:47:37 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
- 2004-08-04 03:08:48 26,496 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS
+ 2008-04-13 18:45:38 26,368 ----a-w C:\WINDOWS\system32\drivers\usbstor.sys
- 2004-08-04 03:08:38 20,480 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
+ 2008-04-13 18:45:35 20,608 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
+ 2008-04-13 18:46:20 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
+ 2008-04-14 00:12:08 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
- 2004-08-04 09:00:00 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
+ 2008-04-13 18:44:40 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
- 2004-08-04 03:07:44 42,240 ----a-w C:\WINDOWS\system32\drivers\VIAAGP.SYS
+ 2008-04-13 18:36:40 42,240 ----a-w C:\WINDOWS\system32\drivers\viaagp.sys
- 2004-08-04 02:59:44 5,376 ----a-w C:\WINDOWS\system32\drivers\viaide.sys
+ 2008-04-13 18:40:31 5,376 ----a-w C:\WINDOWS\system32\drivers\viaide.sys
- 2004-08-04 09:00:00 79,744 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
+ 2008-04-13 18:44:40 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
- 2004-08-04 09:00:00 52,352 -c--a-w C:\WINDOWS\system32\drivers\volsnap.sys
+ 2008-04-13 18:41:01 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
+ 2008-04-13 18:43:55 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
+ 2004-08-04 02:29:40 11,807 ------w C:\WINDOWS\system32\drivers\wadv07nt.sys
+ 2004-08-04 02:29:40 11,295 ------w C:\WINDOWS\system32\drivers\wadv08nt.sys
+ 2004-08-04 02:29:42 11,871 ------w C:\WINDOWS\system32\drivers\wadv09nt.sys
+ 2004-08-04 02:29:42 11,935 ------w C:\WINDOWS\system32\drivers\wadv11nt.sys
- 2004-08-04 09:00:00 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
+ 2008-04-13 18:57:21 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
+ 2004-08-04 02:29:46 22,271 ------w C:\WINDOWS\system32\drivers\watv06nt.sys
+ 2004-08-04 02:29:46 25,471 ------w C:\WINDOWS\system32\drivers\watv10nt.sys
- 2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2008-04-13 19:17:18 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
- 2004-08-04 09:00:00 14,336 ----a-w C:\WINDOWS\system32\drprov.dll
+ 2008-04-14 00:11:52 14,336 ----a-w C:\WINDOWS\system32\drprov.dll
- 2004-08-04 09:00:00 16,384 -c--a-w C:\WINDOWS\system32\ds32gt.dll
+ 2008-04-14 00:11:52 16,384 ----a-w C:\WINDOWS\system32\ds32gt.dll
- 2004-08-04 09:00:00 181,760 -c--a-w C:\WINDOWS\system32\dsdmo.dll
+ 2008-04-14 00:11:52 181,248 ----a-w C:\WINDOWS\system32\dsdmo.dll
- 2004-08-04 09:00:00 71,680 -c--a-w C:\WINDOWS\system32\dsdmoprp.dll
+ 2008-04-14 00:11:52 71,680 ----a-w C:\WINDOWS\system32\dsdmoprp.dll
- 2004-08-04 09:00:00 92,672 ----a-w C:\WINDOWS\system32\dskquota.dll
+ 2008-04-14 00:11:52 92,672 ----a-w C:\WINDOWS\system32\dskquota.dll
- 2004-08-04 09:00:00 144,384 ----a-w C:\WINDOWS\system32\dskquoui.dll
+ 2008-04-14 00:11:52 155,648 ----a-w C:\WINDOWS\system32\dskquoui.dll
- 2004-08-04 09:00:00 367,616 ----a-w C:\WINDOWS\system32\dsound.dll
+ 2008-04-14 00:11:52 367,616 ----a-w C:\WINDOWS\system32\dsound.dll
- 2004-08-04 09:00:00 1,294,336 -c--a-w C:\WINDOWS\system32\dsound3d.dll
+ 2008-04-14 00:11:52 1,293,824 ----a-w C:\WINDOWS\system32\dsound3d.dll
- 2004-08-04 09:00:00 142,336 -c--a-w C:\WINDOWS\system32\dsprop.dll
+ 2008-04-14 00:11:52 142,848 ----a-w C:\WINDOWS\system32\dsprop.dll
- 2004-08-04 09:00:00 4,096 -c--a-w C:\WINDOWS\system32\dsprpres.dll
+ 2008-04-13 17:09:30 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
- 2004-08-04 09:00:00 239,104 ----a-w C:\WINDOWS\system32\dsquery.dll
+ 2008-04-14 00:11:52 239,104 ----a-w C:\WINDOWS\system32\dsquery.dll
- 2004-08-04 09:00:00 51,200 ----a-w C:\WINDOWS\system32\dssec.dll
+ 2008-04-14 00:11:52 51,200 ----a-w C:\WINDOWS\system32\dssec.dll
- 2004-08-04 09:00:00 137,216 ----a-w C:\WINDOWS\system32\dssenh.dll
+ 2008-04-13 17:37:57 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
- 2004-08-04 09:00:00 113,152 ----a-w C:\WINDOWS\system32\dsuiext.dll
+ 2008-04-14 00:11:52 113,152 ----a-w C:\WINDOWS\system32\dsuiext.dll
- 2004-08-04 09:00:00 19,456 -c--a-w C:\WINDOWS\system32\dswave.dll
+ 2008-04-14 00:11:52 19,456 ----a-w C:\WINDOWS\system32\dswave.dll
- 2004-08-04 09:00:00 10,752 ----a-w C:\WINDOWS\system32\dumprep.exe
+ 2008-04-14 00:12:18 10,752 ----a-w C:\WINDOWS\system32\dumprep.exe
- 2004-08-04 09:00:00 304,128 ----a-w C:\WINDOWS\system32\duser.dll
+ 2008-04-14 00:11:52 304,128 ----a-w C:\WINDOWS\system32\duser.dll
- 2004-08-04 09:00:00 17,920 -c--a-w C:\WINDOWS\system32\dvdupgrd.exe
+ 2008-04-14 00:12:18 17,920 ----a-w C:\WINDOWS\system32\dvdupgrd.exe
- 2004-08-04 09:00:00 180,224 ----a-w C:\WINDOWS\system32\dwwin.exe
+ 2008-04-14 00:12:18 180,224 ----a-w C:\WINDOWS\system32\dwwin.exe
- 2004-08-04 09:00:00 619,008 -c--a-w C:\WINDOWS\system32\dx7vb.dll
+ 2008-04-14 00:11:52 619,008 ----a-w C:\WINDOWS\system32\dx7vb.dll
- 2004-08-04 09:00:00 1,227,264 -c--a-w C:\WINDOWS\system32\dx8vb.dll
+ 2008-04-14 00:11:52 1,227,264 ----a-w C:\WINDOWS\system32\dx8vb.dll
- 2004-08-04 09:00:00 1,298,432 -c--a-w C:\WINDOWS\system32\dxdiag.exe
+ 2008-04-14 00:12:18 1,298,432 ----a-w C:\WINDOWS\system32\dxdiag.exe
- 2004-08-04 09:00:00 2,113,536 -c--a-w C:\WINDOWS\system32\dxdiagn.dll
+ 2008-04-14 00:11:52 2,113,536 ----a-w C:\WINDOWS\system32\dxdiagn.dll
- 2006-08-22 09:05:26 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll
+ 2008-04-14 00:11:52 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll
- 2008-06-23 16:11:43 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-14 00:11:52 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:11:43 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-14 00:11:52 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-14 00:11:52 30,720 ------w C:\WINDOWS\system32\eapolqec.dll
+ 2008-04-14 00:11:52 184,832 ------w C:\WINDOWS\system32\eapp3hst.dll
+ 2008-04-14 00:11:52 126,976 ------w C:\WINDOWS\system32\eappcfg.dll
+ 2008-04-14 00:11:52 94,208 ------w C:\WINDOWS\system32\eappgnui.dll
+ 2008-04-14 00:11:52 180,224 ------w C:\WINDOWS\system32\eapphost.dll
+ 2008-04-14 00:11:52 40,960 ------w C:\WINDOWS\system32\eappprxy.dll
+ 2008-04-14 00:11:52 59,392 ------w C:\WINDOWS\system32\eapqec.dll
+ 2008-04-14 00:11:52 33,792 ------w C:\WINDOWS\system32\eapsvc.dll
- 2004-08-04 09:00:00 183,296 -c--a-w C:\WINDOWS\system32\els.dll
+ 2008-04-14 00:11:53 183,296 ----a-w C:\WINDOWS\system32\els.dll
+ 2008-04-14 00:11:57 28,672 ------w C:\WINDOWS\system32\en\microsoft.managementconsole.resources.dll
+ 2008-04-14 00:11:57 40,960 ------w C:\WINDOWS\system32\en\mmcex.resources.dll
+ 2008-04-14 00:11:57 6,656 ------w C:\WINDOWS\system32\en\mmcfxcommon.resources.dll
- 2004-08-04 09:00:00 20,480 -c--a-w C:\WINDOWS\system32\encapi.dll
+ 2008-04-14 00:11:53 20,480 ----a-w C:\WINDOWS\system32\encapi.dll
- 2004-08-04 09:00:00 186,368 ----a-w C:\WINDOWS\system32\encdec.dll
+ 2008-04-14 00:11:53 186,880 ----a-w C:\WINDOWS\system32\encdec.dll
- 2004-08-04 09:00:00 23,040 ----a-w C:\WINDOWS\system32\ersvc.dll
+ 2008-04-14 00:11:53 23,040 ----a-w C:\WINDOWS\system32\ersvc.dll
- 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\system32\es.dll
- 2005-10-20 22:20:03 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
+ 2008-04-14 00:11:53 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
- 2004-08-04 09:00:00 193,024 -c--a-w C:\WINDOWS\system32\eudcedit.exe
+ 2008-04-14 00:12:19 193,024 ----a-w C:\WINDOWS\system32\eudcedit.exe
- 2004-08-04 09:00:00 55,808 ----a-w C:\WINDOWS\system32\eventlog.dll
+ 2008-04-14 00:11:53 56,320 ----a-w C:\WINDOWS\system32\eventlog.dll
- 2004-08-04 09:00:00 380,957 ----a-w C:\WINDOWS\system32\expsrv.dll
+ 2008-04-14 00:11:53 380,445 ----a-w C:\WINDOWS\system32\expsrv.dll
- 2008-06-23 16:11:43 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-14 00:11:53 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2004-08-04 09:00:00 45,568 -c--a-w C:\WINDOWS\system32\extrac32.exe
+ 2008-04-14 00:12:19 24,064 ----a-w C:\WINDOWS\system32\extrac32.exe
- 2004-08-04 09:00:00 121,856 -c--a-w C:\WINDOWS\system32\exts.dll
+ 2008-04-14 00:11:53 125,952 ----a-w C:\WINDOWS\system32\exts.dll
- 2004-08-04 09:00:00 80,384 ----a-w C:\WINDOWS\system32\faultrep.dll
+ 2008-04-14 00:11:53 80,384 ----a-w C:\WINDOWS\system32\faultrep.dll
+ 2008-04-14 00:12:20 20,992 ------w C:\WINDOWS\system32\faxpatch.exe
- 2004-08-04 09:00:00 21,504 ----a-w C:\WINDOWS\system32\feclient.dll
+ 2008-04-14 00:11:53 21,504 ----a-w C:\WINDOWS\system32\feclient.dll
- 2004-08-04 09:00:00 337,920 -c--a-w C:\WINDOWS\system32\filemgmt.dll
+ 2008-04-14 00:11:53 337,920 ----a-w C:\WINDOWS\system32\filemgmt.dll
- 2004-08-04 09:00:00 27,136 -c--a-w C:\WINDOWS\system32\findstr.exe
+ 2008-04-14 00:12:20 27,136 ----a-w C:\WINDOWS\system32\findstr.exe
- 2004-08-04 09:00:00 87,552 ----a-w C:\WINDOWS\system32\fldrclnr.dll
+ 2008-04-14 00:11:53 87,552 ----a-w C:\WINDOWS\system32\fldrclnr.dll
- 2006-08-21 12:21:06 16,896 -c--a-w C:\WINDOWS\system32\fltlib.dll
+ 2008-04-14 00:11:53 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
- 2006-08-21 09:14:58 23,040 -c--a-w C:\WINDOWS\system32\fltmc.exe
+ 2008-04-14 00:12:20 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe
- 2008-07-16 01:30:09 311,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-30 01:23:41 313,176 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-04 09:00:00 382,976 ----a-w C:\WINDOWS\system32\fontext.dll
+ 2008-04-14 00:11:53 382,976 ----a-w C:\WINDOWS\system32\fontext.dll
- 2005-10-17 21:14:45 80,896 -c--a-w C:\WINDOWS\system32\fontsub.dll
+ 2008-04-14 00:11:53 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
- 2004-08-04 09:00:00 20,992 -c--a-w C:\WINDOWS\system32\fontview.exe
+ 2008-04-14 00:12:20 20,992 ----a-w C:\WINDOWS\system32\fontview.exe
- 2004-08-04 09:00:00 7,168 -c--a-w C:\WINDOWS\system32\forcedos.exe
+ 2008-04-14 00:12:20 7,680 ----a-w C:\WINDOWS\system32\forcedos.exe
- 2004-08-04 09:00:00 25,600 -c--a-w C:\WINDOWS\system32\format.com
+ 2008-04-14 00:12:42 29,696 ----a-w C:\WINDOWS\system32\format.com
- 2004-08-04 09:00:00 9,344 -c--a-w C:\WINDOWS\system32\framebuf.dll
+ 2008-04-14 00:09:33 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
- 2004-08-04 09:00:00 193,024 -c--a-w C:\WINDOWS\system32\fsquirt.exe
+ 2008-04-14 00:12:20 193,024 ----a-w C:\WINDOWS\system32\fsquirt.exe
- 2004-08-04 09:00:00 42,496 -c--a-w C:\WINDOWS\system32\ftp.exe
+ 2008-04-14 00:12:20 42,496 ----a-w C:\WINDOWS\system32\ftp.exe
- 2004-08-04 09:00:00 60,416 -c--a-w C:\WINDOWS\system32\fwcfg.dll
+ 2008-04-14 00:11:53 60,416 ----a-w C:\WINDOWS\system32\fwcfg.dll
- 2004-08-04 09:00:00 452,096 ----a-w C:\WINDOWS\system32\fxsapi.dll
+ 2008-04-14 00:11:53 451,584 ----a-w C:\WINDOWS\system32\fxsapi.dll
- 2004-08-04 09:00:00 143,360 -c--a-w C:\WINDOWS\system32\fxsclnt.exe
+ 2008-04-14 00:12:21 142,848 ----a-w C:\WINDOWS\system32\fxsclnt.exe
- 2004-08-04 09:00:00 72,192 -c--a-w C:\WINDOWS\system32\fxscom.dll
+ 2008-04-14 00:11:54 72,192 ----a-w C:\WINDOWS\system32\fxscom.dll
- 2004-08-04 09:00:00 285,184 -c--a-w C:\WINDOWS\system32\fxscomex.dll
+ 2008-04-14 00:11:54 285,184 ----a-w C:\WINDOWS\system32\fxscomex.dll
- 2004-08-04 09:00:00 229,376 ----a-w C:\WINDOWS\system32\fxscover.exe
+ 2008-04-14 00:12:21 229,376 ----a-w C:\WINDOWS\system32\fxscover.exe
- 2004-08-04 09:00:00 27,136 -c--a-w C:\WINDOWS\system32\fxsdrv.dll
+ 2008-04-14 00:11:54 26,624 ----a-w C:\WINDOWS\system32\fxsdrv.dll
- 2004-08-04 09:00:00 55,296 ----a-w C:\WINDOWS\system32\fxsevent.dll
+ 2008-04-14 00:11:54 55,296 ----a-w C:\WINDOWS\system32\fxsevent.dll
- 2004-08-04 09:00:00 23,552 -c--a-w C:\WINDOWS\system32\fxsext32.dll
+ 2008-04-14 00:11:54 23,552 ----a-w C:\WINDOWS\system32\fxsext32.dll
- 2004-08-04 09:00:00 23,552 ----a-w C:\WINDOWS\system32\fxsmon.dll
+ 2008-04-14 00:11:54 23,552 ----a-w C:\WINDOWS\system32\fxsmon.dll
- 2004-08-04 09:00:00 8,704 ----a-w C:\WINDOWS\system32\fxsperf.dll
+ 2008-04-14 00:11:54 8,704 ----a-w C:\WINDOWS\system32\fxsperf.dll
- 2004-08-04 09:00:00 6,656 ----a-w C:\WINDOWS\system32\fxsres.dll
+ 2008-04-14 00:09:33 6,656 ----a-w C:\WINDOWS\system32\fxsres.dll
- 2004-08-04 09:00:00 562,176 ----a-w C:\WINDOWS\system32\fxsst.dll
+ 2008-04-14 00:11:54 562,176 ----a-w C:\WINDOWS\system32\fxsst.dll
- 2004-08-04 09:00:00 267,776 ----a-w C:\WINDOWS\system32\fxssvc.exe
+ 2008-04-14 00:12:21 267,776 ----a-w C:\WINDOWS\system32\fxssvc.exe
- 2004-08-04 09:00:00 246,272 ----a-w C:\WINDOWS\system32\fxst30.dll
+ 2008-04-14 00:11:54 246,272 ----a-w C:\WINDOWS\system32\fxst30.dll
- 2004-08-04 09:00:00 397,312 ----a-w C:\WINDOWS\system32\fxstiff.dll
+ 2008-04-14 00:11:54 397,312 ----a-w C:\WINDOWS\system32\fxstiff.dll
- 2004-08-04 09:00:00 154,112 -c--a-w C:\WINDOWS\system32\fxsui.dll
+ 2008-04-14 00:11:54 154,112 ----a-w C:\WINDOWS\system32\fxsui.dll
- 2004-08-04 09:00:00 192,512 -c--a-w C:\WINDOWS\system32\fxswzrd.dll
+ 2008-04-14 00:11:54 192,512 ----a-w C:\WINDOWS\system32\fxswzrd.dll
- 2004-08-04 09:00:00 400,384 -c--a-w C:\WINDOWS\system32\fxsxp32.dll
+ 2008-04-14 00:11:54 400,384 ----a-w C:\WINDOWS\system32\fxsxp32.dll
- 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-04-14 00:11:54 285,184 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2004-08-04 09:00:00 122,880 ----a-w C:\WINDOWS\system32\glu32.dll
+ 2008-04-14 00:11:54 122,880 ----a-w C:\WINDOWS\system32\glu32.dll
- 2004-08-04 09:00:00 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
+ 2006-12-31 01:26:44 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
- 2004-08-04 09:00:00 39,424 -c--a-w C:\WINDOWS\system32\grpconv.exe
+ 2008-04-14 00:12:21 39,424 ----a-w C:\WINDOWS\system32\grpconv.exe
- 2004-08-04 09:00:00 614,912 -c--a-w C:\WINDOWS\system32\h323msp.dll
+ 2008-04-14 00:11:54 614,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP