[cupidringmybelle]

Okay, let me give a little background on the problem -- This started two weeks ago, I received an email from my ISP telling me that my computer had been used to send spam emails. I had Spybot SD running along with (yes, an outdated) Trend Micro's PCCillin. Neither caught it (the SpybotSD was current). My ISP provides me with a free copy of McAfee so I installed it. It kept detecting and saying it was removing the following:

Spam-Mailbot.dll
Proxy-Agent.bi

It didn't remove it, it just kept coming back.

I searched Google and installed Malware Bytes Anti Malware and ran this. It detected and removed the following:

C:\WINDOWS\system32\AppCert (Trojan.Downloader) -> Delete on reboot.
Files Infected:
C:\WINDOWS\system32\AppCert\filter.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AppCert\options.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AppCert\wnl32.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\AppCert\wsil32.dll (Trojan.Downloader) -> Delete on reboot.

I then installed SuperAntiSpyware and it picked up and removed the following:

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8A290466-39BD-419B-93DB-0E9599506654}

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount
C:\WINDOWS\SYSTEM32\WAPICC.EXE.VIR

Trojan.SysProtect
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSCAN\0000#Capabilities

Trojan.Dropper/Gen-MultiPacked
C:\WINDOWS\SYSTEM32\1EINGGTJK.DLL

Okay, so at this point, McAfee is no longer finding anything, but I did receive a notification from McAfee's firewall that said firefox.exe was attempting to connect to the internet -- I blocked access. I went to my task manager and ended the process, it immediately came back. I did this several times and googled 'Firefox.exe constantly running' and found several sites addressing this issue, saying it was 'poisonivy'. I went to each of these sites and tried to tell if I was infected with this, but the files they say are present with this infection are not on my computer. I am completely at a loss. I have ran blacklight on my system as well and its not picking up anything.

I have never had firefox installed on my computer, I'm a diehard IE user, so that's what gave me alarm. I've even gone to the folder where firefox.exe is stored and deleted it, found all instances of it in my registry and removed it, only to have it come right back. None of the scans I'm doing is picking anything up, yet I still have it as a running process and it keeps trying to access the internet every two minutes.

So, now I'm here begging for help!

I've done as instructed, downloaded and ran ATF cleaner, made a system restore point, downloaded and ran ERUNT and I ran Malware Bytes antimalware. Neither picked up anything, says the system is clean. Now, I did notice that when I ran the ATF cleaner that the firefox.exe was gone from my Task Manager, only to reappear about 10 mins after I rebooted. I am including a HiJackthis log in this posting. I waited a few minutes after rebooting until firefox.exe reappeared in my Task Manager to run HiJackThis, here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:27 PM, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Costar32\CSLServer.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\zHotkey.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PDFPRINT\PDFPRINTSERVICE.EXE
C:\PDFPrint\PDFPrint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AIM\aim.exe
c:\program files\common files\mozilla shared\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C28F8BDB-CF8E-4091-8D67-8651D03E934B} - c:\windows\system32\tmwpkzn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [PDFPrint Tray Helper] C:\PDFPrint\PDFPrint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.game...nx.1.0.0.55.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinn...gsaw/jigsaw.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...jattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinn...be/wordcube.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...368/mcfscan.cab
O20 - Winlogon Notify: ulswvluw - C:\WINDOWS\SYSTEM32\tmwpkzn.dll
O23 - Service: Co*STAR License Server (CSLServer) - Clearview Software Intl., Inc. - c:\Costar32\CSLServer.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PDFPrint Listener Service (PDFPrint) - Unknown owner - C:\PDFPRINT\PDFPRINTSERVICE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10222 bytes

Please help!

Thanks,
Becky

[Advertisements]

Hello cupidringmybelle !

Welcome to the site! My name's Egwene and I'll be helping clean up your computer. I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

[Egwene]

Hello cupidringmybelle !

Welcome to the site! My name's Egwene and I'll be helping clean up your computer. I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

[Egwene]

Hey cupidringmybelle,

Let's begin with the removal

1) Upload a suspicious file for analysis :

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum

• Click on "New Topic"
• Put your name, e-mail address, and this as the title: "put file path here"
• Put a link to this topic in the description box.
• Then next to the file box, at the bottom, click the browse button, then navigate to this file:
  
  
  
  • c:\windows\system32\tmwpkzn.dll
  
  
• Click Open.
• Click Post.

Thank you!

2) Viruscan :

• Please go to VirScan
• Copy and paste the following file path into the Suspicious files to scan box.
  o c:\Costar32\CSLServer.exe
• Click on the Upload button
• Once the Scan has completed, click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

3) Run RSIT :

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

N.B : Please check if you have posted me all the content of the log. If not, please post me what is missing in a other reply

Regards,
Egwene.

[cupidringmybelle]

CLServer.exe -- I know what that one is. I work for a software company, that is our Clearview License Server for our terminal emulation program to access my work and client systems, so I won't be uploading that one, but I'll get busy uploading the other one.

Becky

[cupidringmybelle]

Okay, I posted the file to the spykiller forum, then downloaded RSIT and ran it. Here are the log files:

info.txt logfile of random's system information tool 2008-09-06 18:56:17

Uninstall list

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat 6.0 Standard-->MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Aloha Solitaire-->C:\PROGRA~1\YAHOO!~1\ALOHAS~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\ALOHAS~1\INSTALL.LOG
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ArcSoft Multimedia Email-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD54CF66-090B-43E7-97C1-110EF526474D}\SETUP.EXE" -l0x9 -uninst
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC888095-A35E-4993-A9E0-366BF6F0CCE0}\SETUP.EXE" -l0x9
Aveyond 2 (remove only)-->"C:\Program Files\Yahoo! Games\Aveyond 2\Uninstall.exe"
Belle's Beauty Boutique (remove only)-->"C:\Program Files\Yahoo! Games\Belle's Beauty Boutique\Uninstall.exe"
Build in Time (remove only)-->"C:\Program Files\Yahoo! Games\Build in Time\Uninstall.exe"
Build-a-lot (remove only)-->"C:\Program Files\Yahoo! Games\Build-a-lot\Uninstall.exe"
Build-a-lot 2 - Town of the Year (remove only)-->"C:\Program Files\Yahoo! Games\Build-a-lot 2 - Town of the Year\Uninstall.exe"
Cake Mania (remove only)-->"C:\Program Files\Yahoo! Games\Cake Mania\Uninstall.exe"
Cake Mania 2-->"C:\Program Files\Cake Mania 2\Uninstall.exe"
Carrie the Caregiver (remove only)-->"C:\Program Files\Yahoo! Games\Carrie the Caregiver\Uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Ciao Bella (remove only)-->"C:\Program Files\Yahoo! Games\Ciao Bella\Uninstall.exe"
Clearview Software CSWEB-->C:\WINDOWS\IsUninst.exe -f\"C:\Program Files\Clearview Software\CSWEB\Uninst.isu\"
Costar 3.0k-->"c:\Costar32\unins000.exe"
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Instant Driver (1.01.02.0729)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres P0620Pin.crl
Creative WebCam Instant User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Instant\Creative WebCam Instant User's Guide\English\CTManual.isu"
Cute Knight (remove only)-->"C:\Program Files\Yahoo! Games\Cute Knight\Uninstall.exe"
Dairy Dash (remove only)-->"C:\Program Files\Yahoo! Games\Dairy Dash\Uninstall.exe"
Delicious 2 Deluxe-->C:\PROGRA~1\YAHOO!~1\DELICI~2\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\DELICI~2\INSTALL.LOG
Delicious Deluxe-->C:\PROGRA~1\YAHOO!~1\DELICI~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\DELICI~1\INSTALL.LOG
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Diablo-->C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Diner Dash - Flo on the Go (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash - Flo on the Go\Uninstall.exe"
Diner Dash (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash\Uninstall.exe"
Diner Dash 2 (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash 2\Uninstall.exe"
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DivX ;-) Audio Compressor 4.02-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivXAudioCompressor4.02.inf
DivX Codec 3.1alpha release-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
Dungeon Keeper-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\SYSTEM\KEEPER\DeIsL1.isu
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Escape From Paradise (remove only)-->"C:\Program Files\Yahoo! Games\Escape From Paradise\Uninstall.exe"
Fairy Godmother Tycoon (remove only)-->"C:\Program Files\Yahoo! Games\Fairy Godmother Tycoon\Uninstall.exe"
Farm Frenzy (remove only)-->"C:\Program Files\Yahoo! Games\Farm Frenzy\Uninstall.exe"
Fashion Fits (remove only)-->"C:\Program Files\Yahoo! Games\Fashion Fits\Uninstall.exe"
FATE from Yahoo! (remove only)-->"C:\Program Files\Yahoo! Games\FATE\Uninstall.exe"
Flower Shop (remove only)-->"C:\Program Files\Yahoo! Games\Flower Shop\Uninstall.exe"
Flower Stand Tycoon (remove only)-->"C:\Program Files\Yahoo! Games\Flower Stand Tycoon\Uninstall.exe"
Get Yahoo! Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9 /remove
Gift Shop (remove only)-->"C:\Program Files\Yahoo! Games\Gift Shop\Uninstall.exe"
Go Go Gourmet - Chef of the Year (remove only)-->"C:\Program Files\Yahoo! Games\Go Go Gourmet - Chef of the Year\Uninstall.exe"
Go-Go Gourmet (remove only)-->"C:\Program Files\Yahoo! Games\Go-Go Gourmet\Uninstall.exe"
[bleep]'s Kitchen (remove only)-->"C:\Program Files\Yahoo! Games\[bleep]'s Kitchen\Uninstall.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet 6900 series-->C:\Program Files\HP\Digital Imaging\{7ADE9F27-A175-447F-A4B4-B05FA82735E1}\setup\hpzscr01.exe -datfile hpfscr09.dat
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Insaniquarium Deluxe 1.0-->C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\PopUninstall.exe "C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\Install.log"
Jane's Hotel (remove only)-->"C:\Program Files\Yahoo! Games\Jane's Hotel\Uninstall.exe"
Jane's Hotel Family Hero (remove only)-->"C:\Program Files\Yahoo! Games\Jane's Hotel Family Hero\Uninstall.exe"
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
JEOPARDY! (remove only)-->"C:\Program Files\Yahoo! Games\JEOPARDY!\Uninstall.exe"
Kermit 95 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86AAEC2E-997D-46E5-98CD-7246496AB72F}\Setup.exe" -l0x9
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Luxor 2 (remove only)-->"C:\Program Files\Yahoo! Games\Luxor 2\Uninstall.exe"
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Money 2007-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo Premium 9-->c:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mirror Magic Deluxe (remove only)-->"C:\Program Files\Yahoo! Games\Mirror Magic Deluxe\Uninstall.exe"
Miss Management (remove only)-->"C:\Program Files\Yahoo! Games\Miss Management\Uninstall.exe"
Mpeg Layer3 Codec FHG-Radium v1.263-->C:\WINDOWS\UNWISE.EXE C:\audio\L3CODE~1\INSTALL.LOG
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Mystery Case Files Huntsville (remove only)-->"C:\Program Files\Yahoo! Games\Mystery Case Files Huntsville\Uninstall.exe"
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA Ethernet Driver-->C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA nForce Drivers-->C:\WINDOWS\System32\NVUninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
OpenVPN 2.0.7-gui-1.0.3-->C:\Program Files\OpenVPN\Uninstall.exe
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Paradise Pet Salon (remove only)-->"C:\Program Files\Yahoo! Games\Paradise Pet Salon\Uninstall.exe"
PDFPrint 2.0-->"c:\PDFPrint\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Profitville (remove only)-->"C:\Program Files\Yahoo! Games\Profitville\Uninstall.exe"
Puppy Luv a New Breed (remove only)-->"C:\Program Files\Yahoo! Games\Puppy Luv a New Breed\Uninstall.exe"
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Ranch Rush (remove only)-->"C:\Program Files\Yahoo! Games\Ranch Rush\Uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sally's Salon (remove only)-->"C:\Program Files\Yahoo! Games\Sally's Salon\Uninstall.exe"
Sally's Spa (remove only)-->"C:\Program Files\Yahoo! Games\Sally's Spa\Uninstall.exe"
Slingo Deluxe-->C:\PROGRA~1\YAHOO!~1\SLINGO~1\UNWISE.EXE C:\PROGRA~1\YAHOO!~1\SLINGO~1\INSTALL.LOG
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Spark 2.5.4-->C:\Program Files\Spark\uninstall.exe
TaxACT 2005-->C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unta05.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\Install.log
TaxACT 2006-->C:\PROGRA~1\2NDSTO~1\TAXACT~2\Unta06.exe C:\PROGRA~1\2NDSTO~1\TAXACT~2\Install.log
The 80's Game (remove only)-->"C:\Program Files\Yahoo! Games\The 80's Game\Uninstall.exe"
The Lost Cases of Sherlock Holmes (remove only)-->"C:\Program Files\Yahoo! Games\The Lost Cases of Sherlock Holmes\Uninstall.exe"
The Princess Bride Game (remove only)-->C:\Program Files\Yahoo! Games\PrincessBride\Uninstall.exe {36DD7F44-24D9-480A-A777-C69D9FB3C5D3}
The Princess Bride Game-->MsiExec.exe /X{36DD7F44-24D9-480A-A777-C69D9FB3C5D3}
The Stone of Destiny (remove only)-->"C:\Program Files\Yahoo! Games\The Stone of Destiny\Uninstall.exe"
Trojan Remover 6.7.2-->"C:\Program Files\Trojan Remover\unins000.exe"
Turbo Pizza (remove only)-->"C:\Program Files\Yahoo! Games\Turbo Pizza\Uninstall.exe"
Turbo Subs (remove only)-->"C:\Program Files\Yahoo! Games\Turbo Subs\Uninstall.exe"
USB Driver Vers. 3.2-->C:\Program Files\USB Driver Vers. 3.2\uninstall.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Villagers - The Secret City (remove only)-->"C:\Program Files\Yahoo! Games\Virtual Villagers - The Secret City\Uninstall.exe"
Virtual Villagers (remove only)-->"C:\Program Files\Yahoo! Games\Virtual Villagers\Uninstall.exe"
Wal-Mart Digital Photo Manager-->MsiExec.exe /X{E8E9A39C-6F70-4261-816F-2B2DE8F7BB13}
Wedding Dash (remove only)-->"C:\Program Files\Yahoo! Games\Wedding Dash\Uninstall.exe"
Wedding Dash 2 - Rings Around the World (remove only)-->"C:\Program Files\Yahoo! Games\Wedding Dash 2 - Rings Around the World\Uninstall.exe"
Westward (remove only)-->"C:\Program Files\Yahoo! Games\Westward\Uninstall.exe"
Westward II Heroes of the Frontier-->C:\PROGRA~1\PLAYFI~1\WESTWA~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\WESTWA~1\INSTALL.LOG
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XP / Linux Filesharing Fix-->"C:\WINDOWS\unins000.exe"
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AV: McAfee VirusScan
FW: McAfee Personal Firewall

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool (written by random/random)
Run by Owner at 2008-09-06 18:55:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 136 GB (89%) free of 153 GB
Total RAM: 447 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:12 PM, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Costar32\CSLServer.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\zHotkey.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PDFPRINT\PDFPRINTSERVICE.EXE
C:\PDFPrint\PDFPrint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\common files\mozilla shared\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C28F8BDB-CF8E-4091-8D67-8651D03E934B} - c:\windows\system32\tmwpkzn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [PDFPrint Tray Helper] C:\PDFPrint\PDFPrint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.game...nx.1.0.0.55.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinn...gsaw/jigsaw.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...jattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinn...be/wordcube.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...368/mcfscan.cab
O20 - Winlogon Notify: ulswvluw - C:\WINDOWS\SYSTEM32\tmwpkzn.dll
O23 - Service: Co*STAR License Server (CSLServer) - Clearview Software Intl., Inc. - c:\Costar32\CSLServer.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PDFPrint Listener Service (PDFPrint) - Unknown owner - C:\PDFPRINT\PDFPRINTSERVICE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10211 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C28F8BDB-CF8E-4091-8D67-8651D03E934B}]
c:\windows\system32\tmwpkzn.dll [2003-03-31 121344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
ID

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2004-03-03 782336]
"nForce Tray Options"=C:\WINDOWS\system32\sstray.exe [2003-09-02 73728]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-06-07 50688]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2008-08-21 914512]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-05-17 543232]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-03-03 2904064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-02-21 155648]
"WinVNC"=C:\Program Files\TightVNC\WinVNC.exe -servicehelper []
"PDFPrint Tray Helper"=C:\PDFPrint\PDFPrint.exe [2007-03-23 690176]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"GoToMeeting"=C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe [2007-12-12 31816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ulswvluw]
C:\WINDOWS\system32\tmwpkzn.dll [2003-03-31 121344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\InsaniquariumDeluxe.exe"="C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\InsaniquariumDeluxe.exe:*:Disabled:Insaniquarium"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Yahoo! Games\Slingo Deluxe\Slingo.exe"="C:\Program Files\Yahoo! Games\Slingo Deluxe\Slingo.exe:*:Enabled:Slingo ®"
"C:\Program Files\Yahoo! Games\JEOPARDY!\JEOPARDY!.exe"="C:\Program Files\Yahoo! Games\JEOPARDY!\JEOPARDY!.exe:*:Enabled:JEOPARDY!"
"C:\WINDOWS\system32"="C:\WINDOWS\system32:*:Enabled:lockx"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"c:\PDFPrint\PDFPrintService.exe"="c:\PDFPrint\PDFPrintService.exe:*:Enabled:PDFPrint Listner Service"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

File associations

.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-06 18:55:46 ----D---- C:\rsit
2008-09-05 23:25:58 ----D---- C:\Program Files\ERUNT
2008-09-05 13:33:44 ----D---- C:\Documents and Settings\Owner\Application Data\ITTNord
2008-09-05 08:58:46 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-09-04 22:32:16 ----D---- C:\Documents and Settings\Owner\Application Data\iolo
2008-09-04 22:32:16 ----D---- C:\Documents and Settings\All Users\Application Data\iolo
2008-09-04 18:00:49 ----D---- C:\WINDOWS\pss
2008-09-01 19:43:57 ----A---- C:\WINDOWS\msoffice.ini
2008-09-01 19:10:27 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-01 19:10:14 ----A---- C:\rapport.txt
2008-09-01 19:08:18 ----D---- C:\Documents and Settings\Owner\Application Data\ptunzybl
2008-09-01 18:12:58 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-01 18:12:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 18:12:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-01 15:45:10 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-01 15:44:39 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-09-01 15:04:03 ----A---- C:\rundll32.txt
2008-08-31 18:32:57 ----D---- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-23 16:52:42 ----D---- C:\Documents and Settings\Owner\Application Data\Go-Go Gourmet Chef of the Year
2008-08-23 09:47:33 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-08-23 09:32:39 ----A---- C:\WINDOWS\system32\dunzip32.dll
2008-08-23 09:27:57 ----D---- C:\Program Files\McAfee.com
2008-08-23 09:27:31 ----D---- C:\Program Files\Common Files\McAfee
2008-08-23 09:27:05 ----D---- C:\Program Files\McAfee
2008-08-23 09:19:11 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-23 07:51:04 ----D---- C:\WINDOWS\McAfee.com
2008-08-21 09:32:15 ----A---- C:\WINDOWS\COSTAR.TMP
2008-08-21 06:50:58 ----D---- C:\WINDOWS\Prefetch
2008-08-20 20:45:15 ----D---- C:\WINDOWS\system32\en-us
2008-08-20 20:45:14 ----D---- C:\WINDOWS\system32\scripting
2008-08-20 20:45:12 ----D---- C:\WINDOWS\l2schemas
2008-08-20 20:45:11 ----D---- C:\WINDOWS\system32\en
2008-08-20 20:38:39 ----D---- C:\WINDOWS\network diagnostic
2008-08-20 19:27:23 ----D---- C:\98ef2acd623800fc40
2008-08-20 13:45:13 ----A---- C:\C28F8BDB-CF8E-4091-8D67-8651D03E934B.txt
2008-08-19 00:05:24 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-19 00:05:20 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-19 00:05:19 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-19 00:05:17 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-19 00:05:17 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-19 00:05:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-19 00:05:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-19 00:04:58 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-19 00:04:55 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-19 00:04:54 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-19 00:04:52 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-19 00:04:51 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-19 00:04:51 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-19 00:04:51 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-19 00:04:50 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-19 00:04:47 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-19 00:04:38 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-19 00:04:38 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-19 00:04:38 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-19 00:04:37 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-19 00:04:36 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-19 00:04:34 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-19 00:04:34 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-19 00:04:20 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-19 00:04:20 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-19 00:04:20 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-19 00:04:19 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-19 00:04:09 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-19 00:04:08 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-19 00:04:08 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-19 00:04:08 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-19 00:04:07 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-19 00:04:07 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-19 00:03:49 ----A---- C:\WINDOWS\005432_.tmp
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-19 00:03:42 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-19 00:03:42 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-19 00:03:42 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-19 00:03:38 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-19 00:03:33 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-19 00:03:32 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-19 00:03:24 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-10 22:02:24 ----D---- C:\Program Files\Google
2008-08-05 18:50:58 ----D---- C:\Program Files\StorageSync
2008-08-05 18:50:54 ----D---- C:\StorageSync 1.41
2008-07-20 09:40:22 ----D---- C:\Documents and Settings\Owner\Application Data\Ludia
2008-07-20 09:40:22 ----D---- C:\Documents and Settings\All Users\Application Data\Ludia
2008-07-20 09:08:10 ----D---- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
2008-07-20 09:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-18 19:39:54 ----D---- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-06-21 18:21:56 ----D---- C:\Documents and Settings\Owner\Application Data\Aveyond II
2008-06-21 16:13:32 ----D---- C:\Documents and Settings\Owner\Application Data\Sandlot Games
2008-06-07 22:26:11 ----D---- C:\Documents and Settings\Owner\Application Data\Jane s Hotel Family Hero

List of drivers

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2005-03-17 221440]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-03-03 1893536]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-08-15 72771]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S1 ip6fww;ip6fww; C:\WINDOWS\system32\drivers\ip6fww.sys []
S2 SVKP;SVKP; C:\WINDOWS\system32\drivers\SVKP.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FINEPIX_PCC;FinePix Digital Camera 020717; C:\WINDOWS\System32\Drivers\V4CB011D.SYS [2002-05-07 81700]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera; C:\WINDOWS\system32\drivers\MR97310_VGA_DUAL_CAMERA.sys []
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PD0620VID;Creative WebCam Instant; C:\WINDOWS\system32\DRIVERS\P0620Vid.sys [2004-07-29 91577]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; C:\WINDOWS\system32\drivers\Sunkfiltp.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WlanUIB;NETGEAR 802.11b USB Driver; C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2004-03-03 666624]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]

List of services

R2 CSLServer;Co*STAR License Server; c:\Costar32\CSLServer.exe [2001-05-14 53248]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF�

[cupidringmybelle]

Sorry, it cutoff part of the log.txt, here's the bottom of it.

List of services

R2 CSLServer;Co*STAR License Server; c:\Costar32\CSLServer.exe [2001-05-14 53248]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 nfrkgidz;Terminal Device Support; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-03-03 77824]
R2 PDFPrint;PDFPrint Listener Service; C:\PDFPRINT\PDFPRINTSERVICE.EXE [2007-04-17 723968]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2006-04-05 16384]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

I forgot to tell you another program I ran, it was SmitFraudFix. I ran it while searching the forums for answers. That was back on September 1st. I still have the logfile if you need to see it.

Becky

[Egwene]

Hey cupidringmybelle,

CLServer.exe -- I know what that one is. I work for a software company, that is our Clearview License Server for our terminal emulation program to access my work and client systems, so I won't be uploading that one

No problem, if you know what is it I could have thougth it's malware, that's why i ask you to virusscan this, but now, i know it's not malware

Let's go with the removal now

1) Uninstall some programs :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):

• Adobe Reader 6.0
• Viewpoint Manager (Remove Only)
• Viewpoint Media Player

Optional Removals :
Viewpoint Manager is considered as softtware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546

2) Fix with HijackThis :

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below :

O2 - BHO: (no name) - {C28F8BDB-CF8E-4091-8D67-8651D03E934B} - c:\windows\system32\tmwpkzn.dll
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O20 - Winlogon Notify: ulswvluw - C:\WINDOWS\SYSTEM32\tmwpkzn.dll

Now close all windows other than HiJackThis, then click Fix Checked.

3) Run OTmoveIT2 :

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  ip6fww <delete service>
  C:\Documents and Settings\Owner\Application Data\ptunzybl
  C:\WINDOWS\system32\drivers\ip6fww.sys
  C:\WINDOWS\SYSTEM32\tmwpkzn.dll
  purity
  emptytemp
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

And please post a fresh RSIT log in your next answer.

Regards,
Egwene.

[cupidringmybelle]

Just a quick question before I start all of this -- why do I need to remove Adobe Reader?

[Egwene]

why do I need to remove Adobe Reader?

Because you are currently running an outdated version of Adobe Reader, this can leave your pc open to vulnerabilities.

you can update it here :
http://www.adobe.com.../readstep2.html

[cupidringmybelle]

Okay, I did all of the things above and here's what happened:

First, I uninstalled all three items you mentioned, no problem.

I ran HiJackThis and checked all three items, it removed:

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab

But did not remove:

O2 - BHO: (no name) - {C28F8BDB-CF8E-4091-8D67-8651D03E934B} - c:\windows\system32\tmwpkzn.dll
O20 - Winlogon Notify: ulswvluw - C:\WINDOWS\SYSTEM32\tmwpkzn.dll

I then ran OTMoveIt2, copied and pasted the entries you'd given me, it ran, but then I immediately got the following error:

The application or DLL c:\windows\system32\gxqwoui.dll is not a valid windows image. Please check this against your installation disk.

It then prompted me to reboot, I did, and when my system came back up, I was unable to load Internet Explorer at all. I would click on it, it wouldn't load, but it showed up in my Task Manager as a running process. I ended up having to reboot a second time, and received that DLL error again, in several windows listing different programs with that error about gxqwoui.dll.

But, when I rebooted again, at least I was able to open Internet Explorer.

OTMoveIt2 was unable to remove:

C:\Documents and Settings\Owner\Application Data\ptunzybl
C:\WINDOWS\system32\drivers\ip6fww.sys
C:\WINDOWS\SYSTEM32\tmwpkzn.dll

Here is the OTMoveIt Log:

Explorer killed successfully
ip6fww service deleted successfully.
C:\Documents and Settings\Owner\Application Data\ptunzybl\Profiles\s9cdufmt.default\extensions moved successfully.
C:\Documents and Settings\Owner\Application Data\ptunzybl\Profiles\s9cdufmt.default moved successfully.
C:\Documents and Settings\Owner\Application Data\ptunzybl\Profiles moved successfully.
C:\Documents and Settings\Owner\Application Data\ptunzybl moved successfully.
File/Folder C:\WINDOWS\system32\drivers\ip6fww.sys not found.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\tmwpkzn.dll
C:\WINDOWS\SYSTEM32\tmwpkzn.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\tmwpkzn.dll scheduled to be moved on reboot.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\G2MCodec.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_874.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF24E4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\citrixlogs\gotomeeting\198\G2MIMessenger_g2mlauncher.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\citrixlogs\gotomeeting\198\G2MOutlookAddin_util.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\citrixlogs\gotomeeting\198\log1.tmp\G2MStart.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\citrixlogs\gotomeeting\198\log1.tmp\GoToMeeting.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\History\History.IE5\MSHist012008090620080907\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\fb_320.lck scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_QCQ3Y8qJuzisrpc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_t5HWE14c7NsjUiD scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_adHWpyuTZsGbMRb scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_EtOJ86lZsmEQDID scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_gBwy8TRLttaaHaB scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_NH8u8FzjtMyzOzj scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_YdVcdwjyl1bjTgo scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09072008_113532

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\SYSTEM32\tmwpkzn.dll
C:\WINDOWS\SYSTEM32\tmwpkzn.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\tmwpkzn.dll scheduled to be moved on reboot.
C:\DOCUME~1\Owner\LOCALS~1\Temp\G2MCodec.log moved successfully.
C:\DOCUME~1\Owner\LOCALS~1\Temp\hpodvd09.log moved successfully.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_874.dat not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF24E4.tmp not found!
C:\DOCUME~1\Owner\LOCALS~1\Temp\citrixlogs\gotomeeting\198\G2MIMessenger_g2mlauncher.log moved successfully.
C:\DOCUME~1\Owner\LOCALS~1\Temp\citrixlogs\gotomeeting\198\G2MOutlookAddin_util.log moved successfully.
C:\DOCUME~1\Owner\LOCALS~1\Temp\citrixlogs\gotomeeting\198\log1.tmp\G2MStart.log moved successfully.
C:\DOCUME~1\Owner\LOCALS~1\Temp\citrixlogs\gotomeeting\198\log1.tmp\GoToMeeting.log moved successfully.
C:\DOCUME~1\Owner\LOCALS~1\Temp\History\History.IE5\MSHist012008090620080907\index.dat moved successfully.
File C:\WINDOWS\temp\fb_320.lck not found!
File C:\WINDOWS\temp\mcafee_QCQ3Y8qJuzisrpc not found!
File C:\WINDOWS\temp\mcafee_t5HWE14c7NsjUiD not found!
File C:\WINDOWS\temp\mcmsc_adHWpyuTZsGbMRb not found!
File C:\WINDOWS\temp\mcmsc_EtOJ86lZsmEQDID not found!
File C:\WINDOWS\temp\mcmsc_gBwy8TRLttaaHaB not found!
File C:\WINDOWS\temp\mcmsc_NH8u8FzjtMyzOzj not found!
File C:\WINDOWS\temp\mcmsc_YdVcdwjyl1bjTgo not found!

I will post the RSIT Log in another post, it seems to be too long to put all of it in here.

Becky

[cupidringmybelle]

Here's the RSIT log

By the way, in this RSIT log, it doesn't show the firefox.exe program running, but then it always waits a little while after reboot before popping back up.

Logfile of random's system information tool (written by random/random)
Run by Owner at 2008-09-07 12:18:59
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 137 GB (90%) free of 153 GB
Total RAM: 447 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:19 PM, on 9/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Costar32\CSLServer.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PDFPRINT\PDFPRINTSERVICE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\zHotkey.exe
C:\PDFPrint\PDFPrint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C28F8BDB-CF8E-4091-8D67-8651D03E934B} - c:\windows\system32\tmwpkzn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [PDFPrint Tray Helper] C:\PDFPrint\PDFPrint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinn...rabblecubes.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.game...nx.1.0.0.55.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinn...gsaw/jigsaw.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...jattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinn...x/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinn...be/wordcube.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...368/mcfscan.cab
O20 - Winlogon Notify: ulswvluw - C:\WINDOWS\SYSTEM32\tmwpkzn.dll
O23 - Service: Co*STAR License Server (CSLServer) - Clearview Software Intl., Inc. - c:\Costar32\CSLServer.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PDFPrint Listener Service (PDFPrint) - Unknown owner - C:\PDFPRINT\PDFPRINTSERVICE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9842 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C28F8BDB-CF8E-4091-8D67-8651D03E934B}]
c:\windows\system32\tmwpkzn.dll [2003-03-31 121344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
ID

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2004-03-03 782336]
"nForce Tray Options"=C:\WINDOWS\system32\sstray.exe [2003-09-02 73728]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-06-07 50688]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2008-08-21 914512]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-05-17 543232]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-03-03 2904064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-02-21 155648]
"WinVNC"=C:\Program Files\TightVNC\WinVNC.exe -servicehelper []
"PDFPrint Tray Helper"=C:\PDFPrint\PDFPrint.exe [2007-03-23 690176]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"GoToMeeting"=C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe [2007-12-12 31816]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ulswvluw]
C:\WINDOWS\system32\tmwpkzn.dll [2003-03-31 121344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\InsaniquariumDeluxe.exe"="C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\InsaniquariumDeluxe.exe:*:Disabled:Insaniquarium"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Yahoo! Games\Slingo Deluxe\Slingo.exe"="C:\Program Files\Yahoo! Games\Slingo Deluxe\Slingo.exe:*:Enabled:Slingo ®"
"C:\Program Files\Yahoo! Games\JEOPARDY!\JEOPARDY!.exe"="C:\Program Files\Yahoo! Games\JEOPARDY!\JEOPARDY!.exe:*:Enabled:JEOPARDY!"
"C:\WINDOWS\system32"="C:\WINDOWS\system32:*:Enabled:lockx"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"c:\PDFPrint\PDFPrintService.exe"="c:\PDFPrint\PDFPrintService.exe:*:Enabled:PDFPrint Listner Service"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d6b52c1-a531-11d9-a85f-806d6172696f}]
shell\AutoRun\command - D:\setup.exe


File associations

.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-07 11:35:32 ----D---- C:\_OTMoveIt
2008-09-06 18:55:46 ----D---- C:\rsit
2008-09-05 23:25:58 ----D---- C:\Program Files\ERUNT
2008-09-05 13:33:44 ----D---- C:\Documents and Settings\Owner\Application Data\ITTNord
2008-09-05 08:58:46 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-09-04 22:32:16 ----D---- C:\Documents and Settings\Owner\Application Data\iolo
2008-09-04 22:32:16 ----D---- C:\Documents and Settings\All Users\Application Data\iolo
2008-09-04 18:00:49 ----D---- C:\WINDOWS\pss
2008-09-01 19:43:57 ----A---- C:\WINDOWS\msoffice.ini
2008-09-01 19:10:27 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-01 19:10:14 ----A---- C:\rapport.txt
2008-09-01 18:12:58 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-01 18:12:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 18:12:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-01 15:45:10 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-01 15:44:39 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-09-01 15:04:03 ----A---- C:\rundll32.txt
2008-08-31 18:32:57 ----D---- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-23 16:52:42 ----D---- C:\Documents and Settings\Owner\Application Data\Go-Go Gourmet Chef of the Year
2008-08-23 09:47:33 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-08-23 09:32:39 ----A---- C:\WINDOWS\system32\dunzip32.dll
2008-08-23 09:27:57 ----D---- C:\Program Files\McAfee.com
2008-08-23 09:27:31 ----D---- C:\Program Files\Common Files\McAfee
2008-08-23 09:27:05 ----D---- C:\Program Files\McAfee
2008-08-23 09:19:11 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-23 07:51:04 ----D---- C:\WINDOWS\McAfee.com
2008-08-21 09:32:15 ----A---- C:\WINDOWS\COSTAR.TMP
2008-08-21 06:50:58 ----D---- C:\WINDOWS\Prefetch
2008-08-20 20:45:15 ----D---- C:\WINDOWS\system32\en-us
2008-08-20 20:45:14 ----D---- C:\WINDOWS\system32\scripting
2008-08-20 20:45:12 ----D---- C:\WINDOWS\l2schemas
2008-08-20 20:45:11 ----D---- C:\WINDOWS\system32\en
2008-08-20 20:38:39 ----D---- C:\WINDOWS\network diagnostic
2008-08-20 19:27:23 ----D---- C:\98ef2acd623800fc40
2008-08-20 13:45:13 ----A---- C:\C28F8BDB-CF8E-4091-8D67-8651D03E934B.txt
2008-08-19 00:05:24 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-19 00:05:20 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-19 00:05:19 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-19 00:05:17 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-19 00:05:17 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-19 00:05:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-19 00:05:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-19 00:04:58 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-19 00:04:55 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-19 00:04:54 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-19 00:04:52 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-19 00:04:51 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-19 00:04:51 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-19 00:04:51 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-19 00:04:50 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-19 00:04:47 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-19 00:04:38 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-19 00:04:38 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-19 00:04:38 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-19 00:04:37 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-19 00:04:36 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-19 00:04:34 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-19 00:04:34 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-19 00:04:20 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-19 00:04:20 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-19 00:04:20 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-19 00:04:19 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-19 00:04:09 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-19 00:04:08 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-19 00:04:08 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-19 00:04:08 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-19 00:04:07 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-19 00:04:07 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-19 00:03:49 ----A---- C:\WINDOWS\005432_.tmp
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-19 00:03:42 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-19 00:03:42 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-19 00:03:42 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-19 00:03:38 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-19 00:03:33 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-19 00:03:32 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-19 00:03:24 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-10 22:02:24 ----D---- C:\Program Files\Google
2008-08-05 18:50:58 ----D---- C:\Program Files\StorageSync
2008-08-05 18:50:54 ----D---- C:\StorageSync 1.41
2008-07-20 09:40:22 ----D---- C:\Documents and Settings\Owner\Application Data\Ludia
2008-07-20 09:40:22 ----D---- C:\Documents and Settings\All Users\Application Data\Ludia
2008-07-20 09:08:10 ----D---- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
2008-07-20 09:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-18 19:39:54 ----D---- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-06-21 18:21:56 ----D---- C:\Documents and Settings\Owner\Application Data\Aveyond II
2008-06-21 16:13:32 ----D---- C:\Documents and Settings\Owner\Application Data\Sandlot Games

List of drivers

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2005-03-17 221440]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-03-03 1893536]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-08-15 72771]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S2 SVKP;SVKP; C:\WINDOWS\system32\drivers\SVKP.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FINEPIX_PCC;FinePix Digital Camera 020717; C:\WINDOWS\System32\Drivers\V4CB011D.SYS [2002-05-07 81700]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera; C:\WINDOWS\system32\drivers\MR97310_VGA_DUAL_CAMERA.sys []
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PD0620VID;Creative WebCam Instant; C:\WINDOWS\system32\DRIVERS\P0620Vid.sys [2004-07-29 91577]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; C:\WINDOWS\system32\drivers\Sunkfiltp.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WlanUIB;NETGEAR 802.11b USB Driver; C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2004-03-03 666624]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]

List of services

R2 CSLServer;Co*STAR License Server; c:\Costar32\CSLServer.exe [2001-05-14 53248]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 nfrkgidz;Terminal Device Support; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-03-03 77824]
R2 PDFPrint;PDFPrint Listener Service; C:\PDFPRINT\PDFPRINTSERVICE.EXE [2007-04-17 723968]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2006-04-05 16384]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

[Egwene]

Hey cupidringmybelle,

The infection is still present. Let's use a more powerful tool now

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Regards,
Egwene.

[cupidringmybelle]

Well, I tried inserting the combofix log twice and it wouldn't let me, I then tried attaching it as a file and it was too large, so what I am doing is putting the Hijack this log here and will break the combofix file into several parts to try to get it posted here as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:59 AM, on 9/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Costar32\CSLServer.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PDFPRINT\PDFPRINTSERVICE.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\zHotkey.exe
C:\PDFPrint\PDFPrint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C28F8BDB-CF8E-4091-8D67-8651D03E934B} - c:\windows\system32\tmwpkzn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PDFPrint Tray Helper] C:\PDFPrint\PDFPrint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...368/mcfscan.cab
O23 - Service: Co*STAR License Server (CSLServer) - Clearview Software Intl., Inc. - c:\Costar32\CSLServer.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PDFPrint Listener Service (PDFPrint) - Unknown owner - C:\PDFPRINT\PDFPRINTSERVICE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6803 bytes

[cupidringmybelle]

Okay, here's the first part:

ComboFix 08-09-05.09 - Owner 2008-09-08 7:32:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.173 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\appcert
C:\WINDOWS\system32\tmwpkzn.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NFRKGIDZ
-------\Service_nfrkgidz


((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))
.

2008-09-07 13:27 . 2008-09-07 13:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ptunzybl
2008-09-07 11:35 . 2008-09-07 11:35 <DIR> d-------- C:\_OTMoveIt
2008-09-06 18:55 . 2008-09-06 18:56 <DIR> d-------- C:\rsit
2008-09-05 23:25 . 2008-09-05 23:26 <DIR> d-------- C:\Program Files\ERUNT
2008-09-05 13:33 . 2008-09-06 09:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ITTNord
2008-09-05 10:50 . 2008-09-05 10:50 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\ptunzybl
2008-09-04 22:32 . 2008-09-04 22:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\iolo
2008-09-04 22:32 . 2008-09-04 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-09-04 18:33 . 2008-09-04 18:33 2,855 --a------ C:\WINDOWS\system32\mem.PIF
2008-09-01 19:43 . 2008-09-01 19:43 2 --a------ C:\WINDOWS\msoffice.ini
2008-09-01 19:10 . 2008-09-01 19:17 2,808 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-01 18:12 . 2008-09-04 21:48 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 18:12 . 2008-09-01 18:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-01 18:12 . 2008-09-01 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-01 18:12 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 18:12 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 17:27 . 2008-04-08 20:08 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-01 15:45 . 2008-09-01 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-01 15:44 . 2008-09-01 19:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-08-31 19:15 . 2008-08-31 19:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-08-31 18:32 . 2008-08-31 18:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-23 16:52 . 2008-08-23 16:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Go-Go Gourmet Chef of the Year
2008-08-23 09:33 . 2008-09-08 07:39 20,303 --a------ C:\WINDOWS\system32\Config.MPF
2008-08-23 09:32 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-08-23 09:29 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-08-23 09:29 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-08-23 09:29 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-08-23 09:29 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-08-23 09:29 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-08-23 09:29 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-08-23 09:27 . 2008-08-23 09:28 <DIR> d-------- C:\Program Files\McAfee.com
2008-08-23 09:27 . 2008-09-05 07:29 <DIR> d-------- C:\Program Files\McAfee
2008-08-23 09:27 . 2008-08-23 09:29 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-08-23 09:19 . 2008-08-31 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-23 07:51 . 2008-08-23 07:51 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-08-21 09:32 . 2008-08-22 16:31 3,350 --a------ C:\WINDOWS\COSTAR.TMP
2008-08-20 21:15 . 2008-08-23 09:07 174 --a------ C:\Documents and Settings\All Users\Application Data\ustore.dat
2008-08-20 20:45 . 2008-08-20 20:45 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-20 20:45 . 2008-08-20 20:45 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-20 20:45 . 2008-08-20 20:45 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-20 19:27 . 2008-08-20 19:27 <DIR> d-------- C:\98ef2acd623800fc40
2008-08-19 00:05 . 2008-04-13 19:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-08-19 00:05 . 2008-04-13 19:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-19 00:05 . 2008-04-13 19:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-08-19 00:05 . 2008-04-13 19:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-19 00:05 . 2008-04-13 19:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-08-19 00:05 . 2008-04-13 19:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-08-19 00:03 . 2008-04-13 19:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-15 18:19 . 2008-08-15 18:26 843,503,843 --a------ C:\lotrosetup-1a.bin
2008-08-14 17:00 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 17:00 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-10 22:02 . 2008-09-01 21:40 <DIR> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 04:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-07 22:43 --------- d-----w C:\Program Files\Trojan Remover
2008-09-07 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-06 14:45 --------- d-----w C:\Program Files\Yahoo! Games
2008-09-06 14:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-09-06 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-09-05 00:49 --------- d-----w C:\Program Files\Trend Micro
2008-09-02 00:46 --------- d-----w C:\Program Files\Pure Networks
2008-09-02 00:46 --------- d-----w C:\Program Files\Common Files\AOL
2008-09-02 00:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-09-01 21:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2008-08-24 04:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\funkitron
2008-08-23 14:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-23 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 22:18 64,736 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-08-13 03:32 --------- d-----w C:\Program Files\Microsoft Picture It! 9
2008-08-06 00:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 00:19 --------- d-----w C:\Program Files\StorageSync
2008-08-02 03:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\HP
2008-07-20 14:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ludia
2008-07-20 14:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ludia
2008-07-20 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
2008-07-20 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-19 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreshGames
2008-07-17 01:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\MysteryStudio
2008-07-08 22:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\Kermit 95
2008-02-04 19:55 56,912 ----a-w C:\Documents and Settings\Owner\g2mdlhlpx.exe
2005-04-04 17:41 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2001-03-26 15:13 32,768 ----a-w C:\Program Files\internet explorer\plugins\csutil.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-26_12.51.39.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\xpsp3res.dll
+ 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:01 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-13 09:52:16 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-13 11:05:51 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-13 11:27:43 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-04-14 11:00:16 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 12:30:49 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 12:36:35 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:15 512,000 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16 430,080 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:17 90,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953356\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953356\spuninst.exe
+ 2008-05-28 12:01:41 26,624 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\ippmcust.dll
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\updspapi.dll
+ 2008-06-23 16:11:40 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\browseui.dll
+ 2008-06-23 16:11:40 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\cdfview.dll
+ 2008-06-23 16:11:42 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\danim.dll
+ 2008-06-23 16:11:43 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:11:43 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtrans.dll
+ 2008-06-23 16:11:43 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\extmgr.dll
+ 2008-06-23 09:53:58 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iedw.exe
+ 2008-06-23 16:11:52 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iepeers.dll
+ 2008-06-23 16:11:52 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\inseng.dll
+ 2008-06-23 16:11:52 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\jsproxy.dll
+ 2008-06-23 16:11:58 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtml.dll
+ 2008-06-23 16:12:00 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtmled.dll
+ 2008-06-23 16:12:02 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\msrating.dll
+ 2008-06-23 16:12:02 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mstime.dll
+ 2008-06-23 16:12:02 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\pngfilt.dll
+ 2008-06-23 16:12:05 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shdocvw.dll
+ 2008-06-23 16:12:05 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shlwapi.dll
+ 2008-06-23 16:12:06 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\urlmon.dll
+ 2008-06-23 16:12:08 667,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
+ 2008-07-03 09:14:02 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\xpsp3res.dll
+ 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll
+ 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll
+ 2008-06-26 08:15:30 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll
+ 2008-06-23 15:09:27 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
+ 2008-06-25 04:24:48 3,067,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll
+ 2008-06-26 08:00:52 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
+ 2008-06-26 08:00:52 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll
+ 2008-06-23 14:54:47 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll
- 2002-08-29 08:33:20 50,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\1394bus.sys
+ 2004-08-04 06:10:06 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\1394bus.sys
+ 2004-08-04 06:00:03 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\4mmdat.sys
+ 2004-08-04 06:10:10 48,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\61883.sys
- 2003-03-31 12:00:00 59,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll
- 2002-11-20 18:50:50 179,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe
+ 2004-08-04 07:56:47 183,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe
- 2002-11-27 03:20:08 1,821,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll
+ 2004-08-04 07:56:41 1,852,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll
+ 2004-08-04 07:56:41 1,852,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll.000
- 2003-03-31 12:00:00 406,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll
+ 2004-08-04 07:56:41 450,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll
+ 2004-08-04 07:56:41 450,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll.000
- 2003-03-31 12:00:00 125,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclua.dll
+ 2004-08-04 07:56:41 137,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclua.dll
+ 2004-08-04 07:56:41 137,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclua.dll.000
- 2003-03-31 12:00:00 107,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclui.dll
+ 2004-08-04 07:56:41 114,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclui.dll
- 2003-03-31 12:00:00 179,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
+ 2004-08-04 06:07:38 187,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
- 2003-03-31 12:00:00 219,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll
+ 2004-08-04 07:56:41 244,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll
+ 2004-08-04 07:56:41 244,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll.000
- 2003-03-31 12:00:00 181,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\activeds.dll
+ 2004-08-04 07:56:41 194,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\activeds.dll
- 2003-03-31 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe
+ 2004-08-04 07:56:47 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe
- 2003-03-31 12:00:00 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\actxprxy.dll
+ 2004-08-04 07:56:41 101,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\actxprxy.dll
- 2003-03-31 12:00:00 107,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll
+ 2004-08-04 07:56:41 116,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll
+ 2004-08-04 07:56:41 116,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll.000
+ 2004-08-04 07:56:41 20,540 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.dll
+ 2004-08-04 07:56:47 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.exe
- 2003-03-31 12:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\admparse.dll
+ 2004-08-04 07:56:41 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\admparse.dll
- 2003-03-31 12:00:00 162,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldp.dll
+ 2004-08-04 07:56:41 175,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldp.dll
- 2003-03-31 12:00:00 139,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldpc.dll
+ 2004-08-04 07:56:41 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldpc.dll
- 2003-03-31 12:00:00 62,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsmsext.dll
+ 2004-08-04 07:56:41 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsmsext.dll
- 2003-03-31 12:00:00 239,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsnt.dll
+ 2004-08-04 07:56:41 263,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsnt.dll
+ 2004-08-04 07:56:41 4,255 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv01nt5.dll
+ 2004-08-04 07:56:41 3,967 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv02nt5.dll
+ 2004-08-04 07:56:41 3,615 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv05nt5.dll
+ 2004-08-04 07:56:41 3,647 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv07nt5.dll
+ 2004-08-04 07:56:41 3,135 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv08nt5.dll
+ 2004-08-04 07:56:41 3,711 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv09nt5.dll
+ 2004-08-04 07:56:41 3,775 -c----w C:\WINDOWS\$NtServicePackUninstall$\adv11nt5.dll
- 2003-03-31 12:00:00 558,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\advapi32.dll
+ 2004-08-04 07:56:41 616,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\advapi32.dll
- 2003-03-31 12:00:00 91,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\advpack.dll
+ 2004-08-04 07:56:41 99,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\advpack.dll
- 2002-08-29 07:16:38 142,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\aec.sys
+ 2006-02-15 00:22:26 142,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\aec.sys
+ 2006-02-15 00:22:26 142,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\aec.sys.001
- 2003-03-31 12:00:00 131,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\afd.sys
+ 2008-06-20 10:44:38 138,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\afd.sys
- 2003-03-31 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentanm.dll
+ 2004-08-04 07:56:41 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentanm.dll
- 2003-03-31 12:00:00 204,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentctl.dll
+ 2004-08-04 07:56:41 214,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentctl.dll
- 2003-03-31 12:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdp2.dll
- 2003-03-31 12:00:00 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdpv.dll
- 2003-03-31 12:00:00 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentmpx.dll
+ 2004-08-04 07:56:41 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentmpx.dll
- 2003-03-31 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentpsh.dll
+ 2004-08-04 07:56:41 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentpsh.dll
- 2003-03-31 12:00:00 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsr.dll
+ 2004-08-04 07:56:41 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsr.dll
- 2003-03-31 12:00:00 235,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe
+ 2004-08-04 06:07:41 42,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
+ 2004-08-04 06:07:42 44,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\agpcpq.sys
+ 2003-03-31 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0405.dll
+ 2003-03-31 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0406.dll
+ 2003-03-31 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0407.dll
+ 2003-03-31 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0408.dll
+ 2003-03-31 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0409.dll
+ 2003-03-31 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt040b.dll
+ 2003-03-31 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt040c.dll
+ 2003-03-31 12:00:00 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt040e.dll
+ 2003-03-31 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0410.dll
+ 2003-03-31 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0413.dll
+ 2003-03-31 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0414.dll
+ 2003-03-31 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0415.dll
+ 2003-03-31 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0416.dll
+ 2003-03-31 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0419.dll
+ 2003-03-31 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt041d.dll
+ 2003-03-31 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt041f.dll
+ 2003-03-31 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0816.dll
+ 2003-03-31 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0c0a.dll
- 2003-03-31 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agtintl.dll
+ 2004-08-04 07:56:41 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\agtintl.dll
- 2003-03-31 12:00:00 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\ahui.exe
+ 2004-08-04 07:56:47 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\ahui.exe
- 2003-03-31 12:00:00 41,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\alg.exe
+ 2004-08-04 07:56:47 44,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\alg.exe
+ 2004-08-04 06:07:41 42,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\alim1541.sys
- 2003-03-31 12:00:00 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\alrsvc.dll
+ 2004-08-04 07:56:41 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\alrsvc.dll
+ 2004-08-04 06:07:42 43,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdagp.sys
- 2003-03-31 12:00:00 32,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk6.sys
+ 2004-08-04 05:59:19 36,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk6.sys
- 2003-03-31 12:00:00 32,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk7.sys
+ 2004-08-04 05:59:20 37,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk7.sys
- 2002-12-12 08:14:32 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\amstream.dll
+ 2004-08-04 07:56:41 70,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\amstream.dll
- 2003-03-31 12:00:00 115,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\apphelp.dll
+ 2004-08-04 07:56:41 126,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\apphelp.dll
+ 2004-08-04 07:56:41 331,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\aqueue.dll
- 2003-03-31 12:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\arp1394.sys
+ 2004-08-04 05:58:29 60,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\arp1394.sys
- 2003-03-31 12:00:00 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\asycfilt.dll
+ 2004-08-04 07:56:41 65,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\asycfilt.dll
- 2003-03-31 12:00:00 13,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys
+ 2004-08-04 06:05:03 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys
- 2003-03-31 12:00:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\at.exe
+ 2004-08-04 07:56:47 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\at.exe
- 2002-08-29 09:27:50 86,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
+ 2004-08-04 05:59:42 95,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
+ 2004-08-04 07:56:41 229,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati2cqag.dll
+ 2004-08-04 07:56:41 377,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati2dvaa.dll
+ 2004-08-04 07:56:41 201,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati2dvag.dll
+ 2004-08-04 07:56:41 870,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati3d1ag.dll
+ 2004-08-04 07:56:41 1,057,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati3d2ag.dll
+ 2004-08-04 07:56:41 1,888,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati3duag.dll
+ 2004-08-04 07:56:41 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\ativtmxx.dll
+ 2004-08-04 07:56:41 516,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\ativvaxx.dll
- 2003-03-31 12:00:00 74,810 -c----w C:\WINDOWS\$NtServicePackUninstall$\atl.dll
+ 2004-08-04 07:56:41 58,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\atl.dll
- 2003-03-31 12:00:00 10,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe
+ 2004-08-04 07:56:47 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe
- 2003-03-31 12:00:00 57,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmarpc.sys
+ 2004-08-04 05:58:30 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmarpc.sys
- 2003-03-31 12:00:00 272,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmfd.dll
+ 2004-08-04 07:55:59 285,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmfd.dll
- 2003-03-31 12:00:00 53,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlane.sys
+ 2004-08-04 05:58:34 55,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlane.sys
- 2003-03-31 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlib.dll
+ 2004-08-04 07:56:41 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlib.dll
+ 2003-03-31 12:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\attrib.exe
+ 2004-08-04 07:56:41 21,183 -c----w C:\WINDOWS\$NtServicePackUninstall$\atv01nt5.dll
+ 2004-08-04 07:56:41 11,359 -c----w C:\WINDOWS\$NtServicePackUninstall$\atv02nt5.dll
+ 2004-08-04 07:56:41 25,471 -c----w C:\WINDOWS\$NtServicePackUninstall$\atv04nt5.dll
+ 2004-08-04 07:56:41 14,143 -c----w C:\WINDOWS\$NtServicePackUninstall$\atv06nt5.dll
+ 2004-08-04 07:56:41 17,279 -c----w C:\WINDOWS\$NtServicePackUninstall$\atv10nt5.dll
- 2003-03-31 12:00:00 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll
+ 2004-08-04 07:56:41 42,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll
+ 2004-08-04 07:56:47 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\auditusr.exe
+ 2004-08-04 07:56:41 20,540 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.dll
+ 2004-08-04 07:56:47 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.exe
- 2003-03-31 12:00:00 51,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\authz.dll
+ 2005-03-02 18:09:29 56,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\authz.dll
- 2003-03-31 12:00:00 565,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
+ 2004-08-04 07:56:47 588,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
- 2003-03-31 12:00:00 578,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\autoconv.exe
+ 2004-08-04 07:56:47 602,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\autoconv.exe
- 2003-03-31 12:00:00 558,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\autofmt.exe
+ 2004-08-04 07:56:47 580,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\autofmt.exe
- 2003-03-31 12:00:00 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\autolfn.exe
+ 2004-08-04 07:56:47 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\autolfn.exe
+ 2004-08-04 06:10:10 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\avc.sys
+ 2004-08-04 06:09:58 13,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\avcstrm.sys
- 2003-03-31 12:00:00 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\avifil32.dll
+ 2004-08-04 07:56:41 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\avifil32.dll
- 2003-03-31 12:00:00 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\basesrv.dll
+ 2004-08-04 07:56:41 52,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\basesrv.dll
- 2003-03-31 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\batmeter.dll
+ 2004-08-04 07:56:41 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\batmeter.dll
- 2003-03-31 12:00:00 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\batt.dll
+ 2004-08-04 07:56:41 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\batt.dll
- 2003-02-17 18:16:26 11,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\bdasup.sys
+ 2004-08-04 06:10:12 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\bdasup.sys
- 2003-03-31 12:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\bidispl.dll
+ 2004-08-04 07:56:41 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\bidispl.dll
- 2004-07-01 22:08:18 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx2.dll
+ 2004-08-04 07:56:41 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx2.dll
- 2004-07-01 22:08:18 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx3.dll
+ 2004-08-04 07:56:41 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx3.dll
+ 2004-08-04 07:56:47 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\blastcln.exe
- 2003-03-31 12:00:00 68,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\bridge.sys
+ 2004-08-04 05:59:57 71,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\bridge.sys
- 2003-03-31 12:00:00 62,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\browselc.dll
+ 2004-08-04 07:55:59 63,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\browselc.dll
- 2003-03-31 12:00:00 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\browser.dll
+ 2004-08-04 07:56:41 77,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\browser.dll
- 2004-12-07 22:41:16 1,017,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\browseui.dll
+ 2008-06-23 15:38:28 1,023,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\browseui.dll
- 2003-03-31 12:00:00 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\browsewm.dll
+ 2004-08-04 07:56:41 78,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\browsewm.dll
+ 2004-08-04 07:56:41 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthci.dll
+ 2004-08-04 06:10:38 17,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthenum.sys
+ 2004-08-04 06:10:38 38,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthmodem.sys
+ 2004-08-04 05:58:38 100,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthpan.sys
+ 2008-06-13 13:10:50 272,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthport.sys
+ 2008-06-13 13:10:50 272,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthport.sys.001
+ 2004-08-04 06:10:37 35,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthprint.sys
+ 2004-08-04 07:56:41 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthserv.dll
+ 2004-08-04 06:10:34 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthusb.sys
+ 2004-08-04 07:56:41 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\btpanui.dll
- 2003-03-31 12:00:00 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabinet.dll
+ 2004-08-04 07:56:41 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabinet.dll
- 2003-03-31 12:00:00 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabview.dll
+ 2004-08-04 07:56:41 84,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabview.dll
+ 2003-03-31 12:00:00 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\cacls.exe
- 2004-03-30 01:48:36 364,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\callcont.dll
+ 2004-08-04 07:56:41 385,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\callcont.dll
- 2003-03-31 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\camocx.dll
+ 2004-08-04 07:56:41 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\camocx.dll
+ 2003-03-31 12:00:00 142,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\capesnpn.dll
- 2004-03-06 02:16:10 225,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll
+ 2005-07-26 04:39:42 225,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll
- 2003-03-31 12:00:00 85,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvps.dll
+ 2004-08-04 07:56:41 85,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvps.dll
- 2004-03-06 02:16:10 594,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll
- 2003-02-17 18:16:26 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys
+ 2004-08-04 06:10:16 17,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys
- 2003-03-31 12:00:00 59,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys
+ 2004-08-04 06:14:10 63,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys
- 2004-12-07 22:43:02 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfview.dll
+ 2008-06-23 15:38:29 151,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfview.dll
+ 2004-08-04 07:56:41 66,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdm.dll
- 2003-03-31 12:00:00 2,028,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdosys.dll
- 2003-03-31 12:00:00 47,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
+ 2004-08-04 05:59:52 49,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
- 2003-03-31 12:00:00 186,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\certcli.dll
+ 2004-08-04 07:56:41 194,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\certcli.dll
- 2003-03-31 12:00:00 436,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\certmgr.dll
+ 2004-08-04 07:56:41 457,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\certmgr.dll
- 2003-03-31 12:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgbkend.dll
+ 2004-08-04 07:56:41 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgbkend.dll
- 2003-03-31 12:00:00 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgmgr32.dll
+ 2004-08-04 07:56:00 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgmgr32.dll
+ 2004-08-04 07:56:47 188,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe
+ 2004-08-04 07:56:41 15,423 -c----w C:\WINDOWS\$NtServicePackUninstall$\ch7xxnt5.dll
+ 2004-08-04 06:00:12 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\changer.sys
+ 2002-08-29 02:39:42 97,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\chtmbx.dll
+ 2002-08-29 02:39:42 56,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\chtskdic.dll
+ 2002-08-29 02:39:42 173,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\chtskf.dll
+ 2003-03-31 12:00:00 109,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\cic.dll
- 2003-03-31 12:00:00 1,267,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\cimwin32.dll
+ 2004-08-04 07:56:41 1,352,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\cimwin32.dll
+ 2004-08-04 05:31:52 198,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\cintime.dll
- 2004-10-28 15:45:58 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\ciodm.dll
+ 2006-06-22 05:06:29 69,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\ciodm.dll
- 2003-03-31 12:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe
+ 2004-08-04 07:56:47 5,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe
- 2003-03-31 12:00:00 46,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
+ 2004-08-04 06:14:26 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
- 2004-03-06 02:16:10 110,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll
- 2004-03-06 02:16:11 499,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll
- 2003-03-31 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
+ 2004-08-04 07:56:47 64,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
- 2003-03-31 12:00:00 127,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.dll
+ 2004-08-04 07:56:41 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.dll
- 2003-03-31 12:00:00 45,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe
+ 2004-08-04 07:56:47 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe
- 2003-03-31 12:00:00 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe
+ 2004-08-04 07:56:47 102,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe
- 2003-03-31 12:00:00 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
+ 2004-08-04 07:56:47 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
- 2003-03-31 12:00:00 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\clusapi.dll
+ 2004-08-04 07:56:41 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\clusapi.dll
+ 2004-08-04 06:07:39 14,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmbatt.sys
- 2003-03-31 12:00:00 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmcfg32.dll
+ 2004-08-04 07:56:41 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmcfg32.dll
- 2003-03-31 12:00:00 375,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
+ 2004-08-04 07:56:48 388,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
- 2003-03-31 12:00:00 324,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdial32.dll
+ 2004-08-04 07:56:41 343,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdial32.dll
- 2003-03-31 12:00:00 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe
+ 2004-08-04 07:56:48 47,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe
- 2003-03-31 12:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe
+ 2004-08-04 07:56:48 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe
- 2003-03-31 12:00:00 174,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmprops.dll
+ 2004-08-04 07:56:41 185,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmprops.dll
+ 2004-08-04 07:56:41 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmsetacl.dll
- 2003-03-31 12:00:00 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe
+ 2004-08-04 07:56:48 63,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe
- 2003-03-31 12:00:00 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmutil.dll
+ 2004-08-04 07:56:41 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmutil.dll
- 2003-03-31 12:00:00 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\cnbjmon.dll
+ 2004-08-04 07:56:41 47,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\cnbjmon.dll
+ 2004-08-04 07:56:41 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\cnbjmon2.dll
- 2004-03-06 02:16:10 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\colbact.dll
+ 2005-07-26 04:39:43 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\colbact.dll
+ 2003-03-31 12:00:00 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\comaddin.dll
- 2004-03-06 02:16:10 187,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll
+ 2005-07-26 04:39:44 195,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll
- 2003-03-31 12:00:00 557,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll
+ 2006-08-25 15:45:58 617,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll
- 2003-03-31 12:00:00 258,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\comdlg32.dll
+ 2004-08-04 07:56:41 276,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\comdlg32.dll
- 2003-03-31 12:00:00 238,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\compatui.dll<

[cupidringmybelle]

Part 2:

+ 2004-08-04 07:56:41 252,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\compatui.dll
- 2003-03-31 12:00:00 222,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\compstui.dll
+ 2004-08-04 07:56:41 229,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\compstui.dll
+ 2005-07-26 04:39:44 97,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.dll
- 2004-02-17 18:49:58 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe
+ 2004-08-04 07:56:48 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe
+ 2003-03-31 12:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrereg.exe
- 2003-03-31 12:00:00 792,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\comres.dll
+ 2004-08-04 07:56:41 792,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\comres.dll
+ 2003-03-31 12:00:00 259,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsetup.dll
+ 2003-03-31 12:00:00 147,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsnap.dll
- 2004-03-06 02:16:11 1,194,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll
- 2004-03-06 02:16:10 499,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\comuid.dll
+ 2005-07-26 04:39:45 540,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\comuid.dll
- 2003-03-31 12:00:00 995,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\conf.exe
+ 2004-08-04 07:56:48 1,032,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\conf.exe
- 2003-03-31 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\confmrsl.dll
+ 2004-08-04 07:56:41 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\confmrsl.dll
+ 2003-03-31 12:00:00 345,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\confmsp.dll
- 2003-03-31 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\conime.exe
+ 2004-08-04 07:56:48 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\conime.exe
- 2003-03-31 12:00:00 14,877 -c----w C:\WINDOWS\$NtServicePackUninstall$\corpol.dll
+ 2004-08-04 07:56:41 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\corpol.dll
- 2003-03-31 12:00:00 158,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\credui.dll
+ 2004-08-04 07:56:41 163,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\credui.dll
- 2003-03-31 12:00:00 31,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\crusoe.sys
+ 2004-08-04 05:59:20 36,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\crusoe.sys
- 2002-09-23 22:10:26 544,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll
+ 2004-08-04 07:56:41 597,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll
- 2003-03-31 12:00:00 70,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdlg.dll
+ 2004-08-04 07:56:41 74,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdlg.dll
- 2003-03-31 12:00:00 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdll.dll
+ 2004-08-04 07:56:41 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdll.dll
- 2003-03-31 12:00:00 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptext.dll
+ 2004-08-04 07:56:41 53,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptext.dll
- 2003-03-31 12:00:00 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptnet.dll
+ 2004-08-04 07:56:41 63,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptnet.dll
- 2003-03-26 00:40:14 53,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
+ 2004-08-04 07:56:41 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
- 2003-07-25 00:40:22 477,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptui.dll
+ 2004-08-04 07:56:41 512,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptui.dll
- 2004-10-28 01:29:54 92,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscdll.dll
+ 2004-08-04 07:56:41 101,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscdll.dll
- 2003-03-31 12:00:00 102,450 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscript.exe
+ 2004-08-04 07:56:48 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscript.exe
- 2003-03-31 12:00:00 307,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscui.dll
+ 2004-08-04 07:56:41 326,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscui.dll
- 2003-03-31 12:00:00 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrsrv.dll
+ 2004-08-04 07:56:41 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrsrv.dll
- 2003-03-31 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
+ 2004-08-04 07:56:48 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
- 2003-03-31 12:00:00 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
+ 2004-08-04 07:56:48 15,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
+ 2004-08-04 07:56:41 249,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctmasetp.dll
- 2002-07-07 02:01:46 114,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\custsat.dll
+ 2004-08-04 07:56:41 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\custsat.dll
- 2002-12-12 08:14:32 1,177,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8.dll
+ 2004-08-04 07:56:41 1,179,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8.dll
- 2002-12-12 08:14:32 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll
+ 2004-08-04 07:56:41 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll
- 2003-05-30 17:00:02 1,634,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll
+ 2004-08-04 07:56:41 1,689,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll
- 2003-05-30 17:00:02 797,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3dim700.dll
+ 2004-08-04 07:56:41 825,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3dim700.dll
- 2003-03-31 12:00:00 986,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\danim.dll
+ 2008-06-23 15:38:30 1,054,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\danim.dll
- 2004-03-01 18:55:22 561,179 -c----w C:\WINDOWS\$NtServicePackUninstall$\dao360.dll
+ 2004-08-04 07:56:42 561,179 -c----w C:\WINDOWS\$NtServicePackUninstall$\dao360.dll
- 2003-03-31 12:00:00 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\dataclen.dll
+ 2004-08-04 07:56:42 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\dataclen.dll
+ 2003-03-31 12:00:00 152,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\datime.dll
- 2003-03-31 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\davclnt.dll
+ 2004-08-04 07:56:42 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\davclnt.dll
- 2003-03-31 12:00:00 489,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbghelp.dll
+ 2004-08-04 07:56:42 640,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbghelp.dll
- 2003-03-31 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbmsrpcn.dll
+ 2004-08-04 07:56:42 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbmsrpcn.dll
- 2003-10-28 04:12:42 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll
+ 2004-08-04 07:56:42 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll
- 2003-03-31 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnmpntw.dll
+ 2004-08-04 07:56:42 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnmpntw.dll
- 2003-03-31 12:00:00 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2004-08-04 08:07:21 1,788 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
- 2003-03-31 12:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcap32.dll
+ 2004-08-04 07:56:42 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcap32.dll
- 2003-03-31 12:00:00 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\dciman32.dll
+ 2004-08-04 07:56:42 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\dciman32.dll
+ 2003-03-31 12:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcomcnfg.exe
- 2003-03-31 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe
+ 2004-08-04 07:56:48 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe
- 2002-12-12 08:14:32 284,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll
+ 2004-08-04 07:56:42 266,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll
- 2002-12-12 08:14:32 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddrawex.dll
+ 2004-08-04 07:56:42 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddrawex.dll
- 2003-03-31 12:00:00 70,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\defrag.exe
+ 2004-08-04 07:56:48 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\defrag.exe
- 2003-05-30 17:00:02 132,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\devenum.dll
+ 2004-08-04 07:56:42 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\devenum.dll
- 2003-03-31 12:00:00 263,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\devmgr.dll
+ 2004-08-04 07:56:42 282,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\devmgr.dll
- 2003-03-31 12:00:00 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe
+ 2004-08-04 07:56:48 82,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe
- 2003-03-31 12:00:00 99,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe
+ 2004-08-04 07:56:48 104,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe
- 2003-03-31 12:00:00 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgsnap.dll
+ 2004-08-04 07:56:42 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgsnap.dll
- 2003-03-31 12:00:00 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgui.dll
+ 2004-08-04 07:56:42 123,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgui.dll
- 2003-03-31 12:00:00 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfsshlex.dll
+ 2004-08-04 07:56:42 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfsshlex.dll
- 2003-03-31 12:00:00 103,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\dgnet.dll
+ 2004-08-04 07:56:42 111,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\dgnet.dll
- 2003-03-31 12:00:00 99,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2006-05-19 12:59:41 111,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2003-03-31 12:00:00 370,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\dhcpmon.dll
- 2003-03-31 12:00:00 522,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\dialer.exe
+ 2004-08-04 07:56:48 539,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\dialer.exe
- 2003-03-31 12:00:00 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\diantz.exe
+ 2004-08-04 07:56:48 85,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\diantz.exe
- 2003-03-31 12:00:00 55,296 -c----w C:\WINDOWS\$NtServicePackUninstall$\digest.dll
+ 2004-08-04 07:56:42 68,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\digest.dll
- 2003-03-31 12:00:00 151,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\dinput.dll
+ 2004-08-04 07:56:42 159,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\dinput.dll
- 2003-03-31 12:00:00 168,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dinput8.dll
+ 2004-08-04 07:56:42 181,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\dinput8.dll
- 2003-03-31 12:00:00 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\directdb.dll
+ 2007-05-16 15:12:00 86,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\directdb.dll
- 2003-03-31 12:00:00 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\disk.sys
+ 2004-08-04 05:59:54 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\disk.sys
+ 2003-03-31 12:00:00 1,501,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskcopy.dll
- 2003-03-31 12:00:00 13,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskdump.sys
+ 2004-08-04 05:59:52 14,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskdump.sys
- 2003-03-31 12:00:00 145,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe
+ 2004-08-04 07:56:48 163,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe
+ 2003-03-31 12:00:00 45,083 -c----w C:\WINDOWS\$NtServicePackUninstall$\dispex.dll
- 2003-03-31 12:00:00 294,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe
+ 2004-08-04 07:56:48 294,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe
- 2003-03-31 12:00:00 4,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe
+ 2004-08-04 07:56:48 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe
+ 2004-08-04 06:00:04 8,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\dlttape.sys
- 2003-03-31 12:00:00 204,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe
+ 2004-08-04 07:56:48 224,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe
- 2002-12-12 08:14:32 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmband.dll
+ 2004-08-04 07:56:42 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmband.dll
- 2003-03-31 12:00:00 780,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmboot.sys
+ 2004-08-04 06:07:17 799,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmboot.sys
- 2002-12-12 08:14:32 58,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmcompos.dll
+ 2004-08-04 07:56:42 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmcompos.dll
+ 2003-03-31 12:00:00 273,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmdlgs.dll
- 2003-03-31 12:00:00 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmdskmgr.dll
+ 2004-08-04 07:56:42 200,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmdskmgr.dll
- 2002-12-12 08:14:32 171,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmime.dll
+ 2004-08-04 07:56:42 181,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmime.dll
- 2003-03-31 12:00:00 146,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmio.sys
+ 2004-08-04 06:07:16 153,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmio.sys
- 2002-12-12 08:14:32 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmloader.dll
+ 2004-08-04 07:56:42 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmloader.dll
- 2003-03-31 12:00:00 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe
+ 2004-08-04 07:56:48 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe
- 2002-12-12 08:14:32 76,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmscript.dll
+ 2004-08-04 07:56:42 82,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmscript.dll
- 2003-03-31 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmserver.dll
+ 2004-08-04 07:56:42 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmserver.dll
- 2002-12-12 08:14:32 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmstyle.dll
+ 2004-08-04 07:56:42 105,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmstyle.dll
- 2002-12-12 08:14:32 100,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmsynth.dll
+ 2004-08-04 07:56:42 103,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmsynth.dll
- 2002-12-12 08:14:32 116,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmusic.dll
+ 2004-08-04 07:56:42 104,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmusic.dll
- 2001-08-17 21:59:58 50,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmusic.sys
+ 2004-08-04 06:07:38 52,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmusic.sys
- 2003-03-31 12:00:00 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmutil.dll
+ 2004-08-04 07:56:42 52,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmutil.dll
- 2003-03-31 12:00:00 139,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll
- 2003-03-31 12:00:00 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
- 2003-03-31 12:00:00 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\docprop2.dll
+ 2004-08-04 07:56:42 48,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\docprop2.dll
+ 2004-08-04 05:58:29 207,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\dot4.sys
- 2003-03-31 12:00:00 115,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpcdll.dll
+ 2004-08-04 06:13:53 97,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpcdll.dll
- 2002-12-12 08:14:32 28,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe
+ 2004-08-04 07:56:48 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe
- 2002-12-12 08:14:32 217,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplayx.dll
+ 2004-08-04 07:56:42 229,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplayx.dll
- 2002-12-12 08:14:32 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpmodemx.dll
+ 2004-08-04 07:56:42 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpmodemx.dll
- 2002-12-12 08:14:32 3,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnaddr.dll
+ 2004-08-04 07:56:03 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnaddr.dll
- 2002-12-12 08:14:32 723,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnet.dll
+ 2004-08-04 07:56:42 375,296 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnet.dll
- 2003-03-24 17:00:02 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnhpast.dll
+ 2004-08-04 07:56:42 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnhpast.dll
- 2003-03-24 17:00:02 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnhupnp.dll
+ 2004-08-04 07:56:42 60,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnhupnp.dll
- 2002-12-12 08:14:32 3,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnlobby.dll
+ 2004-08-04 07:56:03 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnlobby.dll
- 2002-12-12 08:14:32 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe
+ 2004-08-04 07:56:48 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe
- 2002-12-12 08:14:32 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvacm.dll
+ 2004-08-04 07:56:42 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvacm.dll
- 2002-12-12 08:14:32 381,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvoice.dll
+ 2004-08-04 07:56:42 212,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvoice.dll
- 2002-12-12 08:14:32 80,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe
+ 2004-08-04 07:56:48 83,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe
- 2002-12-12 08:14:32 112,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvvox.dll
+ 2004-08-04 07:56:42 116,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvvox.dll
- 2002-12-12 08:14:32 76,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpwsockx.dll
+ 2004-08-04 07:56:42 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpwsockx.dll
- 2002-08-29 09:32:34 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmk.sys
+ 2004-08-04 06:07:58 60,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmk.sys
- 2002-08-29 09:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2004-08-04 06:07:57 2,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
- 2003-03-31 12:00:00 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\drprov.dll
+ 2004-08-04 07:56:42 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\drprov.dll
- 2003-03-31 12:00:00 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ds32gt.dll
+ 2004-08-04 07:56:42 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ds32gt.dll
- 2002-12-12 08:14:32 186,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsdmo.dll
+ 2004-08-04 07:56:42 181,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsdmo.dll
- 2002-12-12 08:14:32 491,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsdmoprp.dll
+ 2004-08-04 07:56:42 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsdmoprp.dll
- 2003-03-31 12:00:00 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\dskquota.dll
+ 2004-08-04 07:56:42 92,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dskquota.dll
+ 2003-03-31 12:00:00 144,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\dskquoui.dll
- 2002-12-12 08:14:32 355,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsound.dll
+ 2004-08-04 07:56:42 367,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsound.dll
- 2002-12-12 08:14:32 1,294,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsound3d.dll
+ 2004-08-04 07:56:42 1,294,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsound3d.dll
- 2003-03-31 12:00:00 135,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsprop.dll
+ 2004-08-04 07:56:42 142,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsprop.dll
- 2003-03-31 12:00:00 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsprpres.dll
+ 2004-08-04 07:56:04 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsprpres.dll
- 2003-03-31 12:00:00 227,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsquery.dll
+ 2004-08-04 07:56:42 239,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsquery.dll
- 2003-03-31 12:00:00 47,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\dssec.dll
+ 2004-08-04 07:56:42 51,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\dssec.dll
- 2003-03-31 12:00:00 124,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\dssenh.dll
+ 2004-08-04 05:31:43 137,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\dssenh.dll
- 2003-03-31 12:00:00 106,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsuiext.dll
+ 2004-08-04 07:56:42 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsuiext.dll
- 2002-12-12 08:14:32 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dswave.dll
+ 2004-08-04 07:56:42 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\dswave.dll
- 2003-03-31 12:00:00 9,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe
+ 2004-08-04 07:56:48 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe
- 2003-03-31 12:00:00 263,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\duser.dll
+ 2004-08-04 07:56:42 304,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\duser.dll
- 2003-03-31 12:00:00 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe
+ 2004-08-04 07:56:48 17,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe
- 2003-03-31 12:00:00 180,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe
+ 2004-08-04 07:56:48 180,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe
- 2002-12-12 08:14:32 602,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\dx7vb.dll
+ 2004-08-04 07:56:42 619,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\dx7vb.dll
- 2003-05-30 17:00:02 1,189,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\dx8vb.dll
+ 2004-08-04 07:56:42 1,227,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\dx8vb.dll
- 2003-05-30 17:00:02 937,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe
+ 2004-08-04 07:56:48 1,298,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe
- 2003-05-30 17:00:02 1,675,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiagn.dll
+ 2004-08-04 07:56:42 2,113,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiagn.dll
- 2003-03-31 12:00:00 68,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxg.sys
+ 2004-08-04 06:00:54 71,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxg.sys
- 2003-03-31 12:00:00 498,205 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxmasf.dll
+ 2006-08-22 10:05:26 498,742 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxmasf.dll
- 2003-03-31 12:00:00 337,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxtmsft.dll
+ 2008-06-23 15:38:30 357,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxtmsft.dll
- 2003-03-31 12:00:00 194,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxtrans.dll
+ 2008-06-23 15:38:30 205,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxtrans.dll
- 2003-03-31 12:00:00 165,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\els.dll
+ 2004-08-04 07:56:42 183,296 -c----w C:\WINDOWS\$NtServicePackUninstall$\els.dll
- 2002-12-12 08:14:32 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\encapi.dll
+ 2004-08-04 07:56:42 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\encapi.dll
- 2003-03-31 12:00:00 155,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\encdec.dll
+ 2004-08-04 07:56:42 186,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\encdec.dll
+ 2004-08-04 07:56:05 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\ep9res.dll
- 2003-03-31 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\ersvc.dll
+ 2004-08-04 07:56:42 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\ersvc.dll
- 2004-03-06 02:16:11 226,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\es.dll
+ 2008-07-07 20:32:22 253,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\es.dll
- 2003-03-31 12:00:00 1,018,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\esent.dll
+ 2005-10-20 22:20:03 1,082,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\esent.dll
- 2003-03-31 12:00:00 235,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\esscli.dll
+ 2004-08-04 07:56:42 247,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\esscli.dll
- 2003-03-31 12:00:00 178,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe
+ 2004-08-04 07:56:49 193,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe
- 2003-03-31 12:00:00 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
+ 2004-08-04 07:56:42 55,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
+ 2004-08-04 07:56:42 101,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntagnt.dll
+ 2004-08-04 07:56:49 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe
- 2003-03-31 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntrprv.dll
+ 2004-08-04 07:56:42 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntrprv.dll
+ 2004-08-04 07:56:49 92,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntwin.exe
- 2003-03-31 12:00:00 1,004,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
- 2004-01-10 11:37:02 380,957 -c----w C:\WINDOWS\$NtServicePackUninstall$\expsrv.dll
+ 2004-08-04 07:56:42 380,957 -c----w C:\WINDOWS\$NtServicePackUninstall$\expsrv.dll
+ 2008-06-23 15:38:30 55,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\extmgr.dll
- 2003-03-31 12:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe
+ 2004-08-04 07:56:49 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe
+ 2003-03-31 12:00:00 121,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\exts.dll
- 2003-03-31 12:00:00 145,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys
+ 2004-08-04 06:14:16 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys
- 2003-03-31 12:00:00 565,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\fastprox.dll
+ 2004-08-04 07:56:42 472,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\fastprox.dll
- 2003-03-31 12:00:00 66,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\faultrep.dll
+ 2004-08-04 07:56:42 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\faultrep.dll
+ 2004-08-04 07:56:49 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\faxpatch.exe
- 2003-03-31 12:00:00 26,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\fdc.sys
+ 2004-08-04 05:59:27 27,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\fdc.sys
- 2003-03-31 12:00:00 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\feclient.dll
+ 2004-08-04 07:56:42 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\feclient.dll
- 2003-03-31 12:00:00 323,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\filemgmt.dll
+ 2004-08-04 07:56:42 337,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\filemgmt.dll
- 2003-03-31 12:00:00 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\findstr.exe
+ 2004-08-04 07:56:49 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\findstr.exe
+ 2003-03-31 12:00:00 34,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\fips.sys
- 2004-08-20 22:01:15 82,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll
+ 2004-08-04 07:56:42 87,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll
- 2003-03-31 12:00:00 19,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\flpydisk.sys
+ 2004-08-04 05:59:27 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\flpydisk.sys
+ 2006-08-21 12:21:06 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\fltlib.dll
+ 2006-08-21 09:14:58 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\fltmc.exe
+ 2006-08-21 09:14:58 128,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\fltmgr.sys
- 2003-03-31 12:00:00 361,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontext.dll
+ 2004-08-04 07:56:42 382,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontext.dll
+ 2005-10-17 21:14:45 80,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontsub.dll
- 2003-03-31 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontview.exe
+ 2004-08-04 07:56:49 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontview.exe
+ 2003-03-31 12:00:00 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\forcedos.exe
+ 2003-03-31 12:00:00 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\format.com
- 2003-03-31 12:00:00 32,828 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp40ext.dll
+ 2004-08-04 07:56:42 32,828 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp40ext.dll
+ 2004-08-04 07:56:42 184,435 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4amsft.dll
+ 2004-08-04 07:56:42 82,035 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4anscp.dll
+ 2004-08-04 07:56:42 147,513 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4apws.dll
+ 2004-08-04 07:56:42 49,210 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4areg.dll
+ 2004-08-04 07:56:42 102,509 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4atxt.dll
- 2003-05-13 01:56:50 618,605 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4autl.dll
+ 2004-08-04 07:56:42 618,605 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4autl.dll
+ 2004-08-04 07:56:42 41,020 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4avnb.dll
+ 2004-08-04 07:56:42 32,826 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4avss.dll
+ 2004-08-04 07:56:42 49,212 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4awebs.dll
+ 2004-08-04 07:56:42 876,653 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4awel.dll
+ 2004-08-04 07:56:49 15,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe
+ 2004-08-04 07:56:49 109,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe
+ 2004-08-04 07:56:49 24,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe
+ 2004-08-04 07:56:42 20,541 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpadmdll.dll
+ 2004-08-04 07:56:49 188,494 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpcount.exe
+ 2004-08-04 07:56:42 94,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpencode.dll
+ 2004-08-04 07:56:42 20,541 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpexedll.dll
+ 2004-08-04 07:56:42 598,071 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpmmc.dll
+ 2004-08-04 07:56:06 208,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpmmcsat.dll
+ 2004-08-04 07:56:49 20,538 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe
+ 2004-08-04 07:56:49 28,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpsrvadm.exe
- 2003-03-31 12:00:00 8,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\framebuf.dll
+ 2004-08-04 07:56:06 9,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\framebuf.dll
- 2003-03-31 12:00:00 174,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\framedyn.dll
+ 2004-08-04 07:56:42 185,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\framedyn.dll
+ 2004-08-04 07:56:49 193,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\fsquirt.exe
- 2003-03-31 12:00:00 40,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
+ 2004-08-04 07:56:49 42,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
+ 2004-08-04 07:56:42 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\fwcfg.dll
+ 2004-08-04 07:56:42 452,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsapi.dll
+ 2004-08-04 07:56:49 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe
+ 2004-08-04 07:56:42 72,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscom.dll
+ 2004-08-04 07:56:42 285,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscomex.dll
+ 2004-08-04 07:56:49 229,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe
+ 2004-08-04 07:56:42 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsdrv.dll
+ 2004-08-04 07:56:42 55,296 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsevent.dll
+ 2004-08-04 07:56:42 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsext32.dll
+ 2004-08-04 07:56:42 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsmon.dll
- 2003-03-31 12:00:00 122,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsocm.dll
+ 2004-08-04 07:56:42 132,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsocm.dll
+ 2004-08-04 07:56:42 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsperf.dll
+ 2004-08-04 07:56:06 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsres.dll
+ 2004-08-04 07:56:42 562,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsst.dll
+ 2004-08-04 07:56:49 267,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe
+ 2004-08-04 07:56:42 246,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxst30.dll
+ 2004-08-04 07:56:42 397,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxstiff.dll
+ 2004-08-04 07:56:42 154,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsui.dll
+ 2004-08-04 07:56:42 192,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxswzrd.dll
+ 2004-08-04 07:56:42 400,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsxp32.dll
+ 2004-08-04 06:07:43 46,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\gagp30kx.sys
+ 2004-08-04 06:08:21 10,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\gameenum.sys
+ 2004-08-04 06:08:29 59,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\gckernel.sys
- 2004-03-30 01:48:36 257,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll
- 2003-03-31 12:00:00 116,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\glu32.dll
+ 2004-08-04 07:56:42 122,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\glu32.dll
- 2003-03-31 12:00:00 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpkrsrc.dll
+ 2004-08-04 07:56:07 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpkrsrc.dll
- 2004-07-29 22:50:08 38,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe
+ 2004-08-04 07:56:49 39,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe
+ 2004-08-04 05:59:19 28,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\grserial.sys
- 2003-03-31 12:00:00 114,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\guitrn.dll
+ 2004-08-04 07:56:42 123,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\guitrn.dll
- 2003-03-31 12:00:00 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\h323cc.dll
+ 2004-08-04 07:56:42 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\h323cc.dll
- 2004-03-30 01:48:36 593,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll
+ 2004-08-04 07:56:42 614,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll
- 2002-08-29 08:05:04 129,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\hal.dll
+ 2004-08-04 05:59:12 134,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\hal.dll
+ 2004-08-04 05:59:09 131,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\halaacpi.dll
+ 2004-08-04 05:59:06 81,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\halacpi.dll
+ 2004-08-04 05:59:13 150,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\halapic.dll
+ 2004-08-04 05:59:12 134,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\halmacpi.dll
+ 2004-08-04 05:59:18 152,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\halmps.dll
+ 2004-08-04 05:59:19 77,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\halsp.dll
- 2003-07-04 01:50:12 5,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\hccoin.dll
+ 2004-08-04 07:56:42 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\hccoin.dll
+ 2003-03-31 12:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\help.exe
- 2004-04-15 01:50:06 740,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe
+ 2004-08-04 07:56:49 768,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe
- 2003-03-31 12:00:00 703,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe
+ 2004-08-04 07:56:50 743,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe
- 2002-11-09 12:47:56 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\hh.exe
+ 2005-05-26 23:22:01 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\hh.exe
- 2003-01-10 21:43:46 37,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll
+ 2005-05-27 02:04:27 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll
- 2003-03-31 12:00:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\hid.dll
+ 2004-08-04 07:56:42 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\hid.dll
+ 2004-08-04 06:10:36 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidbth.sys
- 2003-03-31 12:00:00 34,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidclass.sys
+ 2004-08-04 06:08:19 36,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidclass.sys
+ 2004-08-04 06:08:18 15,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidir.sys
- 2003-03-31 12:00:00 23,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidparse.sys
+ 2004-08-04 06:08:16 24,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidparse.sys
+ 2004-08-04 07:56:42 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidserv.dll
+ 2001-08-17 19:02:20 9,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidusb.sys
+ 2006-07-21 08:24:43 72,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\hlink.dll
- 2003-03-31 12:00:00 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\hmmapi.dll
+ 2004-08-04 07:56:42 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\hmmapi.dll
- 2003-03-31 12:00:00 240,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll
+ 2004-08-04 07:56:42 344,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll
- 2003-03-31 12:00:00 315,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\hnetwiz.dll
+ 2004-08-04 07:56:42 330,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\hnetwiz.dll
+ 2004-08-04 07:56:42 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\hostmib.dll
- 2003-03-31 12:00:00 137,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\hotplug.dll
+ 2004-08-04 07:56:42 144,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\hotplug.dll
+ 2004-08-04 07:56:42 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\hpcjrr.dll
+ 2004-08-04 07:56:42 10,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\hpcjrrps.dll
+ 2004-08-04 07:56:42 87,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\hpfud50.dll
- 2004-04-11 03:53:14 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe
+ 2004-08-04 07:56:50 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe
+ 2004-08-04 07:56:42 32,285 -c----w C:\WINDOWS\$NtServicePackUninstall$\hsfcisp2.dll
+ 2006-03-17 00:33:10 262,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\http.sys
+ 2006-03-17 00:33:10 262,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\http.sys.001
+ 2004-08-04 07:56:42 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\httpapi.dll
- 2003-03-31 12:00:00 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\htui.dll
+ 2004-08-04 07:56:42 41,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\htui.dll
- 2004-11-17 17:57:01 493,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\hypertrm.dll
+ 2004-11-17 17:41:24 347,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\hypertrm.dll
+ 2004-08-04 06:00:50 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\i2omgmt.sys
+ 2004-08-04 06:00:50 18,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\i2omp.sys
- 2003-03-31 12:00:00 51,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys
+ 2004-08-04 06:14:36 52,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys
+ 2004-08-04 07:56:42 702,845 -c----w C:\WINDOWS\$NtServicePackUninstall$\i81xdnt5.dll
- 2003-03-31 12:00:00 116,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\iasrad.dll
+ 2004-08-04 07:56:42 119,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\iasrad.dll
- 2003-03-31 12:00:00 9,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\icaapi.dll
+ 2004-08-04 07:56:42 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\icaapi.dll
- 2003-03-31 12:00:00 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\iccvid.dll
+ 2004-08-04 07:56:42 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\iccvid.dll
- 2003-03-31 12:00:00 236,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\icm32.dll
+ 2005-06-29 01:46:00 254,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\icm32.dll
- 2003-03-31 12:00:00 3,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\icmp.dll
+ 2004-08-04 07:56:07 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\icmp.dll
- 2003-03-31 12:00:00 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\iconlib.dll
+ 2004-08-04 07:56:42 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\iconlib.dll
- 2003-03-31 12:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn.dll
+ 2004-08-04 07:56:42 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn.dll
- 2003-03-31 12:00:00 208,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe
+ 2004-08-04 07:56:50 214,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe
- 2003-03-31 12:00:00 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe
+ 2004-08-04 07:56:50 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe
- 2003-03-31 12:00:00 69,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwdial.dll
+ 2004-08-04 07:56:42 73,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwdial.dll
- 2003-03-31 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwdl.dll
+ 2004-08-04 07:56:42 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwdl.dll
- 2003-03-31 12:00:00 155,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwhelp.dll
+ 2004-08-04 07:56:42 172,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwhelp.dll
- 2003-03-31 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwphbk.dll
+ 2004-08-04 07:56:42 65,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwphbk.dll
- 2003-03-31 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe
+ 2004-08-04 07:56:50 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe
- 2003-03-31 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwutil.dll
+ 2004-08-04 07:56:42 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwutil.dll
- 2003-03-31 12:00:00 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\idq.dll
+ 2004-08-04 07:56:42 120,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\idq.dll
- 2003-03-31 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe
+ 2004-08-04 07:56:50 34,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe
- 2003-03-31 12:00:00 126,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\ieakeng.dll
+ 2004-08-04 07:56:42 139,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\ieakeng.dll
- 2003-03-31 12:00:00 204,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\ieaksie.dll
+ 2004-08-04 07:56:42 216,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\ieaksie.dll
- 2003-03-31 12:00:00 294,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\iedkcs32.dll
+ 2004-08-04 07:56:42 323,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\iedkcs32.dll
+ 2008-06-23 09:49:29 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\iedw.exe
+ 2004-08-04 07:56:42 81,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\ieencode.dll
- 2004-12-07 16:51:58 236,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\iepeers.dll
+ 2008-06-23 15:38:31 251,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\iepeers.dll
- 2003-03-31 12:00:00 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\iernonce.dll
+ 2004-08-04 07:56:42 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\iernonce.dll
- 2003-03-31 12:00:00 59,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\iesetup.dll
+ 2004-08-04 07:56:42 62,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\iesetup.dll
- 2003-03-31 12:00:00 91,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
+ 2004-08-04 07:56:50 93,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
- 2003-03-31 12:00:00 99,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe
+ 2004-08-04 07:56:50 114,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe
- 2003-03-31 12:00:00 125,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\ifmon.dll
+ 2004-08-04 07:56:42 135,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\ifmon.dll
- 2003-03-31 12:00:00 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\igmpagnt.dll
+ 2004-08-04 07:56:42 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\igmpagnt.dll
- 2003-03-31 12:00:00 468,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\iis.dll
+ 2004-08-04 07:56:42 505,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\iis.dll
- 2003-03-31 12:00:00 73,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\ils.dll
+ 2004-08-04 07:56:42 81,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\ils.dll
- 2003-03-31 12:00:00 126,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\imagehlp.dll
+ 2004-08-04 07:56:42 144,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\imagehlp.dll
- 2003-03-31 12:00:00 123,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.exe
+ 2004-08-04 07:56:50 150,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.exe
- 2003-03-31 12:00:00 39,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.sys
+ 2004-08-04 06:00:15 41,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.sys
+ 2004-08-04 06:04:36 106,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\imekrcic.dll
+ 2004-08-04 06:04:32 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\imekrmbx.dll
- 2003-03-31 12:00:00 36,922 -c----w C:\WINDOWS\$NtServicePackUninstall$\imeshare.dll
+ 2004-08-04 07:56:42 36,921 -c----w C:\WINDOWS\$NtServicePackUninstall$\imeshare.dll
- 2003-03-31 12:00:00 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\imgutil.dll
+ 2004-08-04 07:56:42 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\imgutil.dll
+ 2004-08-04 05:31:48 811,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjp81k.dll
+ 2004-08-04 05:31:50 368,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpcic.dll
+ 2004-08-04 05:31:51 716,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpcus.dll
+ 2004-08-04 05:31:52 81,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpdct.dll
+ 2004-08-04 05:32:15 274,489 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjputyc.dll
+ 2002-08-29 02:39:02 102,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\imlang.dll
- 2003-03-31 12:00:00 103,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
+ 2004-08-04 07:56:42 110,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
+ 2003-03-31 12:00:00 115,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\imsinsnt.dll
- 2003-03-31 12:00:00 266,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetcfg.dll
+ 2004-08-04 07:56:42 274,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetcfg.dll
- 2003-03-31 12:00:00 587,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetcomm.dll
- 2003-03-31 12:00:00 31,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetmib1.dll
+ 2004-08-04 07:56:42 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetmib1.dll
- 2003-03-31 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetpp.dll
+ 2004-08-04 07:56:42 75,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetpp.dll
- 2003-03-31 12:00:00 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetppui.dll
+ 2004-08-04 07:56:42 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetppui.dll
- 2003-03-31 12:00:00 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetres.dll
+ 2004-08-04 07:56:08 48,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetres.dll
- 2003-03-31 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe
+ 2004-08-04 07:56:50 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe
- 2003-03-31 12:00:00 144,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\initpki.dll
+ 2004-08-04 07:56:42 147,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\initpki.dll
- 2003-03-31 12:00:00 114,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\input.dll
+ 2004-08-04 07:56:42 123,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\input.dll
- 2004-08-26 14:53:48 69,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\inseng.dll
+ 2008-06-23 15:38:31 96,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\inseng.dll
+ 2004-08-04 05:59:41 5,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\intelide.sys
+ 2004-08-04 05:59:19 36,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\intelppm.sys
+ 2004-08-04 06:00:06 29,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
- 2003-03-31 12:00:00 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe
+ 2004-08-04 07:56:50 55,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe
+ 2004-08-04 07:56:05 97,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipevldpc.dll
+ 2004-08-04 07:56:04 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipevlpid.dll
- 2003-03-31 12:00:00 82,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\iphlpapi.dll
+ 2006-05-19 12:59:41 94,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\iphlpapi.dll
- 2003-03-31 12:00:00 19,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipinip.sys
+ 2004-08-04 06:04:45 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipinip.sys
+ 2003-03-31 12:00:00 154,112 -c----w