Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! I HAD the red circle with white X, Red circle [RESOLVED]

Started by CorporateKD , Dec 06 2008 04:37 PM

  • This topic is locked This topic is locked

#16
CorporateKD
Posted 06 December 2008 - 09:09 PM

CorporateKD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Andrewuk:

Part 13 of the ComboFix log!

- 2004-08-04 07:56:46 11,325 ------w c:\windows\SYSTEM32\DRIVERS\vchnt5.dll
+ 2008-04-14 00:12:08 11,325 ------w c:\windows\SYSTEM32\DRIVERS\vchnt5.dll
- 2004-08-04 06:07:06 20,992 ----a-w c:\windows\SYSTEM32\DRIVERS\vga.sys
+ 2008-04-13 18:44:40 20,992 ----a-w c:\windows\SYSTEM32\DRIVERS\vga.sys
- 2004-08-04 06:07:42 42,240 ----a-w c:\windows\SYSTEM32\DRIVERS\viaagp.sys
+ 2008-04-13 18:36:40 42,240 ----a-w c:\windows\SYSTEM32\DRIVERS\viaagp.sys
- 2004-08-04 05:59:42 5,376 ----a-w c:\windows\SYSTEM32\DRIVERS\viaide.sys
+ 2008-04-13 18:40:31 5,376 ----a-w c:\windows\SYSTEM32\DRIVERS\viaide.sys
- 2004-08-04 06:07:05 79,744 ----a-w c:\windows\SYSTEM32\DRIVERS\videoprt.sys
+ 2008-04-13 18:44:40 81,664 ----a-w c:\windows\SYSTEM32\DRIVERS\videoprt.sys
- 2004-08-04 06:00:16 52,352 ----a-w c:\windows\SYSTEM32\DRIVERS\volsnap.sys
+ 2008-04-13 18:41:01 52,352 ----a-w c:\windows\SYSTEM32\DRIVERS\volsnap.sys
- 2004-08-04 06:04:52 13,568 ------w c:\windows\SYSTEM32\DRIVERS\wacompen.sys
+ 2008-04-13 18:43:55 14,208 ------w c:\windows\SYSTEM32\DRIVERS\wacompen.sys
- 2004-08-04 06:04:57 34,560 ----a-w c:\windows\SYSTEM32\DRIVERS\wanarp.sys
+ 2008-04-13 18:57:21 34,560 ----a-w c:\windows\SYSTEM32\DRIVERS\wanarp.sys
- 2006-06-14 09:00:45 82,944 ----a-w c:\windows\SYSTEM32\DRIVERS\wdmaud.sys
+ 2008-04-13 19:17:18 83,072 ----a-w c:\windows\SYSTEM32\DRIVERS\wdmaud.sys
- 2004-08-04 06:10:21 19,328 ----a-w c:\windows\SYSTEM32\DRIVERS\wstcodec.sys
+ 2008-04-13 18:46:24 19,200 ----a-w c:\windows\SYSTEM32\DRIVERS\wstcodec.sys
- 2004-08-04 07:56:42 14,336 ----a-w c:\windows\SYSTEM32\drprov.dll
+ 2008-04-14 00:11:52 14,336 ----a-w c:\windows\SYSTEM32\drprov.dll
- 2004-08-04 07:56:42 16,384 ----a-w c:\windows\SYSTEM32\ds32gt.dll
+ 2008-04-14 00:11:52 16,384 ----a-w c:\windows\SYSTEM32\ds32gt.dll
- 2004-08-04 07:56:42 181,760 ----a-w c:\windows\SYSTEM32\dsdmo.dll
+ 2008-04-14 00:11:52 181,248 ----a-w c:\windows\SYSTEM32\dsdmo.dll
- 2004-08-04 07:56:42 71,680 ----a-w c:\windows\SYSTEM32\dsdmoprp.dll
+ 2008-04-14 00:11:52 71,680 ----a-w c:\windows\SYSTEM32\dsdmoprp.dll
- 2004-08-04 07:56:42 92,672 ----a-w c:\windows\SYSTEM32\dskquota.dll
+ 2008-04-14 00:11:52 92,672 ----a-w c:\windows\SYSTEM32\dskquota.dll
- 2002-08-29 11:00:00 144,384 ----a-w c:\windows\SYSTEM32\dskquoui.dll
+ 2008-04-14 00:11:52 155,648 ----a-w c:\windows\SYSTEM32\dskquoui.dll
- 2004-08-04 07:56:42 367,616 ----a-w c:\windows\SYSTEM32\dsound.dll
+ 2008-04-14 00:11:52 367,616 ----a-w c:\windows\SYSTEM32\dsound.dll
- 2004-08-04 07:56:42 1,294,336 ----a-w c:\windows\SYSTEM32\dsound3d.dll
+ 2008-04-14 00:11:52 1,293,824 ----a-w c:\windows\SYSTEM32\dsound3d.dll
- 2004-08-04 07:56:42 142,336 ----a-w c:\windows\SYSTEM32\dsprop.dll
+ 2008-04-14 00:11:52 142,848 ----a-w c:\windows\SYSTEM32\dsprop.dll
- 2004-08-04 07:56:04 4,096 ----a-w c:\windows\SYSTEM32\dsprpres.dll
+ 2008-04-13 17:09:30 4,096 ----a-w c:\windows\SYSTEM32\dsprpres.dll
- 2004-08-04 07:56:42 239,104 ----a-w c:\windows\SYSTEM32\dsquery.dll
+ 2008-04-14 00:11:52 239,104 ----a-w c:\windows\SYSTEM32\dsquery.dll
- 2004-08-04 07:56:42 51,200 ----a-w c:\windows\SYSTEM32\dssec.dll
+ 2008-04-14 00:11:52 51,200 ----a-w c:\windows\SYSTEM32\dssec.dll
- 2004-08-04 05:31:43 137,216 ----a-w c:\windows\SYSTEM32\dssenh.dll
+ 2008-04-13 17:37:57 138,752 ----a-w c:\windows\SYSTEM32\dssenh.dll
- 2004-08-04 07:56:42 113,152 ----a-w c:\windows\SYSTEM32\dsuiext.dll
+ 2008-04-14 00:11:52 113,152 ----a-w c:\windows\SYSTEM32\dsuiext.dll
- 2004-08-04 07:56:42 19,456 ----a-w c:\windows\SYSTEM32\dswave.dll
+ 2008-04-14 00:11:52 19,456 ----a-w c:\windows\SYSTEM32\dswave.dll
- 2004-08-04 07:56:48 10,752 ----a-w c:\windows\SYSTEM32\dumprep.exe
+ 2008-04-14 00:12:18 10,752 ----a-w c:\windows\SYSTEM32\dumprep.exe
- 2004-08-04 07:56:42 304,128 ----a-w c:\windows\SYSTEM32\duser.dll
+ 2008-04-14 00:11:52 304,128 ----a-w c:\windows\SYSTEM32\duser.dll
- 2004-08-04 07:56:48 17,920 ----a-w c:\windows\SYSTEM32\dvdupgrd.exe
+ 2008-04-14 00:12:18 17,920 ----a-w c:\windows\SYSTEM32\dvdupgrd.exe
- 2004-08-04 07:56:48 180,224 ----a-w c:\windows\SYSTEM32\dwwin.exe
+ 2008-04-14 00:12:18 180,224 ----a-w c:\windows\SYSTEM32\dwwin.exe
- 2004-08-04 07:56:42 619,008 ----a-w c:\windows\SYSTEM32\dx7vb.dll
+ 2008-04-14 00:11:52 619,008 ----a-w c:\windows\SYSTEM32\dx7vb.dll
- 2004-08-04 07:56:42 1,227,264 ----a-w c:\windows\SYSTEM32\dx8vb.dll
+ 2008-04-14 00:11:52 1,227,264 ----a-w c:\windows\SYSTEM32\dx8vb.dll
- 2004-08-04 07:56:48 1,298,432 ----a-w c:\windows\SYSTEM32\dxdiag.exe
+ 2008-04-14 00:12:18 1,298,432 ----a-w c:\windows\SYSTEM32\dxdiag.exe
- 2004-08-04 07:56:42 2,113,536 ----a-w c:\windows\SYSTEM32\dxdiagn.dll
+ 2008-04-14 00:11:52 2,113,536 ----a-w c:\windows\SYSTEM32\dxdiagn.dll
- 2006-08-22 09:05:26 498,742 ----a-w c:\windows\SYSTEM32\dxmasf.dll
+ 2008-04-14 00:11:52 498,742 ----a-w c:\windows\SYSTEM32\dxmasf.dll
+ 2008-07-30 02:10:04 73,720 ----a-w c:\windows\SYSTEM32\dxva2.dll
+ 2008-04-14 00:11:52 30,720 ------w c:\windows\SYSTEM32\eapolqec.dll
+ 2008-04-14 00:11:52 184,832 ------w c:\windows\SYSTEM32\eapp3hst.dll
+ 2008-04-14 00:11:52 126,976 ------w c:\windows\SYSTEM32\eappcfg.dll
+ 2008-04-14 00:11:52 94,208 ------w c:\windows\SYSTEM32\eappgnui.dll
+ 2008-04-14 00:11:52 180,224 ------w c:\windows\SYSTEM32\eapphost.dll
+ 2008-04-14 00:11:52 40,960 ------w c:\windows\SYSTEM32\eappprxy.dll
+ 2008-04-14 00:11:52 59,392 ------w c:\windows\SYSTEM32\eapqec.dll
+ 2008-04-14 00:11:52 33,792 ------w c:\windows\SYSTEM32\eapsvc.dll
- 2004-08-04 07:56:42 183,296 ----a-w c:\windows\SYSTEM32\els.dll
+ 2008-04-14 00:11:53 183,296 ----a-w c:\windows\SYSTEM32\els.dll
+ 2008-04-14 00:11:57 28,672 ------w c:\windows\SYSTEM32\en\microsoft.managementconsole.resources.dll
+ 2008-04-14 00:11:57 40,960 ------w c:\windows\SYSTEM32\en\mmcex.resources.dll
+ 2008-04-14 00:11:57 6,656 ------w c:\windows\SYSTEM32\en\mmcfxcommon.resources.dll
- 2004-08-04 07:56:42 20,480 ----a-w c:\windows\SYSTEM32\encapi.dll
+ 2008-04-14 00:11:53 20,480 ----a-w c:\windows\SYSTEM32\encapi.dll
- 2004-08-04 07:56:42 186,368 ----a-w c:\windows\SYSTEM32\encdec.dll
+ 2008-04-14 00:11:53 186,880 ----a-w c:\windows\SYSTEM32\encdec.dll
- 2004-08-04 07:56:42 23,040 ----a-w c:\windows\SYSTEM32\ersvc.dll
+ 2008-04-14 00:11:53 23,040 ----a-w c:\windows\SYSTEM32\ersvc.dll
- 2008-07-07 20:32:22 253,952 ----a-w c:\windows\SYSTEM32\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\SYSTEM32\es.dll
- 2005-10-20 22:20:03 1,082,368 ----a-w c:\windows\SYSTEM32\esent.dll
+ 2008-04-14 00:11:53 1,082,368 ----a-w c:\windows\SYSTEM32\esent.dll
- 2004-08-04 07:56:49 193,024 ----a-w c:\windows\SYSTEM32\eudcedit.exe
+ 2008-04-14 00:12:19 193,024 ----a-w c:\windows\SYSTEM32\eudcedit.exe
- 2004-08-04 07:56:42 55,808 ----a-w c:\windows\SYSTEM32\eventlog.dll
+ 2008-04-14 00:11:53 56,320 ----a-w c:\windows\SYSTEM32\eventlog.dll
- 2004-08-04 07:56:42 101,888 ----a-w c:\windows\SYSTEM32\evntagnt.dll
+ 2008-04-14 00:11:53 101,888 ----a-w c:\windows\SYSTEM32\evntagnt.dll
- 2004-08-04 07:56:49 24,064 ----a-w c:\windows\SYSTEM32\evntcmd.exe
+ 2008-04-14 00:12:19 24,064 ----a-w c:\windows\SYSTEM32\evntcmd.exe
- 2004-08-04 07:56:49 92,160 ----a-w c:\windows\SYSTEM32\evntwin.exe
+ 2008-04-14 00:12:19 92,160 ----a-w c:\windows\SYSTEM32\evntwin.exe
+ 2008-07-30 02:10:04 493,048 ----a-w c:\windows\SYSTEM32\evr.dll
- 2004-08-04 07:56:42 380,957 ----a-w c:\windows\SYSTEM32\expsrv.dll
+ 2008-04-14 00:11:53 380,445 ----a-w c:\windows\SYSTEM32\expsrv.dll
- 2004-08-04 07:56:49 45,568 ----a-w c:\windows\SYSTEM32\extrac32.exe
+ 2008-04-14 00:12:19 24,064 ----a-w c:\windows\SYSTEM32\extrac32.exe
- 2002-08-29 11:00:00 121,856 ----a-w c:\windows\SYSTEM32\exts.dll
+ 2008-04-14 00:11:53 125,952 ----a-w c:\windows\SYSTEM32\exts.dll
- 2004-08-04 07:56:42 80,384 ----a-w c:\windows\SYSTEM32\faultrep.dll
+ 2008-04-14 00:11:53 80,384 ----a-w c:\windows\SYSTEM32\faultrep.dll
- 2004-08-04 07:56:49 20,992 ----a-w c:\windows\SYSTEM32\faxpatch.exe
+ 2008-04-14 00:12:20 20,992 ----a-w c:\windows\SYSTEM32\faxpatch.exe
- 2004-08-04 07:56:42 21,504 ----a-w c:\windows\SYSTEM32\feclient.dll
+ 2008-04-14 00:11:53 21,504 ----a-w c:\windows\SYSTEM32\feclient.dll
- 2004-08-04 07:56:42 337,920 ----a-w c:\windows\SYSTEM32\filemgmt.dll
+ 2008-04-14 00:11:53 337,920 ----a-w c:\windows\SYSTEM32\filemgmt.dll
- 2004-08-04 07:56:49 27,136 ----a-w c:\windows\SYSTEM32\findstr.exe
+ 2008-04-14 00:12:20 27,136 ----a-w c:\windows\SYSTEM32\findstr.exe
- 2004-08-04 07:56:42 87,552 ----a-w c:\windows\SYSTEM32\fldrclnr.dll
+ 2008-04-14 00:11:53 87,552 ----a-w c:\windows\SYSTEM32\fldrclnr.dll
- 2006-08-21 12:21:06 16,896 ----a-w c:\windows\SYSTEM32\fltlib.dll
+ 2008-04-14 00:11:53 16,896 ----a-w c:\windows\SYSTEM32\fltlib.dll
- 2006-08-21 09:14:58 23,040 ----a-w c:\windows\SYSTEM32\fltmc.exe
+ 2008-04-14 00:12:20 23,040 ----a-w c:\windows\SYSTEM32\fltmc.exe
- 2008-10-15 07:31:44 350,584 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2008-12-08 00:02:01 353,768 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
- 2004-08-04 07:56:42 382,976 ----a-w c:\windows\SYSTEM32\fontext.dll
+ 2008-04-14 00:11:53 382,976 ----a-w c:\windows\SYSTEM32\fontext.dll
- 2005-10-17 21:14:45 80,896 ----a-w c:\windows\SYSTEM32\fontsub.dll
+ 2008-04-14 00:11:53 80,896 ----a-w c:\windows\SYSTEM32\fontsub.dll
- 2004-08-04 07:56:49 20,992 ----a-w c:\windows\SYSTEM32\fontview.exe
+ 2008-04-14 00:12:20 20,992 ----a-w c:\windows\SYSTEM32\fontview.exe
- 2002-08-29 11:00:00 7,168 ----a-w c:\windows\SYSTEM32\forcedos.exe
+ 2008-04-14 00:12:20 7,680 ----a-w c:\windows\SYSTEM32\forcedos.exe
- 2002-08-29 11:00:00 25,600 ----a-w c:\windows\SYSTEM32\format.com
+ 2008-04-14 00:12:42 29,696 ----a-w c:\windows\SYSTEM32\format.com
- 2004-08-04 07:56:06 9,344 ----a-w c:\windows\SYSTEM32\framebuf.dll
+ 2008-04-14 00:09:33 9,344 ----a-w c:\windows\SYSTEM32\framebuf.dll
- 2004-08-04 07:56:49 193,024 ----a-w c:\windows\SYSTEM32\fsquirt.exe
+ 2008-04-14 00:12:20 193,024 ----a-w c:\windows\SYSTEM32\fsquirt.exe
- 2004-08-04 07:56:49 42,496 ----a-w c:\windows\SYSTEM32\ftp.exe
+ 2008-04-14 00:12:20 42,496 ----a-w c:\windows\SYSTEM32\ftp.exe
- 2004-08-04 07:56:42 60,416 ----a-w c:\windows\SYSTEM32\fwcfg.dll
+ 2008-04-14 00:11:53 60,416 ----a-w c:\windows\SYSTEM32\fwcfg.dll
- 2004-08-04 07:56:42 452,096 ----a-w c:\windows\SYSTEM32\fxsapi.dll
+ 2008-04-14 00:11:53 451,584 ----a-w c:\windows\SYSTEM32\fxsapi.dll
- 2004-08-04 07:56:49 143,360 ----a-w c:\windows\SYSTEM32\fxsclnt.exe
+ 2008-04-14 00:12:21 142,848 ----a-w c:\windows\SYSTEM32\fxsclnt.exe
- 2004-08-04 07:56:42 72,192 ----a-w c:\windows\SYSTEM32\fxscom.dll
+ 2008-04-14 00:11:54 72,192 ----a-w c:\windows\SYSTEM32\fxscom.dll
- 2004-08-04 07:56:42 285,184 ----a-w c:\windows\SYSTEM32\fxscomex.dll
+ 2008-04-14 00:11:54 285,184 ----a-w c:\windows\SYSTEM32\fxscomex.dll
- 2004-08-04 07:56:49 229,376 ----a-w c:\windows\SYSTEM32\fxscover.exe
+ 2008-04-14 00:12:21 229,376 ----a-w c:\windows\SYSTEM32\fxscover.exe
- 2004-08-04 07:56:42 27,136 ----a-w c:\windows\SYSTEM32\fxsdrv.dll
+ 2008-04-14 00:11:54 26,624 ----a-w c:\windows\SYSTEM32\fxsdrv.dll
- 2004-08-04 07:56:42 55,296 ----a-w c:\windows\SYSTEM32\fxsevent.dll
+ 2008-04-14 00:11:54 55,296 ----a-w c:\windows\SYSTEM32\fxsevent.dll
- 2004-08-04 07:56:42 23,552 ----a-w c:\windows\SYSTEM32\fxsext32.dll
+ 2008-04-14 00:11:54 23,552 ----a-w c:\windows\SYSTEM32\fxsext32.dll
- 2004-08-04 07:56:42 23,552 ----a-w c:\windows\SYSTEM32\fxsmon.dll
+ 2008-04-14 00:11:54 23,552 ----a-w c:\windows\SYSTEM32\fxsmon.dll
- 2004-08-04 07:56:42 8,704 ----a-w c:\windows\SYSTEM32\fxsperf.dll
+ 2008-04-14 00:11:54 8,704 ----a-w c:\windows\SYSTEM32\fxsperf.dll
- 2004-08-04 07:56:06 6,656 ----a-w c:\windows\SYSTEM32\fxsres.dll
+ 2008-04-14 00:09:33 6,656 ----a-w c:\windows\SYSTEM32\fxsres.dll
- 2004-08-04 07:56:42 562,176 ----a-w c:\windows\SYSTEM32\fxsst.dll
+ 2008-04-14 00:11:54 562,176 ----a-w c:\windows\SYSTEM32\fxsst.dll
- 2004-08-04 07:56:49 267,776 ----a-w c:\windows\SYSTEM32\fxssvc.exe
+ 2008-04-14 00:12:21 267,776 ----a-w c:\windows\SYSTEM32\fxssvc.exe
- 2004-08-04 07:56:42 246,272 ----a-w c:\windows\SYSTEM32\fxst30.dll
+ 2008-04-14 00:11:54 246,272 ----a-w c:\windows\SYSTEM32\fxst30.dll
- 2004-08-04 07:56:42 397,312 ----a-w c:\windows\SYSTEM32\fxstiff.dll
+ 2008-04-14 00:11:54 397,312 ----a-w c:\windows\SYSTEM32\fxstiff.dll
- 2004-08-04 07:56:42 154,112 ----a-w c:\windows\SYSTEM32\fxsui.dll
+ 2008-04-14 00:11:54 154,112 ----a-w c:\windows\SYSTEM32\fxsui.dll
- 2004-08-04 07:56:42 192,512 ----a-w c:\windows\SYSTEM32\fxswzrd.dll
+ 2008-04-14 00:11:54 192,512 ----a-w c:\windows\SYSTEM32\fxswzrd.dll
- 2004-08-04 07:56:42 400,384 ----a-w c:\windows\SYSTEM32\fxsxp32.dll
+ 2008-04-14 00:11:54 400,384 ----a-w c:\windows\SYSTEM32\fxsxp32.dll
- 2008-02-20 06:51:05 282,624 ----a-w c:\windows\SYSTEM32\gdi32.dll
+ 2008-04-14 00:11:54 285,184 ----a-w c:\windows\SYSTEM32\gdi32.dll
- 2004-08-04 07:56:42 122,880 ----a-w c:\windows\SYSTEM32\glu32.dll
+ 2008-04-14 00:11:54 122,880 ----a-w c:\windows\SYSTEM32\glu32.dll
- 2004-08-04 07:56:07 9,728 ----a-w c:\windows\SYSTEM32\gpkrsrc.dll
+ 2006-12-31 01:26:44 9,728 ----a-w c:\windows\SYSTEM32\gpkrsrc.dll
- 2004-08-04 07:56:49 39,424 ----a-w c:\windows\SYSTEM32\grpconv.exe
+ 2008-04-14 00:12:21 39,424 ----a-w c:\windows\SYSTEM32\grpconv.exe
- 2004-08-04 07:56:42 614,912 ----a-w c:\windows\SYSTEM32\h323msp.dll
+ 2008-04-14 00:11:54 614,912 ----a-w c:\windows\SYSTEM32\h323msp.dll
- 2004-08-04 05:59:09 131,968 ----a-w c:\windows\SYSTEM32\hal.dll
+ 2008-04-13 18:31:28 131,840 ----a-w c:\windows\SYSTEM32\HAL.DLL
- 2004-08-04 07:56:42 7,168 ----a-w c:\windows\SYSTEM32\hccoin.dll
+ 2008-04-14 00:11:54 7,168 ----a-w c:\windows\SYSTEM32\hccoin.dll
- 2002-08-29 11:00:00 14,848 ----a-w c:\windows\SYSTEM32\help.exe
+ 2008-04-14 00:12:21 15,872 ----a-w c:\windows\SYSTEM32\help.exe
- 2005-05-27 02:04:27 41,472 ----a-w c:\windows\SYSTEM32\hhsetup.dll
+ 2008-04-14 00:11:54 41,472 ----a-w c:\windows\SYSTEM32\hhsetup.dll
- 2004-08-04 07:56:42 20,992 ----a-w c:\windows\SYSTEM32\hid.dll
+ 2008-04-14 00:11:54 20,992 ----a-w c:\windows\SYSTEM32\hid.dll
- 2006-07-21 08:24:43 72,704 ----a-w c:\windows\SYSTEM32\hlink.dll
+ 2008-04-14 00:11:54 72,704 ----a-w c:\windows\SYSTEM32\hlink.dll
- 2004-08-04 07:56:42 344,064 ----a-w c:\windows\SYSTEM32\hnetcfg.dll
+ 2008-04-14 00:11:54 344,064 ----a-w c:\windows\SYSTEM32\hnetcfg.dll
- 2004-08-04 07:56:42 330,752 ----a-w c:\windows\SYSTEM32\hnetwiz.dll
+ 2008-04-14 00:11:54 330,752 ----a-w c:\windows\SYSTEM32\hnetwiz.dll
- 2004-08-04 07:56:42 39,936 ----a-w c:\windows\SYSTEM32\hostmib.dll
+ 2008-04-14 00:11:54 39,936 ----a-w c:\windows\SYSTEM32\hostmib.dll
- 2004-08-04 07:56:42 144,896 ----a-w c:\windows\SYSTEM32\hotplug.dll
+ 2008-04-14 00:11:54 144,896 ----a-w c:\windows\SYSTEM32\hotplug.dll
- 2004-08-04 07:56:42 32,285 ----a-w c:\windows\SYSTEM32\hsfcisp2.dll
+ 2008-04-14 00:11:54 32,285 ----a-w c:\windows\SYSTEM32\hsfcisp2.dll
- 2004-08-04 07:56:42 24,576 ----a-w c:\windows\SYSTEM32\httpapi.dll
+ 2008-04-14 00:11:54 24,576 ----a-w c:\windows\SYSTEM32\httpapi.dll
- 2004-08-04 07:56:42 41,984 ----a-w c:\windows\SYSTEM32\htui.dll
+ 2008-04-14 00:11:54 41,984 ----a-w c:\windows\SYSTEM32\htui.dll
- 2004-11-17 17:41:24 347,136 ----a-w c:\windows\SYSTEM32\hypertrm.dll
+ 2008-04-14 00:11:54 347,136 ----a-w c:\windows\SYSTEM32\hypertrm.dll
- 2004-08-04 07:56:42 702,845 ----a-w c:\windows\SYSTEM32\i81xdnt5.dll
+ 2008-04-14 00:11:54 702,845 ----a-w c:\windows\SYSTEM32\i81xdnt5.dll
- 2004-08-04 07:56:42 119,808 ----a-w c:\windows\SYSTEM32\iasrad.dll
+ 2008-04-14 00:11:54 119,808 ----a-w c:\windows\SYSTEM32\iasrad.dll
- 2004-08-04 07:56:42 11,264 ----a-w c:\windows\SYSTEM32\icaapi.dll
+ 2008-04-14 00:11:54 11,264 ----a-w c:\windows\SYSTEM32\icaapi.dll
+ 2008-07-30 00:24:50 622,080 ----a-w c:\windows\SYSTEM32\icardagt.exe
+ 2008-07-30 00:24:50 11,264 ----a-w c:\windows\SYSTEM32\icardres.dll
- 2004-08-04 07:56:42 80,384 ----a-w c:\windows\SYSTEM32\iccvid.dll
+ 2008-04-14 00:11:54 80,384 ----a-w c:\windows\SYSTEM32\iccvid.dll
- 2005-06-29 01:46:00 254,976 ----a-w c:\windows\SYSTEM32\icm32.dll
+ 2008-04-14 00:11:54 254,976 ----a-w c:\windows\SYSTEM32\icm32.dll
- 2004-08-04 07:56:07 3,584 ----a-w c:\windows\SYSTEM32\icmp.dll
+ 2008-04-14 00:09:40 3,584 ----a-w c:\windows\SYSTEM32\icmp.dll
- 2004-08-04 07:56:42 73,728 ----a-w c:\windows\SYSTEM32\icwdial.dll
+ 2008-04-14 00:11:54 73,728 ----a-w c:\windows\SYSTEM32\icwdial.dll
- 2004-08-04 07:56:42 65,536 ----a-w c:\windows\SYSTEM32\icwphbk.dll
+ 2008-04-14 00:11:54 65,536 ----a-w c:\windows\SYSTEM32\icwphbk.dll
- 2004-08-04 07:56:42 120,832 ----a-w c:\windows\SYSTEM32\idq.dll
+ 2008-04-14 00:11:54 120,832 ----a-w c:\windows\SYSTEM32\idq.dll
- 2007-08-13 22:45:18 78,336 ----a-w c:\windows\SYSTEM32\ieencode.dll
+ 2008-04-14 00:11:54 81,920 ----a-w c:\windows\SYSTEM32\ieencode.dll
- 2004-08-04 07:56:50 114,688 ----a-w c:\windows\SYSTEM32\iexpress.exe
+ 2008-04-14 00:12:22 114,688 ----a-w c:\windows\SYSTEM32\iexpress.exe
- 2004-08-04 07:56:42 135,680 ----a-w c:\windows\SYSTEM32\ifmon.dll
+ 2008-04-14 00:11:54 135,680 ----a-w c:\windows\SYSTEM32\ifmon.dll
- 2004-08-04 07:56:42 8,192 ----a-w c:\windows\SYSTEM32\igmpagnt.dll
+ 2008-04-14 00:11:54 8,192 ----a-w c:\windows\SYSTEM32\igmpagnt.dll
- 2004-08-04 07:56:42 81,920 ----a-w c:\windows\SYSTEM32\ils.dll
+ 2008-04-14 00:11:54 81,920 ----a-w c:\windows\SYSTEM32\ils.dll
- 2004-08-04 07:56:42 144,384 ----a-w c:\windows\SYSTEM32\imagehlp.dll
+ 2008-04-14 00:11:54 144,384 ----a-w c:\windows\SYSTEM32\imagehlp.dll
- 2004-08-04 07:56:50 150,016 ----a-w c:\windows\SYSTEM32\imapi.exe
+ 2008-04-14 00:12:22 150,528 ----a-w c:\windows\SYSTEM32\imapi.exe
- 2004-08-04 07:56:42 36,921 ----a-w c:\windows\SYSTEM32\imeshare.dll
+ 2008-04-14 00:11:54 36,921 ----a-w c:\windows\SYSTEM32\imeshare.dll
- 2004-08-04 07:56:42 110,080 ----a-w c:\windows\SYSTEM32\imm32.dll
+ 2008-04-14 00:11:54 110,080 ----a-w c:\windows\SYSTEM32\imm32.dll
- 2004-08-04 07:56:42 274,432 ----a-w c:\windows\SYSTEM32\inetcfg.dll
+ 2008-04-14 00:11:54 274,432 ----a-w c:\windows\SYSTEM32\inetcfg.dll
- 2008-04-14 00:11:54 691,712 ----a-w c:\windows\SYSTEM32\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w c:\windows\SYSTEM32\inetcomm.dll
- 2004-08-04 07:56:42 33,280 ----a-w c:\windows\SYSTEM32\inetmib1.dll
+ 2008-04-14 00:11:55 32,768 ----a-w c:\windows\SYSTEM32\inetmib1.dll
- 2004-08-04 07:56:42 75,264 ----a-w c:\windows\SYSTEM32\inetpp.dll
+ 2008-04-14 00:11:55 75,264 ----a-w c:\windows\SYSTEM32\inetpp.dll
- 2004-08-04 07:56:42 15,872 ----a-w c:\windows\SYSTEM32\inetppui.dll
+ 2008-04-14 00:11:55 15,872 ----a-w c:\windows\SYSTEM32\inetppui.dll
- 2004-08-04 07:56:08 48,128 ----a-w c:\windows\SYSTEM32\inetres.dll
+ 2008-04-13 16:22:12 48,128 ----a-w c:\windows\SYSTEM32\inetres.dll
+ 2008-07-30 00:24:50 97,800 ----a-w c:\windows\SYSTEM32\infocardapi.dll
- 2004-08-04 07:56:42 147,456 ----a-w c:\windows\SYSTEM32\initpki.dll
+ 2008-04-14 00:11:55 147,456 ----a-w c:\windows\SYSTEM32\initpki.dll
- 2004-08-04 07:56:42 123,392 ----a-w c:\windows\SYSTEM32\input.dll
+ 2008-04-14 00:11:55 123,392 ----a-w c:\windows\SYSTEM32\input.dll
- 2004-08-04 07:56:50 55,808 ----a-w c:\windows\SYSTEM32\ipconfig.exe
+ 2008-04-14 00:12:22 55,808 ----a-w c:\windows\SYSTEM32\ipconfig.exe
- 2006-05-19 12:59:41 94,720 ----a-w c:\windows\SYSTEM32\iphlpapi.dll
+ 2008-04-14 00:11:55 94,720 ----a-w c:\windows\SYSTEM32\iphlpapi.dll
- 2002-08-29 11:00:00 154,112 ----a-w c:\windows\SYSTEM32\ipmontr.dll
+ 2008-04-14 00:11:55 161,280 ----a-w c:\windows\SYSTEM32\ipmontr.dll
- 2004-08-04 07:56:42 331,264 ----a-w c:\windows\SYSTEM32\ipnathlp.dll
+ 2008-04-14 00:11:55 331,264 ----a-w c:\windows\SYSTEM32\ipnathlp.dll
- 2004-08-04 07:56:42 330,752 ----a-w c:\windows\SYSTEM32\ippromon.dll
+ 2008-04-14 00:11:55 330,752 ----a-w c:\windows\SYSTEM32\ippromon.dll
- 2004-08-04 07:56:42 35,328 ----a-w c:\windows\SYSTEM32\iprip.dll
+ 2008-04-14 00:11:55 35,328 ----a-w c:\windows\SYSTEM32\iprip.dll
- 2002-08-29 11:00:00 169,984 ----a-w c:\windows\SYSTEM32\iprtrmgr.dll
+ 2008-04-14 00:11:55 177,152 ----a-w c:\windows\SYSTEM32\iprtrmgr.dll
- 2004-08-04 07:56:42 349,696 ----a-w c:\windows\SYSTEM32\ipsecsnp.dll
+ 2008-04-14 00:11:55 349,696 ----a-w c:\windows\SYSTEM32\ipsecsnp.dll
- 2004-08-04 07:56:42 182,784 ----a-w c:\windows\SYSTEM32\ipsecsvc.dll
+ 2008-04-14 00:11:55 183,808 ----a-w c:\windows\SYSTEM32\ipsecsvc.dll
- 2004-08-04 07:56:42 384,000 ----a-w c:\windows\SYSTEM32\ipsmsnap.dll
+ 2008-04-14 00:11:55 384,000 ----a-w c:\windows\SYSTEM32\ipsmsnap.dll
- 2004-08-04 07:56:50 53,248 ----a-w c:\windows\SYSTEM32\ipv6.exe
+ 2008-04-14 00:12:23 53,248 ----a-w c:\windows\SYSTEM32\ipv6.exe
- 2004-08-04 07:56:42 59,904 ----a-w c:\windows\SYSTEM32\ipv6mon.dll
+ 2008-04-14 00:11:55 59,904 ----a-w c:\windows\SYSTEM32\ipv6mon.dll
- 2004-08-04 07:56:50 23,552 ----a-w c:\windows\SYSTEM32\ipxroute.exe
+ 2008-04-14 00:12:23 23,552 ----a-w c:\windows\SYSTEM32\ipxroute.exe
- 2002-08-29 11:00:00 20,992 ----a-w c:\windows\SYSTEM32\ipxwan.dll
+ 2008-04-14 00:11:55 22,016 ----a-w c:\windows\SYSTEM32\ipxwan.dll
- 2004-08-04 07:56:42 120,320 ----a-w c:\windows\SYSTEM32\ir41_qc.dll
+ 2008-04-14 00:11:55 120,320 ----a-w c:\windows\SYSTEM32\ir41_qc.dll
- 2004-08-04 07:56:42 338,432 ----a-w c:\windows\SYSTEM32\ir41_qcx.dll
+ 2008-04-14 00:11:55 338,432 ----a-w c:\windows\SYSTEM32\ir41_qcx.dll
- 2004-08-04 07:56:42 755,200 ----a-w c:\windows\SYSTEM32\ir50_32.dll
+ 2008-04-14 00:11:55 755,200 ----a-w c:\windows\SYSTEM32\ir50_32.dll
- 2002-12-20 16:40:58 200,192 ----a-w c:\windows\SYSTEM32\ir50_qc.dll
+ 2008-04-14 00:11:55 200,192 ----a-w c:\windows\SYSTEM32\ir50_qc.dll
- 2002-12-20 16:40:58 183,808 ----a-w c:\windows\SYSTEM32\ir50_qcx.dll
+ 2008-04-14 00:11:55 183,808 ----a-w c:\windows\SYSTEM32\ir50_qcx.dll
- 2004-08-04 07:56:42 81,920 ----a-w c:\windows\SYSTEM32\isign32.dll
+ 2008-04-14 00:11:55 81,920 ----a-w c:\windows\SYSTEM32\isign32.dll
- 2004-08-04 07:56:42 32,768 ----a-w c:\windows\SYSTEM32\isrdbg32.dll
+ 2008-04-14 00:11:55 32,768 ----a-w c:\windows\SYSTEM32\isrdbg32.dll
- 2005-05-27 02:04:27 155,136 ----a-w c:\windows\SYSTEM32\itircl.dll
+ 2008-04-14 00:11:55 155,136 ----a-w c:\windows\SYSTEM32\itircl.dll
- 2005-05-27 02:04:27 137,216 ----a-w c:\windows\SYSTEM32\itss.dll
+ 2008-04-14 00:11:55 138,240 ----a-w c:\windows\SYSTEM32\itss.dll
- 2004-08-04 07:56:42 54,272 ----a-w c:\windows\SYSTEM32\ixsso.dll
+ 2008-04-14 00:11:55 54,272 ----a-w c:\windows\SYSTEM32\ixsso.dll
- 2004-08-04 07:56:42 47,616 ----a-w c:\windows\SYSTEM32\iyuv_32.dll
+ 2008-04-14 00:11:55 47,616 ----a-w c:\windows\SYSTEM32\iyuv_32.dll
- 2007-05-30 07:31:04 24,670 ----a-w c:\windows\SYSTEM32\java.exe
+ 2008-11-10 10:43:37 144,792 ----a-w c:\windows\SYSTEM32\java.exe
- 2007-05-30 07:31:04 28,768 ----a-w c:\windows\SYSTEM32\javaw.exe
+ 2008-11-10 10:43:38 144,792 ----a-w c:\windows\SYSTEM32\javaw.exe
+ 2008-11-10 10:43:39 148,888 ----a-w c:\windows\SYSTEM32\javaws.exe
- 2006-06-01 18:47:07 163,840 ----a-w c:\windows\SYSTEM32\jgdw400.dll
+ 2008-04-14 00:11:55 163,840 ----a-w c:\windows\SYSTEM32\jgdw400.dll
- 2006-06-01 18:47:07 27,648 ----a-w c:\windows\SYSTEM32\jgpl400.dll
+ 2008-04-14 00:11:55 27,648 ----a-w c:\windows\SYSTEM32\jgpl400.dll
- 2007-08-13 22:38:04 491,520 ----a-w c:\windows\SYSTEM32\jscript.dll
+ 2008-04-14 00:11:56 512,000 ----a-w c:\windows\SYSTEM32\jscript.dll
  • 0

Advertisements

#17
CorporateKD
Posted 06 December 2008 - 09:11 PM

CorporateKD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Andrewuk:

Part 14 of the ComboFix log!

+ 2008-04-14 00:09:55 6,144 ------w c:\windows\SYSTEM32\kbdbhc.dll
- 2004-08-04 07:56:10 7,168 ----a-w c:\windows\SYSTEM32\kbdfi1.dll
+ 2008-04-14 00:09:55 7,168 ----a-w c:\windows\SYSTEM32\kbdfi1.dll
- 2004-08-04 07:56:10 6,144 ----a-w c:\windows\SYSTEM32\kbdinbe1.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\SYSTEM32\kbdinbe1.dll
- 2004-08-04 07:56:10 6,656 ----a-w c:\windows\SYSTEM32\kbdinben.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\SYSTEM32\kbdinben.dll
- 2004-08-04 07:56:10 6,656 ----a-w c:\windows\SYSTEM32\kbdinmal.dll
+ 2008-04-14 00:09:55 6,656 ----a-w c:\windows\SYSTEM32\kbdinmal.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\SYSTEM32\kbdiultn.dll
- 2004-08-04 07:56:10 5,632 ----a-w c:\windows\SYSTEM32\kbdmaori.dll
+ 2008-04-14 00:09:55 5,632 ----a-w c:\windows\SYSTEM32\kbdmaori.dll
- 2004-08-04 07:56:10 6,144 ----a-w c:\windows\SYSTEM32\kbdmlt47.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\SYSTEM32\kbdmlt47.dll
- 2004-08-04 07:56:10 6,144 ----a-w c:\windows\SYSTEM32\kbdmlt48.dll
+ 2008-04-14 00:09:55 6,144 ----a-w c:\windows\SYSTEM32\kbdmlt48.dll
- 2002-08-29 11:00:00 7,168 ----a-w c:\windows\SYSTEM32\kbdnec.dll
+ 2008-04-14 00:09:55 7,168 ----a-w c:\windows\SYSTEM32\kbdnec.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\SYSTEM32\kbdnepr.dll
- 2004-08-04 07:56:10 7,168 ----a-w c:\windows\SYSTEM32\kbdno1.dll
+ 2008-04-14 00:09:55 7,168 ----a-w c:\windows\SYSTEM32\kbdno1.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\SYSTEM32\kbdpash.dll
- 2004-08-04 07:56:10 7,680 ----a-w c:\windows\SYSTEM32\kbdsmsfi.dll
+ 2008-04-14 00:09:55 7,680 ----a-w c:\windows\SYSTEM32\kbdsmsfi.dll
- 2004-08-04 07:56:10 7,680 ----a-w c:\windows\SYSTEM32\kbdsmsno.dll
+ 2008-04-14 00:09:55 7,680 ----a-w c:\windows\SYSTEM32\kbdsmsno.dll
- 2004-08-04 07:56:10 7,168 ----a-w c:\windows\SYSTEM32\kbdukx.dll
+ 2008-04-14 00:09:55 7,168 ----a-w c:\windows\SYSTEM32\kbdukx.dll
- 2004-08-04 05:59:23 7,424 ----a-w c:\windows\SYSTEM32\kd1394.dll
+ 2008-04-13 18:31:35 7,424 ----a-w c:\windows\SYSTEM32\kd1394.dll
- 2005-06-15 17:49:30 295,936 ----a-w c:\windows\SYSTEM32\kerberos.dll
+ 2008-04-14 00:11:56 299,520 ----a-w c:\windows\SYSTEM32\kerberos.dll
- 2007-04-16 15:52:53 984,576 ----a-w c:\windows\SYSTEM32\kernel32.dll
+ 2008-04-14 00:11:56 989,696 ----a-w c:\windows\SYSTEM32\kernel32.dll
- 2004-08-04 07:56:42 150,528 ----a-w c:\windows\SYSTEM32\keymgr.dll
+ 2008-04-14 00:11:56 150,528 ----a-w c:\windows\SYSTEM32\keymgr.dll
+ 2008-04-14 00:11:56 61,440 ------w c:\windows\SYSTEM32\kmsvc.dll
- 2004-08-04 07:56:42 4,096 ----a-w c:\windows\SYSTEM32\ksuser.dll
+ 2008-04-14 00:11:56 4,096 ----a-w c:\windows\SYSTEM32\ksuser.dll
+ 2008-04-14 00:11:56 37,376 ------w c:\windows\SYSTEM32\l2gpstore.dll
- 2004-08-04 04:56:44 423,936 ----a-w c:\windows\SYSTEM32\licdll.dll
+ 2008-04-14 10:41:58 423,936 ----a-w c:\windows\SYSTEM32\licdll.dll
- 2004-08-04 07:56:42 58,880 ----a-w c:\windows\SYSTEM32\licwmi.dll
+ 2008-04-14 00:11:56 58,880 ----a-w c:\windows\SYSTEM32\licwmi.dll
- 2005-09-01 01:41:53 19,968 ----a-w c:\windows\SYSTEM32\linkinfo.dll
+ 2008-04-14 00:11:56 19,968 ----a-w c:\windows\SYSTEM32\linkinfo.dll
- 2004-08-04 07:56:42 13,824 ----a-w c:\windows\SYSTEM32\lmhsvc.dll
+ 2008-04-14 00:11:56 13,824 ----a-w c:\windows\SYSTEM32\lmhsvc.dll
- 2004-08-04 07:56:42 33,792 ----a-w c:\windows\SYSTEM32\lmmib2.dll
+ 2008-04-14 00:11:56 33,792 ----a-w c:\windows\SYSTEM32\lmmib2.dll
- 2004-08-04 07:56:42 399,872 ----a-w c:\windows\SYSTEM32\lmrt.dll
+ 2008-04-14 00:11:56 399,872 ----a-w c:\windows\SYSTEM32\lmrt.dll
- 2004-08-04 07:56:42 97,280 ----a-w c:\windows\SYSTEM32\loadperf.dll
+ 2008-04-14 00:11:56 97,280 ----a-w c:\windows\SYSTEM32\loadperf.dll
- 2004-08-04 07:56:42 221,696 ----a-w c:\windows\SYSTEM32\localsec.dll
+ 2008-04-14 00:11:56 221,696 ----a-w c:\windows\SYSTEM32\localsec.dll
- 2004-08-04 07:56:42 341,504 ----a-w c:\windows\SYSTEM32\localspl.dll
+ 2008-04-14 00:11:56 343,040 ----a-w c:\windows\SYSTEM32\localspl.dll
- 2004-08-04 07:56:42 11,776 ----a-w c:\windows\SYSTEM32\localui.dll
+ 2008-04-14 00:11:56 11,776 ----a-w c:\windows\SYSTEM32\localui.dll
- 2004-08-04 07:56:50 75,264 ----a-w c:\windows\SYSTEM32\locator.exe
+ 2008-04-14 00:12:24 75,264 ----a-w c:\windows\SYSTEM32\locator.exe
- 2004-08-04 07:56:50 59,392 ----a-w c:\windows\SYSTEM32\logman.exe
+ 2008-04-14 00:12:24 59,392 ----a-w c:\windows\SYSTEM32\logman.exe
- 2004-08-04 07:56:57 220,672 ----a-w c:\windows\SYSTEM32\logon.scr
+ 2008-04-14 00:12:43 220,672 ----a-w c:\windows\SYSTEM32\logon.scr
- 2004-08-04 07:56:50 514,560 ----a-w c:\windows\SYSTEM32\logonui.exe
+ 2008-04-14 00:12:24 514,560 ----a-w c:\windows\SYSTEM32\logonui.exe
- 2004-08-04 07:56:42 22,528 ----a-w c:\windows\SYSTEM32\lpdsvc.dll
+ 2008-04-14 00:11:56 22,528 ----a-w c:\windows\SYSTEM32\lpdsvc.dll
- 2004-08-04 07:56:42 22,016 ----a-w c:\windows\SYSTEM32\lpk.dll
+ 2008-04-14 00:11:56 22,016 ----a-w c:\windows\SYSTEM32\lpk.dll
- 2004-08-04 07:56:42 10,240 ----a-w c:\windows\SYSTEM32\lprhelp.dll
+ 2008-04-14 00:11:56 10,240 ----a-w c:\windows\SYSTEM32\lprhelp.dll
- 2004-08-04 07:56:42 18,944 ----a-w c:\windows\SYSTEM32\lprmon.dll
+ 2008-04-14 00:11:56 18,944 ----a-w c:\windows\SYSTEM32\lprmon.dll
- 2007-11-07 09:26:56 721,920 ----a-w c:\windows\SYSTEM32\lsasrv.dll
+ 2008-04-14 00:11:56 728,064 ----a-w c:\windows\SYSTEM32\lsasrv.dll
- 2004-08-04 07:56:50 13,312 ----a-w c:\windows\SYSTEM32\lsass.exe
+ 2008-04-14 00:12:24 13,312 ----a-w c:\windows\SYSTEM32\lsass.exe
- 2008-10-24 23:43:41 88,590 ----a-w c:\windows\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
+ 2008-12-01 23:11:28 89,102 ----a-w c:\windows\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
- 2004-08-04 07:56:50 72,704 ----a-w c:\windows\SYSTEM32\magnify.exe
+ 2008-04-14 00:12:24 72,704 ----a-w c:\windows\SYSTEM32\magnify.exe
- 2004-08-04 07:56:50 85,504 ----a-w c:\windows\SYSTEM32\makecab.exe
+ 2008-04-14 00:12:25 57,344 ----a-w c:\windows\SYSTEM32\makecab.exe
- 2004-08-04 07:56:42 14,848 ----a-w c:\windows\SYSTEM32\mcastmib.dll
+ 2008-04-14 00:11:56 14,336 ----a-w c:\windows\SYSTEM32\mcastmib.dll
- 2004-08-04 07:56:42 84,480 ----a-w c:\windows\SYSTEM32\mciavi32.dll
+ 2008-04-14 00:11:56 84,480 ----a-w c:\windows\SYSTEM32\mciavi32.dll
- 2004-08-04 07:56:42 35,328 ----a-w c:\windows\SYSTEM32\mciqtz32.dll
+ 2008-04-14 00:11:56 35,328 ----a-w c:\windows\SYSTEM32\mciqtz32.dll
- 2004-08-04 07:56:42 23,040 ----a-w c:\windows\SYSTEM32\mciseq.dll
+ 2008-04-14 00:11:56 23,040 ----a-w c:\windows\SYSTEM32\mciseq.dll
- 2004-08-04 07:56:42 23,552 ----a-w c:\windows\SYSTEM32\mciwave.dll
+ 2008-04-14 00:11:56 23,552 ----a-w c:\windows\SYSTEM32\mciwave.dll
- 2004-08-04 07:56:42 118,272 ----a-w c:\windows\SYSTEM32\mdminst.dll
+ 2008-04-14 00:11:56 118,272 ----a-w c:\windows\SYSTEM32\mdminst.dll
- 2004-08-04 07:56:42 86,016 ----a-w c:\windows\SYSTEM32\mdmxsdk.dll
+ 2008-04-14 00:11:56 86,016 ----a-w c:\windows\SYSTEM32\mdmxsdk.dll
- 2007-03-08 15:36:28 40,960 ----a-w c:\windows\SYSTEM32\mf3216.dll
+ 2008-04-14 00:11:56 40,960 ----a-w c:\windows\SYSTEM32\mf3216.dll
- 2006-11-01 19:17:45 927,504 ----a-w c:\windows\SYSTEM32\mfc40u.dll
+ 2008-04-14 00:11:56 927,504 ----a-w c:\windows\SYSTEM32\mfc40u.dll
- 2004-08-04 07:56:42 1,028,096 ----a-w c:\windows\SYSTEM32\mfc42.dll
+ 2008-04-14 00:11:56 1,028,096 ----a-w c:\windows\SYSTEM32\mfc42.dll
- 2004-08-04 07:56:42 22,528 ----a-w c:\windows\SYSTEM32\mfcsubs.dll
+ 2008-04-14 00:11:56 22,528 ----a-w c:\windows\SYSTEM32\mfcsubs.dll
- 2004-08-04 07:56:42 14,848 ----a-w c:\windows\SYSTEM32\mgmtapi.dll
+ 2008-04-14 00:11:56 14,848 ----a-w c:\windows\SYSTEM32\mgmtapi.dll
+ 2008-04-14 00:11:57 184,320 ------w c:\windows\SYSTEM32\microsoft.managementconsole.dll
- 2004-08-04 07:56:42 18,944 ----a-w c:\windows\SYSTEM32\midimap.dll
+ 2008-04-14 00:11:57 18,944 ----a-w c:\windows\SYSTEM32\midimap.dll
- 2004-08-04 07:56:42 60,928 ----a-w c:\windows\SYSTEM32\miglibnt.dll
+ 2008-04-14 00:11:57 60,928 ----a-w c:\windows\SYSTEM32\miglibnt.dll
- 2006-09-15 12:36:32 29,696 ----a-w c:\windows\SYSTEM32\mimefilt.dll
+ 2008-04-14 00:11:57 29,696 ----a-w c:\windows\SYSTEM32\mimefilt.dll
- 2004-08-04 07:56:42 586,240 ----a-w c:\windows\SYSTEM32\mlang.dll
+ 2008-04-14 00:11:57 586,240 ----a-w c:\windows\SYSTEM32\mlang.dll
- 2004-08-04 07:56:51 815,104 ----a-w c:\windows\SYSTEM32\mmc.exe
+ 2008-04-14 00:12:25 1,414,656 ----a-w c:\windows\SYSTEM32\mmc.exe
- 2004-08-04 07:56:42 70,656 ----a-w c:\windows\SYSTEM32\mmcbase.dll
+ 2008-04-14 00:11:57 163,328 ----a-w c:\windows\SYSTEM32\mmcbase.dll
+ 2008-04-14 00:11:57 397,312 ------w c:\windows\SYSTEM32\mmcex.dll
+ 2008-04-14 00:11:57 106,496 ------w c:\windows\SYSTEM32\mmcfxcommon.dll
- 2004-08-04 07:56:42 1,192,960 ----a-w c:\windows\SYSTEM32\mmcndmgr.dll
+ 2008-04-14 00:11:57 1,872,896 ----a-w c:\windows\SYSTEM32\mmcndmgr.dll
+ 2008-04-14 00:12:25 33,792 ------w c:\windows\SYSTEM32\mmcperf.exe
- 2004-08-04 07:56:42 50,688 ----a-w c:\windows\SYSTEM32\mmcshext.dll
+ 2008-04-14 00:11:57 61,440 ----a-w c:\windows\SYSTEM32\mmcshext.dll
- 2004-08-04 07:56:42 17,408 ----a-w c:\windows\SYSTEM32\mmfutil.dll
+ 2008-04-14 00:11:57 17,408 ----a-w c:\windows\SYSTEM32\mmfutil.dll
- 2004-08-04 07:56:42 34,560 ----a-w c:\windows\SYSTEM32\mnmdd.dll
+ 2008-04-14 00:11:57 34,560 ----a-w c:\windows\SYSTEM32\mnmdd.dll
- 2004-08-04 07:56:51 32,768 ----a-w c:\windows\SYSTEM32\mnmsrvc.exe
+ 2008-04-14 00:12:25 32,768 ----a-w c:\windows\SYSTEM32\mnmsrvc.exe
- 2004-08-04 07:56:42 207,360 ----a-w c:\windows\SYSTEM32\mobsync.dll
+ 2008-04-14 00:11:57 207,360 ----a-w c:\windows\SYSTEM32\mobsync.dll
- 2004-08-04 07:56:51 143,360 ----a-w c:\windows\SYSTEM32\mobsync.exe
+ 2008-04-14 00:12:26 143,360 ----a-w c:\windows\SYSTEM32\mobsync.exe
- 2004-08-04 07:56:42 153,600 ----a-w c:\windows\SYSTEM32\modemui.dll
+ 2008-04-14 00:11:57 153,600 ----a-w c:\windows\SYSTEM32\modemui.dll
- 2002-08-29 11:00:00 15,872 ----a-w c:\windows\SYSTEM32\more.com
+ 2008-04-14 00:12:42 16,896 ----a-w c:\windows\SYSTEM32\more.com
- 2004-08-04 07:56:11 216,064 ----a-w c:\windows\SYSTEM32\moricons.dll
+ 2008-04-13 16:45:30 216,064 ----a-w c:\windows\SYSTEM32\moricons.dll
- 2004-08-04 07:56:52 123,392 ----a-w c:\windows\SYSTEM32\mplay32.exe
+ 2008-04-14 00:12:27 123,392 ----a-w c:\windows\SYSTEM32\mplay32.exe
- 2004-08-04 07:56:42 59,904 ----a-w c:\windows\SYSTEM32\mpr.dll
+ 2008-04-14 00:11:57 59,904 ----a-w c:\windows\SYSTEM32\mpr.dll
- 2004-08-04 07:56:42 87,040 ----a-w c:\windows\SYSTEM32\mprapi.dll
+ 2008-04-14 00:11:57 87,040 ----a-w c:\windows\SYSTEM32\mprapi.dll
- 2002-08-29 11:00:00 49,152 ----a-w c:\windows\SYSTEM32\mprdim.dll
+ 2008-04-14 00:11:57 53,248 ----a-w c:\windows\SYSTEM32\mprdim.dll
- 2004-08-04 07:56:42 71,680 ----a-w c:\windows\SYSTEM32\msacm32.dll
+ 2008-04-14 00:11:58 71,680 ----a-w c:\windows\SYSTEM32\msacm32.dll
- 2004-08-04 07:56:12 3,584 ----a-w c:\windows\SYSTEM32\msafd.dll
+ 2008-04-14 00:10:06 3,584 ----a-w c:\windows\SYSTEM32\msafd.dll
- 2004-08-04 07:56:42 86,016 ----a-w c:\windows\SYSTEM32\msapsspc.dll
+ 2008-04-14 00:11:58 86,016 ----a-w c:\windows\SYSTEM32\msapsspc.dll
- 2004-08-04 07:56:42 57,344 ----a-w c:\windows\SYSTEM32\msasn1.dll
+ 2008-04-14 00:11:58 57,344 ----a-w c:\windows\SYSTEM32\msasn1.dll
- 2008-06-24 16:23:05 74,240 ----a-w c:\windows\SYSTEM32\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\SYSTEM32\mscms.dll
- 2004-08-04 07:56:42 69,632 ----a-w c:\windows\SYSTEM32\msconf.dll
+ 2008-04-14 00:11:58 69,632 ----a-w c:\windows\SYSTEM32\msconf.dll
- 2007-10-24 05:47:38 282,112 ----a-w c:\windows\SYSTEM32\mscoree.dll
+ 2008-07-25 16:16:58 282,112 ----a-w c:\windows\SYSTEM32\mscoree.dll
- 2007-10-24 05:47:38 158,720 ----a-w c:\windows\SYSTEM32\mscorier.dll
+ 2008-07-25 16:16:58 158,720 ----a-w c:\windows\SYSTEM32\mscorier.dll
- 2007-10-24 05:47:38 84,480 ----a-w c:\windows\SYSTEM32\mscories.dll
+ 2008-07-25 16:16:58 83,968 ----a-w c:\windows\SYSTEM32\mscories.dll
- 2004-08-04 07:56:12 12,288 ----a-w c:\windows\SYSTEM32\mscpx32r.dll
+ 2008-04-13 17:26:07 12,288 ----a-w c:\windows\SYSTEM32\mscpx32r.dll
- 2004-08-04 07:56:42 36,864 ----a-w c:\windows\SYSTEM32\mscpxl32.dll
+ 2008-04-14 00:11:58 36,864 ----a-w c:\windows\SYSTEM32\mscpxl32.dll
- 2008-02-26 11:59:50 294,912 ----a-w c:\windows\SYSTEM32\msctf.dll
+ 2008-04-14 00:11:58 297,984 ----a-w c:\windows\SYSTEM32\msctf.dll
- 2004-08-04 07:56:42 69,120 ----a-w c:\windows\SYSTEM32\msctfp.dll
+ 2008-04-14 00:11:58 68,608 ----a-w c:\windows\SYSTEM32\msctfp.dll
- 2004-08-04 07:56:42 118,784 ----a-w c:\windows\SYSTEM32\msdadiag.dll
+ 2008-04-14 00:11:58 118,784 ----a-w c:\windows\SYSTEM32\msdadiag.dll
- 2004-08-04 07:56:43 151,552 ----a-w c:\windows\SYSTEM32\msdart.dll
+ 2008-04-14 00:11:59 151,552 ----a-w c:\windows\SYSTEM32\msdart.dll
- 2004-08-04 07:56:43 14,336 ----a-w c:\windows\SYSTEM32\msdmo.dll
+ 2008-04-14 00:11:59 14,336 ----a-w c:\windows\SYSTEM32\msdmo.dll
- 2004-08-04 07:56:53 6,144 ----a-w c:\windows\SYSTEM32\msdtc.exe
+ 2008-04-14 00:12:27 6,144 ----a-w c:\windows\SYSTEM32\msdtc.exe
- 2004-08-04 07:56:43 58,880 ----a-w c:\windows\SYSTEM32\msdtclog.dll
+ 2008-04-14 00:11:59 58,880 ----a-w c:\windows\SYSTEM32\msdtclog.dll
- 2006-03-01 19:42:42 426,496 ----a-w c:\windows\SYSTEM32\msdtcprx.dll
+ 2008-04-14 00:11:59 427,008 ----a-w c:\windows\SYSTEM32\msdtcprx.dll
- 2006-03-01 19:42:42 956,416 ----a-w c:\windows\SYSTEM32\msdtctm.dll
+ 2008-04-14 00:11:59 956,928 ----a-w c:\windows\SYSTEM32\msdtctm.dll
- 2006-03-01 19:42:42 161,280 ----a-w c:\windows\SYSTEM32\msdtcuiu.dll
+ 2008-04-14 00:11:59 161,792 ----a-w c:\windows\SYSTEM32\msdtcuiu.dll
- 2004-08-04 07:56:13 4,126 ----a-w c:\windows\SYSTEM32\msdxmlc.dll
+ 2008-04-14 00:10:08 4,126 ----a-w c:\windows\SYSTEM32\msdxmlc.dll
- 2006-11-27 14:54:06 539,136 ----a-w c:\windows\SYSTEM32\msftedit.dll
+ 2008-04-14 00:11:59 539,136 ----a-w c:\windows\SYSTEM32\msftedit.dll
- 2004-08-04 07:56:43 994,304 ----a-w c:\windows\SYSTEM32\msgina.dll
+ 2008-04-14 00:11:59 997,376 ----a-w c:\windows\SYSTEM32\msgina.dll
- 2004-08-04 07:56:43 33,792 ----a-w c:\windows\SYSTEM32\msgsvc.dll
+ 2008-04-14 00:11:59 33,792 ----a-w c:\windows\SYSTEM32\msgsvc.dll
- 2004-08-04 07:56:57 188,416 ----a-w c:\windows\SYSTEM32\msh261.drv
+ 2008-04-14 00:12:45 188,416 ----a-w c:\windows\SYSTEM32\msh261.drv
- 2004-08-04 07:56:57 294,912 ----a-w c:\windows\SYSTEM32\msh263.drv
+ 2008-04-14 00:12:45 294,912 ----a-w c:\windows\SYSTEM32\msh263.drv
- 2007-04-18 16:12:23 2,854,400 ----a-w c:\windows\SYSTEM32\msi.dll
+ 2008-04-14 00:11:59 2,843,136 ----a-w c:\windows\SYSTEM32\msi.dll
- 2004-08-04 07:56:43 51,712 ----a-w c:\windows\SYSTEM32\msident.dll
+ 2008-04-14 00:11:59 51,712 ----a-w c:\windows\SYSTEM32\msident.dll
- 2004-08-04 07:56:43 6,656 ----a-w c:\windows\SYSTEM32\msidle.dll
+ 2008-04-14 00:11:59 6,656 ----a-w c:\windows\SYSTEM32\msidle.dll
- 2004-08-04 07:56:43 248,832 ----a-w c:\windows\SYSTEM32\msieftp.dll
+ 2008-04-14 00:11:59 248,832 ----a-w c:\windows\SYSTEM32\msieftp.dll
- 2005-05-04 18:45:36 78,848 ----a-w c:\windows\SYSTEM32\msiexec.exe
+ 2008-04-14 00:12:28 78,848 ----a-w c:\windows\SYSTEM32\msiexec.exe
- 2005-05-04 18:45:36 271,360 ----a-w c:\windows\SYSTEM32\msihnd.dll
+ 2008-04-14 00:11:59 271,360 ----a-w c:\windows\SYSTEM32\msihnd.dll
- 2004-08-04 07:56:43 4,608 ----a-w c:\windows\SYSTEM32\msimg32.dll
+ 2008-04-14 00:11:59 4,608 ----a-w c:\windows\SYSTEM32\msimg32.dll
- 2005-05-04 18:45:36 884,736 ----a-w c:\windows\SYSTEM32\msimsg.dll
+ 2008-04-13 15:39:43 884,736 ----a-w c:\windows\SYSTEM32\msimsg.dll
- 2004-08-04 07:56:43 159,232 ----a-w c:\windows\SYSTEM32\msimtf.dll
+ 2008-04-14 00:11:59 159,232 ----a-w c:\windows\SYSTEM32\msimtf.dll
- 2005-05-04 18:45:36 15,360 ----a-w c:\windows\SYSTEM32\msisip.dll
+ 2008-04-14 00:11:59 15,360 ----a-w c:\windows\SYSTEM32\msisip.dll
- 2008-03-27 08:12:54 151,583 ----a-w c:\windows\SYSTEM32\msjint40.dll
+ 2008-04-14 00:12:00 151,583 ----a-w c:\windows\SYSTEM32\msjint40.dll
- 2004-08-04 07:56:43 25,088 ----a-w c:\windows\SYSTEM32\mslbui.dll
+ 2008-04-14 00:12:00 25,088 ----a-w c:\windows\SYSTEM32\mslbui.dll
- 2004-08-04 07:56:43 290,816 ----a-w c:\windows\SYSTEM32\msnsspc.dll
+ 2008-04-14 00:12:00 290,816 ----a-w c:\windows\SYSTEM32\msnsspc.dll
- 2004-08-04 07:56:43 252,928 ----a-w c:\windows\SYSTEM32\msoeacct.dll
+ 2008-04-14 00:12:00 252,928 ----a-w c:\windows\SYSTEM32\msoeacct.dll
- 2004-08-04 07:56:43 105,984 ----a-w c:\windows\SYSTEM32\msoert2.dll
+ 2008-04-14 00:12:00 105,984 ----a-w c:\windows\SYSTEM32\msoert2.dll
- 2004-08-04 07:56:18 20,480 ----a-w c:\windows\SYSTEM32\msorc32r.dll
+ 2008-04-13 17:24:14 20,480 ----a-w c:\windows\SYSTEM32\msorc32r.dll
- 2004-08-04 07:56:43 143,360 ----a-w c:\windows\SYSTEM32\msorcl32.dll
+ 2008-04-14 00:12:00 143,360 ----a-w c:\windows\SYSTEM32\msorcl32.dll
- 2004-08-04 07:56:53 343,040 ----a-w c:\windows\SYSTEM32\mspaint.exe
+ 2008-04-14 00:12:28 343,040 ----a-w c:\windows\SYSTEM32\mspaint.exe
- 2004-08-04 07:56:43 30,208 ----a-w c:\windows\SYSTEM32\mspatcha.dll
+ 2008-04-14 00:12:00 29,696 ----a-w c:\windows\SYSTEM32\mspatcha.dll
- 2004-08-04 07:56:18 48,128 ----a-w c:\windows\SYSTEM32\msprivs.dll
+ 2008-04-13 16:23:31 48,128 ----a-w c:\windows\SYSTEM32\msprivs.dll
- 2004-08-04 07:56:43 11,264 ----a-w c:\windows\SYSTEM32\msrle32.dll
+ 2008-04-14 00:12:00 11,264 ----a-w c:\windows\SYSTEM32\msrle32.dll
- 2004-08-04 07:56:43 134,656 ----a-w c:\windows\SYSTEM32\mssap.dll
+ 2008-04-14 00:12:00 134,656 ----a-w c:\windows\SYSTEM32\mssap.dll
+ 2008-04-14 00:12:00 155,136 ------w c:\windows\SYSTEM32\mssha.dll
+ 2008-04-13 18:14:58 76,800 ------w c:\windows\SYSTEM32\msshavmsg.dll
- 2004-08-04 07:56:43 274,944 ----a-w c:\windows\SYSTEM32\mstask.dll
+ 2008-04-14 00:12:00 274,944 ----a-w c:\windows\SYSTEM32\mstask.dll
- 2004-08-04 07:56:53 12,288 ----a-w c:\windows\SYSTEM32\mstinit.exe
+ 2008-04-14 00:12:29 12,288 ----a-w c:\windows\SYSTEM32\mstinit.exe
- 2004-08-04 07:56:43 115,712 ----a-w c:\windows\SYSTEM32\mstlsapi.dll
+ 2008-04-14 00:12:00 116,224 ----a-w c:\windows\SYSTEM32\mstlsapi.dll
- 2004-08-04 05:59:40 407,552 ----a-w c:\windows\SYSTEM32\mstsc.exe
+ 2008-04-14 00:12:23 677,888 ----a-w c:\windows\SYSTEM32\mstsc.exe
- 2004-08-04 05:59:43 655,360 ----a-w c:\windows\SYSTEM32\mstscax.dll
+ 2008-04-14 00:11:56 2,061,824 ----a-w c:\windows\SYSTEM32\mstscax.dll
- 2004-08-04 07:56:43 195,072 ----a-w c:\windows\SYSTEM32\msutb.dll
+ 2008-04-14 00:12:00 195,072 ----a-w c:\windows\SYSTEM32\msutb.dll
- 2004-08-04 07:56:43 129,536 ----a-w c:\windows\SYSTEM32\msv1_0.dll
+ 2008-04-14 00:12:00 132,608 ----a-w c:\windows\SYSTEM32\msv1_0.dll
- 2004-08-04 07:56:43 1,392,671 ----a-w c:\windows\SYSTEM32\msvbvm60.dll
+ 2008-04-14 00:12:00 1,384,479 ----a-w c:\windows\SYSTEM32\msvbvm60.dll
- 2004-08-04 07:56:43 54,784 ----a-w c:\windows\SYSTEM32\msvcirt.dll
+ 2008-04-14 00:12:01 57,344 ----a-w c:\windows\SYSTEM32\msvcirt.dll
- 2004-08-04 07:56:43 413,696 ----a-w c:\windows\SYSTEM32\msvcp60.dll
+ 2008-04-14 00:12:01 413,696 ----a-w c:\windows\SYSTEM32\msvcp60.dll
- 2004-08-04 07:56:43 343,040 ----a-w c:\windows\SYSTEM32\msvcrt.dll
+ 2008-04-14 00:12:01 343,040 ----a-w c:\windows\SYSTEM32\msvcrt.dll
- 2004-08-04 05:58:25 61,440 ----a-w c:\windows\SYSTEM32\msvcrt40.dll
+ 2008-04-13 18:30:46 61,440 ----a-w c:\windows\SYSTEM32\msvcrt40.dll
- 2004-08-04 07:56:43 120,832 ----a-w c:\windows\SYSTEM32\msvfw32.dll
+ 2008-04-14 00:12:01 121,344 ----a-w c:\windows\SYSTEM32\msvfw32.dll
- 2004-08-04 07:56:43 1,428,480 ----a-w c:\windows\SYSTEM32\msvidctl.dll
+ 2008-04-14 00:12:01 1,428,992 ----a-w c:\windows\SYSTEM32\msvidctl.dll
- 2004-08-04 07:56:43 72,704 ----a-w c:\windows\SYSTEM32\msw3prt.dll
+ 2008-04-14 00:12:01 72,704 ----a-w c:\windows\SYSTEM32\msw3prt.dll
- 2004-08-04 07:56:44 204,288 ----a-w c:\windows\SYSTEM32\mswebdvd.dll
+ 2008-04-14 00:12:01 203,776 ----a-w c:\windows\SYSTEM32\mswebdvd.dll
- 2008-06-20 17:41:10 245,248 ----a-w c:\windows\SYSTEM32\mswsock.dll
+ 2008-06-20 17:46:57 245,248 ----a-w c:\windows\SYSTEM32\mswsock.dll
- 2004-08-04 07:56:44 506,368 ----a-w c:\windows\SYSTEM32\msxml.dll
+ 2008-04-14 00:12:01 506,368 ----a-w c:\windows\SYSTEM32\msxml.dll
- 2004-08-04 07:56:44 701,440 ----a-w c:\windows\SYSTEM32\msxml2.dll
+ 2008-04-14 00:12:01 701,440 ----a-w c:\windows\SYSTEM32\msxml2.dll
- 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
- 2005-09-08 05:03:50 86,728 ----a-w c:\windows\SYSTEM32\msxml6r.dll
+ 2008-04-13 17:27:18 79,872 ----a-w c:\windows\SYSTEM32\msxml6r.dll
- 2004-08-04 07:56:44 17,408 ----a-w c:\windows\SYSTEM32\msyuv.dll
+ 2008-04-14 00:12:01 16,896 ----a-w c:\windows\SYSTEM32\msyuv.dll
- 2006-03-01 19:42:42 66,560 ----a-w c:\windows\SYSTEM32\mtxclu.dll
+ 2008-04-14 00:12:01 66,560 ----a-w c:\windows\SYSTEM32\mtxclu.dll
- 2002-08-29 11:00:00 20,480 ----a-w c:\windows\SYSTEM32\mtxdm.dll
+ 2008-04-14 00:12:01 30,720 ----a-w c:\windows\SYSTEM32\mtxdm.dll
- 2002-08-29 11:00:00 4,096 ----a-w c:\windows\SYSTEM32\mtxex.dll
+ 2008-04-14 00:12:01 4,096 ----a-w c:\windows\SYSTEM32\mtxex.dll
- 2002-08-29 11:00:00 25,088 ----a-w c:\windows\SYSTEM32\mtxlegih.dll
+ 2008-04-14 00:12:01 34,304 ----a-w c:\windows\SYSTEM32\mtxlegih.dll
- 2006-03-01 19:42:42 91,136 ----a-w c:\windows\SYSTEM32\mtxoci.dll
+ 2008-04-14 00:12:01 91,648 ----a-w c:\windows\SYSTEM32\mtxoci.dll
- 2004-08-04 07:56:44 1,737,856 ----a-w c:\windows\SYSTEM32\mtxparhd.dll
+ 2008-04-14 00:12:01 1,737,856 ----a-w c:\windows\SYSTEM32\mtxparhd.dll
- 2007-10-24 05:47:44 15,360 ----a-w c:\windows\SYSTEM32\MUI\0409\mscorees.dll
+ 2008-07-25 16:17:04 15,360 ----a-w c:\windows\SYSTEM32\MUI\0409\mscorees.dll
- 2004-08-04 07:56:22 405,504 ----a-w c:\windows\SYSTEM32\MUI\041b\xpob2res.dll
+ 2008-04-13 18:40:52 405,504 ----a-w c:\windows\SYSTEM32\MUI\041b\xpob2res.dll
- 2004-08-04 07:56:29 193,024 ----a-w c:\windows\SYSTEM32\MUI\041b\xpsp1res.dll
+ 2008-04-13 18:35:28 192,512 ----a-w c:\windows\SYSTEM32\MUI\041b\xpsp1res.dll
- 2004-08-04 07:56:29 757,248 ----a-w c:\windows\SYSTEM32\MUI\041b\xpsp2res.dll
+ 2008-04-13 18:38:37 757,248 ----a-w c:\windows\SYSTEM32\MUI\041b\xpsp2res.dll
+ 2008-04-13 18:40:04 577,536 ------w c:\windows\SYSTEM32\MUI\041b\xpsp3res.dll
- 2004-08-04 07:56:36 187,392 ----a-w c:\windows\SYSTEM32\MUI\041e\xpsp1res.dll
+ 2008-04-13 17:39:22 187,392 ----a-w c:\windows\SYSTEM32\MUI\041e\xpsp1res.dll
- 2004-08-04 07:56:36 2,897,920 ----a-w c:\windows\SYSTEM32\MUI\041e\xpsp2res.dll
+ 2008-04-13 17:39:24 2,897,920 ----a-w c:\windows\SYSTEM32\MUI\041e\xpsp2res.dll
- 2004-08-04 07:56:22 408,576 ----a-w c:\windows\SYSTEM32\MUI\0424\xpob2res.dll
+ 2008-04-13 18:40:56 408,576 ----a-w c:\windows\SYSTEM32\MUI\0424\xpob2res.dll
- 2004-08-04 07:56:29 192,512 ----a-w c:\windows\SYSTEM32\MUI\0424\xpsp1res.dll
+ 2008-04-13 18:35:28 192,512 ----a-w c:\windows\SYSTEM32\MUI\0424\xpsp1res.dll
- 2004-08-04 07:56:30 732,160 ----a-w c:\windows\SYSTEM32\MUI\0424\xpsp2res.dll
+ 2008-04-13 18:38:36 732,160 ----a-w c:\windows\SYSTEM32\MUI\0424\xpsp2res.dll
+ 2008-04-13 18:40:05 576,512 ------w c:\windows\SYSTEM32\MUI\0424\xpsp3res.dll
- 2004-08-04 07:56:44 90,624 ----a-w c:\windows\SYSTEM32\mydocs.dll
+ 2008-04-14 00:12:01 90,624 ----a-w c:\windows\SYSTEM32\mydocs.dll
  • 0

#18
CorporateKD
Posted 06 December 2008 - 09:12 PM

CorporateKD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Andrewuk:

Part 15 of the ComboFix log!

+ 2008-04-14 00:12:01 30,208 ------w c:\windows\SYSTEM32\napipsec.dll
+ 2008-04-14 00:12:01 193,024 ------w c:\windows\SYSTEM32\napmontr.dll
+ 2008-04-14 00:12:29 176,640 ------w c:\windows\SYSTEM32\napstat.exe
- 2004-08-04 07:56:54 53,760 ----a-w c:\windows\SYSTEM32\narrator.exe
+ 2008-04-14 00:12:29 53,760 ----a-w c:\windows\SYSTEM32\narrator.exe
- 2004-08-04 07:56:44 36,352 ----a-w c:\windows\SYSTEM32\ncobjapi.dll
+ 2008-04-14 00:12:01 36,352 ----a-w c:\windows\SYSTEM32\ncobjapi.dll
- 2004-08-04 07:56:44 17,920 ----a-w c:\windows\SYSTEM32\nddeapi.dll
+ 2008-04-14 00:12:01 17,920 ----a-w c:\windows\SYSTEM32\nddeapi.dll
- 2004-08-04 07:56:54 4,096 ----a-w c:\windows\SYSTEM32\nddeapir.exe
+ 2008-04-14 00:12:29 4,096 ----a-w c:\windows\SYSTEM32\nddeapir.exe
- 2004-08-04 07:56:44 18,944 ----a-w c:\windows\SYSTEM32\nddenb32.dll
+ 2008-04-14 00:12:01 18,944 ----a-w c:\windows\SYSTEM32\nddenb32.dll
- 2004-08-04 07:56:54 42,496 ----a-w c:\windows\SYSTEM32\net.exe
+ 2008-04-14 00:12:29 42,496 ----a-w c:\windows\SYSTEM32\net.exe
- 2004-08-04 07:56:54 124,928 ----a-w c:\windows\SYSTEM32\net1.exe
+ 2008-04-14 00:12:29 124,928 ----a-w c:\windows\SYSTEM32\net1.exe
- 2008-10-15 16:57:55 332,800 ----a-w c:\windows\SYSTEM32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\SYSTEM32\netapi32.dll
- 2004-08-04 07:56:44 622,080 ----a-w c:\windows\SYSTEM32\netcfgx.dll
+ 2008-04-14 00:12:01 622,592 ----a-w c:\windows\SYSTEM32\netcfgx.dll
- 2004-08-04 07:56:54 111,104 ----a-w c:\windows\SYSTEM32\netdde.exe
+ 2008-04-14 00:12:29 111,104 ----a-w c:\windows\SYSTEM32\netdde.exe
- 2004-08-04 07:56:44 139,264 ----a-w c:\windows\SYSTEM32\netid.dll
+ 2008-04-14 00:12:01 139,264 ----a-w c:\windows\SYSTEM32\netid.dll
- 2004-08-04 07:56:44 407,040 ----a-w c:\windows\SYSTEM32\netlogon.dll
+ 2008-04-14 00:12:01 407,040 ----a-w c:\windows\SYSTEM32\netlogon.dll
- 2005-08-22 18:29:46 197,632 ----a-w c:\windows\SYSTEM32\netman.dll
+ 2008-04-14 00:12:01 198,144 ----a-w c:\windows\SYSTEM32\netman.dll
- 2004-08-04 07:56:44 875,008 ----a-w c:\windows\SYSTEM32\netplwiz.dll
+ 2008-04-14 00:12:01 875,008 ----a-w c:\windows\SYSTEM32\netplwiz.dll
- 2004-08-04 07:56:44 12,288 ----a-w c:\windows\SYSTEM32\netrap.dll
+ 2008-04-14 00:12:01 11,776 ----a-w c:\windows\SYSTEM32\netrap.dll
- 2004-08-04 08:02:44 329,728 ----a-w c:\windows\SYSTEM32\netsetup.exe
+ 2008-04-14 00:16:51 329,728 ----a-w c:\windows\SYSTEM32\netsetup.exe
- 2004-08-04 07:56:54 86,016 ----a-w c:\windows\SYSTEM32\netsh.exe
+ 2008-04-14 00:12:29 86,016 ----a-w c:\windows\SYSTEM32\netsh.exe
- 2004-08-04 07:56:44 1,708,032 ----a-w c:\windows\SYSTEM32\netshell.dll
+ 2008-04-14 00:12:02 1,703,936 ----a-w c:\windows\SYSTEM32\netshell.dll
- 2004-08-04 07:56:54 36,864 ----a-w c:\windows\SYSTEM32\netstat.exe
+ 2008-04-14 00:12:29 36,864 ----a-w c:\windows\SYSTEM32\netstat.exe
- 2004-08-04 07:56:44 80,896 ----a-w c:\windows\SYSTEM32\netui0.dll
+ 2008-04-14 00:12:02 80,896 ----a-w c:\windows\SYSTEM32\netui0.dll
- 2004-08-04 07:56:44 245,760 ----a-w c:\windows\SYSTEM32\netui1.dll
+ 2008-04-14 00:12:02 245,760 ----a-w c:\windows\SYSTEM32\netui1.dll
- 2004-08-04 07:56:44 248,832 ----a-w c:\windows\SYSTEM32\newdev.dll
+ 2008-04-14 00:12:02 247,808 ----a-w c:\windows\SYSTEM32\newdev.dll
- 2006-09-15 12:36:32 98,304 ----a-w c:\windows\SYSTEM32\nlhtml.dll
+ 2008-04-14 00:12:02 98,304 ----a-w c:\windows\SYSTEM32\nlhtml.dll
- 2004-08-04 07:56:44 28,672 ----a-w c:\windows\SYSTEM32\nmmkcert.dll
+ 2008-04-14 00:12:02 28,672 ----a-w c:\windows\SYSTEM32\nmmkcert.dll
- 2004-08-04 07:56:44 57,344 ----a-w c:\windows\SYSTEM32\NPP\ndisnpp.dll
+ 2008-04-14 00:12:01 57,344 ----a-w c:\windows\SYSTEM32\NPP\ndisnpp.dll
- 2004-08-04 07:56:54 15,360 ----a-w c:\windows\SYSTEM32\NPP\nppagent.exe
+ 2008-04-14 00:12:29 15,360 ----a-w c:\windows\SYSTEM32\NPP\nppagent.exe
- 2004-08-04 07:56:44 54,784 ----a-w c:\windows\SYSTEM32\npptools.dll
+ 2008-04-14 00:12:02 54,784 ----a-w c:\windows\SYSTEM32\npptools.dll
- 2004-08-04 07:56:54 76,800 ----a-w c:\windows\SYSTEM32\nslookup.exe
+ 2008-04-14 00:12:29 76,800 ----a-w c:\windows\SYSTEM32\nslookup.exe
- 2004-08-04 07:56:36 708,096 ----a-w c:\windows\SYSTEM32\ntdll.dll
+ 2008-04-14 00:11:24 706,048 ----a-w c:\windows\SYSTEM32\ntdll.dll
- 2004-08-04 07:56:44 67,072 ----a-w c:\windows\SYSTEM32\ntdsapi.dll
+ 2008-04-14 00:12:02 67,072 ----a-w c:\windows\SYSTEM32\ntdsapi.dll
- 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,066,048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
- 2004-08-04 07:56:44 43,520 ----a-w c:\windows\SYSTEM32\ntlanman.dll
+ 2008-04-14 00:12:02 44,032 ----a-w c:\windows\SYSTEM32\ntlanman.dll
- 2004-08-04 07:56:44 8,192 ----a-w c:\windows\SYSTEM32\ntlsapi.dll
+ 2008-04-14 00:12:02 8,192 ----a-w c:\windows\SYSTEM32\ntlsapi.dll
- 2004-08-04 07:56:44 118,784 ----a-w c:\windows\SYSTEM32\ntmarta.dll
+ 2008-04-14 00:12:02 118,784 ----a-w c:\windows\SYSTEM32\ntmarta.dll
- 2004-08-04 07:56:44 40,960 ----a-w c:\windows\SYSTEM32\ntmsapi.dll
+ 2008-04-14 00:12:02 40,960 ----a-w c:\windows\SYSTEM32\ntmsapi.dll
- 2004-08-04 07:56:44 179,712 ----a-w c:\windows\SYSTEM32\ntmsdba.dll
+ 2008-04-14 00:12:02 179,200 ----a-w c:\windows\SYSTEM32\ntmsdba.dll
- 2004-08-04 07:56:44 488,448 ----a-w c:\windows\SYSTEM32\ntmsmgr.dll
+ 2008-04-14 00:12:02 488,448 ----a-w c:\windows\SYSTEM32\ntmsmgr.dll
- 2004-08-04 07:56:44 435,200 ----a-w c:\windows\SYSTEM32\ntmssvc.dll
+ 2008-04-14 00:12:02 435,200 ----a-w c:\windows\SYSTEM32\ntmssvc.dll
- 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
+ 2008-08-14 10:11:02 2,189,184 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
- 2004-08-04 07:56:44 91,136 ----a-w c:\windows\SYSTEM32\ntprint.dll
+ 2008-04-14 00:12:02 91,136 ----a-w c:\windows\SYSTEM32\ntprint.dll
- 2004-08-04 07:56:44 143,872 ----a-w c:\windows\SYSTEM32\ntshrui.dll
+ 2008-04-14 00:12:02 143,360 ----a-w c:\windows\SYSTEM32\ntshrui.dll
- 2004-08-04 07:56:54 419,840 ----a-w c:\windows\SYSTEM32\ntvdm.exe
+ 2008-04-14 00:12:30 420,864 ----a-w c:\windows\SYSTEM32\ntvdm.exe
- 2002-08-29 11:00:00 13,312 ----a-w c:\windows\SYSTEM32\ntvdmd.dll
+ 2008-04-14 00:12:02 15,360 ----a-w c:\windows\SYSTEM32\ntvdmd.dll
- 2006-10-13 12:35:12 142,336 ----a-w c:\windows\SYSTEM32\nwprovau.dll
+ 2008-04-14 00:12:02 142,336 ----a-w c:\windows\SYSTEM32\nwprovau.dll
- 2004-08-04 07:56:44 266,752 ----a-w c:\windows\SYSTEM32\oakley.dll
+ 2008-04-14 00:12:02 270,336 ----a-w c:\windows\SYSTEM32\oakley.dll
- 2004-08-04 07:56:44 285,696 ----a-w c:\windows\SYSTEM32\objsel.dll
+ 2008-04-14 00:12:02 286,208 ----a-w c:\windows\SYSTEM32\objsel.dll
- 2002-08-29 11:00:00 60,928 ----a-w c:\windows\SYSTEM32\ocmanage.dll
+ 2008-04-14 00:12:02 67,584 ----a-w c:\windows\SYSTEM32\ocmanage.dll
- 2004-08-04 07:56:44 249,856 ----a-w c:\windows\SYSTEM32\odbc32.dll
+ 2008-04-14 00:12:02 249,856 ----a-w c:\windows\SYSTEM32\odbc32.dll
- 2004-08-04 07:56:44 16,384 ----a-w c:\windows\SYSTEM32\odbc32gt.dll
+ 2008-04-14 00:12:02 16,384 ----a-w c:\windows\SYSTEM32\odbc32gt.dll
- 2004-08-04 07:56:54 32,768 ----a-w c:\windows\SYSTEM32\odbcad32.exe
+ 2008-04-14 00:12:30 32,768 ----a-w c:\windows\SYSTEM32\odbcad32.exe
- 2004-08-04 07:56:44 24,576 ----a-w c:\windows\SYSTEM32\odbcbcp.dll
+ 2008-04-14 00:12:02 24,576 ----a-w c:\windows\SYSTEM32\odbcbcp.dll
- 2004-08-04 07:56:44 135,168 ----a-w c:\windows\SYSTEM32\odbcconf.dll
+ 2008-04-14 00:12:02 135,168 ----a-w c:\windows\SYSTEM32\odbcconf.dll
- 2004-08-04 07:56:54 69,632 ----a-w c:\windows\SYSTEM32\odbcconf.exe
+ 2008-04-14 00:12:30 69,632 ----a-w c:\windows\SYSTEM32\odbcconf.exe
- 2004-08-04 07:56:44 106,496 ----a-w c:\windows\SYSTEM32\odbccp32.dll
+ 2008-04-14 00:12:02 106,496 ----a-w c:\windows\SYSTEM32\odbccp32.dll
- 2004-08-04 07:56:44 65,536 ----a-w c:\windows\SYSTEM32\odbccr32.dll
+ 2008-04-14 00:12:02 65,536 ----a-w c:\windows\SYSTEM32\odbccr32.dll
- 2004-08-04 07:56:44 65,536 ----a-w c:\windows\SYSTEM32\odbccu32.dll
+ 2008-04-14 00:12:02 65,536 ----a-w c:\windows\SYSTEM32\odbccu32.dll
- 2004-08-04 07:56:22 94,208 ----a-w c:\windows\SYSTEM32\odbcint.dll
+ 2008-04-13 17:26:05 94,208 ----a-w c:\windows\SYSTEM32\odbcint.dll
- 2004-08-04 07:56:22 53,279 ----a-w c:\windows\SYSTEM32\odbcji32.dll
+ 2008-04-14 00:10:31 53,279 ----a-w c:\windows\SYSTEM32\odbcji32.dll
- 2004-08-04 07:56:44 278,559 ----a-w c:\windows\SYSTEM32\odbcjt32.dll
+ 2008-04-14 00:12:02 278,559 ----a-w c:\windows\SYSTEM32\odbcjt32.dll
- 2004-08-04 07:56:22 12,288 ----a-w c:\windows\SYSTEM32\odbcp32r.dll
+ 2008-04-13 17:26:05 12,288 ----a-w c:\windows\SYSTEM32\odbcp32r.dll
- 2004-08-04 07:56:44 147,456 ----a-w c:\windows\SYSTEM32\odbctrac.dll
+ 2008-04-14 00:12:02 147,456 ----a-w c:\windows\SYSTEM32\odbctrac.dll
- 2004-08-04 07:56:44 20,511 ----a-w c:\windows\SYSTEM32\oddbse32.dll
+ 2008-04-14 00:12:02 20,511 ----a-w c:\windows\SYSTEM32\oddbse32.dll
- 2004-08-04 07:56:44 20,510 ----a-w c:\windows\SYSTEM32\odexl32.dll
+ 2008-04-14 00:12:02 20,510 ----a-w c:\windows\SYSTEM32\odexl32.dll
- 2004-08-04 07:56:44 20,510 ----a-w c:\windows\SYSTEM32\odfox32.dll
+ 2008-04-14 00:12:02 20,510 ----a-w c:\windows\SYSTEM32\odfox32.dll
- 2004-08-04 07:56:44 20,510 ----a-w c:\windows\SYSTEM32\odpdx32.dll
+ 2008-04-14 00:12:02 20,510 ----a-w c:\windows\SYSTEM32\odpdx32.dll
- 2004-08-04 07:56:44 20,511 ----a-w c:\windows\SYSTEM32\odtext32.dll
+ 2008-04-14 00:12:02 20,511 ----a-w c:\windows\SYSTEM32\odtext32.dll
- 2006-09-15 12:36:32 192,000 ----a-w c:\windows\SYSTEM32\offfilt.dll
+ 2008-04-14 00:12:02 192,000 ----a-w c:\windows\SYSTEM32\offfilt.dll
- 2005-07-26 04:39:48 1,285,120 ----a-w c:\windows\SYSTEM32\ole32.dll
+ 2008-04-14 00:12:02 1,287,168 ----a-w c:\windows\SYSTEM32\ole32.dll
- 2007-12-04 18:38:13 550,912 ----a-w c:\windows\SYSTEM32\oleaut32.dll
+ 2008-04-14 00:12:02 551,936 ----a-w c:\windows\SYSTEM32\oleaut32.dll
- 2005-07-26 04:39:48 74,752 ----a-w c:\windows\SYSTEM32\olecli32.dll
+ 2008-04-14 00:12:02 74,752 ----a-w c:\windows\SYSTEM32\olecli32.dll
- 2005-07-26 04:39:49 37,888 ----a-w c:\windows\SYSTEM32\olecnv32.dll
+ 2008-04-14 00:12:02 37,376 ----a-w c:\windows\SYSTEM32\olecnv32.dll
- 2006-10-16 16:15:00 122,880 ----a-w c:\windows\SYSTEM32\oledlg.dll
+ 2008-04-14 00:12:02 122,880 ----a-w c:\windows\SYSTEM32\oledlg.dll
- 2004-08-04 07:56:44 107,008 ----a-w c:\windows\SYSTEM32\oleprn.dll
+ 2008-04-14 00:12:02 107,008 ----a-w c:\windows\SYSTEM32\oleprn.dll
- 2004-08-04 07:56:44 83,456 ----a-w c:\windows\SYSTEM32\olepro32.dll
+ 2008-04-14 00:12:02 84,992 ----a-w c:\windows\SYSTEM32\olepro32.dll
- 2004-08-04 07:56:43 122,368 ----a-w c:\windows\SYSTEM32\OOBE\msobcomm.dll
+ 2008-04-14 00:12:00 122,368 ----a-w c:\windows\SYSTEM32\OOBE\msobcomm.dll
- 2004-08-04 07:56:43 16,384 ----a-w c:\windows\SYSTEM32\OOBE\msobdl.dll
+ 2008-04-14 00:12:00 16,384 ----a-w c:\windows\SYSTEM32\OOBE\msobdl.dll
- 2004-08-04 07:56:43 561,664 ----a-w c:\windows\SYSTEM32\OOBE\msobmain.dll
+ 2008-04-14 00:12:00 565,248 ----a-w c:\windows\SYSTEM32\OOBE\msobmain.dll
- 2004-08-04 07:56:43 30,720 ----a-w c:\windows\SYSTEM32\OOBE\msobshel.dll
+ 2008-04-14 00:12:00 30,720 ----a-w c:\windows\SYSTEM32\OOBE\msobshel.dll
- 2004-08-04 07:56:43 18,944 ----a-w c:\windows\SYSTEM32\OOBE\msobweb.dll
+ 2008-04-14 00:12:00 19,456 ----a-w c:\windows\SYSTEM32\OOBE\msobweb.dll
- 2002-08-29 11:00:00 28,160 ----a-w c:\windows\SYSTEM32\OOBE\msoobe.exe
+ 2008-04-14 00:12:28 29,184 ----a-w c:\windows\SYSTEM32\OOBE\msoobe.exe
- 2004-08-04 07:56:54 51,200 ----a-w c:\windows\SYSTEM32\OOBE\oobebaln.exe
+ 2008-04-14 00:12:31 51,200 ----a-w c:\windows\SYSTEM32\OOBE\oobebaln.exe
- 2004-08-04 07:56:44 713,728 ----a-w c:\windows\SYSTEM32\opengl32.dll
+ 2008-04-14 00:12:02 713,728 ----a-w c:\windows\SYSTEM32\opengl32.dll
- 2004-08-04 07:56:55 215,552 ----a-w c:\windows\SYSTEM32\osk.exe
+ 2008-04-14 00:12:31 215,552 ----a-w c:\windows\SYSTEM32\osk.exe
- 2004-08-04 07:56:44 67,584 ----a-w c:\windows\SYSTEM32\osuninst.dll
+ 2008-04-14 00:12:02 67,584 ----a-w c:\windows\SYSTEM32\osuninst.dll
- 2004-08-04 07:56:44 116,224 ----a-w c:\windows\SYSTEM32\p2p.dll
+ 2008-04-14 00:12:02 153,600 ----a-w c:\windows\SYSTEM32\p2p.dll
- 2004-08-04 07:56:44 86,016 ----a-w c:\windows\SYSTEM32\p2pgasvc.dll
+ 2008-04-14 00:12:02 105,472 ----a-w c:\windows\SYSTEM32\p2pgasvc.dll
- 2004-08-04 07:56:44 312,320 ----a-w c:\windows\SYSTEM32\p2pgraph.dll
+ 2008-04-14 00:12:02 313,856 ----a-w c:\windows\SYSTEM32\p2pgraph.dll
- 2004-08-04 07:56:44 88,064 ----a-w c:\windows\SYSTEM32\p2pnetsh.dll
+ 2008-04-14 00:12:02 115,712 ----a-w c:\windows\SYSTEM32\p2pnetsh.dll
- 2004-08-04 07:56:44 526,848 ----a-w c:\windows\SYSTEM32\p2psvc.dll
+ 2008-04-14 00:12:02 554,496 ----a-w c:\windows\SYSTEM32\p2psvc.dll
- 2004-08-04 07:56:55 58,368 ----a-w c:\windows\SYSTEM32\packager.exe
+ 2008-04-14 00:12:31 58,368 ----a-w c:\windows\SYSTEM32\packager.exe
- 2004-08-04 07:56:44 62,976 ----a-w c:\windows\SYSTEM32\pautoenr.dll
+ 2008-04-14 00:12:02 67,584 ----a-w c:\windows\SYSTEM32\pautoenr.dll
- 2004-08-04 07:56:44 283,648 ----a-w c:\windows\SYSTEM32\pdh.dll
+ 2008-04-14 00:12:02 284,160 ----a-w c:\windows\SYSTEM32\pdh.dll
- 2004-08-04 07:56:44 39,936 ----a-w c:\windows\SYSTEM32\perfctrs.dll
+ 2008-04-14 00:12:02 39,936 ----a-w c:\windows\SYSTEM32\perfctrs.dll
- 2004-08-04 07:56:44 26,624 ----a-w c:\windows\SYSTEM32\perfdisk.dll
+ 2008-04-14 00:12:02 26,624 ----a-w c:\windows\SYSTEM32\perfdisk.dll
- 2004-08-04 07:56:55 15,872 ----a-w c:\windows\SYSTEM32\perfmon.exe
+ 2008-04-14 00:12:31 15,872 ----a-w c:\windows\SYSTEM32\perfmon.exe
- 2002-08-29 11:00:00 16,896 ----a-w c:\windows\SYSTEM32\perfnet.dll
+ 2008-04-14 00:12:02 17,920 ----a-w c:\windows\SYSTEM32\perfnet.dll
- 2004-08-04 07:56:44 25,088 ----a-w c:\windows\SYSTEM32\perfos.dll
+ 2008-04-14 00:12:02 25,088 ----a-w c:\windows\SYSTEM32\perfos.dll
- 2004-08-04 07:56:44 34,816 ----a-w c:\windows\SYSTEM32\perfproc.dll
+ 2008-04-14 00:12:02 34,816 ----a-w c:\windows\SYSTEM32\perfproc.dll
- 2006-10-24 16:30:20 412,160 ----a-w c:\windows\SYSTEM32\photometadatahandler.dll
+ 2008-04-14 00:12:02 412,160 ----a-w c:\windows\SYSTEM32\photometadatahandler.dll
- 2004-08-04 07:56:44 176,128 ----a-w c:\windows\SYSTEM32\photowiz.dll
+ 2008-04-14 00:12:02 176,128 ----a-w c:\windows\SYSTEM32\photowiz.dll
- 2004-08-04 07:56:44 35,328 ----a-w c:\windows\SYSTEM32\pid.dll
+ 2008-04-14 00:12:02 35,328 ----a-w c:\windows\SYSTEM32\pid.dll
- 2004-08-04 06:04:41 24,064 ----a-w c:\windows\SYSTEM32\pidgen.dll
+ 2008-04-13 18:35:22 24,064 ----a-w c:\windows\SYSTEM32\pidgen.dll
- 2004-08-04 07:56:55 17,920 ----a-w c:\windows\SYSTEM32\ping.exe
+ 2008-04-14 00:12:31 17,920 ----a-w c:\windows\SYSTEM32\ping.exe
- 2004-08-04 07:56:44 15,360 ----a-w c:\windows\SYSTEM32\pjlmon.dll
+ 2008-04-14 00:12:02 15,360 ----a-w c:\windows\SYSTEM32\pjlmon.dll
- 2004-08-04 07:56:44 48,640 ----a-w c:\windows\SYSTEM32\pnrpnsp.dll
+ 2008-04-14 00:12:02 58,880 ----a-w c:\windows\SYSTEM32\pnrpnsp.dll
- 2004-08-04 07:56:44 105,472 ----a-w c:\windows\SYSTEM32\polstore.dll
+ 2008-04-14 00:12:02 105,472 ----a-w c:\windows\SYSTEM32\polstore.dll
- 2004-08-04 07:56:55 49,152 ----a-w c:\windows\SYSTEM32\powercfg.exe
+ 2008-04-14 00:12:31 49,152 ----a-w c:\windows\SYSTEM32\powercfg.exe
- 2004-08-04 07:56:44 17,408 ----a-w c:\windows\SYSTEM32\powrprof.dll
+ 2008-04-14 00:12:03 17,408 ----a-w c:\windows\SYSTEM32\powrprof.dll
+ 2008-07-30 00:59:58 105,016 ----a-w c:\windows\SYSTEM32\PresentationCFFRasterizerNative_v0300.dll
+ 2008-07-30 01:35:46 326,160 ----a-w c:\windows\SYSTEM32\PresentationHost.exe
+ 2008-07-30 00:59:58 43,544 ----a-w c:\windows\SYSTEM32\PresentationHostProxy.dll
+ 2008-07-30 00:59:58 781,344 ----a-w c:\windows\SYSTEM32\PresentationNative_v0300.dll
- 2004-08-04 07:56:44 560,640 ----a-w c:\windows\SYSTEM32\printui.dll
+ 2008-04-14 00:12:03 560,640 ----a-w c:\windows\SYSTEM32\printui.dll
- 2004-08-04 07:56:44 27,648 ----a-w c:\windows\SYSTEM32\profmap.dll
+ 2008-04-14 00:12:03 27,648 ----a-w c:\windows\SYSTEM32\profmap.dll
- 2004-08-04 07:56:55 109,568 ----a-w c:\windows\SYSTEM32\progman.exe
+ 2008-04-14 00:12:31 109,568 ----a-w c:\windows\SYSTEM32\progman.exe
- 2004-08-04 07:56:55 50,176 ----a-w c:\windows\SYSTEM32\proquota.exe
+ 2008-04-14 00:12:32 50,176 ----a-w c:\windows\SYSTEM32\proquota.exe
- 2004-08-04 07:56:55 9,216 ----a-w c:\windows\SYSTEM32\proxycfg.exe
+ 2008-04-14 00:12:32 9,216 ----a-w c:\windows\SYSTEM32\proxycfg.exe
- 2004-08-04 07:56:44 23,040 ----a-w c:\windows\SYSTEM32\psapi.dll
+ 2008-04-14 00:12:03 23,040 ----a-w c:\windows\SYSTEM32\psapi.dll
- 2004-08-04 07:56:44 96,768 ----a-w c:\windows\SYSTEM32\psbase.dll
+ 2008-04-14 00:12:03 96,768 ----a-w c:\windows\SYSTEM32\psbase.dll
- 2004-08-04 07:56:44 363,520 ----a-w c:\windows\SYSTEM32\psisdecd.dll
+ 2008-04-14 00:12:03 363,520 ----a-w c:\windows\SYSTEM32\psisdecd.dll
- 2004-08-04 07:56:44 43,520 ----a-w c:\windows\SYSTEM32\pstorec.dll
+ 2008-04-14 00:12:03 43,520 ----a-w c:\windows\SYSTEM32\pstorec.dll
- 2004-08-04 07:56:44 34,304 ----a-w c:\windows\SYSTEM32\pstorsvc.dll
+ 2008-04-14 00:12:03 34,304 ----a-w c:\windows\SYSTEM32\pstorsvc.dll
- 2004-08-04 07:56:44 192,512 ----a-w c:\windows\SYSTEM32\qcap.dll
+ 2008-04-14 00:12:03 192,512 ----a-w c:\windows\SYSTEM32\qcap.dll
- 2004-08-04 07:56:44 279,040 ----a-w c:\windows\SYSTEM32\qdv.dll
+ 2008-04-14 00:12:03 279,040 ----a-w c:\windows\SYSTEM32\qdv.dll
- 2004-08-04 07:56:44 385,024 ----a-w c:\windows\SYSTEM32\qdvd.dll
+ 2008-04-14 00:12:03 386,048 ----a-w c:\windows\SYSTEM32\qdvd.dll
- 2004-08-04 07:56:44 562,176 ----a-w c:\windows\SYSTEM32\qedit.dll
+ 2008-04-14 00:12:03 562,176 ----a-w c:\windows\SYSTEM32\qedit.dll
- 2004-08-04 07:56:24 733,696 ----a-w c:\windows\SYSTEM32\qedwipes.dll
+ 2008-04-13 17:21:32 733,696 ----a-w c:\windows\SYSTEM32\qedwipes.dll
- 2004-08-04 07:56:44 382,464 ----a-w c:\windows\SYSTEM32\qmgr.dll
+ 2008-04-14 00:12:03 409,088 ----a-w c:\windows\SYSTEM32\qmgr.dll
- 2004-08-04 07:56:44 18,944 ----a-w c:\windows\SYSTEM32\qmgrprxy.dll
+ 2008-04-14 00:12:03 18,944 ----a-w c:\windows\SYSTEM32\qmgrprxy.dll
- 2004-08-04 07:56:55 20,480 ----a-w c:\windows\SYSTEM32\qprocess.exe
+ 2008-04-14 00:12:32 19,968 ----a-w c:\windows\SYSTEM32\qprocess.exe
- 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\SYSTEM32\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\SYSTEM32\quartz.dll
- 2006-06-22 05:06:30 1,435,648 ----a-w c:\windows\SYSTEM32\query.dll
+ 2008-04-14 00:12:03 1,435,648 ----a-w c:\windows\SYSTEM32\query.dll
- 2004-08-04 07:56:44 43,520 ----a-w c:\windows\SYSTEM32\racpldlg.dll
+ 2008-04-14 00:12:03 43,520 ----a-w c:\windows\SYSTEM32\racpldlg.dll
- 2006-06-26 17:37:10 8,192 ----a-w c:\windows\SYSTEM32\rasadhlp.dll
+ 2008-04-14 00:12:03 7,680 ----a-w c:\windows\SYSTEM32\rasadhlp.dll
- 2004-08-04 07:56:44 236,544 ----a-w c:\windows\SYSTEM32\rasapi32.dll
+ 2008-04-14 00:12:03 237,056 ----a-w c:\windows\SYSTEM32\rasapi32.dll
- 2004-08-04 07:56:44 89,088 ----a-w c:\windows\SYSTEM32\rasauto.dll
+ 2008-04-14 00:12:03 88,576 ----a-w c:\windows\SYSTEM32\rasauto.dll
- 2004-08-04 07:56:44 69,632 ----a-w c:\windows\SYSTEM32\raschap.dll
+ 2008-04-14 00:12:03 79,872 ----a-w c:\windows\SYSTEM32\raschap.dll
- 2004-08-04 07:56:44 657,920 ----a-w c:\windows\SYSTEM32\rasdlg.dll
+ 2008-04-14 00:12:03 658,432 ----a-w c:\windows\SYSTEM32\rasdlg.dll
- 2004-08-04 07:56:44 61,440 ----a-w c:\windows\SYSTEM32\rasman.dll
+ 2008-04-14 00:12:03 61,440 ----a-w c:\windows\SYSTEM32\rasman.dll
- 2006-05-14 08:44:08 181,248 ----a-w c:\windows\SYSTEM32\rasmans.dll
+ 2008-04-14 00:12:03 186,368 ----a-w c:\windows\SYSTEM32\rasmans.dll
- 2004-08-04 07:56:55 56,832 ----a-w c:\windows\SYSTEM32\rasphone.exe
+ 2008-04-14 00:12:32 56,832 ----a-w c:\windows\SYSTEM32\rasphone.exe
- 2004-08-04 07:56:44 206,336 ----a-w c:\windows\SYSTEM32\rasppp.dll
+ 2008-04-14 00:12:03 210,944 ----a-w c:\windows\SYSTEM32\rasppp.dll
- 2004-08-04 07:56:44 16,896 ----a-w c:\windows\SYSTEM32\rassapi.dll
+ 2008-04-14 00:12:03 16,384 ----a-w c:\windows\SYSTEM32\rassapi.dll
- 2004-08-04 07:56:44 58,880 ----a-w c:\windows\SYSTEM32\rastapi.dll
+ 2008-04-14 00:12:03 58,368 ----a-w c:\windows\SYSTEM32\rastapi.dll
- 2004-08-04 07:56:44 112,128 ----a-w c:\windows\SYSTEM32\rastls.dll
+ 2008-04-14 00:12:03 150,016 ----a-w c:\windows\SYSTEM32\rastls.dll
- 2004-08-04 07:56:44 102,400 ----a-w c:\windows\SYSTEM32\rcbdyctl.dll
+ 2008-04-14 00:12:03 102,400 ----a-w c:\windows\SYSTEM32\rcbdyctl.dll
- 2004-08-04 07:56:55 35,840 ----a-w c:\windows\SYSTEM32\rcimlby.exe
+ 2008-04-14 00:12:32 35,840 ----a-w c:\windows\SYSTEM32\rcimlby.exe
- 2004-08-04 07:56:55 21,504 ----a-w c:\windows\SYSTEM32\rcp.exe
+ 2008-04-14 00:12:32 21,504 ----a-w c:\windows\SYSTEM32\rcp.exe
- 2004-08-04 07:56:44 147,968 ----a-w c:\windows\SYSTEM32\rdchost.dll
+ 2008-04-14 00:12:03 147,968 ----a-w c:\windows\SYSTEM32\rdchost.dll
- 2004-08-04 07:56:55 62,464 ----a-w c:\windows\SYSTEM32\rdpclip.exe
+ 2008-04-14 00:12:32 62,976 ----a-w c:\windows\SYSTEM32\rdpclip.exe
- 2004-08-04 08:01:07 92,168 ----a-w c:\windows\SYSTEM32\rdpdd.dll
+ 2008-04-14 00:13:22 92,424 ----a-w c:\windows\SYSTEM32\rdpdd.dll
- 2004-08-04 07:56:44 19,968 ----a-w c:\windows\SYSTEM32\rdpsnd.dll
+ 2008-04-14 00:12:04 19,968 ----a-w c:\windows\SYSTEM32\rdpsnd.dll
- 2004-08-04 08:01:08 87,176 ----a-w c:\windows\SYSTEM32\rdpwsx.dll
+ 2008-04-14 00:13:22 87,176 ----a-w c:\windows\SYSTEM32\rdpwsx.dll
- 2004-08-04 07:56:55 13,824 ----a-w c:\windows\SYSTEM32\rdsaddin.exe
+ 2008-04-14 00:12:32 13,824 ----a-w c:\windows\SYSTEM32\rdsaddin.exe
- 2004-08-04 07:56:55 67,072 ----a-w c:\windows\SYSTEM32\rdshost.exe
+ 2008-04-14 00:12:32 67,072 ----a-w c:\windows\SYSTEM32\rdshost.exe
- 2004-08-04 07:56:55 50,176 ----a-w c:\windows\SYSTEM32\reg.exe
+ 2008-04-14 00:12:32 50,176 ----a-w c:\windows\SYSTEM32\reg.exe
- 2004-08-04 07:56:44 49,664 ----a-w c:\windows\SYSTEM32\regapi.dll
+ 2008-04-14 00:12:04 49,664 ----a-w c:\windows\SYSTEM32\regapi.dll
- 2004-08-04 07:56:44 59,904 ----a-w c:\windows\SYSTEM32\regsvc.dll
+ 2008-04-14 00:12:04 59,904 ----a-w c:\windows\SYSTEM32\regsvc.dll
- 2004-08-04 07:56:55 11,776 ----a-w c:\windows\SYSTEM32\regsvr32.exe
+ 2008-04-14 00:12:32 11,776 ----a-w c:\windows\SYSTEM32\regsvr32.exe
- 2004-08-04 07:56:44 397,824 ----a-w c:\windows\SYSTEM32\regwizc.dll
+ 2008-04-14 00:12:04 397,824 ----a-w c:\windows\SYSTEM32\regwizc.dll
+ 2004-08-04 05:59:19 36,096 ----a-w c:\windows\SYSTEM32\ReinstallBackups\0001\DriverFiles\i386\intelppm.sys
- 2004-08-04 07:56:44 60,416 ----a-w c:\windows\SYSTEM32\remotepg.dll
+ 2008-04-14 00:12:04 60,416 ----a-w c:\windows\SYSTEM32\remotepg.dll
- 2004-08-04 07:56:55 380,416 ----a-w c:\windows\SYSTEM32\Restore\rstrui.exe
+ 2008-04-14 00:12:33 380,416 ----a-w c:\windows\SYSTEM32\Restore\rstrui.exe
- 2004-08-04 07:56:44 58,880 ----a-w c:\windows\SYSTEM32\resutils.dll
+ 2008-04-14 00:12:04 58,880 ----a-w c:\windows\SYSTEM32\resutils.dll
- 2004-08-04 07:56:55 13,824 ----a-w c:\windows\SYSTEM32\rexec.exe
+ 2008-04-14 00:12:33 13,824 ----a-w c:\windows\SYSTEM32\rexec.exe
+ 2006-08-24 21:15:06 150,808 ----a-w c:\windows\SYSTEM32\rgb9rast_2.dll
- 2006-11-27 14:54:06 433,152 ----a-w c:\windows\SYSTEM32\riched20.dll
+ 2008-04-14 00:12:04 433,664 ----a-w c:\windows\SYSTEM32\riched20.dll
- 2007-07-09 13:09:42 584,192 ----a-w c:\windows\SYSTEM32\rpcrt4.dll
+ 2008-04-14 00:12:04 584,704 ----a-w c:\windows\SYSTEM32\rpcrt4.dll
- 2005-07-26 04:39:49 397,824 ----a-w c:\windows\SYSTEM32\rpcss.dll
+ 2008-04-14 00:12:04 399,360 ----a-w c:\windows\SYSTEM32\rpcss.dll
- 2004-08-04 05:31:43 152,576 ----a-w c:\windows\SYSTEM32\rsaenh.dll
+ 2008-04-13 17:37:57 208,384 ----a-w c:\windows\SYSTEM32\rsaenh.dll
- 2004-08-04 07:56:55 14,848 ----a-w c:\windows\SYSTEM32\rsh.exe
+ 2008-04-14 00:12:33 14,848 ----a-w c:\windows\SYSTEM32\rsh.exe
- 2004-08-04 07:56:44 39,936 ----a-w c:\windows\SYSTEM32\rshx32.dll
+ 2008-04-14 00:12:04 39,936 ----a-w c:\windows\SYSTEM32\rshx32.dll
- 2004-08-04 07:56:44 18,944 ----a-w c:\windows\SYSTEM32\rsmps.dll
+ 2008-04-14 00:12:04 18,944 ----a-w c:\windows\SYSTEM32\rsmps.dll
- 2002-08-29 11:00:00 90,112 ----a-w c:\windows\SYSTEM32\rsvpsp.dll
+ 2008-04-14 00:12:04 92,672 ----a-w c:\windows\SYSTEM32\rsvpsp.dll
- 2004-08-04 07:56:55 77,312 ----a-w c:\windows\SYSTEM32\rtcshare.exe
+ 2008-04-14 00:12:33 77,312 ----a-w c:\windows\SYSTEM32\rtcshare.exe
- 2004-08-04 07:56:44 31,744 ----a-w c:\windows\SYSTEM32\rtipxmib.dll
+ 2008-04-14 00:12:04 31,744 ----a-w c:\windows\SYSTEM32\rtipxmib.dll
- 2004-08-04 07:56:44 44,032 ----a-w c:\windows\SYSTEM32\rtutils.dll
+ 2008-04-14 00:12:04 44,032 ----a-w c:\windows\SYSTEM32\rtutils.dll
- 2004-08-04 07:56:55 33,280 ----a-w c:\windows\SYSTEM32\rundll32.exe
+ 2008-04-14 00:12:33 33,280 ----a-w c:\windows\SYSTEM32\rundll32.exe
- 2004-08-04 07:56:55 14,336 ----a-w c:\windows\SYSTEM32\runonce.exe
+ 2008-04-14 00:12:33 14,336 ----a-w c:\windows\SYSTEM32\runonce.exe
  • 0

#19
CorporateKD
Posted 06 December 2008 - 09:14 PM

CorporateKD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Andrewuk:

Part 16 of the ComboFix log!

- 2004-08-04 07:56:44 397,056 ----a-w c:\windows\SYSTEM32\s3gnb.dll
+ 2008-04-14 00:12:04 397,056 ----a-w c:\windows\SYSTEM32\s3gnb.dll
- 2004-08-04 07:56:44 43,520 ----a-w c:\windows\SYSTEM32\safrcdlg.dll
+ 2008-04-14 00:12:04 43,520 ----a-w c:\windows\SYSTEM32\safrcdlg.dll
- 2004-08-04 07:56:44 29,696 ----a-w c:\windows\SYSTEM32\safrdm.dll
+ 2008-04-14 00:12:04 29,696 ----a-w c:\windows\SYSTEM32\safrdm.dll
- 2004-08-04 07:56:44 45,568 ----a-w c:\windows\SYSTEM32\safrslv.dll
+ 2008-04-14 00:12:04 45,568 ----a-w c:\windows\SYSTEM32\safrslv.dll
- 2004-08-04 07:56:44 64,000 ----a-w c:\windows\SYSTEM32\samlib.dll
+ 2008-04-14 00:12:04 64,000 ----a-w c:\windows\SYSTEM32\samlib.dll
- 2004-08-04 07:56:44 415,744 ----a-w c:\windows\SYSTEM32\samsrv.dll
+ 2008-04-14 00:12:04 415,744 ----a-w c:\windows\SYSTEM32\samsrv.dll
- 2004-08-04 07:56:55 13,312 ----a-w c:\windows\SYSTEM32\savedump.exe
+ 2008-04-14 00:12:33 13,312 ----a-w c:\windows\SYSTEM32\savedump.exe
- 2004-08-04 07:56:44 270,848 ----a-w c:\windows\SYSTEM32\sbe.dll
+ 2008-04-14 00:12:04 270,848 ----a-w c:\windows\SYSTEM32\sbe.dll
- 2004-08-04 07:56:44 159,232 ----a-w c:\windows\SYSTEM32\sbeio.dll
+ 2008-04-14 00:12:04 159,232 ----a-w c:\windows\SYSTEM32\sbeio.dll
- 2004-08-04 07:56:44 69,632 ----a-w c:\windows\SYSTEM32\scarddlg.dll
+ 2008-04-14 00:12:04 69,632 ----a-w c:\windows\SYSTEM32\scarddlg.dll
- 2004-08-04 07:56:55 95,744 ----a-w c:\windows\SYSTEM32\scardsvr.exe
+ 2008-04-14 00:12:33 95,744 ----a-w c:\windows\SYSTEM32\scardsvr.exe
- 2004-08-04 07:56:44 171,008 ----a-w c:\windows\SYSTEM32\sccsccp.dll
+ 2008-04-14 00:12:05 171,008 ----a-w c:\windows\SYSTEM32\sccsccp.dll
- 2004-08-04 07:56:44 180,224 ----a-w c:\windows\SYSTEM32\scecli.dll
+ 2008-04-14 00:12:05 181,248 ----a-w c:\windows\SYSTEM32\scecli.dll
- 2004-08-04 07:56:44 313,856 ----a-w c:\windows\SYSTEM32\scesrv.dll
+ 2008-04-14 00:12:05 314,880 ----a-w c:\windows\SYSTEM32\scesrv.dll
- 2007-04-25 14:21:15 144,896 ----a-w c:\windows\SYSTEM32\schannel.dll
+ 2008-04-14 00:12:05 144,384 ----a-w c:\windows\SYSTEM32\schannel.dll
- 2004-08-04 07:56:44 190,976 ----a-w c:\windows\SYSTEM32\schedsvc.dll
+ 2008-04-14 00:12:05 192,512 ----a-w c:\windows\SYSTEM32\schedsvc.dll
- 2004-08-04 07:56:44 20,992 ----a-w c:\windows\SYSTEM32\sclgntfy.dll
+ 2008-04-14 00:12:05 20,480 ----a-w c:\windows\SYSTEM32\sclgntfy.dll
- 2004-08-04 07:56:57 9,216 ----a-w c:\windows\SYSTEM32\scrnsave.scr
+ 2008-04-14 00:12:43 9,216 ----a-w c:\windows\SYSTEM32\scrnsave.scr
- 2004-08-04 07:56:44 159,744 ----a-w c:\windows\SYSTEM32\scrobj.dll
+ 2008-04-14 00:12:05 180,224 ----a-w c:\windows\SYSTEM32\scrobj.dll
- 2004-08-04 07:56:44 151,552 ----a-w c:\windows\SYSTEM32\scrrun.dll
+ 2008-04-14 00:12:05 172,032 ----a-w c:\windows\SYSTEM32\scrrun.dll
- 2004-08-04 07:56:55 77,312 ----a-w c:\windows\SYSTEM32\sdbinst.exe
+ 2008-04-14 00:12:34 77,312 ----a-w c:\windows\SYSTEM32\sdbinst.exe
- 2004-08-04 07:56:44 29,184 ----a-w c:\windows\SYSTEM32\sdhcinst.dll
+ 2008-04-14 00:12:05 29,184 ----a-w c:\windows\SYSTEM32\sdhcinst.dll
- 2004-08-04 07:56:44 18,944 ----a-w c:\windows\SYSTEM32\seclogon.dll
+ 2008-04-14 00:12:05 18,944 ----a-w c:\windows\SYSTEM32\seclogon.dll
- 2004-08-04 07:56:44 55,808 ----a-w c:\windows\SYSTEM32\secur32.dll
+ 2008-04-14 00:12:05 56,320 ----a-w c:\windows\SYSTEM32\secur32.dll
- 2004-08-04 07:56:44 5,632 ----a-w c:\windows\SYSTEM32\security.dll
+ 2008-04-14 00:12:05 5,632 ----a-w c:\windows\SYSTEM32\security.dll
- 2004-08-04 07:56:44 29,184 ----a-w c:\windows\SYSTEM32\sendcmsg.dll
+ 2008-04-14 00:12:05 29,184 ----a-w c:\windows\SYSTEM32\sendcmsg.dll
- 2004-08-04 07:56:44 55,296 ----a-w c:\windows\SYSTEM32\sendmail.dll
+ 2008-04-14 00:12:05 54,784 ----a-w c:\windows\SYSTEM32\sendmail.dll
- 2004-08-04 07:56:44 38,912 ----a-w c:\windows\SYSTEM32\sens.dll
+ 2008-04-14 00:12:05 39,424 ----a-w c:\windows\SYSTEM32\sens.dll
- 2004-08-04 07:56:44 6,656 ----a-w c:\windows\SYSTEM32\sensapi.dll
+ 2008-04-14 00:12:05 7,168 ----a-w c:\windows\SYSTEM32\sensapi.dll
- 2004-08-04 07:56:44 56,320 ----a-w c:\windows\SYSTEM32\servdeps.dll
+ 2008-04-14 00:12:05 56,320 ----a-w c:\windows\SYSTEM32\servdeps.dll
- 2004-08-04 07:56:55 108,032 ----a-w c:\windows\SYSTEM32\services.exe
+ 2008-04-14 00:12:34 108,544 ----a-w c:\windows\SYSTEM32\services.exe
- 2004-08-04 07:56:56 140,800 ----a-w c:\windows\SYSTEM32\sessmgr.exe
+ 2008-04-14 00:12:34 141,312 ----a-w c:\windows\SYSTEM32\sessmgr.exe
- 2004-08-04 07:56:56 31,232 ----a-w c:\windows\SYSTEM32\sethc.exe
+ 2008-04-14 00:12:34 31,232 ----a-w c:\windows\SYSTEM32\sethc.exe
- 2004-08-04 07:56:56 23,040 ----a-w c:\windows\SYSTEM32\setup.exe
+ 2008-04-14 00:12:34 23,040 ----a-w c:\windows\SYSTEM32\setup.exe
- 2002-08-29 11:00:00 259,584 ----a-w c:\windows\SYSTEM32\Setup\comsetup.dll
+ 2008-04-14 00:11:51 274,944 ----a-w c:\windows\SYSTEM32\Setup\comsetup.dll
- 2004-08-04 07:56:42 32,828 ----a-w c:\windows\SYSTEM32\Setup\fp40ext.dll
+ 2008-04-14 00:11:53 32,828 ----a-w c:\windows\SYSTEM32\Setup\fp40ext.dll
- 2004-08-04 07:56:42 132,608 ----a-w c:\windows\SYSTEM32\Setup\fxsocm.dll
+ 2008-04-14 00:11:54 132,608 ----a-w c:\windows\SYSTEM32\Setup\fxsocm.dll
- 2004-08-04 07:56:42 505,344 ----a-w c:\windows\SYSTEM32\Setup\iis.dll
+ 2008-04-14 00:11:54 505,344 ----a-w c:\windows\SYSTEM32\Setup\iis.dll
- 2002-08-29 11:00:00 115,712 ----a-w c:\windows\SYSTEM32\Setup\imsinsnt.dll
+ 2008-04-14 00:11:54 123,392 ----a-w c:\windows\SYSTEM32\Setup\imsinsnt.dll
+ 2008-04-14 00:11:56 8,192 ----a-w c:\windows\SYSTEM32\Setup\koc.dll
- 2002-08-29 11:00:00 82,432 ----a-w c:\windows\SYSTEM32\Setup\msdtcstp.dll
+ 2008-04-14 00:11:59 90,112 ----a-w c:\windows\SYSTEM32\Setup\msdtcstp.dll
- 2004-08-04 07:56:43 15,360 ----a-w c:\windows\SYSTEM32\Setup\msgrocm.dll
+ 2008-04-14 00:11:59 15,360 ----a-w c:\windows\SYSTEM32\Setup\msgrocm.dll
- 2004-08-04 07:56:44 77,312 ----a-w c:\windows\SYSTEM32\Setup\netoc.dll
+ 2008-04-14 00:12:01 77,312 ----a-w c:\windows\SYSTEM32\Setup\netoc.dll
- 2004-08-04 07:56:44 62,976 ----a-w c:\windows\SYSTEM32\Setup\ntoc.dll
+ 2008-04-14 00:12:02 62,976 ----a-w c:\windows\SYSTEM32\Setup\ntoc.dll
- 2004-08-04 07:56:44 15,872 ----a-w c:\windows\SYSTEM32\Setup\ocgen.dll
+ 2008-04-14 00:12:02 15,360 ----a-w c:\windows\SYSTEM32\Setup\ocgen.dll
- 2004-08-04 07:56:44 17,408 ----a-w c:\windows\SYSTEM32\Setup\ocmsn.dll
+ 2008-04-14 00:12:02 17,408 ----a-w c:\windows\SYSTEM32\Setup\ocmsn.dll
- 2004-08-04 07:56:44 101,376 ----a-w c:\windows\SYSTEM32\Setup\setupqry.dll
+ 2008-04-14 00:12:05 101,376 ----a-w c:\windows\SYSTEM32\Setup\setupqry.dll
- 2004-08-04 07:56:45 22,016 ----a-w c:\windows\SYSTEM32\Setup\startoc.dll
+ 2008-04-14 00:12:07 26,624 ----a-w c:\windows\SYSTEM32\Setup\startoc.dll
- 2004-08-04 07:56:46 121,856 ----a-w c:\windows\SYSTEM32\Setup\tsoc.dll
+ 2008-04-14 00:12:07 130,048 ----a-w c:\windows\SYSTEM32\Setup\tsoc.dll
- 2004-08-04 04:56:46 983,552 ----a-w c:\windows\SYSTEM32\setupapi.dll
+ 2008-04-14 10:42:06 985,088 ----a-w c:\windows\SYSTEM32\setupapi.dll
- 2004-08-04 07:56:44 5,120 ----a-w c:\windows\SYSTEM32\sfc.dll
+ 2008-04-14 00:12:05 5,120 ----a-w c:\windows\SYSTEM32\sfc.dll
- 2004-08-04 07:56:44 140,288 ----a-w c:\windows\SYSTEM32\sfc_os.dll
+ 2008-04-14 00:12:05 140,288 ----a-w c:\windows\SYSTEM32\sfc_os.dll
- 2004-08-04 07:56:45 1,580,544 ----a-w c:\windows\SYSTEM32\sfcfiles.dll
+ 2008-04-14 00:12:05 1,614,848 ----a-w c:\windows\SYSTEM32\sfcfiles.dll
- 2004-08-04 07:56:27 549,376 ----a-w c:\windows\SYSTEM32\shdoclc.dll
+ 2008-04-13 17:03:19 549,376 ----a-w c:\windows\SYSTEM32\shdoclc.dll
- 2008-06-23 15:38:34 1,494,528 ----a-w c:\windows\SYSTEM32\shdocvw.dll
+ 2008-04-14 00:12:05 1,499,136 ----a-w c:\windows\SYSTEM32\shdocvw.dll
- 2007-10-26 03:36:51 8,454,656 ----a-w c:\windows\SYSTEM32\shell32.dll
+ 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\SYSTEM32\shell32.dll
- 2004-08-04 07:56:45 25,088 ----a-w c:\windows\SYSTEM32\shfolder.dll
+ 2008-04-14 00:12:05 25,088 ----a-w c:\windows\SYSTEM32\shfolder.dll
- 2004-08-04 07:56:45 68,096 ----a-w c:\windows\SYSTEM32\shgina.dll
+ 2008-04-14 00:12:05 68,096 ----a-w c:\windows\SYSTEM32\shgina.dll
- 2004-08-04 07:56:45 65,536 ----a-w c:\windows\SYSTEM32\shimeng.dll
+ 2008-04-14 00:12:05 65,024 ----a-w c:\windows\SYSTEM32\shimeng.dll
- 2004-08-04 07:56:45 438,272 ----a-w c:\windows\SYSTEM32\shimgvw.dll
+ 2008-04-14 00:12:05 438,272 ----a-w c:\windows\SYSTEM32\shimgvw.dll
- 2008-06-23 15:38:34 474,112 ----a-w c:\windows\SYSTEM32\shlwapi.dll
+ 2008-04-14 00:12:05 474,112 ----a-w c:\windows\SYSTEM32\shlwapi.dll
- 2004-08-04 07:56:45 151,552 ----a-w c:\windows\SYSTEM32\shmedia.dll
+ 2008-04-14 00:12:05 152,064 ----a-w c:\windows\SYSTEM32\shmedia.dll
- 2004-08-04 07:56:56 42,496 ----a-w c:\windows\SYSTEM32\shmgrate.exe
+ 2008-04-14 00:12:35 45,056 ----a-w c:\windows\SYSTEM32\shmgrate.exe
- 2004-08-04 07:56:56 77,824 ----a-w c:\windows\SYSTEM32\shrpubw.exe
+ 2008-04-14 00:12:35 77,824 ----a-w c:\windows\SYSTEM32\shrpubw.exe
- 2004-08-04 07:56:45 27,648 ----a-w c:\windows\SYSTEM32\shscrap.dll
+ 2008-04-14 00:12:05 27,648 ----a-w c:\windows\SYSTEM32\shscrap.dll
- 2006-12-19 21:52:18 134,656 ----a-w c:\windows\SYSTEM32\shsvcs.dll
+ 2008-04-14 00:12:05 135,168 ----a-w c:\windows\SYSTEM32\shsvcs.dll
- 2004-08-04 07:56:56 19,456 ----a-w c:\windows\SYSTEM32\shutdown.exe
+ 2008-04-14 00:12:35 19,456 ----a-w c:\windows\SYSTEM32\shutdown.exe
- 2004-08-04 07:56:45 13,312 ----a-w c:\windows\SYSTEM32\sigtab.dll
+ 2008-04-14 00:12:05 13,312 ----a-w c:\windows\SYSTEM32\sigtab.dll
- 2004-08-04 07:56:56 70,144 ----a-w c:\windows\SYSTEM32\sigverif.exe
+ 2008-04-14 00:12:35 70,144 ----a-w c:\windows\SYSTEM32\sigverif.exe
- 2004-08-04 07:56:56 26,112 ----a-w c:\windows\SYSTEM32\skeys.exe
+ 2008-04-14 00:12:35 26,112 ----a-w c:\windows\SYSTEM32\skeys.exe
- 2004-08-04 07:56:45 25,088 ----a-w c:\windows\SYSTEM32\slayerxp.dll
+ 2008-04-14 00:12:06 25,088 ----a-w c:\windows\SYSTEM32\slayerxp.dll
- 2004-08-04 07:56:45 98,304 ----a-w c:\windows\SYSTEM32\slbiop.dll
+ 2008-04-14 00:12:06 98,304 ----a-w c:\windows\SYSTEM32\slbiop.dll
- 2004-08-04 07:56:45 73,832 ----a-w c:\windows\SYSTEM32\slcoinst.dll
+ 2008-04-14 00:12:06 73,832 ----a-w c:\windows\SYSTEM32\slcoinst.dll
- 2004-08-04 07:56:45 286,792 ----a-w c:\windows\SYSTEM32\slextspk.dll
+ 2008-04-14 00:12:06 286,792 ----a-w c:\windows\SYSTEM32\slextspk.dll
- 2004-08-04 07:56:45 188,508 ----a-w c:\windows\SYSTEM32\slgen.dll
+ 2008-04-14 00:12:06 188,508 ----a-w c:\windows\SYSTEM32\slgen.dll
- 2004-08-04 07:56:56 32,866 ----a-w c:\windows\SYSTEM32\slrundll.exe
+ 2008-04-14 00:12:35 32,866 ----a-w c:\windows\SYSTEM32\slrundll.exe
- 2004-08-04 07:56:56 73,796 ----a-w c:\windows\SYSTEM32\slserv.exe
+ 2008-04-14 00:12:35 73,796 ----a-w c:\windows\SYSTEM32\slserv.exe
- 2004-08-04 07:56:56 8,192 ----a-w c:\windows\SYSTEM32\smbinst.exe
+ 2008-04-14 00:12:35 8,192 ----a-w c:\windows\SYSTEM32\smbinst.exe
- 2004-08-04 07:56:45 363,008 ----a-w c:\windows\SYSTEM32\smlogcfg.dll
+ 2008-04-14 00:12:06 362,496 ----a-w c:\windows\SYSTEM32\smlogcfg.dll
- 2004-08-04 07:56:56 89,600 ----a-w c:\windows\SYSTEM32\smlogsvc.exe
+ 2008-04-14 00:12:35 89,600 ----a-w c:\windows\SYSTEM32\smlogsvc.exe
- 2004-08-04 07:56:56 50,688 ----a-w c:\windows\SYSTEM32\smss.exe
+ 2008-04-14 00:12:36 50,688 ----a-w c:\windows\SYSTEM32\smss.exe
- 2004-08-04 07:56:56 131,584 ----a-w c:\windows\SYSTEM32\sndrec32.exe
+ 2008-04-14 00:12:36 131,584 ----a-w c:\windows\SYSTEM32\sndrec32.exe
- 2006-11-20 08:42:45 33,280 ----a-w c:\windows\SYSTEM32\snmp.exe
+ 2008-04-14 00:12:36 33,280 ----a-w c:\windows\SYSTEM32\snmp.exe
- 2004-08-04 07:56:45 18,944 ----a-w c:\windows\SYSTEM32\snmpapi.dll
+ 2008-04-14 00:12:06 18,944 ----a-w c:\windows\SYSTEM32\snmpapi.dll
- 2004-08-04 07:56:45 6,144 ----a-w c:\windows\SYSTEM32\snmpmib.dll
+ 2008-04-14 00:12:06 6,144 ----a-w c:\windows\SYSTEM32\snmpmib.dll
- 2004-08-04 07:56:45 182,272 ----a-w c:\windows\SYSTEM32\snmpsnap.dll
+ 2008-04-14 00:12:06 182,272 ----a-w c:\windows\SYSTEM32\snmpsnap.dll
- 2004-08-04 07:56:56 8,704 ----a-w c:\windows\SYSTEM32\snmptrap.exe
+ 2008-04-14 00:12:36 8,704 ----a-w c:\windows\SYSTEM32\snmptrap.exe
- 2002-08-29 11:00:00 23,552 ----a-w c:\windows\SYSTEM32\sort.exe
+ 2008-04-14 00:12:36 24,576 ----a-w c:\windows\SYSTEM32\sort.exe
- 2004-08-04 07:56:57 538,624 ----a-w c:\windows\SYSTEM32\spider.exe
+ 2008-04-14 00:12:36 538,624 ----a-w c:\windows\SYSTEM32\spider.exe
- 2008-07-08 13:02:01 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
- 2004-08-04 04:56:58 11,776 ----a-w c:\windows\SYSTEM32\spnpinst.exe
+ 2008-04-14 10:42:38 11,264 ----a-w c:\windows\SYSTEM32\spnpinst.exe
- 2004-08-04 07:56:42 452,096 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxsapi.dll
+ 2008-04-14 00:11:53 451,584 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxsapi.dll
- 2004-08-04 07:56:42 27,136 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxsdrv.dll
+ 2008-04-14 00:11:54 26,624 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxsdrv.dll
- 2004-08-04 07:56:06 6,656 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxsres.dll
+ 2008-04-14 00:09:33 6,656 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxsres.dll
- 2004-08-04 07:56:42 397,312 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxstiff.dll
+ 2008-04-14 00:11:54 397,312 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxstiff.dll
- 2004-08-04 07:56:42 154,112 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxsui.dll
+ 2008-04-14 00:11:54 154,112 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxsui.dll
- 2004-08-04 07:56:42 192,512 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxswzrd.dll
+ 2008-04-14 00:11:54 192,512 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\fxswzrd.dll
+ 2006-10-27 00:56:16 864,080 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\msonpdrv.dll
+ 2006-10-27 00:56:14 67,408 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\msonpui.dll
+ 2008-07-06 12:06:10 765,440 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mxdwdrv.dll
+ 2008-07-06 12:06:10 198,656 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mxdwdui.dll
- 2004-08-04 07:56:46 264,704 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\unidrv.dll
+ 2008-04-14 00:12:07 373,248 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\unidrv.dll
- 2004-08-04 07:56:46 197,120 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\unidrvui.dll
+ 2008-07-06 12:06:10 744,960 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\unidrvui.dll
- 2004-08-04 07:56:34 619,520 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\unires.dll
+ 2008-03-13 04:52:36 761,344 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\unires.dll
+ 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\XpsSvcs.dll
+ 2006-10-27 00:56:16 864,080 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\msonpdrv.dll
+ 2006-10-27 00:56:14 67,408 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\msonpui.dll
+ 2008-07-06 12:06:10 89,088 ----a-w c:\windows\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
+ 2006-10-27 00:56:12 33,104 ----a-w c:\windows\SYSTEM32\SPOOL\PRTPROCS\W32X86\msonpppr.dll
+ 2008-07-06 10:50:03 597,504 ------w c:\windows\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe
+ 2008-07-06 12:06:10 147,456 ----a-w c:\windows\SYSTEM32\SPOOL\PRTPROCS\x64\filterpipelineprintproc.dll
+ 2008-07-06 12:06:10 748,032 ----a-w c:\windows\SYSTEM32\SPOOL\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2008-07-06 22:36:12 2,936,832 ----a-w c:\windows\SYSTEM32\SPOOL\XPSEP\amd64\amd64\xpssvcs.dll
+ 2008-07-06 12:06:10 748,032 ----a-w c:\windows\SYSTEM32\SPOOL\XPSEP\amd64\mxdwdrv.dll
+ 2008-07-06 22:36:12 2,936,832 ----a-w c:\windows\SYSTEM32\SPOOL\XPSEP\amd64\xpssvcs.dll
+ 2008-07-06 12:06:10 765,440 ----a-w c:\windows\SYSTEM32\SPOOL\XPSEP\i386\i386\mxdwdrv.dll
+ 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\SYSTEM32\SPOOL\XPSEP\i386\i386\xpssvcs.dll
+ 2008-07-06 12:06:10 765,440 ----a-w c:\windows\SYSTEM32\SPOOL\XPSEP\i386\mxdwdrv.dll
+ 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\SYSTEM32\SPOOL\XPSEP\i386\xpssvcs.dll
- 2004-08-04 07:56:45 74,752 ----a-w c:\windows\SYSTEM32\spoolss.dll
+ 2008-04-14 00:12:06 75,264 ----a-w c:\windows\SYSTEM32\spoolss.dll
- 2005-06-10 23:53:32 57,856 ----a-w c:\windows\SYSTEM32\spoolsv.exe
+ 2008-04-14 00:12:36 57,856 ----a-w c:\windows\SYSTEM32\spoolsv.exe
- 2007-08-11 00:46:18 26,488 ----a-w c:\windows\SYSTEM32\spupdsvc.exe
+ 2007-08-11 01:46:18 26,488 ----a-w c:\windows\SYSTEM32\spupdsvc.exe
- 2004-08-04 07:56:57 21,504 ----a-w c:\windows\SYSTEM32\spupdwxp.exe
+ 2008-04-14 00:12:36 20,992 ----a-w c:\windows\SYSTEM32\spupdwxp.exe
- 2004-08-04 07:56:45 442,368 ----a-w c:\windows\SYSTEM32\sqlsrv32.dll
+ 2008-04-14 00:12:06 442,368 ----a-w c:\windows\SYSTEM32\sqlsrv32.dll
- 2004-08-04 07:56:45 180,800 ----a-w c:\windows\SYSTEM32\sqlunirl.dll
+ 2008-04-14 00:12:06 180,800 ----a-w c:\windows\SYSTEM32\sqlunirl.dll
- 2004-08-04 07:56:45 67,584 ----a-w c:\windows\SYSTEM32\srclient.dll
+ 2008-04-14 00:12:07 67,584 ----a-w c:\windows\SYSTEM32\srclient.dll
- 2004-08-04 07:56:45 239,104 ----a-w c:\windows\SYSTEM32\srrstr.dll
+ 2008-04-14 00:12:07 239,104 ----a-w c:\windows\SYSTEM32\srrstr.dll
- 2004-08-04 07:56:45 170,496 ----a-w c:\windows\SYSTEM32\srsvc.dll
+ 2008-04-14 00:12:07 171,008 ----a-w c:\windows\SYSTEM32\srsvc.dll
- 2004-12-07 19:32:34 96,768 ----a-w c:\windows\SYSTEM32\srvsvc.dll
+ 2008-04-14 00:12:07 96,768 ----a-w c:\windows\SYSTEM32\srvsvc.dll
- 2004-08-04 07:56:57 704,512 ----a-w c:\windows\SYSTEM32\ss3dfo.scr
+ 2008-04-14 00:12:43 704,512 ----a-w c:\windows\SYSTEM32\ss3dfo.scr
- 2004-08-04 07:56:57 19,968 ----a-w c:\windows\SYSTEM32\ssbezier.scr
+ 2008-04-14 00:12:43 19,968 ----a-w c:\windows\SYSTEM32\ssbezier.scr
- 2004-08-04 07:56:45 34,816 ----a-w c:\windows\SYSTEM32\ssdpapi.dll
+ 2008-04-14 00:12:07 34,816 ----a-w c:\windows\SYSTEM32\ssdpapi.dll
- 2004-08-04 07:56:45 71,680 ----a-w c:\windows\SYSTEM32\ssdpsrv.dll
+ 2008-04-14 00:12:07 71,680 ----a-w c:\windows\SYSTEM32\ssdpsrv.dll
- 2004-08-04 07:56:57 393,216 ----a-w c:\windows\SYSTEM32\ssflwbox.scr
+ 2008-04-14 00:12:43 393,216 ----a-w c:\windows\SYSTEM32\ssflwbox.scr
- 2004-08-04 07:56:57 20,992 ----a-w c:\windows\SYSTEM32\ssmarque.scr
+ 2008-04-14 00:12:44 20,992 ----a-w c:\windows\SYSTEM32\ssmarque.scr
- 2004-08-04 07:56:57 47,104 ----a-w c:\windows\SYSTEM32\ssmypics.scr
+ 2008-04-14 00:12:44 47,104 ----a-w c:\windows\SYSTEM32\ssmypics.scr
- 2004-08-04 07:56:57 18,944 ----a-w c:\windows\SYSTEM32\ssmyst.scr
+ 2008-04-14 00:12:44 18,944 ----a-w c:\windows\SYSTEM32\ssmyst.scr
- 2004-08-04 07:56:57 610,304 ----a-w c:\windows\SYSTEM32\sspipes.scr
+ 2008-04-14 00:12:44 610,304 ----a-w c:\windows\SYSTEM32\sspipes.scr
- 2004-08-04 07:56:57 14,336 ----a-w c:\windows\SYSTEM32\ssstars.scr
+ 2008-04-14 00:12:44 14,336 ----a-w c:\windows\SYSTEM32\ssstars.scr
- 2004-08-04 07:56:57 679,936 ----a-w c:\windows\SYSTEM32\sstext3d.scr
+ 2008-04-14 00:12:44 679,936 ----a-w c:\windows\SYSTEM32\sstext3d.scr
- 2002-08-29 11:00:00 54,272 ----a-w c:\windows\SYSTEM32\stclient.dll
+ 2008-04-14 00:12:07 59,392 ----a-w c:\windows\SYSTEM32\stclient.dll
- 2004-08-04 07:56:45 67,584 ----a-w c:\windows\SYSTEM32\sti.dll
+ 2008-04-14 00:12:07 68,096 ----a-w c:\windows\SYSTEM32\sti.dll
- 2004-08-04 07:56:45 136,704 ----a-w c:\windows\SYSTEM32\sti_ci.dll
+ 2008-04-14 00:12:07 136,704 ----a-w c:\windows\SYSTEM32\sti_ci.dll
- 2004-08-04 07:56:57 14,848 ----a-w c:\windows\SYSTEM32\stimon.exe
+ 2008-04-14 00:12:36 14,848 ----a-w c:\windows\SYSTEM32\stimon.exe
- 2004-08-04 07:56:45 121,856 ----a-w c:\windows\SYSTEM32\stobject.dll
+ 2008-04-14 00:12:07 121,856 ----a-w c:\windows\SYSTEM32\stobject.dll
- 2004-08-04 07:56:45 74,752 ----a-w c:\windows\SYSTEM32\storprop.dll
+ 2008-04-14 00:12:07 74,752 ----a-w c:\windows\SYSTEM32\storprop.dll
- 2006-08-21 14:52:08 246,814 ----a-w c:\windows\SYSTEM32\strmdll.dll
+ 2008-04-14 00:12:07 246,814 ----a-w c:\windows\SYSTEM32\strmdll.dll
- 2004-08-04 07:56:45 75,776 ----a-w c:\windows\SYSTEM32\strmfilt.dll
+ 2008-04-14 00:12:07 75,776 ----a-w c:\windows\SYSTEM32\strmfilt.dll
- 2004-08-04 07:56:57 14,336 ----a-w c:\windows\SYSTEM32\svchost.exe
+ 2008-04-14 00:12:36 14,336 ----a-w c:\windows\SYSTEM32\svchost.exe
- 2006-10-19 13:56:32 713,216 ----a-w c:\windows\SYSTEM32\sxs.dll
+ 2008-04-14 00:12:07 713,216 ----a-w c:\windows\SYSTEM32\sxs.dll
- 2004-08-04 07:56:46 57,856 ----a-w c:\windows\SYSTEM32\synceng.dll
+ 2008-04-14 00:12:07 57,856 ----a-w c:\windows\SYSTEM32\synceng.dll
- 2004-08-04 07:56:46 191,488 ----a-w c:\windows\SYSTEM32\syncui.dll
+ 2008-04-14 00:12:07 191,488 ----a-w c:\windows\SYSTEM32\syncui.dll
- 2004-08-04 07:56:57 105,984 ----a-w c:\windows\SYSTEM32\sysocmgr.exe
+ 2008-04-14 00:12:37 106,496 ----a-w c:\windows\SYSTEM32\sysocmgr.exe
- 2004-08-04 07:56:46 984,576 ----a-w c:\windows\SYSTEM32\syssetup.dll
+ 2008-04-14 00:12:07 990,208 ----a-w c:\windows\SYSTEM32\syssetup.dll
- 2005-10-17 21:14:46 118,272 ----a-w c:\windows\SYSTEM32\t2embed.dll
+ 2008-04-14 00:12:07 117,760 ----a-w c:\windows\SYSTEM32\t2embed.dll
- 2004-08-04 07:56:46 858,624 ----a-w c:\windows\SYSTEM32\tapi3.dll
+ 2008-04-14 00:12:07 858,624 ----a-w c:\windows\SYSTEM32\tapi3.dll
- 2004-08-04 07:56:46 181,760 ----a-w c:\windows\SYSTEM32\tapi32.dll
+ 2008-04-14 00:12:07 181,760 ----a-w c:\windows\SYSTEM32\tapi32.dll
- 2005-07-08 16:27:56 249,344 ----a-w c:\windows\SYSTEM32\tapisrv.dll
+ 2008-04-14 00:12:07 249,856 ----a-w c:\windows\SYSTEM32\tapisrv.dll
- 2004-08-04 07:56:57 135,680 ----a-w c:\windows\SYSTEM32\taskmgr.exe
+ 2008-04-14 00:12:37 135,680 ----a-w c:\windows\SYSTEM32\taskmgr.exe
- 2004-08-04 07:56:46 14,848 ----a-w c:\windows\SYSTEM32\tcpmib.dll
+ 2008-04-14 00:12:07 14,848 ----a-w c:\windows\SYSTEM32\tcpmib.dll
- 2004-08-04 07:56:46 45,568 ----a-w c:\windows\SYSTEM32\tcpmon.dll
+ 2008-04-14 00:12:07 45,568 ----a-w c:\windows\SYSTEM32\tcpmon.dll
- 2004-08-04 07:56:46 45,568 ----a-w c:\windows\SYSTEM32\tcpmonui.dll
+ 2008-04-14 00:12:07 45,568 ----a-w c:\windows\SYSTEM32\tcpmonui.dll
- 2005-05-10 23:45:48 75,776 ----a-w c:\windows\SYSTEM32\telnet.exe
+ 2008-04-14 00:12:37 75,776 ----a-w c:\windows\SYSTEM32\telnet.exe
- 2004-08-04 07:56:46 358,400 ----a-w c:\windows\SYSTEM32\termmgr.dll
+ 2008-04-14 00:12:07 358,400 ----a-w c:\windows\SYSTEM32\termmgr.dll
- 2004-08-04 07:56:46 295,424 ----a-w c:\windows\SYSTEM32\termsrv.dll
+ 2008-04-14 00:12:07 295,424 ----a-w c:\windows\SYSTEM32\termsrv.dll
- 2004-08-04 07:56:46 385,536 ----a-w c:\windows\SYSTEM32\themeui.dll
+ 2008-04-14 00:12:07 385,536 ----a-w c:\windows\SYSTEM32\themeui.dll
- 2004-08-04 07:56:57 347,136 ----a-w c:\windows\SYSTEM32\tourstart.exe
+ 2008-04-14 00:12:38 347,136 ----a-w c:\windows\SYSTEM32\tourstart.exe
- 2004-08-04 07:56:57 12,288 ----a-w c:\windows\SYSTEM32\tracert.exe
+ 2008-04-14 00:12:38 12,288 ----a-w c:\windows\SYSTEM32\tracert.exe
- 2002-08-29 11:00:00 11,264 ----a-w c:\windows\SYSTEM32\tree.com
+ 2008-04-14 00:12:42 12,800 ----a-w c:\windows\SYSTEM32\tree.com
- 2004-08-04 07:56:46 90,624 ----a-w c:\windows\SYSTEM32\trkwks.dll
+ 2008-04-14 00:12:07 90,112 ----a-w c:\windows\SYSTEM32\trkwks.dll
- 2004-08-04 07:56:46 93,696 ----a-w c:\windows\SYSTEM32\tscfgwmi.dll
+ 2008-04-14 00:12:07 93,696 ----a-w c:\windows\SYSTEM32\tscfgwmi.dll
- 2004-08-04 08:01:07 12,168 ----a-w c:\windows\SYSTEM32\tsddd.dll
+ 2008-04-14 00:13:21 12,168 ----a-w c:\windows\SYSTEM32\tsddd.dll
+ 2008-07-30 02:10:04 26,112 ----a-w c:\windows\SYSTEM32\TsWpfWrp.exe
- 2004-08-04 07:56:46 44,032 ----a-w c:\windows\SYSTEM32\twext.dll
+ 2008-04-14 00:12:07 57,856 ----a-w c:\windows\SYSTEM32\twext.dll
- 2005-07-26 04:39:49 101,376 ----a-w c:\windows\SYSTEM32\txflog.dll
+ 2008-04-14 00:12:07 101,376 ----a-w c:\windows\SYSTEM32\txflog.dll
- 2008-07-14 11:09:18 62,976 ----a-w c:\windows\SYSTEM32\tzchange.exe
+ 2008-04-14 00:12:38 60,416 ----a-w c:\windows\SYSTEM32\tzchange.exe
- 2004-08-04 07:56:46 25,600 ----a-w c:\windows\SYSTEM32\udhisapi.dll
+ 2008-04-14 00:12:07 26,624 ----a-w c:\windows\SYSTEM32\udhisapi.dll
+ 2008-07-30 00:59:58 161,296 ----a-w c:\windows\SYSTEM32\UIAutomationCore.dll
- 2004-08-04 07:56:46 275,456 ----a-w c:\windows\SYSTEM32\ulib.dll
+ 2008-04-14 00:12:07 275,456 ----a-w c:\windows\SYSTEM32\ulib.dll
- 2004-08-04 07:56:46 35,840 ----a-w c:\windows\SYSTEM32\umandlg.dll
+ 2008-04-14 00:12:07 35,840 ----a-w c:\windows\SYSTEM32\umandlg.dll
- 2005-08-23 03:35:42 123,392 ----a-w c:\windows\SYSTEM32\umpnpmgr.dll
+ 2008-04-14 00:12:07 123,392 ----a-w c:\windows\SYSTEM32\umpnpmgr.dll
- 2004-08-04 07:56:46 74,240 ----a-w c:\windows\SYSTEM32\unimdmat.dll
+ 2008-04-14 00:12:07 74,240 ----a-w c:\windows\SYSTEM32\unimdmat.dll
- 2004-08-04 07:56:46 13,824 ----a-w c:\windows\SYSTEM32\uniplat.dll
+ 2008-04-14 00:12:07 13,824 ----a-w c:\windows\SYSTEM32\uniplat.dll
- 2004-08-04 07:56:46 316,416 ----a-w c:\windows\SYSTEM32\untfs.dll
+ 2008-04-14 00:12:07 316,416 ----a-w c:\windows\SYSTEM32\untfs.dll
- 2004-08-04 07:56:46 132,608 ----a-w c:\windows\SYSTEM32\upnp.dll
+ 2008-04-14 00:12:08 133,632 ----a-w c:\windows\SYSTEM32\upnp.dll
- 2004-08-04 07:56:57 16,896 ----a-w c:\windows\SYSTEM32\upnpcont.exe
+ 2008-04-14 00:12:38 16,896 ----a-w c:\windows\SYSTEM32\upnpcont.exe
- 2007-02-05 20:17:02 185,344 ----a-w c:\windows\SYSTEM32\upnphost.dll
+ 2008-04-14 00:12:08 185,856 ----a-w c:\windows\SYSTEM32\upnphost.dll
- 2004-08-04 07:56:46 239,616 ----a-w c:\windows\SYSTEM32\upnpui.dll
+ 2008-04-14 00:12:08 239,616 ----a-w c:\windows\SYSTEM32\upnpui.dll
- 2004-08-04 07:56:57 18,432 ----a-w c:\windows\SYSTEM32\ups.exe
+ 2008-04-14 00:12:38 18,432 ----a-w c:\windows\SYSTEM32\ups.exe
- 2004-08-04 07:56:46 16,896 ----a-w c:\windows\SYSTEM32\usbmon.dll
+ 2008-04-14 00:12:08 16,896 ----a-w c:\windows\SYSTEM32\usbmon.dll
- 2004-08-04 07:56:46 74,240 ----a-w c:\windows\SYSTEM32\usbui.dll
+ 2008-04-14 00:12:08 74,240 ----a-w c:\windows\SYSTEM32\usbui.dll
- 2007-03-08 15:36:28 577,536 ----a-w c:\windows\SYSTEM32\user32.dll
+ 2008-04-14 00:12:08 578,560 ----a-w c:\windows\SYSTEM32\user32.dll
- 2004-08-04 07:56:46 723,456 ----a-w c:\windows\SYSTEM32\userenv.dll
+ 2008-04-14 00:12:08 727,040 ----a-w c:\windows\SYSTEM32\userenv.dll
- 2004-08-04 07:56:57 24,576 ----a-w c:\windows\SYSTEM32\userinit.exe
+ 2008-04-14 00:12:38 26,112 ----a-w c:\windows\SYSTEM32\userinit.exe
+ 2008-04-13 16:44:16 17,920 ------w c:\windows\SYSTEM32\USMT\cobramsg.dll
- 2004-08-04 07:56:42 123,904 ----a-w c:\windows\SYSTEM32\USMT\guitrn.dll
+ 2008-04-14 00:11:54 133,120 ----a-w c:\windows\SYSTEM32\USMT\guitrn.dll
+ 2008-04-14 00:11:54 115,200 ------w c:\windows\SYSTEM32\USMT\guitrna.dll
- 2004-08-04 07:56:42 4,096 ----a-w c:\windows\SYSTEM32\USMT\iconlib.dll
+ 2008-04-13 16:44:29 2,560 ----a-w c:\windows\SYSTEM32\USMT\iconlib.dll
- 2004-08-04 07:56:42 19,968 ----a-w c:\windows\SYSTEM32\USMT\log.dll
+ 2008-04-14 00:11:56 19,968 ----a-w c:\windows\SYSTEM32\USMT\log.dll
- 2004-08-04 07:56:42 201,216 ----a-w c:\windows\SYSTEM32\USMT\migism.dll
+ 2008-04-14 00:11:57 274,432 ----a-w c:\windows\SYSTEM32\USMT\migism.dll
+ 2008-04-14 00:11:57 261,120 ------w c:\windows\SYSTEM32\USMT\migisma.dll
- 2004-08-04 07:56:50 103,424 ----a-w c:\windows\SYSTEM32\USMT\migload.exe
+ 2008-04-14 00:12:25 103,936 ----a-w c:\windows\SYSTEM32\USMT\migload.exe
- 2004-08-04 07:56:51 240,128 ----a-w c:\windows\SYSTEM32\USMT\migwiz.exe
+ 2008-04-14 00:12:25 245,248 ----a-w c:\windows\SYSTEM32\USMT\migwiz.exe
+ 2008-04-14 00:12:25 241,152 ------w c:\windows\SYSTEM32\USMT\migwiza.exe
- 2004-08-04 07:56:44 202,752 ----a-w c:\windows\SYSTEM32\USMT\script.dll
+ 2008-04-14 00:12:05 215,552 ----a-w c:\windows\SYSTEM32\USMT\script.dll
+ 2008-04-14 00:12:05 199,680 ------w c:\windows\SYSTEM32\USMT\scripta.dll
- 2004-08-04 07:56:46 168,960 ----a-w c:\windows\SYSTEM32\USMT\sysmod.dll
+ 2008-04-14 00:12:07 193,024 ----a-w c:\windows\SYSTEM32\USMT\sysmod.dll
+ 2008-04-14 00:12:07 173,568 ------w c:\windows\SYSTEM32\USMT\sysmoda.dll
- 2004-08-04 07:56:46 406,528 ----a-w c:\windows\SYSTEM32\usp10.dll
+ 2008-04-14 00:12:08 406,016 ----a-w c:\windows\SYSTEM32\usp10.dll
- 2004-08-04 07:56:57 50,176 ----a-w c:\windows\SYSTEM32\utilman.exe
+ 2008-04-14 00:12:38 50,176 ----a-w c:\windows\SYSTEM32\utilman.exe
- 2004-08-04 07:56:46 218,624 ----a-w c:\windows\SYSTEM32\uxtheme.dll
+ 2008-04-14 00:12:08 218,624 ----a-w c:\windows\SYSTEM32\uxtheme.dll
- 2004-08-04 07:56:46 30,749 ----a-w c:\windows\SYSTEM32\vbajet32.dll
+ 2008-04-14 00:12:08 30,749 ----a-w c:\windows\SYSTEM32\vbajet32.dll
- 2007-08-13 22:54:10 413,696 ----a-w c:\windows\SYSTEM32\vbscript.dll
+ 2008-04-14 00:12:08 434,176 ----a-w c:\windows\SYSTEM32\vbscript.dll
- 2004-08-04 07:56:46 26,112 ----a-w c:\windows\SYSTEM32\vdmdbg.dll
+ 2008-04-14 00:12:08 26,112 ----a-w c:\windows\SYSTEM32\vdmdbg.dll
- 2004-08-04 07:56:46 51,712 ----a-w c:\windows\SYSTEM32\vdmredir.dll
+ 2008-04-14 00:12:08 51,712 ----a-w c:\windows\SYSTEM32\vdmredir.dll
- 2006-03-17 00:38:01 28,672 ----a-w c:\windows\SYSTEM32\verclsid.exe
+ 2008-04-14 00:12:38 28,672 ----a-w c:\windows\SYSTEM32\verclsid.exe
- 2002-08-29 11:00:00 13,312 ----a-w c:\windows\SYSTEM32\verifier.dll
+ 2008-04-14 00:12:08 26,624 ----a-w c:\windows\SYSTEM32\verifier.dll
- 2004-08-04 07:56:46 18,944 ----a-w c:\windows\SYSTEM32\version.dll
+ 2008-04-14 00:12:08 18,944 ----a-w c:\windows\SYSTEM32\version.dll
- 2004-08-04 07:56:46 430,592 ----a-w c:\windows\SYSTEM32\vssapi.dll
+ 2008-04-14 00:12:08 430,592 ----a-w c:\windows\SYSTEM32\vssapi.dll
- 2004-08-04 07:56:57 289,792 ----a-w c:\windows\SYSTEM32\vssvc.exe
+ 2008-04-14 00:12:38 289,792 ----a-w c:\windows\SYSTEM32\vssvc.exe
- 2004-08-04 07:56:46 174,592 ----a-w c:\windows\SYSTEM32\w32time.dll
+ 2008-04-14 00:12:08 175,104 ----a-w c:\windows\SYSTEM32\w32time.dll
- 2004-08-04 07:56:46 15,872 ----a-w c:\windows\SYSTEM32\w3ssl.dll
+ 2008-04-14 00:12:08 15,872 ----a-w c:\windows\SYSTEM32\w3ssl.dll
- 2004-08-04 06:07:32 17,664 ----a-w c:\windows\SYSTEM32\watchdog.sys
+ 2008-04-13 18:44:59 17,664 ----a-w c:\windows\SYSTEM32\watchdog.sys
- 2002-08-29 11:00:00 208,896 ----a-w c:\windows\SYSTEM32\wavemsp.dll
+ 2008-04-14 00:12:08 215,552 ----a-w c:\windows\SYSTEM32\wavemsp.dll
- 2004-08-04 07:56:41 1,352,192 ----a-w c:\windows\SYSTEM32\WBEM\cimwin32.dll
+ 2008-04-14 00:11:50 1,358,848 ----a-w c:\windows\SYSTEM32\WBEM\cimwin32.dll
- 2004-08-04 07:56:42 247,808 ----a-w c:\windows\SYSTEM32\WBEM\esscli.dll
+ 2008-04-14 00:11:53 247,808 ----a-w c:\windows\SYSTEM32\WBEM\esscli.dll
- 2004-08-04 07:56:42 22,016 ----a-w c:\windows\SYSTEM32\WBEM\evntrprv.dll
+ 2008-04-14 00:11:53 21,504 ----a-w c:\windows\SYSTEM32\WBEM\evntrprv.dll
- 2004-08-04 07:56:42 472,064 ----a-w c:\windows\SYSTEM32\WBEM\fastprox.dll
+ 2008-04-14 00:11:53 472,064 ----a-w c:\windows\SYSTEM32\WBEM\fastprox.dll
- 2004-08-04 07:56:42 185,856 ----a-w c:\windows\SYSTEM32\WBEM\framedyn.dll
+ 2008-04-14 00:11:53 185,344 ----a-w c:\windows\SYSTEM32\WBEM\framedyn.dll
- 2004-08-04 07:56:42 24,576 ----a-w c:\windows\SYSTEM32\WBEM\krnlprov.dll
+ 2008-04-14 00:11:56 24,576 ----a-w c:\windows\SYSTEM32\WBEM\krnlprov.dll
- 2004-08-04 07:56:51 16,384 ----a-w c:\windows\SYSTEM32\WBEM\mofcomp.exe
+ 2008-04-14 00:12:26 16,384 ----a-w c:\windows\SYSTEM32\WBEM\mofcomp.exe
- 2004-08-04 07:56:42 123,904 ----a-w c:\windows\SYSTEM32\WBEM\mofd.dll
+ 2008-04-14 00:11:57 123,904 ----a-w c:\windows\SYSTEM32\WBEM\mofd.dll
- 2004-08-04 07:56:44 47,104 ----a-w c:\windows\SYSTEM32\WBEM\ncprov.dll
+ 2008-04-14 00:12:01 47,104 ----a-w c:\windows\SYSTEM32\WBEM\ncprov.dll
- 2004-08-04 07:56:44 212,992 ----a-w c:\windows\SYSTEM32\WBEM\ntevt.dll
+ 2008-04-14 00:12:02 212,992 ----a-w c:\windows\SYSTEM32\WBEM\ntevt.dll
- 2004-08-04 07:56:44 237,056 ----a-w c:\windows\SYSTEM32\WBEM\provthrd.dll
+ 2008-04-14 00:12:03 237,056 ----a-w c:\windows\SYSTEM32\WBEM\provthrd.dll
- 2004-08-04 07:56:44 177,152 ----a-w c:\windows\SYSTEM32\WBEM\repdrvfs.dll
+ 2008-04-14 00:12:04 178,176 ----a-w c:\windows\SYSTEM32\WBEM\repdrvfs.dll
- 2004-08-04 07:56:55 36,864 ----a-w c:\windows\SYSTEM32\WBEM\scrcons.exe
+ 2008-04-14 00:12:34 36,352 ----a-w c:\windows\SYSTEM32\WBEM\scrcons.exe
- 2004-08-04 07:56:56 236,544 ----a-w c:\windows\SYSTEM32\WBEM\SNMP\smi2smir.exe
+ 2008-04-14 00:12:35 236,544 ----a-w c:\windows\SYSTEM32\WBEM\SNMP\smi2smir.exe
- 2004-08-04 07:56:45 259,072 ----a-w c:\windows\SYSTEM32\WBEM\snmpcl.dll
+ 2008-04-14 00:12:06 259,072 ----a-w c:\windows\SYSTEM32\WBEM\snmpcl.dll
- 2004-08-04 07:56:45 358,400 ----a-w c:\windows\SYSTEM32\WBEM\snmpincl.dll
+ 2008-04-14 00:12:06 358,400 ----a-w c:\windows\SYSTEM32\WBEM\snmpincl.dll
- 2004-08-04 07:56:45 188,416 ----a-w c:\windows\SYSTEM32\WBEM\snmpsmir.dll
+ 2008-04-14 00:12:06 188,416 ----a-w c:\windows\SYSTEM32\WBEM\snmpsmir.dll
- 2004-08-04 07:56:45 40,448 ----a-w c:\windows\SYSTEM32\WBEM\snmpthrd.dll
+ 2008-04-14 00:12:06 39,936 ----a-w c:\windows\SYSTEM32\WBEM\snmpthrd.dll
- 2004-08-04 07:56:45 86,528 ----a-w c:\windows\SYSTEM32\WBEM\stdprov.dll
+ 2008-04-14 00:12:07 86,528 ----a-w c:\windows\SYSTEM32\WBEM\stdprov.dll
- 2004-08-04 07:56:46 131,584 ----a-w c:\windows\SYSTEM32\WBEM\viewprov.dll
+ 2008-04-14 00:12:08 131,584 ----a-w c:\windows\SYSTEM32\WBEM\viewprov.dll
- 2004-08-04 07:56:46 196,608 ----a-w c:\windows\SYSTEM32\WBEM\wbemcntl.dll
+ 2008-04-14 00:12:08 196,608 ----a-w c:\windows\SYSTEM32\WBEM\wbemcntl.dll
- 2004-08-04 07:56:46 214,528 ----a-w c:\windows\SYSTEM32\WBEM\wbemcomn.dll
+ 2008-04-14 00:12:08 214,528 ----a-w c:\windows\SYSTEM32\WBEM\wbemcomn.dll
- 2004-08-04 07:56:46 71,680 ----a-w c:\windows\SYSTEM32\WBEM\wbemcons.dll
+ 2008-04-14 00:12:08 71,680 ----a-w c:\windows\SYSTEM32\WBEM\wbemcons.dll
- 2004-08-04 07:56:46 530,944 ----a-w c:\windows\SYSTEM32\WBEM\wbemcore.dll
+ 2008-04-14 00:12:08 531,456 ----a-w c:\windows\SYSTEM32\WBEM\wbemcore.dll
- 2004-08-04 07:56:46 178,176 ----a-w c:\windows\SYSTEM32\WBEM\wbemdisp.dll
+ 2008-04-14 00:12:08 178,176 ----a-w c:\windows\SYSTEM32\WBEM\wbemdisp.dll
- 2004-08-04 07:56:46 273,920 ----a-w c:\windows\SYSTEM32\WBEM\wbemess.dll
+ 2008-04-14 00:12:08 273,920 ----a-w c:\windows\SYSTEM32\WBEM\wbemess.dll
- 2004-08-04 07:56:46 43,008 ----a-w c:\windows\SYSTEM32\WBEM\wbemperf.dll
+ 2008-04-14 00:12:08 43,008 ----a-w c:\windows\SYSTEM32\WBEM\wbemperf.dll
- 2004-08-04 07:56:46 18,944 ----a-w c:\windows\SYSTEM32\WBEM\wbemprox.dll
+ 2008-04-14 00:12:08 18,944 ----a-w c:\windows\SYSTEM32\WBEM\wbemprox.dll
- 2004-08-04 07:56:46 43,520 ----a-w c:\windows\SYSTEM32\WBEM\wbemsvc.dll
+ 2008-04-14 00:12:08 43,520 ----a-w c:\windows\SYSTEM32\WBEM\wbemsvc.dll
- 2004-08-04 07:56:57 116,224 ----a-w c:\windows\SYSTEM32\WBEM\wbemtest.exe
+ 2008-04-14 00:12:39 116,224 ----a-w c:\windows\SYSTEM32\WBEM\wbemtest.exe
- 2004-08-04 07:56:46 197,120 ----a-w c:\windows\SYSTEM32\WBEM\wbemupgd.dll
+ 2008-04-14 00:12:08 197,120 ----a-w c:\windows\SYSTEM32\WBEM\wbemupgd.dll
- 2004-08-04 07:56:57 196,608 ----a-w c:\windows\SYSTEM32\WBEM\wmiadap.exe
+ 2008-04-14 00:12:40 196,608 ----a-w c:\windows\SYSTEM32\WBEM\wmiadap.exe
- 2004-08-04 07:56:35 6,656 ----a-w c:\windows\SYSTEM32\WBEM\wmiapres.dll
+ 2008-04-13 17:10:20 6,656 ----a-w c:\windows\SYSTEM32\WBEM\wmiapres.dll
- 2004-08-04 07:56:46 89,088 ----a-w c:\windows\SYSTEM32\WBEM\wmiaprpl.dll
+ 2008-04-14 00:12:09 88,576 ----a-w c:\windows\SYSTEM32\WBEM\wmiaprpl.dll
- 2004-08-04 07:56:57 126,464 ----a-w c:\windows\SYSTEM32\WBEM\wmiapsrv.exe
+ 2008-04-14 00:12:40 126,464 ----a-w c:\windows\SYSTEM32\WBEM\wmiapsrv.exe
- 2004-08-04 07:56:46 60,928 ----a-w c:\windows\SYSTEM32\WBEM\wmicookr.dll
+ 2008-04-14 00:12:09 60,928 ----a-w c:\windows\SYSTEM32\WBEM\wmicookr.dll
- 2004-08-04 07:56:46 140,800 ----a-w c:\windows\SYSTEM32\WBEM\wmidcprv.dll
+ 2008-04-14 00:12:09 140,800 ----a-w c:\windows\SYSTEM32\WBEM\wmidcprv.dll
- 2004-08-04 07:56:46 156,672 ----a-w c:\windows\SYSTEM32\WBEM\wmipcima.dll
+ 2008-04-14 00:12:09 156,672 ----a-w c:\windows\SYSTEM32\WBEM\wmipcima.dll
- 2004-08-04 07:56:46 132,096 ----a-w c:\windows\SYSTEM32\WBEM\wmipdskq.dll
+ 2008-04-14 00:12:09 132,096 ----a-w c:\windows\SYSTEM32\WBEM\wmipdskq.dll
- 2004-08-04 07:56:46 62,464 ----a-w c:\windows\SYSTEM32\WBEM\wmipiprt.dll
+ 2008-04-14 00:12:09 61,952 ----a-w c:\windows\SYSTEM32\WBEM\wmipiprt.dll
- 2004-08-04 07:56:46 62,976 ----a-w c:\windows\SYSTEM32\WBEM\wmipjobj.dll
+ 2008-04-14 00:12:09 62,464 ----a-w c:\windows\SYSTEM32\WBEM\wmipjobj.dll
- 2004-08-04 07:56:46 144,896 ----a-w c:\windows\SYSTEM32\WBEM\wmiprov.dll
+ 2008-04-14 00:12:09 144,896 ----a-w c:\windows\SYSTEM32\WBEM\wmiprov.dll
- 2004-08-04 07:56:46 437,248 ----a-w c:\windows\SYSTEM32\WBEM\wmiprvsd.dll
+ 2008-04-14 00:12:09 437,248 ----a-w c:\windows\SYSTEM32\WBEM\wmiprvsd.dll
- 2004-08-04 07:56:57 218,112 ----a-w c:\windows\SYSTEM32\WBEM\wmiprvse.exe
+ 2008-04-14 00:12:40 218,112 ----a-w c:\windows\SYSTEM32\WBEM\wmiprvse.exe
- 2004-08-04 07:56:46 41,472 ----a-w c:\windows\SYSTEM32\WBEM\wmipsess.dll
+ 2008-04-14 00:12:09 41,472 ----a-w c:\windows\SYSTEM32\WBEM\wmipsess.dll
- 2004-08-04 07:56:46 144,896 ----a-w c:\windows\SYSTEM32\WBEM\wmisvc.dll
+ 2008-04-14 00:12:09 144,896 ----a-w c:\windows\SYSTEM32\WBEM\wmisvc.dll
- 2004-08-04 07:56:46 95,232 ----a-w c:\windows\SYSTEM32\WBEM\wmiutils.dll
+ 2008-04-14 00:12:09 95,232 ----a-w c:\windows\SYSTEM32\WBEM\wmiutils.dll
- 2006-03-24 04:37:50 49,152 ----a-w c:\windows\SYSTEM32\wdigest.dll
+ 2008-04-14 00:12:08 49,152 ----a-w c:\windows\SYSTEM32\wdigest.dll
- 2004-08-04 07:56:57 23,552 ----a-w c:\windows\SYSTEM32\wdmaud.drv
+ 2008-04-14 00:12:45 23,552 ----a-w c:\windows\SYSTEM32\wdmaud.drv
- 2006-01-04 03:35:05 68,096 ----a-w c:\windows\SYSTEM32\webclnt.dll
+ 2008-04-14 00:12:08 68,096 ----a-w c:\windows\SYSTEM32\webclnt.dll
- 2004-08-04 07:56:46 135,680 ----a-w c:\windows\SYSTEM32\webvw.dll
+ 2008-04-14 00:12:08 135,680 ----a-w c:\windows\SYSTEM32\webvw.dll
- 2004-08-04 07:56:57 65,536 ----a-w c:\windows\SYSTEM32\wextract.exe
+ 2008-04-14 00:12:39 65,024 ----a-w c:\windows\SYSTEM32\wextract.exe
- 2004-08-04 07:56:57 433,664 ----a-w c:\windows\SYSTEM32\wiaacmgr.exe
+ 2008-04-14 00:12:39 433,664 ----a-w c:\windows\SYSTEM32\wiaacmgr.exe
- 2004-08-04 07:56:46 463,360 ----a-w c:\windows\SYSTEM32\wiadefui.dll
+ 2008-04-14 00:12:08 463,360 ----a-w c:\windows\SYSTEM32\wiadefui.dll
- 2004-08-04 07:56:46 124,416 ----a-w c:\windows\SYSTEM32\wiadss.dll
+ 2008-04-14 00:12:08 124,416 ----a-w c:\windows\SYSTEM32\wiadss.dll
- 2004-08-04 07:56:46 75,776 ----a-w c:\windows\SYSTEM32\wiascr.dll
+ 2008-04-14 00:12:08 75,776 ----a-w c:\windows\SYSTEM32\wiascr.dll
- 2006-12-19 18:16:47 333,824 ----a-w c:\windows\SYSTEM32\wiaservc.dll
+ 2008-04-14 00:12:08 333,824 ----a-w c:\windows\SYSTEM32\wiaservc.dll
- 2004-08-04 07:56:46 589,312 ----a-w c:\windows\SYSTEM32\wiashext.dll
+ 2008-04-14 00:12:08 589,312 ----a-w c:\windows\SYSTEM32\wiashext.dll
- 2004-08-04 07:56:46 111,104 ----a-w c:\windows\SYSTEM32\wiavideo.dll
+ 2008-04-14 00:12:08 111,104 ----a-w c:\windows\SYSTEM32\wiavideo.dll
- 2004-08-04 07:56:46 101,888 ----a-w c:\windows\SYSTEM32\win32spl.dll
+ 2008-04-14 00:12:08 102,400 ----a-w c:\windows\SYSTEM32\win32spl.dll
- 2004-08-04 07:56:35 937,984 ----a-w c:\windows\SYSTEM32\winbrand.dll
+ 2008-04-13 16:48:53 1,647,616 ----a-w c:\windows\SYSTEM32\winbrand.dll
- 2006-10-24 16:30:06 716,288 ----a-w c:\windows\SYSTEM32\windowscodecs.dll
+ 2008-04-14 00:12:08 712,704 ----a-w c:\windows\SYSTEM32\windowscodecs.dll
- 2006-10-24 16:29:50 352,256 ----a-w c:\windows\SYSTEM32\windowscodecsext.dll
+ 2008-04-14 00:12:08 346,112 ----a-w c:\windows\SYSTEM32\windowscodecsext.dll
- 2004-08-04 07:56:46 351,232 ----a-w c:\windows\SYSTEM32\winhttp.dll
+ 2008-04-14 00:12:08 354,304 ----a-w c:\windows\SYSTEM32\winhttp.dll
- 2004-08-04 07:56:46 32,768 ----a-w c:\windows\SYSTEM32\winipsec.dll
+ 2008-04-14 00:12:09 32,256 ----a-w c:\windows\SYSTEM32\winipsec.dll
- 2004-08-04 07:56:57 502,272 ----a-w c:\windows\SYSTEM32\winlogon.exe
+ 2008-04-14 00:12:39 507,904 ----a-w c:\windows\SYSTEM32\winlogon.exe
- 2004-08-04 07:56:46 176,128 ----a-w c:\windows\SYSTEM32\winmm.dll
+ 2008-04-14 00:12:09 176,128 ----a-w c:\windows\SYSTEM32\winmm.dll
- 2004-08-04 07:56:35 764,928 ----a-w c:\windows\SYSTEM32\winntbbu.dll
+ 2008-04-14 00:11:11 756,224 ----a-w c:\windows\SYSTEM32\winntbbu.dll
- 2004-08-04 07:56:46 16,896 ----a-w c:\windows\SYSTEM32\winrnr.dll
+ 2008-04-14 00:12:09 16,896 ----a-w c:\windows\SYSTEM32\winrnr.dll
- 2004-08-04 07:56:46 99,328 ----a-w c:\windows\SYSTEM32\winscard.dll
+ 2008-04-14 00:12:09 99,328 ----a-w c:\windows\SYSTEM32\winscard.dll
- 2004-08-04 07:56:46 17,408 ----a-w c:\windows\SYSTEM32\winshfhc.dll
+ 2008-04-14 00:12:09 17,408 ----a-w c:\windows\SYSTEM32\winshfhc.dll
- 2004-08-04 07:56:57 146,432 ----a-w c:\windows\SYSTEM32\winspool.drv
+ 2008-04-14 00:12:45 146,432 ----a-w c:\windows\SYSTEM32\winspool.drv
- 2007-03-17 13:43:01 292,864 ----a-w c:\windows\SYSTEM32\winsrv.dll
+ 2008-04-14 00:12:09 293,376 ----a-w c:\windows\SYSTEM32\winsrv.dll
- 2004-08-04 07:56:46 53,760 ----a-w c:\windows\SYSTEM32\winsta.dll
+ 2008-04-14 00:12:09 53,760 ----a-w c:\windows\SYSTEM32\winsta.dll
- 2004-08-04 07:56:46 176,640 ----a-w c:\windows\SYSTEM32\wintrust.dll
+ 2008-04-14 00:12:09 176,640 ----a-w c:\windows\SYSTEM32\wintrust.dll
- 2004-08-04 07:56:57 5,632 ----a-w c:\windows\SYSTEM32\winver.exe
+ 2008-04-14 00:12:40 5,632 ----a-w c:\windows\SYSTEM32\winver.exe
- 2006-08-17 12:28:27 132,096 ----a-w c:\windows\SYSTEM32\wkssvc.dll
+ 2008-04-14 00:12:09 132,096 ----a-w c:\windows\SYSTEM32\wkssvc.dll
- 2004-08-04 07:56:46 172,032 ----a-w c:\windows\SYSTEM32\wldap32.dll
+ 2008-04-14 00:12:09 172,032 ----a-w c:\windows\SYSTEM32\wldap32.dll
- 2004-08-04 07:56:46 92,672 ----a-w c:\windows\SYSTEM32\wlnotify.dll
+ 2008-04-14 00:12:09 92,672 ----a-w c:\windows\SYSTEM32\wlnotify.dll
- 2004-08-04 07:56:35 5,632 ----a-w c:\windows\SYSTEM32\wmi.dll
+ 2008-04-14 00:11:15 5,632 ----a-w c:\windows\SYSTEM32\wmi.dll
- 2006-10-24 16:30:00 276,992 ----a-w c:\windows\SYSTEM32\wmphoto.dll
+ 2008-04-14 00:12:09 276,992 ----a-w c:\windows\SYSTEM32\wmphoto.dll
- 2004-08-04 07:56:46 115,200 ----a-w c:\windows\SYSTEM32\wmsdmoe.dll
+ 2008-04-14 00:12:09 115,200 ----a-w c:\windows\SYSTEM32\wmsdmoe.dll
- 2004-08-04 07:56:46 303,616 ----a-w c:\windows\SYSTEM32\wmstream.dll
+ 2008-04-14 00:12:10 303,616 ----a-w c:\windows\SYSTEM32\wmstream.dll
- 2004-08-04 07:56:46 264,192 ----a-w c:\windows\SYSTEM32\wow32.dll
+ 2008-04-14 00:12:10 264,192 ----a-w c:\windows\SYSTEM32\wow32.dll
- 2004-08-04 07:56:57 32,256 ----a-w c:\windows\SYSTEM32\wpabaln.exe
+ 2008-04-14 00:12:40 32,256 ----a-w c:\windows\SYSTEM32\wpabaln.exe
- 2004-08-04 07:56:57 32,256 ----a-w c:\windows\SYSTEM32\wpnpinst.exe
+ 2008-04-14 00:12:41 11,264 ----a-w c:\windows\SYSTEM32\wpnpinst.exe
- 2004-08-04 07:56:46 82,944 ----a-w c:\windows\SYSTEM32\ws2_32.dll
+ 2008-04-14 00:12:10 82,432 ----a-w c:\windows\SYSTEM32\ws2_32.dll
- 2004-08-04 07:56:46 19,968 ----a-w c:\windows\SYSTEM32\ws2help.dll
+ 2008-04-14 00:12:10 19,968 ----a-w c:\windows\SYSTEM32\ws2help.dll
- 2004-08-04 07:56:57 13,824 ----a-w c:\windows\SYSTEM32\wscntfy.exe
+ 2008-04-14 00:12:41 13,824 ----a-w c:\windows\SYSTEM32\wscntfy.exe
- 2004-08-04 07:56:57 114,688 ----a-w c:\windows\SYSTEM32\wscript.exe
+ 2008-04-14 00:12:41 155,648 ----a-w c:\windows\SYSTEM32\wscript.exe
- 2004-08-04 07:56:46 81,408 ----a-w c:\windows\SYSTEM32\wscsvc.dll
+ 2008-04-14 00:12:10 80,896 ----a-w c:\windows\SYSTEM32\wscsvc.dll
- 2004-08-04 07:56:46 108,032 ----a-w c:\windows\SYSTEM32\wshbth.dll
+ 2008-04-14 00:12:10 108,032 ----a-w c:\windows\SYSTEM32\wshbth.dll
- 2004-08-04 07:56:46 28,672 ----a-w c:\windows\SYSTEM32\wshcon.dll
+ 2008-04-14 00:12:10 36,864 ----a-w c:\windows\SYSTEM32\wshcon.dll
- 2004-08-04 07:56:46 65,536 ----a-w c:\windows\SYSTEM32\wshext.dll
+ 2008-04-14 00:12:10 90,112 ----a-w c:\windows\SYSTEM32\wshext.dll
- 2004-08-04 07:56:46 14,336 ----a-w c:\windows\SYSTEM32\wship6.dll
+ 2008-04-14 00:12:10 14,336 ----a-w c:\windows\SYSTEM32\wship6.dll
- 2004-08-04 07:56:46 11,776 ----a-w c:\windows\SYSTEM32\wshrm.dll
+ 2008-04-14 00:12:10 11,264 ----a-w c:\windows\SYSTEM32\wshrm.dll
- 2004-08-04 07:56:46 19,968 ----a-w c:\windows\SYSTEM32\wshtcpip.dll
+ 2008-04-14 00:12:10 19,456 ----a-w c:\windows\SYSTEM32\wshtcpip.dll
- 2004-08-04 07:56:46 42,496 ----a-w c:\windows\SYSTEM32\wsnmp32.dll
+ 2008-04-14 00:12:10 41,984 ----a-w c:\windows\SYSTEM32\wsnmp32.dll
- 2004-08-04 07:56:46 22,528 ----a-w c:\windows\SYSTEM32\wsock32.dll
+ 2008-04-14 00:12:10 22,528 ----a-w c:\windows\SYSTEM32\wsock32.dll
- 2004-08-04 07:56:46 50,688 ----a-w c:\windows\SYSTEM32\wstdecod.dll
+ 2008-04-14 00:12:10 50,688 ----a-w c:\windows\SYSTEM32\wstdecod.dll
- 2004-08-04 07:56:46 18,432 ----a-w c:\windows\SYSTEM32\wtsapi32.dll
+ 2008-04-14 00:12:10 18,432 ----a-w c:\windows\SYSTEM32\wtsapi32.dll
- 2004-08-04 07:56:46 6,656 ----a-w c:\windows\SYSTEM32\wuauserv.dll
+ 2008-04-14 00:12:11 6,656 ----a-w c:\windows\SYSTEM32\wuauserv.dll
- 2004-08-04 07:56:46 378,368 ----a-w c:\windows\SYSTEM32\wzcdlg.dll
+ 2008-04-14 00:12:11 383,488 ----a-w c:\windows\SYSTEM32\wzcdlg.dll
- 2004-08-04 07:56:46 51,712 ----a-w c:\windows\SYSTEM32\wzcsapi.dll
+ 2008-04-14 00:12:11 52,736 ----a-w c:\windows\SYSTEM32\wzcsapi.dll
- 2004-08-04 07:56:46 359,936 ----a-w c:\windows\SYSTEM32\wzcsvc.dll
+ 2008-04-14 00:12:11 483,840 ----a-w c:\windows\SYSTEM32\wzcsvc.dll
  • 0

#20
CorporateKD
Posted 06 December 2008 - 09:15 PM

CorporateKD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Andrewuk:

Part 17 and final part of the ComboFix log!

- 2004-08-04 07:56:46 91,648 ----a-w c:\windows\SYSTEM32\xactsrv.dll
+ 2008-04-14 00:12:11 91,648 ----a-w c:\windows\SYSTEM32\xactsrv.dll
- 2004-08-04 07:56:57 30,720 ----a-w c:\windows\SYSTEM32\xcopy.exe
+ 2008-04-14 00:12:41 30,720 ----a-w c:\windows\SYSTEM32\xcopy.exe
- 2006-07-14 15:51:51 121,856 ----a-w c:\windows\SYSTEM32\xmllite.dll
+ 2008-04-14 00:12:11 121,856 ----a-w c:\windows\SYSTEM32\xmllite.dll
- 2004-08-04 07:56:46 129,536 ----a-w c:\windows\SYSTEM32\xmlprov.dll
+ 2008-04-14 00:12:11 129,024 ----a-w c:\windows\SYSTEM32\xmlprov.dll
- 2004-08-04 07:56:46 50,176 ----a-w c:\windows\SYSTEM32\xmlprovi.dll
+ 2008-04-14 00:12:11 50,176 ----a-w c:\windows\SYSTEM32\xmlprovi.dll
- 2006-03-01 19:42:42 11,776 ----a-w c:\windows\SYSTEM32\xolehlp.dll
+ 2008-04-14 00:12:11 11,776 ----a-w c:\windows\SYSTEM32\xolehlp.dll
- 2004-08-04 07:56:36 438,784 ----a-w c:\windows\SYSTEM32\xpob2res.dll
+ 2008-04-13 17:39:29 438,784 ----a-w c:\windows\SYSTEM32\xpob2res.dll
- 2004-08-04 07:56:36 187,392 ----a-w c:\windows\SYSTEM32\xpsp1res.dll
+ 2008-04-13 17:39:22 187,392 ----a-w c:\windows\SYSTEM32\xpsp1res.dll
- 2004-08-04 07:56:36 2,897,920 ------w c:\windows\SYSTEM32\xpsp2res.dll
+ 2008-04-13 17:39:24 2,897,920 ------w c:\windows\SYSTEM32\xpsp2res.dll
- 2008-07-03 09:14:02 351,744 ----a-w c:\windows\SYSTEM32\xpsp3res.dll
+ 2008-04-13 17:39:26 689,152 ----a-w c:\windows\SYSTEM32\xpsp3res.dll
+ 2008-07-30 02:26:06 301,568 ----a-w c:\windows\SYSTEM32\XPSViewer\XPSViewer.exe
- 2004-08-04 07:56:46 337,920 ----a-w c:\windows\SYSTEM32\zipfldr.dll
+ 2008-04-14 00:12:11 338,432 ----a-w c:\windows\SYSTEM32\zipfldr.dll
+ 2008-12-08 00:35:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_244.dat
+ 2008-12-08 00:35:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_794.dat
- 2004-08-04 07:56:46 50,688 ----a-w c:\windows\twain_32.dll
+ 2008-04-14 00:12:07 50,688 ----a-w c:\windows\twain_32.dll
- 2004-08-04 07:56:57 283,648 ----a-w c:\windows\winhlp32.exe
+ 2008-04-14 00:12:39 283,648 ----a-w c:\windows\winhlp32.exe
- 2008-04-11 07:04:21 8,192 ----a-w c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-12-07 21:51:18 8,192 ----a-w c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-07-25 16:17:20 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2008-07-25 16:17:20 558,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 16:17:20 635,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-04-14 00:12:51 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2008-04-14 00:12:51 343,040 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
- 2008-04-11 07:04:45 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-12-07 21:51:48 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-04-11 07:04:45 113,664 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-12-07 21:51:48 113,664 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSIFile]
@="{FE2E26BF-1833-43B6-920F-23EA82E9BD51}"
[HKEY_CLASSES_ROOT\CLSID\{FE2E26BF-1833-43B6-920F-23EA82E9BD51}]
2005-05-02 13:30 1448448 --a------ c:\progra~1\THESIM~1\TSRWIZ~1\SHELLI~1.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 323584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2002-09-04 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Continue Setup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Continue Setup.lnk
backup=c:\windows\pss\Continue Setup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\updater.lnk
backup=c:\windows\pss\updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Keisha Davis^Start Menu^Programs^Startup^Connection Manager.lnk]
path=c:\documents and settings\Keisha Davis\Start Menu\Programs\Startup\Connection Manager.lnk
backup=c:\windows\pss\Connection Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AStart]
c:\windows\AStart [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 11:15 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 21:26 368706 c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
-ra------ 2002-08-14 19:22 28672 c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 14:54 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 15:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2002-12-20 18:01 184320 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2002-09-04 09:28 151552 c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-03-12 06:25 11776 c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notification Utility]
--a------ 2005-12-26 01:05 409600 c:\program files\ItBill\itbill.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 13:16 5058560 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2003-10-06 13:16 49152 c:\windows\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
--a------ 2001-08-01 11:30 94208 c:\program files\QUICKENW\qagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--a------ 2002-10-04 14:09 139264 c:\progra~1\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 03:59 122880 c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 13:16 741376 c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Keisha Davis\\My Documents\\IEXPLORE.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\mrtRate.sys [2006-06-26 34712]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-03-09 24652]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\DRIVERS\NaiFiltr.sys [2003-06-07 23296]
S2 WinToolsSvc;WinTools for IE service;c:\program files\Common Files\WinTools\WToolsS.exe []
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2006-09-12 109008]
.
Contents of the 'Scheduled Tasks' folder

2008-10-11 c:\windows\Tasks\ACD67A3D9189EC5D.job
- c:\progra~1\basedo~1\setupmediaaxis.exe []

2008-10-11 c:\windows\Tasks\AF26BAA391852CB7.job
- c:\progra~1\basedo~1\setupmediaaxis.exe []

2008-10-11 c:\windows\Tasks\At1.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At10.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At11.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At12.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At13.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At14.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At15.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At16.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At17.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At18.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At19.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At2.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At20.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At21.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At22.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At23.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At24.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At25.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At26.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At27.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At28.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At29.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At3.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At30.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At31.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At32.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At33.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At34.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At35.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At36.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At37.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At38.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At39.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At4.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At40.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At41.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At42.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At43.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At44.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At45.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At46.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At47.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At48.job
- c:\windows\system32\Y60Kw108.exe []

2008-10-11 c:\windows\Tasks\At5.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At6.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At7.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At8.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\At9.job
- c:\windows\system32\Nc0b2af6.exe []

2008-10-11 c:\windows\Tasks\EasyShare Registration RunOnce Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]

2008-10-05 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]

2004-02-18 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1077087270.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2005-01-12 14:54]

2004-09-19 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1095535072.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2005-01-12 14:54]

2008-10-11 c:\windows\Tasks\McAfee.com Update Check (D6J63F21-Owner).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2002-09-04 09:28]

2008-10-11 c:\windows\Tasks\McAfee.com Update Check (D6J63F21-Owner).job
- c:\progra~1\McAfee.com\Agent [2008-12-04 08:29]

2008-10-11 c:\windows\Tasks\McAfee.com Update Check (KEISHA-Guest).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2002-09-04 09:28]

2008-10-11 c:\windows\Tasks\McAfee.com Update Check (KEISHA-Guest).job
- c:\progra~1\McAfee.com\Agent [2008-12-04 08:29]

2008-12-08 c:\windows\Tasks\McAfee.com Update Check (KEISHA-Keisha Davis).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2002-09-04 09:28]

2008-12-08 c:\windows\Tasks\McAfee.com Update Check (KEISHA-Keisha Davis).job
- c:\progra~1\mcafee.com\agent [2008-12-04 08:29]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\tgctlpw.dll - O16 -: {01118D00-3E00-11D2-8470-0060089874ED}
hxxp://www.fastaccesstools.com/sdccommon/download/tgctlpw.cab
c:\windows\Downloaded Program Files\tgctlpw.inf

c:\windows\Downloaded Program Files\PrintControl.dll - O16 -: {19529B56-E206-4F0B-B44E-97B5F4861E6A}
hxxps://clinicalreports.almacgroup.com/crystalreportviewers115/ActiveXControls/PrintControl.cab
c:\windows\Downloaded Program Files\PrintControl.inf

O16 -: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn.sra.com/SNX/CSHELL/extender.cab
c:\windows\Downloaded Program Files\msi.inf

c:\windows\System32\sqlite.def - c:\windows\System32\sqlite.dll
c:\windows\System32\Unzip32.dll
c:\windows\wizarduninstall.exe
c:\windows\Downloaded Program Files\TSRInstallationWizard.ocx
c:\program files\Ibibi AB\TSR Installation Wizard\wizarduninstall.exe
c:\program files\Ibibi AB\TSR Installation Wizard\Unzip32.dll
O16 -: {D3E33EA6-92BF-444E-9DF3-E7F879F2006F}
hxxp://www.thesimsresource.com/TSRInstallationWizard.cab
c:\windows\Downloaded Program Files\TSRInstallationWizard.inf

c:\windows\SYSTEM32\msvcrt.dll - c:\windows\SYSTEM32\mfc42.dll
c:\windows\Downloaded Program Files\playershim.dll
c:\windows\Downloaded Program Files\ocx_play.ocx
O16 -: {EF732B7C-BFF6-49B1-A32C-3C74C318FDCC}
hxxp://www.thesecret.tv/movie/player/player_ocx.jpeg
c:\windows\Downloaded Program Files\cab.inf
FireFox -: Profile - c:\documents and settings\Keisha Davis\Application Data\Mozilla\Firefox\Profiles\gcavcvdb.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 20:01:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2964)
c:\progra~1\THESIM~1\TSRWIZ~1\SHELLI~1.DLL
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2008-12-07 20:04:44
ComboFix-quarantined-files.txt 2008-12-08 01:03:08
ComboFix2.txt 2008-11-26 20:56:04
ComboFix3.txt 2008-11-25 19:23:38
ComboFix4.txt 2008-11-25 18:14:44

Pre-Run: 3,110,236,160 bytes free
Post-Run: 3,224,903,680 bytes free

6898 --- E O F --- 2008-12-07 08:06:22
  • 0

#21
CorporateKD
Posted 06 December 2008 - 09:16 PM

CorporateKD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Andrewuk:

Finally, here is the HJT log! I am ready for the next step! :)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:19 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\CF94.exe
C:\ComboFix\hidec.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\ComboFix\Catchme.tmp
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt4_x.cab
O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} - http://www.fastacces...oad/tgctlpw.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} (Crystal Reports Print Control 11.5) - https://clinicalrepo...rintControl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://vpn.sra.com/...LL/extender.cab
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D3E33EA6-92BF-444E-9DF3-E7F879F2006F} (TSRFileManagerXControl Control) - http://www.thesimsre...ationWizard.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://vnc.webex.co...bex/ieatgpc.cab
O16 - DPF: {EF732B7C-BFF6-49B1-A32C-3C74C318FDCC} (VPlayer Control) - http://www.thesecret...player_ocx.jpeg
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

--
End of file - 8827 bytes
  • 0

#22
andrewuk
Posted 06 December 2008 - 10:32 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
it wont be as long this time (i hope)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\Tasks\ACD67A3D9189EC5D.job
c:\progra~1\basedo~1\setupmediaaxis.exe
c:\windows\Tasks\AF26BAA391852CB7.job
c:\windows\Tasks\At1.job
:\windows\system32\Nc0b2af6.exe
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\system32\Y60Kw108.exe
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\EasyShare Registration RunOnce Task.job
c:\windows\Tasks\EasyShare Registration Task.job

Folder::
C:\Program Files\Common Files\WinTools
c:\program files\ItBill

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01118D00-3E00-11D2-8470-0060089874ED}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notification Utility]

Driver::
WinToolsSvc

DirLook::
c:\windows\AStart


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

and a new hijackthis log please

andrewuk

Edited by andrewuk, 06 December 2008 - 10:33 PM.

  • 0

#23
CorporateKD
Posted 07 December 2008 - 11:41 AM

CorporateKD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Andrewuk:

I have done as requested. I get a message that states that I am not using the most up-to-date ComboFix but the update fails. I deleted the file and downloaded the more recent ComboFix as you asked yesterday. Not sure what is going on there but I thought I would let you know. Here is the ComboFix log as requested and you were right-no where near as long! I will post the HJT log in separate post.

ComboFix 08-12-06.06 - Keisha Davis 2008-12-08 12:07:54.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.587 [GMT -5:00]
Running from: c:\documents and settings\Keisha Davis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Keisha Davis\Desktop\CFScript.txt

FILE ::
:\windows\system32\Nc0b2af6.exe
c:\progra~1\basedo~1\setupmediaaxis.exe
c:\windows\system32\Y60Kw108.exe
c:\windows\Tasks\ACD67A3D9189EC5D.job
c:\windows\Tasks\AF26BAA391852CB7.job
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\EasyShare Registration RunOnce Task.job
c:\windows\Tasks\EasyShare Registration Task.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ItBill
c:\windows\Tasks\ACD67A3D9189EC5D.job
c:\windows\Tasks\AF26BAA391852CB7.job
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\EasyShare Registration RunOnce Task.job
c:\windows\Tasks\EasyShare Registration Task.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINTOOLSSVC
-------\Service_WinToolsSvc


((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.

2008-12-07 23:35 . 2008-12-07 23:35 <DIR> d-------- c:\program files\Alwil Software
2008-12-07 22:44 . 2003-08-11 03:07 278,528 --a------ c:\windows\SYSTEM32\hpdj
2008-12-07 18:05 . 2008-04-13 19:12 69,120 --------- c:\windows\SYSTEM32\wlanapi.dll
2008-12-07 18:04 . 2008-04-13 19:12 291,328 --------- c:\windows\SYSTEM32\qagentrt.dll
2008-12-07 18:04 . 2008-04-13 19:12 290,304 --------- c:\windows\SYSTEM32\rhttpaa.dll
2008-12-07 18:04 . 2008-04-13 19:12 150,528 --------- c:\windows\SYSTEM32\qagent.dll
2008-12-07 18:04 . 2008-04-13 19:12 144,384 --------- c:\windows\SYSTEM32\onex.dll
2008-12-07 18:04 . 2008-04-13 19:12 76,800 --------- c:\windows\SYSTEM32\qutil.dll
2008-12-07 18:04 . 2008-04-13 19:12 62,464 --------- c:\windows\SYSTEM32\qcliprov.dll
2008-12-07 18:04 . 2008-04-13 19:12 61,952 --------- c:\windows\SYSTEM32\rasqec.dll
2008-12-07 18:04 . 2008-04-13 19:12 53,248 --------- c:\windows\SYSTEM32\tsgqec.dll
2008-12-07 18:04 . 2008-04-13 19:12 50,688 --------- c:\windows\SYSTEM32\tspkg.dll
2008-12-07 18:04 . 2008-04-13 19:12 32,768 --------- c:\windows\SYSTEM32\setupn.exe
2008-12-07 18:04 . 2008-04-13 13:40 10,240 --------- c:\windows\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-12-07 18:02 . 2008-04-13 19:11 233,472 --------- c:\windows\SYSTEM32\azroles.dll
2008-12-07 18:02 . 2008-04-13 19:11 136,192 --------- c:\windows\SYSTEM32\aaclient.dll
2008-12-07 18:02 . 2008-04-13 19:11 7,168 --------- c:\windows\SYSTEM32\bitsprx4.dll
2008-12-07 16:56 . 2008-12-07 16:56 <DIR> d-------- c:\windows\SYSTEM32\XPSViewer
2008-12-07 16:55 . 2008-12-07 16:55 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-07 16:54 . 2008-12-07 16:55 <DIR> d-------- C:\5325c27c11806dc08f3bab9c
2008-12-07 16:54 . 2008-07-06 07:06 1,676,288 --------- c:\windows\SYSTEM32\xpssvcs.dll
2008-12-07 16:54 . 2008-07-06 07:06 1,676,288 --------- c:\windows\SYSTEM32\DLLCACHE\xpssvcs.dll
2008-12-07 16:54 . 2008-07-06 05:50 597,504 --------- c:\windows\SYSTEM32\DLLCACHE\printfilterpipelinesvc.exe
2008-12-07 16:54 . 2008-07-06 07:06 575,488 --------- c:\windows\SYSTEM32\xpsshhdr.dll
2008-12-07 16:54 . 2008-07-06 07:06 575,488 --------- c:\windows\SYSTEM32\DLLCACHE\xpsshhdr.dll
2008-12-07 16:54 . 2008-07-06 07:06 117,760 --------- c:\windows\SYSTEM32\prntvpt.dll
2008-12-07 16:54 . 2008-07-06 07:06 89,088 --------- c:\windows\SYSTEM32\DLLCACHE\filterpipelineprintproc.dll
2008-12-07 16:53 . 2008-12-07 19:01 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-04 09:00 . 2008-12-04 09:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-04 08:31 . 2008-12-04 08:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-02 21:08 . 2008-11-10 03:39 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2008-12-02 20:24 . 2006-10-26 19:56 32,592 --a------ c:\windows\SYSTEM32\msonpmon.dll
2008-12-02 20:22 . 2008-12-07 16:55 <DIR> d-------- c:\program files\MSBuild
2008-12-02 20:17 . 2008-12-02 20:17 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-11-27 09:13 . 2008-11-27 09:14 <DIR> d-------- c:\documents and settings\Keisha Davis\.SunDownloadManager
2008-11-27 08:48 . 2008-11-27 08:48 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-27 08:42 . 2008-11-27 09:24 <DIR> d-------- c:\program files\NOS
2008-11-27 08:42 . 2008-11-27 09:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-26 16:16 . 2008-11-10 05:43 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-11-25 15:23 . 2008-11-25 15:23 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 01:17 . 2008-11-25 01:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 01:17 . 2008-11-25 01:17 <DIR> d-------- c:\documents and settings\Keisha Davis\Application Data\Malwarebytes
2008-11-25 01:17 . 2008-11-25 01:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 01:17 . 2008-10-22 16:10 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-25 01:17 . 2008-10-22 16:10 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-12 22:14 . 2008-10-24 06:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 13:49 --------- d-----w c:\program files\Common Files\tsa
2008-12-08 13:43 --------- d-----w c:\program files\altpayV2
2008-12-08 04:43 --------- d-----w c:\documents and settings\All Users\Application Data\Mail Mp3 Flaw 64
2008-12-08 04:20 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-12-08 04:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 04:17 --------- d-----w c:\program files\EPSON
2008-12-08 00:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-08 00:31 --------- d-----w c:\program files\Java
2008-12-08 00:17 --------- d-----w c:\program files\Yahoo!
2008-12-07 00:37 --------- d-----w c:\program files\CheckPoint
2008-12-07 00:35 --------- d-----w c:\program files\BitZipper
2008-12-07 00:34 --------- d-----w c:\documents and settings\Keisha Davis\Application Data\BitZipper
2008-12-04 08:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-27 13:46 --------- d-----w c:\program files\Common Files\Adobe
2008-10-30 03:30 --------- d-----w c:\documents and settings\Keisha Davis\Application Data\Apple Computer
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:04 --------- d-----w c:\documents and settings\Keisha Davis\Application Data\webex
2008-10-14 11:45 --------- d-----w c:\program files\HP
2008-10-13 20:13 --------- d-----w c:\program files\iTunes
2008-10-13 20:13 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-13 20:12 --------- d-----w c:\program files\iPod
2008-10-12 00:23 --------- d--h--w c:\documents and settings\Keisha Davis\Application Data\GTek
2008-10-12 00:23 --------- d--h--w c:\documents and settings\Guest\Application Data\Gtek
2008-10-12 00:23 --------- d-----w c:\documents and settings\All Users\Application Data\GTek
2008-10-12 00:19 --------- d-----w c:\program files\Dell Support Center
2008-10-12 00:19 --------- d-----w c:\documents and settings\All Users\Application Data\SupportSoft
2008-10-11 23:20 --------- d-----w c:\program files\FreeFixer
2008-02-06 05:38 54,752 ----a-w c:\documents and settings\Keisha Davis\Application Data\GDIPFONTCACHEV1.DAT
2006-11-27 00:10 46,760 ----a-w c:\documents and settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2005-11-28 03:58 26,958 ----a-w c:\program files\Movieland Terms.html
2005-05-31 00:15 1,917 ----a-w c:\program files\Installed Items.lnk
2004-08-30 15:28 39 ----a-w c:\documents and settings\Keisha Davis\Application Data\tvmcwrd.dll
2003-10-10 06:01 1,842,680 ---ha-w c:\documents and settings\Keisha Davis\kyf.dat
2004-07-02 06:24 316,776 --sha-r c:\windows\SYSTEM32\2odsrch.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\AStart ----

c:\windows\AStart\


((((((((((((((((((((((((((((( snapshot_2008-12-07_20.02.34.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:22 26,488 -c----w c:\windows\$NtUninstallKB951978$\spcustom.dll
+ 2007-11-30 12:39:22 17,272 -c----w c:\windows\$NtUninstallKB951978$\spmsg.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951978$\spuninst.exe
+ 2007-11-30 12:39:18 755,576 -c----w c:\windows\$NtUninstallKB951978$\update.exe
+ 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB951978$\updspapi.dll
+ 2008-12-08 01:30:41 36,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AddressParser\4218b74300786b2b6583e017b65606d2\AddressParser.ni.dll
+ 2008-12-08 01:30:38 265,728 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ADODB\21edcf48ada3e9c9d24b19f75501f24c\ADODB.ni.dll
+ 2008-12-08 01:30:36 459,776 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AxOWC11\f359dfbccdd8fabaf6d9dc645ed774d4\AxOWC11.ni.dll
+ 2008-12-08 01:31:41 220,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
+ 2008-12-08 01:30:52 407,040 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DataMigration\be12b3867f0880b587d7806d019e29fb\DataMigration.ni.dll
+ 2008-12-08 01:31:40 14,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
+ 2008-12-08 01:31:42 838,656 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
+ 2008-12-08 01:31:43 65,024 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
+ 2008-12-08 01:31:46 1,620,480 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
+ 2008-12-08 01:31:47 144,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
+ 2008-12-08 01:30:35 1,033,728 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\074032e3db0cde2306ad648782f2cc75\Microsoft.BusinessSolutions.SBA.Interop.Outlook.ni.dll
+ 2008-12-08 01:27:32 866,816 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\10170ca381dc268b86b3afa07a5ab78c\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ImportExportUI.ni.dll
+ 2008-12-08 01:30:33 2,478,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\5653010914a24861eae118fc1f934a2e\Microsoft.BusinessSolutions.SBA.Interop.Excel.ni.dll
+ 2008-12-08 01:30:37 1,078,784 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\ba113d27ec21b16ed0fa1c47c8880a74\Microsoft.BusinessSolutions.SBA.Interop.Owc11.ni.dll
+ 2008-12-08 01:30:43 1,488,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\bf26e3ac49218926a4498ab4bf59c80d\Microsoft.BusinessSolutions.SBA.Interop.Word.ni.dll
+ 2008-12-08 01:26:14 2,479,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\9cdcfc52a25dbc42b6a7b3ee1c6ee502\Microsoft.Interop.eCRM.Excel.ni.dll
+ 2008-12-08 01:30:49 39,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\f6919e79dcbda6c26f7820b0123b241e\Microsoft.Interop.eCRM.NetFw.ni.dll
+ 2008-12-08 01:27:38 393,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Iris.Impo#\0f57b07688e264097a40b1e190cf5a44\Microsoft.Iris.ImportExport.ni.dll
+ 2008-12-08 01:27:02 409,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Iris.Impo#\2e1f70f48419ded286df36dfd5db2f8e\Microsoft.Iris.ImportExportDataAccess.ni.dll
+ 2008-12-08 01:31:08 17,678,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.mshtml\0d74af77373aeb9d1db43d0e253e6c21\Microsoft.mshtml.ni.dll
+ 2008-12-08 01:31:48 231,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\f900abeac1a34b1ea03de11b1ef647b1\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2008-12-08 01:26:31 51,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\0faed4048a48adeccfeb4d0d1687e3f6\Microsoft.Office.Interop.OutlookViewCtl.ni.dll
+ 2008-12-08 01:27:45 1,749,504 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\4cd089585cd2e13a08ad2593b5458998\Microsoft.Office.Interop.Word.ni.dll
+ 2008-12-08 01:30:47 532,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SBA.Offic#\39dd5593a59b92dd228469bca079f3ac\Microsoft.SBA.OfficeLive.ni.dll
+ 2008-12-08 01:31:50 530,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\16a42f39de574b65672a6f7b60d47b94\Microsoft.SqlServer.GridControl.ni.dll
+ 2008-12-08 01:31:54 989,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\334222245e81d48c73682a1c3dfa5c26\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2008-12-08 01:31:22 1,229,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3ce6b339b72239e1233d61809b2b752e\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2008-12-08 01:31:26 1,115,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4c0ca93bfcf7c39db110935650972479\Microsoft.SqlServer.Rmo.ni.dll
+ 2008-12-08 01:31:53 355,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\51d74890d55a8b1f5375457b9e4b531b\Microsoft.SqlServer.Setup.ni.dll
+ 2008-12-08 01:31:27 64,512 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5a0a3451f88c6c91f807f6862c97f69e\Microsoft.SqlServer.WmiEnum.ni.dll
+ 2008-12-08 01:31:18 344,576 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5a2042766cee9460d4ba62865dfe3ca1\Microsoft.SqlServer.SmoEnum.ni.dll
+ 2008-12-08 01:31:15 4,331,008 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\801c0709401985934bb597ac816b978c\Microsoft.SqlServer.Smo.ni.dll
+ 2008-12-08 01:31:16 278,528 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\881da3ee4f0febfa772a39cfb0995ef8\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2008-12-08 01:31:17 615,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a60d222eda054f19f4fac0524c74f3c3\Microsoft.SqlServer.BatchParser.ni.dll
+ 2008-12-08 01:31:28 114,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b0bd09e51b98488041d62585bb2f8f4c\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2008-12-08 01:31:27 35,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d3442324c0151bf5f8d139871a3b0caf\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2008-12-08 01:31:49 74,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ea2ae783dc512b6a9e62bba0d4f71ecf\Microsoft.SqlServer.CustomControls.ni.dll
+ 2008-12-08 01:30:53 26,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MigrationInterface\598a3d0ca639fe6db5309b7e0cc639b5\MigrationInterface.ni.dll
+ 2008-12-08 01:30:54 813,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MoneyMigrationWrapp#\9aeacee92043c44a008335276f310536\MoneyMigrationWrapper.ni.dll
+ 2008-12-08 01:30:38 592,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscomctl\af0ee3b7a00128bb60dc85316b300d05\mscomctl.ni.dll
+ 2008-12-08 01:30:37 13,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MSDATASRC\43b95f2b0673d5af83f5e16b299e5453\MSDATASRC.ni.dll
+ 2008-12-08 01:30:48 321,024 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\MSIDCRL.Managed\6b68e25e8db1f1ede709d42bee4e1a6d\MSIDCRL.Managed.ni.dll
+ 2008-12-08 01:30:41 37,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\NameParser\4acb9de2d67362e3be4d9d16357920a2\NameParser.ni.dll
+ 2008-12-08 01:30:42 104,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ParseLib2\58c5dfa75f4387bb1f726d05186659c3\ParseLib2.ni.dll
+ 2008-12-08 01:30:46 109,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBA.AxInterop.SHDoc#\4d5ef2ec61c2b157f558a69b1d240d18\SBA.AxInterop.SHDocVw.ni.dll
+ 2008-12-08 01:30:52 19,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBA.Interop.OfficeQ\d08396a936220c1f93227987e19b5606\SBA.Interop.OfficeQ.ni.dll
+ 2008-12-08 01:30:53 19,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBA.Interop.OfficeQ6\13f18542b4313ad810c1704687c3bd89\SBA.Interop.OfficeQ6.ni.dll
+ 2008-12-08 01:30:27 333,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBA.Interop.SHDocVw\07361dc4a518a3133188d294b8ce990d\SBA.Interop.SHDocVw.ni.dll
+ 2008-12-08 01:30:26 60,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBA.MsHtmHstInterop\83a85306fe51248e6d37976c4b2fc6ff\SBA.MsHtmHstInterop.ni.dll
+ 2008-12-08 01:29:44 9,134,080 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAAPI\1dd3e93c429377753c8b81bda709bc59\SBAAPI.ni.dll
+ 2008-12-08 01:29:34 75,776 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAAPIEnUS\04ae21398262147cd005277a3823da9b\SBAAPIEnUS.ni.dll
+ 2008-12-08 01:29:46 13,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAComponents\246b69751f4ec785a129524fc71def0a\SBAComponents.ni.dll
+ 2008-12-08 01:29:45 26,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBACryptoServices\6d9ab9d9bd9d8ee92c575767720bab40\SBACryptoServices.ni.dll
+ 2008-12-08 01:30:51 375,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAECOMM\1b7a7607e77f5ed9f8780307446eda45\SBAECOMM.ni.dll
+ 2008-12-08 01:29:46 13,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAIAPIENUS\6b806fb0c136a148b1928a75d4e74bd5\SBAIAPIENUS.ni.dll
+ 2008-12-08 01:31:29 13,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAK\d2e1b709b86952658ec8cd9c1cd08669\SBAK.ni.dll
+ 2008-12-08 01:31:29 13,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAKB\1d3d032e7fad3f1d95300342288e5837\SBAKB.ni.dll
+ 2008-12-08 01:30:40 410,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAMasterDataWriter\02f961bc56e6c41d7af2ff67463a8bf3\SBAMasterDataWriter.ni.dll
+ 2008-12-08 01:30:49 179,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAPAYROLL\7f37403928a36632c825647022e41604\SBAPAYROLL.ni.dll
+ 2008-12-08 01:30:51 111,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\sbaprint\69e42d4209e1d3f9131c398a80c94d7b\sbaprint.ni.dll
+ 2008-12-08 01:30:30 1,870,848 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAReporting\0a2be3f9d7d965f485d4cb9befe68987\SBAReporting.ni.dll
+ 2008-12-08 01:30:34 6,415,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAReportingBitmap\972a91e4e5393b1fbe9efdf889f085e0\SBAReportingBitmap.ni.dll
+ 2008-12-08 01:30:31 1,830,400 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAResources\eb74dfc66d64238fd29c7e8855c101f0\SBAResources.ni.dll
+ 2008-12-08 01:30:31 260,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBASpreadsheetML\96a38b77a3e6f0463a671305d70b330e\SBASpreadsheetML.ni.dll
+ 2008-12-08 01:30:40 103,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBASQM\749b6834caa3635e3b04ae7d35a6c830\SBASQM.ni.dll
+ 2008-12-08 01:31:36 109,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAUI.XmlSerializers\9b9e65b844113f2cfa3f56bebc549f23\SBAUI.XmlSerializers.ni.dll
+ 2008-12-08 01:30:23 28,437,504 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SBAUI\5d431fabb7cd6f8b5b9eb0132e3542a4\SBAUI.ni.dll
+ 2008-12-08 01:31:39 460,288 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\sbauienus\63adc6d29534a9437b17a5a7555bc734\sbauienus.ni.dll
+ 2008-12-08 01:31:28 105,984 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SbaWatson\c7b150cd8f1db55502e8a822e05e3f7c\SbaWatson.ni.dll
+ 2008-12-08 01:32:02 2,209,280 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll
+ 2008-12-08 01:32:10 2,989,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d6cc33db5d526553ffbbfd1d372a8493\System.Workflow.Activities.ni.dll
+ 2008-12-08 01:32:20 4,510,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9de33f5786cd15e220f47b916c5a15e9\System.Workflow.ComponentModel.ni.dll
+ 2008-12-08 01:32:26 1,904,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6d0966370023925610756f368140b947\System.Workflow.Runtime.ni.dll
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\SYSTEM32\aswBoot.exe
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\SYSTEM32\AvastSS.scr
- 2008-04-14 00:12:15 139,264 ----a-w c:\windows\SYSTEM32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\SYSTEM32\cscript.exe
+ 2008-05-09 10:53:39 512,000 ------w c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2008-05-09 10:53:40 430,080 ------w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\SYSTEM32\DRIVERS\aavmker4.sys
+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\SYSTEM32\DRIVERS\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\SYSTEM32\DRIVERS\aswmon2.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\SYSTEM32\DRIVERS\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\SYSTEM32\DRIVERS\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\SYSTEM32\DRIVERS\aswTdi.sys
- 2008-04-14 00:11:56 512,000 ----a-w c:\windows\SYSTEM32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w c:\windows\SYSTEM32\jscript.dll
- 2008-04-14 00:12:05 180,224 ----a-w c:\windows\SYSTEM32\scrobj.dll
+ 2008-05-09 10:53:39 180,224 ----a-w c:\windows\SYSTEM32\scrobj.dll
- 2008-04-14 00:12:05 172,032 ----a-w c:\windows\SYSTEM32\scrrun.dll
+ 2008-05-09 10:53:40 172,032 ----a-w c:\windows\SYSTEM32\scrrun.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
- 2008-04-14 00:12:08 434,176 ----a-w c:\windows\SYSTEM32\vbscript.dll
+ 2008-05-09 10:53:40 430,080 ----a-w c:\windows\SYSTEM32\vbscript.dll
- 2008-04-14 00:12:41 155,648 ----a-w c:\windows\SYSTEM32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\SYSTEM32\wscript.exe
- 2008-04-14 00:12:10 90,112 ----a-w c:\windows\SYSTEM32\wshext.dll
+ 2008-05-09 10:53:40 90,112 ----a-w c:\windows\SYSTEM32\wshext.dll
+ 2008-12-08 17:19:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1ec.dat
+ 2008-12-08 17:20:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_40c.dat
+ 2008-12-08 17:19:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6b8.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSIFile]
@="{FE2E26BF-1833-43B6-920F-23EA82E9BD51}"
[HKEY_CLASSES_ROOT\CLSID\{FE2E26BF-1833-43B6-920F-23EA82E9BD51}]
2005-05-02 13:30 1448448 --a------ c:\progra~1\THESIM~1\TSRWIZ~1\SHELLI~1.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 323584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Continue Setup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Continue Setup.lnk
backup=c:\windows\pss\Continue Setup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\updater.lnk
backup=c:\windows\pss\updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Keisha Davis^Start Menu^Programs^Startup^Connection Manager.lnk]
path=c:\documents and settings\Keisha Davis\Start Menu\Programs\Startup\Connection Manager.lnk
backup=c:\windows\pss\Connection Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AStart]
c:\windows\AStart [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 11:15 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 21:26 368706 c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
-ra------ 2002-08-14 19:22 28672 c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 15:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-03-12 06:25 11776 c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 13:16 5058560 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2003-10-06 13:16 49152 c:\windows\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
--a------ 2001-08-01 11:30 94208 c:\program files\QUICKENW\qagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 03:59 122880 c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 13:16 741376 c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Keisha Davis\\My Documents\\IEXPLORE.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-07 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-07 20560]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 30312]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\mrtRate.sys [2006-06-26 34712]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-03-09 24652]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2006-09-12 109008]
.
Contents of the 'Scheduled Tasks' folder

2004-02-18 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1077087270.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe []

2004-09-19 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp officejet 5500 series#1095535072.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-MCAgentExe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\McAfee.com\Agent\McUpdate.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\PrintControl.dll - O16 -: {19529B56-E206-4F0B-B44E-97B5F4861E6A}
hxxps://clinicalreports.almacgroup.com/crystalreportviewers115/ActiveXControls/PrintControl.cab
c:\windows\Downloaded Program Files\PrintControl.inf

O16 -: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn.sra.com/SNX/CSHELL/extender.cab
c:\windows\Downloaded Program Files\msi.inf

c:\windows\System32\sqlite.def - c:\windows\System32\sqlite.dll
c:\windows\System32\Unzip32.dll
c:\windows\wizarduninstall.exe
c:\windows\Downloaded Program Files\TSRInstallationWizard.ocx
c:\program files\Ibibi AB\TSR Installation Wizard\wizarduninstall.exe
c:\program files\Ibibi AB\TSR Installation Wizard\Unzip32.dll
O16 -: {D3E33EA6-92BF-444E-9DF3-E7F879F2006F}
hxxp://www.thesimsresource.com/TSRInstallationWizard.cab
c:\windows\Downloaded Program Files\TSRInstallationWizard.inf

c:\windows\SYSTEM32\msvcrt.dll - c:\windows\SYSTEM32\mfc42.dll
c:\windows\Downloaded Program Files\playershim.dll
c:\windows\Downloaded Program Files\ocx_play.ocx
O16 -: {EF732B7C-BFF6-49B1-A32C-3C74C318FDCC}
hxxp://www.thesecret.tv/movie/player/player_ocx.jpeg
c:\windows\Downloaded Program Files\cab.inf
FireFox -: Profile - c:\documents and settings\Keisha Davis\Application Data\Mozilla\Firefox\Profiles\gcavcvdb.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 12:22:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\TCPSVCS.EXE
c:\windows\SYSTEM32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-08 12:34:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-08 17:33:50
ComboFix2.txt 2008-12-08 01:04:47
ComboFix3.txt 2008-11-26 20:56:04
ComboFix4.txt 2008-11-25 19:23:38
ComboFix5.txt 2008-12-08 17:05:55

Pre-Run: 3,051,208,704 bytes free
Post-Run: 3,065,135,104 bytes free

523 --- E O F --- 2008-12-08 02:17:15
  • 0

#24
CorporateKD
Posted 07 December 2008 - 11:45 AM

CorporateKD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Andrewuk:

Here is the HJT log as requested!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:00 PM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt4_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} (Crystal Reports Print Control 11.5) - https://clinicalrepo...rintControl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://vpn.sra.com/...LL/extender.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D3E33EA6-92BF-444E-9DF3-E7F879F2006F} (TSRFileManagerXControl Control) - http://www.thesimsre...ationWizard.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://vnc.webex.co...bex/ieatgpc.cab
O16 - DPF: {EF732B7C-BFF6-49B1-A32C-3C74C318FDCC} (VPlayer Control) - http://www.thesecret...player_ocx.jpeg
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8527 bytes
  • 0

#25
andrewuk
Posted 07 December 2008 - 03:50 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

Not sure what is going on there but I thought I would let you know.

no problem, you did the right thing :)

in this post we will do some general scans to clear away any remnants and ensure nothing else sneaked onto your machine.

the scans will likely take 3 hours, quite possibly much longer. so just let them run.


====STEP 1====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


====STEP 2====
we will update and re-run malwarebytes

double click the malwarebytes icon on your desktop to open the program
  • on the tabs at the top, select Update and then press the Check for Updates button on that page. If an update is found, it will download and install the latest version.
  • once complete (a new version of malwarebytes may download) select the tab Scanner
  • select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



====STEP 3====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
====STEP 4====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u11-windows-i586-p.exe and select "Run as an Administrator.")
In your next reply could i see:
1. the malwarebytes log
2. the superantispyware log
3. the kaspersky log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

Advertisements

#26
CorporateKD
Posted 07 December 2008 - 06:12 PM

CorporateKD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Andrewuk:

I realized after I posted last that I had run my NEW :) antivirus program before I did the ComboFix and HJT logs for you. Sorry! That may be why they showed up cleaner! I have quarantined all of the files (they are in the chest) that the computer showed as infected (OMG! - there were so many!!!) ... Unfortunately I don't know what to do with the files in the chest now. Do I leave them there forever? I would rather delete them (there is a delete function) but I am not sure if any of these files are ones that my computer needs to repair somehow. Help !!! I have attached (I forgot to set the software to create a log :) ) Part 1 of an image file with the list via print-screen of all of the infected files. As space permits, I will upload the other 2 parts. What do I do now? I will follow your other directions from the previous post now.

You have been my life- and computer-saver this weekend! Thank you so much!

KD

Attached Files


  • 0

#27
CorporateKD
Posted 07 December 2008 - 06:14 PM

CorporateKD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Andrewuk:

Part 2 of the file list is attached here!

KD

Attached Files


  • 0

#28
CorporateKD
Posted 07 December 2008 - 06:16 PM

CorporateKD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Andrewuk:

Last part of the infected files list!

KD

Attached Files


  • 0

#29
andrewuk
Posted 07 December 2008 - 08:05 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
continue with my instructions as per my last post and run all the programs.

i suspect your avast will have cleaned items that we have quarantined as well as remnants and other infections found. in any case, avast has a good reputation and for now leave them in the chest but, once we are done here and when your computer is clean you can safely delete them all.

andrewuk
  • 0

#30
CorporateKD
Posted 10 December 2008 - 12:03 PM

CorporateKD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Andrewuk:

I apologize for the delay; however the last two scans of my machine took about 4 - 5 hours to run each and I had to schedule them overnight when I didn't need to use the pc for work, home, etc.

Here are the logs that you requested:
1. the malwarebytes log
2. the superantispyware log
3. the kaspersky log

Also, it seems as if the same issues are coming up. Is this because I haven't deleted them yet out of quarantine? Should I delete them now?

KD
_______________________________________________________________________________
1.

Malwarebytes' Anti-Malware 1.31
Database version: 1476
Windows 5.1.2600 Service Pack 3

12/9/2008 8:09:32 AM
mbam-log-2008-12-09 (08-09-32).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 253702
Time elapsed: 3 hour(s), 25 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

________________________________________________________________________________
___
2.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/08/2008 at 01:40 AM

Application Version : 4.22.1014

Core Rules Database Version : 3665
Trace Rules Database Version: 1645

Scan type : Complete Scan
Total Scan Time : 02:36:41

Memory items scanned : 404
Memory threats detected : 0
Registry items scanned : 8153
Registry threats detected : 64
File items scanned : 203840
File threats detected : 31

Adware.MyWay
HKLM\Software\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\InprocServer32
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\InprocServer32#ThreadingModel
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\Programmable
C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL

Adware.SuperBar
HKLM\Software\Classes\CLSID\{49C3014F-03ED-4634-9FB2-2881F2C7A057}
HKCR\CLSID\{49C3014F-03ED-4634-9FB2-2881F2C7A057}
HKCR\CLSID\{49C3014F-03ED-4634-9FB2-2881F2C7A057}
HKCR\CLSID\{49C3014F-03ED-4634-9FB2-2881F2C7A057}\InprocServer32
HKCR\CLSID\{49C3014F-03ED-4634-9FB2-2881F2C7A057}\InprocServer32#ThreadingModel
HKCR\CLSID\{49C3014F-03ED-4634-9FB2-2881F2C7A057}\ProgId
HKCR\SuperBarSE.Component
HKCR\SuperBarSE.Component\CLSID
C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL
HKLM\Software\Classes\CLSID\{4F9D4163-23F0-42E1-AFDA-4C1A6F8607E7}
HKCR\CLSID\{4F9D4163-23F0-42E1-AFDA-4C1A6F8607E7}
HKCR\CLSID\{4F9D4163-23F0-42E1-AFDA-4C1A6F8607E7}
HKCR\CLSID\{4F9D4163-23F0-42E1-AFDA-4C1A6F8607E7}\InprocServer32
HKCR\CLSID\{4F9D4163-23F0-42E1-AFDA-4C1A6F8607E7}\InprocServer32#ThreadingModel
HKCR\CLSID\{4F9D4163-23F0-42E1-AFDA-4C1A6F8607E7}\ProgId
HKCR\SuperBarBL.Component
HKCR\SuperBarBL.Component\CLSID
HKLM\Software\Classes\CLSID\{CF1E49B3-24A6-4B17-94BE-C25102E3BF04}
HKCR\CLSID\{CF1E49B3-24A6-4B17-94BE-C25102E3BF04}
HKCR\CLSID\{CF1E49B3-24A6-4B17-94BE-C25102E3BF04}
HKCR\CLSID\{CF1E49B3-24A6-4B17-94BE-C25102E3BF04}\InprocServer32
HKCR\CLSID\{CF1E49B3-24A6-4B17-94BE-C25102E3BF04}\InprocServer32#ThreadingModel
HKCR\CLSID\{CF1E49B3-24A6-4B17-94BE-C25102E3BF04}\ProgId
HKCR\SuperBarCWS.Component
HKCR\SuperBarCWS.Component\CLSID

Adware.MovieLand/MediaPipe
HKCR\AppId\AMNotifier.EXE
HKCR\AppId\AMNotifier.EXE#AppID
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS
HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR
C:\Program Files\MovieLand Terms.html
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid32
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib
HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib#Version

Adware.WebNexus
HKU\S-1-5-21-3933724659-2174183210-350915756-1006\Software\intexp

Adware.Apropos Media
C:\WINDOWS\system32\auto_update_uninstall.exe

Spyware.WebSearch (WinTools/Huntbar)
HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}
HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\InprocServer32
HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\InprocServer32#ThreadingModel
HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\ProgID

Trojan.NewDotNet
HKU\.DEFAULT\Software\New.net
HKU\S-1-5-18\Software\New.net
C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL4_88-1.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL4_88.EXE.VIR

Adware.IEPlugin
HKCR\Remove

Adware.BookedSpace
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\0
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\0\win32
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\FLAGS
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\HELPDIR
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\ProxyStubClsid
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\ProxyStubClsid32
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib#Version
HKCR\AppId\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}

Adware.NetPumper
HKU\S-1-5-21-3933724659-2174183210-350915756-1006\Software\NetPumper

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\TSA\RAINBOW\CLASS-BARREL
C:\PROGRAM FILES\COMMON FILES\TSA\RAINBOW\VOCABULARY

Unclassified.The Edge Tech
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UPDATE.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1878\A0556917.EXE

Adware.ABetterInternet-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1878\A0557014.EXE

Adware.ClearSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565286.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565309.DLL

Calling Home
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565288.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565289.EXE

Adware.NicTech Networks
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565292.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565293.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565294.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565295.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565297.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565298.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565299.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565300.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565301.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565302.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565303.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565304.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565305.DLL
C:\WINDOWS\SYSTEM32\2ODSRCH.DLL
C:\WINDOWS\SYSTEM32\AMLUI.DLL

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565307.DLL

________________________________________________________________________________
_
3.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 09, 2008 12:41:29
Records in database: 1447097
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 218344
Threat name: 22
Infected objects: 31
Suspicious objects: 0
Duration of the scan: 04:27:06


File name / Threat name / Threats count
C:\Documents and Settings\Keisha Davis\My Documents\         .htm Infected: Trojan.JS.NoClose.r 1
C:\Qoobox\Quarantine\C\Program Files\MediaPipe\api.exe.vir Infected: not-a-virus:AdWare.Win32.WeirWeb.a 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1878\A0556908.exe Infected: not-a-virus:AdWare.Win32.WeirWeb.a 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1878\A0556919.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1878\A0556920.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1878\A0556976.dll Infected: not-a-virus:AdWare.Win32.Getup.a 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1878\A0557109.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1878\A0557110.dll Infected: not-a-virus:AdWare.Win32.Altnet.j 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1878\A0557111.dll Infected: not-a-virus:AdWare.Win32.Altnet.i 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565285.exe Infected: not-a-virus:AdWare.Win32.BestPhrases.a 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565287.exe Infected: not-a-virus:AdWare.Win32.HelpExpress 2
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565290.exe Infected: not-a-virus:AdWare.Win32.BiSpy.q 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565291.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565296.dll Infected: Trojan-Clicker.Win32.VB.gx 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565306.exe Infected: Trojan-Downloader.Win32.Troll.a 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565308.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.l 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565310.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565311.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bf 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565312.exe Infected: not-a-virus:AdWare.Win32.WebSearch.bc 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1909\A0565313.dll Infected: Trojan-Downloader.Win32.TargetSoft.a 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1918\A0565764.exe Infected: Trojan-Downloader.Win32.Apropo.bo 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1918\A0565765.dll Infected: not-a-virus:AdWare.Win32.Look2Me.j 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1918\A0565766.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.j 1
C:\updaterInstall_102.exe Infected: Trojan-Downloader.Win32.Keenval 3
C:\WINDOWS\gsi.exe Infected: not-a-virus:AdWare.Win32.HelpExpress 2
C:\WINDOWS\SYSTEM32\MyExplore.exe Infected: not-a-virus:AdWare.Win32.Getup.c 1
C:\WINDOWS\SYSTEM32\WinExplore.exe Infected: not-a-virus:AdWare.Win32.Getup.c 1

The selected area was scanned.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP