Welcome to Lockergnome.com!
HomeHome FAQFAQ   SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log in/Register/PasswordLog in/Register/Password

Webhancer, et al

  
   Home -> General -> Problem Solvers -> HijackThis Logs RSS
Next:  HijackThis Logs: Very slow... unresponsive script  
Author Message
MrGoodbytes




Joined: Feb 26, 2006
Posts: 4



(Msg. 1) Posted: Sun Jun 08, 2008 1:25 am
Post subject: Webhancer, et al
Had trouble with this a few months back. Ran a few programs and it cleaned up, totally forgot which ones. At the time, I thought it was Smitfraud but now I'm pretty sure it's not.

Desktop has changed to a "download our spy sweeper" ad and little /!\ pops up in bottom right system tray to tell me I have a virus and if I only buy their program, it'll go away.

Here's my Combofix log:



ComboFix 08-06-07.3 - Scott 2008-06-08 0:05:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.121 [GMT -5:00]
Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\14022.exe
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\Adobe.Photoshop.CS3.Extended.Keymaker.Only-ZWT.torrent
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\Adobe.Photoshop.CS3.Extended.Keymaker.Only-ZWT.zip
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\Elite.Keylogger.v3.5.build.087_CRKEXE-FFF.torrent
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\Elite.Keylogger.v3.5.build.087_CRKEXE-FFF.zip
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\IsoBuster 1.0 by iNFERNO.torrent
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\IsoBuster 1.0 by iNFERNO.zip
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\s
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\webhdll.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\123messenger.per
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\accesss.exe
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\avpcc.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\FLEOK
C:\WINDOWS\FLEOK\180ax.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\Installer\id53.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\loader.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\msconfd.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\notepad32.exe
C:\WINDOWS\ntnut.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\searchword.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\crypts.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\fltmgrr.sys
C:\WINDOWS\SYSTEM32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gkpyvyqm.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\mysidesearch_sidebar.dll
C:\WINDOWS\system32\ntnut32.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\telefonos.txt
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\textos.txt
C:\WINDOWS\time.exe
C:\WINDOWS\U2NvdHQ\
C:\WINDOWS\U2NvdHQ\\asappsrv.dll
C:\WINDOWS\U2NvdHQ\\command.exe
C:\WINDOWS\U2NvdHQ\\oZhSxJk.vbs
C:\WINDOWS\U2NvdHQ\command.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\updatetc.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\winsb.dll
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_FLTMGRR
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NWSAPAGENT
-------\Service_cmdService
-------\Service_fltmgrr
-------\Service_MsSecurity1.209.4
-------\Service_Network Monitor
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\xrem
2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\vntiho06
2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\inet2
2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\expo
2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\btz
2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\105772
2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\Program Files\uTorrent
2008-06-07 23:07 . 2008-06-08 00:10 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\uTorrent
2008-06-07 23:07 . 2008-06-07 23:07 87,511 --a------ C:\WINDOWS\SYSTEM32\iftuyszv.exe
2008-06-07 23:06 . 2008-06-07 23:06 49,158 --a------ C:\WINDOWS\444.0
2008-05-20 16:05 . 2008-05-20 16:05 32,768 --a------ C:\WINDOWS\SYSTEM32\vntiho06\vntiho061083.exe
2008-05-10 23:43 . 2008-05-10 23:55 <DIR> d-------- C:\Program Files\Windows Live
2008-05-10 23:43 . 2008-05-10 23:47 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-10 23:42 . 2008-05-10 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-09 00:44 . 2008-05-09 00:46 <DIR> d-------- C:\Program Files\Google
2008-05-09 00:44 . 2008-06-07 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 05:13 30,976 ----a-w C:\WINDOWS\winmgnt.exe
2008-06-08 05:13 30,976 ----a-w C:\WINDOWS\window.exe
2008-06-08 05:13 29,184 ----a-w C:\WINDOWS\x.exe
2008-06-08 05:13 28,160 ----a-w C:\WINDOWS\y.exe
2008-06-08 05:13 27,648 ----a-w C:\WINDOWS\waol.exe
2008-06-08 05:13 25,600 ----a-w C:\WINDOWS\win64.exe
2008-06-08 05:13 21,504 ----a-w C:\WINDOWS\users32.exe
2008-06-08 05:13 16,384 ----a-w C:\WINDOWS\xplugin.dll
2008-06-08 05:13 11,776 ----a-w C:\WINDOWS\winajbm.dll
2008-06-08 05:13 11,520 ----a-w C:\WINDOWS\win32e.exe
2008-06-06 05:05 --------- d-----w C:\Program Files\mirc
2008-05-30 01:26 --------- d-----w C:\Documents and Settings\Scott\Application Data\OpenOffice.org2
2008-05-16 00:47 --------- d-----w C:\Program Files\eDonkey2000
2008-05-13 19:35 --------- d-----w C:\Documents and Settings\Scott\Application Data\AdobeUM
2008-04-24 20:48 --------- d-----w C:\Documents and Settings\Scott\Application Data\Azureus
2008-04-24 20:45 --------- d-----w C:\Program Files\Azureus
2008-04-15 23:00 --------- d-----w C:\Program Files\aol80
2008-04-09 04:10 --------- d-----w C:\Program Files\Steam
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2008-03-16 07:05 2,314 ----a-w C:\WINDOWS\SYSTEM32\tmp.reg
2008-03-16 05:09 136,627 ----a-w C:\WINDOWS\POTA777444.exe
2004-05-20 02:16 159 ----a-w C:\Program Files\WS_FTP.LOG
2003-03-16 08:00 7,216 ----a-w C:\WINDOWS\INF\RAMDISK.SYS
.

((((((((((((((((((((((((((((( snapshot@2008-03-16_ 1.53.06.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2003-07-05 15:38:31 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\17hrt75r.dat
+ 2003-07-05 15:38:31 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\3t7jdnvx.dat
+ 2003-07-05 15:38:31 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\57xzdj3t.dat
+ 2003-07-05 15:38:32 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\chrnxjxb.dat
+ 2002-08-29 10:57:58 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2002-08-29 08:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2001-09-19 11:55:02 2,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\h7h7vj5z.dat
+ 2003-07-05 15:38:36 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\o4fnjlft.dat
+ 2003-11-05 01:49:48 2,062 -c--a-w C:\WINDOWS\$NtUninstallKB817778$\spuninst\spuninst.bat
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi.dll
+ 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\$NtUninstallKB941693$\win32k.sys
+ 2007-11-14 07:26:56 450,560 -c----w C:\WINDOWS\$NtUninstallKB944338$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944338$\spuninst\updspapi.dll
+ 2004-08-04 07:56:46 417,792 -c----w C:\WINDOWS\$NtUninstallKB944338$\vbscript.dll
+ 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsapi.dll
+ 2004-08-04 07:56:42 45,568 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi.dll
+ 2007-12-07 01:07:12 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB947864$\browseui.dll
+ 2007-12-07 01:07:12 151,040 -c----w C:\WINDOWS\$NtUninstallKB947864$\cdfview.dll
+ 2007-12-07 01:07:12 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB947864$\danim.dll
+ 2007-12-07 01:07:12 357,888 -c----w C:\WINDOWS\$NtUninstallKB947864$\dxtmsft.dll
+ 2007-12-07 01:07:12 205,312 -c----w C:\WINDOWS\$NtUninstallKB947864$\dxtrans.dll
+ 2007-12-07 01:07:12 55,808 -c----w C:\WINDOWS\$NtUninstallKB947864$\extmgr.dll
+ 2007-12-06 13:07:07 18,432 -c----w C:\WINDOWS\$NtUninstallKB947864$\iedw.exe
+ 2007-12-07 01:07:12 251,392 -c----w C:\WINDOWS\$NtUninstallKB947864$\iepeers.dll
+ 2007-12-07 01:07:12 96,256 -c----w C:\WINDOWS\$NtUninstallKB947864$\inseng.dll
+ 2007-12-07 01:07:12 16,384 -c----w C:\WINDOWS\$NtUninstallKB947864$\jsproxy.dll
+ 2007-12-07 14:37:14 3,059,200 -c----w C:\WINDOWS\$NtUninstallKB947864$\mshtml.dll
+ 2007-12-07 01:07:13 449,024 -c----w C:\WINDOWS\$NtUninstallKB947864$\mshtmled.dll
+ 2007-12-07 01:07:13 146,432 -c----w C:\WINDOWS\$NtUninstallKB947864$\msrating.dll
+ 2007-12-07 01:07:13 532,480 -c----w C:\WINDOWS\$NtUninstallKB947864$\mstime.dll
+ 2007-12-07 01:07:13 39,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\pngfilt.dll
+ 2007-12-07 01:07:13 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB947864$\shdocvw.dll
+ 2007-12-07 01:07:13 474,112 -c----w C:\WINDOWS\$NtUninstallKB947864$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\spuninst\updspapi.dll
+ 2007-12-07 01:07:14 615,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\urlmon.dll
+ 2007-12-07 01:07:14 659,456 -c----w C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
+ 2007-12-06 09:38:31 350,720 -c----w C:\WINDOWS\$NtUninstallKB947864$\xpsp3res.dll
+ 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi.dll
+ 2008-06-08 05:18:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 13:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 13:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2001-08-18 12:00:00 2,589 ----a-r C:\WINDOWS\I386\RUNW32.BAT
+ 2008-05-11 04:48:09 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-05-09 05:46:29 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ARPPRODUCTICON.exe
+ 2008-05-09 05:46:29 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-05-09 05:46:29 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-05-09 05:46:29 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-05-09 05:46:29 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-05-09 05:46:29 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2003-07-05 15:38:31 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\17HRT75R.DAT
+ 2003-07-05 15:38:31 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\3T7JDNVX.DAT
+ 2003-07-05 15:38:31 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\57XZDJ3T.DAT
+ 2003-07-05 15:38:32 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\CHRNXJXB.DAT
+ 2001-09-19 11:55:02 2,232 ------w C:\WINDOWS\JAVA\Packages\Data\H7H7VJ5Z.DAT
+ 2003-07-05 15:38:36 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\O4FNJLFT.DAT
+ 2005-05-30 21:01:56 2,855 ----a-w C:\WINDOWS\PIF\INSTALL.PIF
+ 2000-08-31 13:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 08:07:21 1,788 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 13:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 13:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2001-08-17 13:36:36 2,000 ----a-w C:\WINDOWS\SYSTEM\KEYBOARD.DRV
+ 2001-08-17 13:36:42 2,032 ----a-w C:\WINDOWS\SYSTEM\MOUSE.DRV
+ 2001-08-17 13:36:38 1,744 ----a-w C:\WINDOWS\SYSTEM\SOUND.DRV
+ 2001-08-17 13:36:42 2,176 ----a-w C:\WINDOWS\SYSTEM\VGA.DRV
+ 2008-04-23 03:49:36 49,152 ----a-w C:\WINDOWS\SYSTEM32\105772\dllsockt.exe
- 2007-12-07 01:07:12 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\browseui.dll
+ 2007-08-14 21:22:50 25,105 ----a-w C:\WINDOWS\SYSTEM32\btz\L3pars2.exe
- 2007-12-07 01:07:12 151,040 ----a-w C:\WINDOWS\SYSTEM32\cdfview.dll
+ 2008-02-16 08:59:35 151,040 ----a-w C:\WINDOWS\SYSTEM32\cdfview.dll
- 2007-12-07 01:07:12 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\danim.dll
+ 2008-02-16 08:59:35 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\danim.dll
+ 2004-08-04 08:07:21 1,788 ----a-w C:\WINDOWS\SYSTEM32\dcache.bin
- 2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
+ 2008-02-21 02:04:04 682,496 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
- 2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
+ 2008-02-21 02:04:04 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
- 2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
+ 2008-02-21 02:04:04 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
- 2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
+ 2008-02-21 02:04:04 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
+ 2008-02-21 02:03:42 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
- 2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
+ 2008-02-21 02:05:52 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
- 2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
+ 2008-02-21 02:03:24 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
- 2007-12-07 01:07:12 1,023,488 ------w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 ------w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll
- 2007-12-07 01:07:12 151,040 ------w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
+ 2008-02-16 08:59:35 151,040 ------w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
- 2007-12-07 01:07:12 1,054,208 ------w C:\WINDOWS\SYSTEM32\dllcache\danim.dll
+ 2008-02-16 08:59:35 1,054,208 ------w C:\WINDOWS\SYSTEM32\dllcache\danim.dll
+ 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\SYSTEM32\dllcache\dao360.dll
- 2006-06-26 17:37:10 148,480 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsrslvr.dll
- 2007-12-07 01:07:12 357,888 ------w C:\WINDOWS\SYSTEM32\dllcache\dxtmsft.dll
+ 2008-02-16 08:59:35 357,888 ------w C:\WINDOWS\SYSTEM32\dllcache\dxtmsft.dll
- 2007-12-07 01:07:12 205,312 ------w C:\WINDOWS\SYSTEM32\dllcache\dxtrans.dll
+ 2008-02-16 08:59:35 205,312 ------w C:\WINDOWS\SYSTEM32\dllcache\dxtrans.dll
- 2007-12-07 01:07:12 55,808 ------w C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll
+ 2008-02-16 08:59:35 55,808 ------w C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 ------w C:\WINDOWS\SYSTEM32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ------w C:\WINDOWS\SYSTEM32\dllcache\gdi32.dll
- 2007-12-06 13:07:07 18,432 ------w C:\WINDOWS\SYSTEM32\dllcache\iedw.exe
+ 2008-02-15 09:23:37 18,432 ------w C:\WINDOWS\SYSTEM32\dllcache\iedw.exe
- 2007-12-07 01:07:12 251,392 ------w C:\WINDOWS\SYSTEM32\dllcache\iepeers.dll
+ 2008-02-16 08:59:35 251,392 ------w C:\WINDOWS\SYSTEM32\dllcache\iepeers.dll
- 2007-12-07 01:07:12 96,256 ------w C:\WINDOWS\SYSTEM32\dllcache\inseng.dll
+ 2008-02-16 08:59:35 96,256 ------w C:\WINDOWS\SYSTEM32\dllcache\inseng.dll
- 2007-11-14 07:26:56 450,560 ------w C:\WINDOWS\SYSTEM32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 ------w C:\WINDOWS\SYSTEM32\dllcache\jscript.dll
- 2007-12-07 01:07:12 16,384 ------w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll
+ 2008-02-16 08:59:35 16,384 ------w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll
+ 2001-08-17 13:36:36 2,000 ----a-w C:\WINDOWS\SYSTEM32\dllcache\keyboard.drv
+ 2001-08-17 22:33:26 2,560 ----a-w C:\WINDOWS\SYSTEM32\dllcache\lz32.dll
+ 2001-08-17 13:36:42 2,032 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mouse.drv
+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\SYSTEM32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\SYSTEM32\dllcache\msexcl40.dll
- 2007-12-07 14:37:14 3,059,200 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
+ 2008-02-16 22:29:38 3,059,712 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
- 2007-12-07 01:07:13 449,024 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll
+ 2008-02-16 08:59:37 449,024 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll
+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\SYSTEM32\dllcache\msjet40.dll
- 2004-03-01 18:52:15 358,976 ------w C:\WINDOWS\SYSTEM32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\SYSTEM32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\SYSTEM32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\SYSTEM32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\SYSTEM32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\SYSTEM32\dllcache\mspbde40.dll
- 2007-12-07 01:07:13 146,432 ------w C:\WINDOWS\SYSTEM32\dllcache\msrating.dll
+ 2008-02-16 08:59:37 146,432 ------w C:\WINDOWS\SYSTEM32\dllcache\msrating.dll
+ 2008-03-25 04:50:47 432,928 ------w C:\WINDOWS\SYSTEM32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 ------w C:\WINDOWS\SYSTEM32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\SYSTEM32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 ------w C:\WINDOWS\SYSTEM32\dllcache\mstext40.dll
- 2007-12-07 01:07:13 532,480 ------w C:\WINDOWS\SYSTEM32\dllcache\mstime.dll
+ 2008-02-16 08:59:37 532,480 ------w C:\WINDOWS\SYSTEM32\dllcache\mstime.dll
+ 2008-03-25 04:50:57 838,432 ------w C:\WINDOWS\SYSTEM32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:58 621,344 ------w C:\WINDOWS\SYSTEM32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\SYSTEM32\dllcache\msxbde40.dll
+ 2001-08-17 13:47:42 2,944 ----a-w C:\WINDOWS\SYSTEM32\dllcache\null.sys
- 2007-12-07 01:07:13 39,424 ------w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
+ 2008-02-16 08:59:37 39,424 ------w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
- 2007-12-07 01:07:13 1,494,528 ------w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 ------w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll
- 2007-12-07 01:07:13 474,112 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
+ 2001-08-17 13:36:38 1,744 ----a-w C:\WINDOWS\SYSTEM32\dllcache\sound.drv
- 2007-12-07 01:07:14 615,424 ------w C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll
+ 2008-02-16 08:59:38 615,936 ------w C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll
+ 2007-12-18 14:40:58 417,792 ------w C:\WINDOWS\SYSTEM32\dllcache\vbscript.dll
+ 2001-08-17 13:36:42 2,176 ----a-w C:\WINDOWS\SYSTEM32\dllcache\vga.drv
- 2007-12-07 01:07:14 659,456 ------w C:\WINDOWS\SYSTEM32\dllcache\wininet.dll
+ 2008-02-16 08:59:39 659,456 ------w C:\WINDOWS\SYSTEM32\dllcache\wininet.dll
+ 2001-08-17 13:36:48 2,864 ----a-w C:\WINDOWS\SYSTEM32\dllcache\winsock.dll
+ 2001-08-17 13:36:42 2,112 ----a-w C:\WINDOWS\SYSTEM32\dllcache\winspool.exe
+ 2001-08-17 13:36:54 2,736 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wowdeb.exe
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
- 2004-08-04 07:56:42 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
- 2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
+ 2008-02-21 02:04:16 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
- 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
+ 2008-02-21 02:04:06 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
- 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
+ 2008-02-21 02:04:06 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
- 2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
+ 2008-02-21 02:04:08 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
- 2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
+ 2008-02-21 02:04:08 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
- 2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
+ 2008-02-21 02:04:06 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
- 2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
+ 2008-02-21 02:04:06 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
+ 2007-01-30 05:03:34 2,432 ------w C:\WINDOWS\SYSTEM32\drivers\cdr4_xp.sys
+ 2007-01-30 05:03:34 2,560 ------w C:\WINDOWS\SYSTEM32\drivers\cdralw2k.sys
+ 2004-08-04 06:07:57 2,944 ------w C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys
+ 2001-08-17 13:47:42 2,944 ----a-w C:\WINDOWS\SYSTEM32\drivers\null.sys
- 2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
+ 2008-02-21 02:04:16 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
- 2007-12-07 01:07:12 357,888 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2007-12-07 01:07:12 205,312 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-02-16 08:59:35 205,312 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-06-03 21:47:58 136,627 ----a-w C:\WINDOWS\SYSTEM32\expo\mtcon66225.exe
- 2007-12-07 01:07:12 55,808 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-02-16 08:59:35 55,808 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2007-09-22 18:37:20 527,296 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-04-10 04:54:24 527,296 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
- 2007-12-07 01:07:12 251,392 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
+ 2008-02-16 08:59:35 251,392 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
+ 2008-05-05 16:16:46 127,488 ----a-w C:\WINDOWS\SYSTEM32\inet2\xVXdll.exe
- 2007-12-07 01:07:12 96,256 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
+ 2008-02-16 08:59:35 96,256 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
- 2007-09-25 04:30:28 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2008-02-22 06:23:35 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
- 2007-09-25 04:30:30 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-02-22 06:23:39 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
- 2007-09-25 05:31:42 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
+ 2008-02-22 07:33:32 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
- 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
- 2007-12-07 01:07:12 16,384 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-02-16 08:59:35 16,384 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2001-08-17 13:36:36 2,000 ----a-w C:\WINDOWS\SYSTEM32\keyboard.drv
- 2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
+ 2008-02-21 02:05:34 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
+ 2001-08-17 22:33:26 2,560 ----a-w C:\WINDOWS\SYSTEM32\lz32.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashUtil9f.exe
+ 2008-04-24 23:58:38 74,137 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
+ 2001-08-17 13:36:42 2,032 ----a-w C:\WINDOWS\SYSTEM32\mouse.drv
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2004-08-04 07:56:43 512,029 ----a-w C:\WINDOWS\SYSTEM32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\SYSTEM32\msexch40.dll
- 2004-08-04 07:56:43 319,517 ----a-w C:\WINDOWS\SYSTEM32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\SYSTEM32\msexcl40.dll
- 2007-12-07 14:37:14 3,059,200 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-02-16 22:29:38 3,059,712 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2007-12-07 01:07:13 449,024 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-02-16 08:59:37 449,024 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2004-08-04 07:56:43 1,507,356 ----a-w C:\WINDOWS\SYSTEM32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\SYSTEM32\msjet40.dll
- 2004-03-01 18:52:15 358,976 ------w C:\WINDOWS\SYSTEM32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\SYSTEM32\msjetoledb40.dll
- 2004-08-04 07:56:43 53,279 ----a-w C:\WINDOWS\SYSTEM32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\SYSTEM32\msjter40.dll
- 2004-08-04 07:56:43 241,693 ----a-w C:\WINDOWS\SYSTEM32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\SYSTEM32\msjtes40.dll
- 2004-08-04 07:56:43 213,023 ----a-w C:\WINDOWS\SYSTEM32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\SYSTEM32\msltus40.dll
- 2004-08-04 07:56:43 348,189 ----a-w C:\WINDOWS\SYSTEM32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\SYSTEM32\mspbde40.dll
- 2007-12-07 01:07:13 146,432 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-02-16 08:59:37 146,432 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2004-08-04 07:56:43 421,919 ----a-w C:\WINDOWS\SYSTEM32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\SYSTEM32\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 ----a-w C:\WINDOWS\SYSTEM32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\SYSTEM32\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 ----a-w C:\WINDOWS\SYSTEM32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\SYSTEM32\msrepl40.dll
- 2004-08-04 07:56:43 258,077 ----a-w C:\WINDOWS\SYSTEM32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\SYSTEM32\mstext40.dll
- 2007-12-07 01:07:13 532,480 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-02-16 08:59:37 532,480 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2004-08-04 07:56:44 831,519 ----a-w C:\WINDOWS\SYSTEM32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\SYSTEM32\mswdat10.dll
- 2004-08-04 07:56:44 614,429 ----a-w C:\WINDOWS\SYSTEM32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\SYSTEM32\mswstr10.dll
- 2004-08-04 07:56:44 348,189 ----a-w C:\WINDOWS\SYSTEM32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\SYSTEM32\msxbde40.dll
- 2007-12-07 01:07:13 39,424 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-02-16 08:59:37 39,424 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
+ 2008-02-21 02:05:44 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
+ 2007-06-29 16:23:23 2,624 ----a-w C:\WINDOWS\SYSTEM32\rpbylwha.exe
- 2007-12-07 01:07:13 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\shdocvw.dll
- 2007-12-07 01:07:13 474,112 ----a-w C:\WINDOWS\SYSTEM32\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 ----a-w C:\WINDOWS\SYSTEM32\shlwapi.dll
+ 2001-08-17 13:36:38 1,744 ----a-w C:\WINDOWS\SYSTEM32\sound.drv
+ 2005-03-08 10:00:00 2,693 ----a-w C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_FAIFADA.DAT
+ 2005-03-08 10:00:00 2,693 ----a-w C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\epsonstylus_cx4800f6be\E_FAIFADA.DAT
+ 2007-02-03 19:53:12 2,951 ----a-w C:\WINDOWS\SYSTEM32\SpoonUninstall-dBpoweramp FLAC Codec.dat
- 2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
+ 2008-02-21 02:05:34 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
+ 2003-07-13 12:33:01 2,368 ----a-w C:\WINDOWS\SYSTEM32\SVKP.sys
- 2007-12-07 01:07:14 615,424 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-02-16 08:59:38 615,936 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2004-08-04 07:56:46 417,792 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
+ 2001-08-17 13:36:42 2,176 ----a-w C:\WINDOWS\SYSTEM32\vga.drv
+ 1997-11-17 22:02:54 2,272 ----a-w C:\WINDOWS\SYSTEM32\w95inf16.dll
- 2007-12-07 01:07:14 659,456 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-02-16 08:59:39 659,456 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2001-08-17 13:36:48 2,864 ----a-w C:\WINDOWS\SYSTEM32\winsock.dll
+ 2001-08-17 13:36:42 2,112 ----a-w C:\WINDOWS\SYSTEM32\winspool.exe
+ 2001-08-17 13:36:54 2,736 ----a-w C:\WINDOWS\SYSTEM32\wowdeb.exe
- 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2008-06-01 17:13:00 37,900 ----a-w C:\WINDOWS\SYSTEM32\xrem\imapIP95.exe
+ 2008-01-24 20:04:42 2,484 ----a-w C:\WINDOWS\ulead.dat\VIOFMT40.DAT
+ 2000-08-31 13:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 13:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeMem Pro"="C:\program Files\FreeMem Standard\freemem.exe" [2000-10-11 01:39 388608]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2003-04-10 12:16 151552]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [2003-04-10 12:23 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [2005-02-02 05:00 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-05-24 14:33 145920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-09 00:44:49 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I263"= i263_32.drv
"vidc.DIVF"= DivX412.dll
"vidc.XVID"= xvid.dll
"vidc.vp31"= vp31vfw.dll
"msacm.divxa32"= DivXa32.acm
"aux1"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^Shortcut to popup.exe.lnk]
path=C:\Documents and Settings\Scott\Start Menu\Programs\Startup\Shortcut to popup.exe.lnk
backup=C:\WINDOWS\pss\Shortcut to popup.exe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2007-05-24 14:33 411648 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISMModule6]
C:\Program Files\ISM\ISMModule6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISMPack6]
C:\Program Files\ISM2\ISMPack6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]
C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak-XP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-12-08 14:55 3096576 C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\xitimberwolfix@aol.com\\day of defeat\\hl.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"=
"C:\\Sierra\\Half-Life\\hl.exe"=
"C:\\Program Files\\eDonkey2000\\edonkey2000.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\aol80\\waol.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\mirc\\mirc.exe"=
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2006-01-25 11:54]
R2 HDDTService;HDD Temperature;C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe [2003-04-24 15:55]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2003-07-13 07:33]
R3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys [2003-04-10 11:41]
S3 SaiNtHid;%SAINTHID_NAME%;C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys [2003-04-10 11:42]
S3 SaiNtSub;SaiNtSub;C:\WINDOWS\system32\DRIVERS\SaiNtSub.sys [2003-04-10 11:42]
S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 10:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ed00f75-be2c-11db-935e-00038a000015}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 15:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 00:20:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\iftuyszv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SYSTEM32\drivers\CDANTSRV.EXE
C:\WINDOWS\SYSTEM32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\devldr32.exe
.
**************************************************************************
.
Completion time: 2008-06-08 0:26:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-08 05:26:07
ComboFix2.txt 2008-03-16 06:53:39

Pre-Run: 54,730,641,408 bytes free
Post-Run: 55,243,968,512 bytes free

748 --- E O F --- 2008-05-18 05:15:04












Still have issues after Combofix. LSPfix says all is OK.

And here's my HijackThis! log, AFTER the combofix: Why hello BHO's




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:33 AM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Scott\Desktop\Games\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKCU\..\Run: [FreeMem Pro] "C:\program Files\FreeMem Standard\freemem.exe" Startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8380 bytes
Back to top
Login to vote
greyknight17




Joined: Feb 03, 2003
Posts: 4824

Location: Brooklyn, NY
(Msg. 2) Posted: Sun Jun 08, 2008 10:48 am
Post subject:
Welcome to Lockergnome.

I don't recommend using programs like uTorrent, Azureus, Kazaa, BitTorrent or eDonkey as they can contribute to malware infections. In your case, it looks like it could be the direct cause of this infection...The fix below will include removing uTorrent.

Uninstall the following via the Add/Remove Programs panel:

Azureus
BitTorrent
eDonkey
ewido anti-spyware - you have AVG Anti-Spyware which is the latest version...no need for this one
ISM
Kazaa
RegPowerClean
uTorrent
Winferno

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Quote:
KILLALL::
File::
C:\WINDOWS\SYSTEM32\iftuyszv.exe
C:\WINDOWS\444.0
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\window.exe
C:\WINDOWS\x.exe
C:\WINDOWS\y.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\winajbm.dll
C:\WINDOWS\win32e.exe
C:\WINDOWS\SYSTEM32\tmp.reg
C:\WINDOWS\POTA777444.exe
C:\WINDOWS\Tasks\rpc.job
C:\Documents and Settings\Scott\Start Menu\Programs\Startup\Shortcut to popup.exe.lnk
C:\WINDOWS\pss\Shortcut to popup.exe.lnkStartup
Folder::
C:\WINDOWS\SYSTEM32\xrem
C:\WINDOWS\SYSTEM32\vntiho06
C:\WINDOWS\SYSTEM32\inet2
C:\WINDOWS\SYSTEM32\expo
C:\WINDOWS\SYSTEM32\btz
C:\WINDOWS\SYSTEM32\105772
C:\Program Files\uTorrent
C:\Documents and Settings\Scott\Application Data\uTorrent
C:\Program Files\ISM\
C:\Program Files\ISM2\
C:\Program Files\Winferno\
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[-HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^Shortcut to popup.exe.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISMModule6]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISMPack6]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
Back to top
Login to vote
MrGoodbytes




Joined: Feb 26, 2006
Posts: 4



(Msg. 3) Posted: Sun Jun 08, 2008 6:33 pm
Post subject:
Thanks. I haven't run any P2P software in a long time, but I haven't cleaned off the drive in a long time either.

These seem to happen when the wife is on the computer, "minding her own business" on LiveJournal. She swears she never veers from that site. It never happens to me. She uses MSIE, I use Firefox. Hm.

Could not find removal option in Add/Remove for the following programs:
ISM
RegPowerClean
uTorrent
Winferno






ComboFix 08-06-07.3 - Scott 2008-06-08 0:05:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.121 [GMT -5:00]
Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\14022.exe
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\Adobe.Photoshop.CS3.Extended.Keymaker.Only-ZWT.torrent
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\Adobe.Photoshop.CS3.Extended.Keymaker.Only-ZWT.zip
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\Elite.Keylogger.v3.5.build.087_CRKEXE-FFF.torrent
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\Elite.Keylogger.v3.5.build.087_CRKEXE-FFF.zip
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\IsoBuster 1.0 by iNFERNO.torrent
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\IsoBuster 1.0 by iNFERNO.zip
C:\Documents and Settings\Scott\Application Data\Microsoft\dtsc\s
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\webhdll.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\123messenger.per
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\accesss.exe
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\avpcc.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\FLEOK
C:\WINDOWS\FLEOK\180ax.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\Installer\id53.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\loader.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\msconfd.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\notepad32.exe
C:\WINDOWS\ntnut.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\searchword.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\crypts.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\fltmgrr.sys
C:\WINDOWS\SYSTEM32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gkpyvyqm.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\mysidesearch_sidebar.dll
C:\WINDOWS\system32\ntnut32.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\telefonos.txt
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\textos.txt
C:\WINDOWS\time.exe
C:\WINDOWS\U2NvdHQ\
C:\WINDOWS\U2NvdHQ\\asappsrv.dll
C:\WINDOWS\U2NvdHQ\\command.exe
C:\WINDOWS\U2NvdHQ\\oZhSxJk.vbs
C:\WINDOWS\U2NvdHQ\command.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\updatetc.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\winsb.dll
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_FLTMGRR
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NWSAPAGENT
-------\Service_cmdService
-------\Service_fltmgrr
-------\Service_MsSecurity1.209.4
-------\Service_Network Monitor
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\xrem
2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\vntiho06
2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\inet2
2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\expo
2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\btz
2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\105772
2008-06-07 23:07 . 2008-06-07 23:07 <DIR> d-------- C:\Program Files\uTorrent
2008-06-07 23:07 . 2008-06-08 00:10 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\uTorrent
2008-06-07 23:07 . 2008-06-07 23:07 87,511 --a------ C:\WINDOWS\SYSTEM32\iftuyszv.exe
2008-06-07 23:06 . 2008-06-07 23:06 49,158 --a------ C:\WINDOWS\444.0
2008-05-20 16:05 . 2008-05-20 16:05 32,768 --a------ C:\WINDOWS\SYSTEM32\vntiho06\vntiho061083.exe
2008-05-10 23:43 . 2008-05-10 23:55 <DIR> d-------- C:\Program Files\Windows Live
2008-05-10 23:43 . 2008-05-10 23:47 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-10 23:42 . 2008-05-10 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-09 00:44 . 2008-05-09 00:46 <DIR> d-------- C:\Program Files\Google
2008-05-09 00:44 . 2008-06-07 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 05:13 30,976 ----a-w C:\WINDOWS\winmgnt.exe
2008-06-08 05:13 30,976 ----a-w C:\WINDOWS\window.exe
2008-06-08 05:13 29,184 ----a-w C:\WINDOWS\x.exe
2008-06-08 05:13 28,160 ----a-w C:\WINDOWS\y.exe
2008-06-08 05:13 27,648 ----a-w C:\WINDOWS\waol.exe
2008-06-08 05:13 25,600 ----a-w C:\WINDOWS\win64.exe
2008-06-08 05:13 21,504 ----a-w C:\WINDOWS\users32.exe
2008-06-08 05:13 16,384 ----a-w C:\WINDOWS\xplugin.dll
2008-06-08 05:13 11,776 ----a-w C:\WINDOWS\winajbm.dll
2008-06-08 05:13 11,520 ----a-w C:\WINDOWS\win32e.exe
2008-06-06 05:05 --------- d-----w C:\Program Files\mirc
2008-05-30 01:26 --------- d-----w C:\Documents and Settings\Scott\Application Data\OpenOffice.org2
2008-05-16 00:47 --------- d-----w C:\Program Files\eDonkey2000
2008-05-13 19:35 --------- d-----w C:\Documents and Settings\Scott\Application Data\AdobeUM
2008-04-24 20:48 --------- d-----w C:\Documents and Settings\Scott\Application Data\Azureus
2008-04-24 20:45 --------- d-----w C:\Program Files\Azureus
2008-04-15 23:00 --------- d-----w C:\Program Files\aol80
2008-04-09 04:10 --------- d-----w C:\Program Files\Steam
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2008-03-16 07:05 2,314 ----a-w C:\WINDOWS\SYSTEM32\tmp.reg
2008-03-16 05:09 136,627 ----a-w C:\WINDOWS\POTA777444.exe
2004-05-20 02:16 159 ----a-w C:\Program Files\WS_FTP.LOG
2003-03-16 08:00 7,216 ----a-w C:\WINDOWS\INF\RAMDISK.SYS
.

((((((((((((((((((((((((((((( snapshot@2008-03-16_ 1.53.06.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2003-07-05 15:38:31 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\17hrt75r.dat
+ 2003-07-05 15:38:31 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\3t7jdnvx.dat
+ 2003-07-05 15:38:31 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\57xzdj3t.dat
+ 2003-07-05 15:38:32 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\chrnxjxb.dat
+ 2002-08-29 10:57:58 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2002-08-29 08:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2001-09-19 11:55:02 2,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\h7h7vj5z.dat
+ 2003-07-05 15:38:36 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\o4fnjlft.dat
+ 2003-11-05 01:49:48 2,062 -c--a-w C:\WINDOWS\$NtUninstallKB817778$\spuninst\spuninst.bat
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi.dll
+ 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\$NtUninstallKB941693$\win32k.sys
+ 2007-11-14 07:26:56 450,560 -c----w C:\WINDOWS\$NtUninstallKB944338$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944338$\spuninst\updspapi.dll
+ 2004-08-04 07:56:46 417,792 -c----w C:\WINDOWS\$NtUninstallKB944338$\vbscript.dll
+ 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsapi.dll
+ 2004-08-04 07:56:42 45,568 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi.dll
+ 2007-12-07 01:07:12 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB947864$\browseui.dll
+ 2007-12-07 01:07:12 151,040 -c----w C:\WINDOWS\$NtUninstallKB947864$\cdfview.dll
+ 2007-12-07 01:07:12 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB947864$\danim.dll
+ 2007-12-07 01:07:12 357,888 -c----w C:\WINDOWS\$NtUninstallKB947864$\dxtmsft.dll
+ 2007-12-07 01:07:12 205,312 -c----w C:\WINDOWS\$NtUninstallKB947864$\dxtrans.dll
+ 2007-12-07 01:07:12 55,808 -c----w C:\WINDOWS\$NtUninstallKB947864$\extmgr.dll
+ 2007-12-06 13:07:07 18,432 -c----w C:\WINDOWS\$NtUninstallKB947864$\iedw.exe
+ 2007-12-07 01:07:12 251,392 -c----w C:\WINDOWS\$NtUninstallKB947864$\iepeers.dll
+ 2007-12-07 01:07:12 96,256 -c----w C:\WINDOWS\$NtUninstallKB947864$\inseng.dll
+ 2007-12-07 01:07:12 16,384 -c----w C:\WINDOWS\$NtUninstallKB947864$\jsproxy.dll
+ 2007-12-07 14:37:14 3,059,200 -c----w C:\WINDOWS\$NtUninstallKB947864$\mshtml.dll
+ 2007-12-07 01:07:13 449,024 -c----w C:\WINDOWS\$NtUninstallKB947864$\mshtmled.dll
+ 2007-12-07 01:07:13 146,432 -c----w C:\WINDOWS\$NtUninstallKB947864$\msrating.dll
+ 2007-12-07 01:07:13 532,480 -c----w C:\WINDOWS\$NtUninstallKB947864$\mstime.dll
+ 2007-12-07 01:07:13 39,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\pngfilt.dll
+ 2007-12-07 01:07:13 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB947864$\shdocvw.dll
+ 2007-12-07 01:07:13 474,112 -c----w C:\WINDOWS\$NtUninstallKB947864$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\spuninst\updspapi.dll
+ 2007-12-07 01:07:14 615,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\urlmon.dll
+ 2007-12-07 01:07:14 659,456 -c----w C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
+ 2007-12-06 09:38:31 350,720 -c----w C:\WINDOWS\$NtUninstallKB947864$\xpsp3res.dll
+ 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi.dll
+ 2008-06-08 05:18:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 13:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 13:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2001-08-18 12:00:00 2,589 ----a-r C:\WINDOWS\I386\RUNW32.BAT
+ 2008-05-11 04:48:09 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-05-09 05:46:29 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ARPPRODUCTICON.exe
+ 2008-05-09 05:46:29 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-05-09 05:46:29 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-05-09 05:46:29 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-05-09 05:46:29 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-05-09 05:46:29 26,694 ----a-r C:\WINDOWS\Installer\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2003-07-05 15:38:31 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\17HRT75R.DAT
+ 2003-07-05 15:38:31 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\3T7JDNVX.DAT
+ 2003-07-05 15:38:31 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\57XZDJ3T.DAT
+ 2003-07-05 15:38:32 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\CHRNXJXB.DAT
+ 2001-09-19 11:55:02 2,232 ------w C:\WINDOWS\JAVA\Packages\Data\H7H7VJ5Z.DAT
+ 2003-07-05 15:38:36 2,678 ----a-w C:\WINDOWS\JAVA\Packages\Data\O4FNJLFT.DAT
+ 2005-05-30 21:01:56 2,855 ----a-w C:\WINDOWS\PIF\INSTALL.PIF
+ 2000-08-31 13:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 08:07:21 1,788 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 13:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 13:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2001-08-17 13:36:36 2,000 ----a-w C:\WINDOWS\SYSTEM\KEYBOARD.DRV
+ 2001-08-17 13:36:42 2,032 ----a-w C:\WINDOWS\SYSTEM\MOUSE.DRV
+ 2001-08-17 13:36:38 1,744 ----a-w C:\WINDOWS\SYSTEM\SOUND.DRV
+ 2001-08-17 13:36:42 2,176 ----a-w C:\WINDOWS\SYSTEM\VGA.DRV
+ 2008-04-23 03:49:36 49,152 ----a-w C:\WINDOWS\SYSTEM32\105772\dllsockt.exe
- 2007-12-07 01:07:12 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\browseui.dll
+ 2007-08-14 21:22:50 25,105 ----a-w C:\WINDOWS\SYSTEM32\btz\L3pars2.exe
- 2007-12-07 01:07:12 151,040 ----a-w C:\WINDOWS\SYSTEM32\cdfview.dll
+ 2008-02-16 08:59:35 151,040 ----a-w C:\WINDOWS\SYSTEM32\cdfview.dll
- 2007-12-07 01:07:12 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\danim.dll
+ 2008-02-16 08:59:35 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\danim.dll
+ 2004-08-04 08:07:21 1,788 ----a-w C:\WINDOWS\SYSTEM32\dcache.bin
- 2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
+ 2008-02-21 02:04:04 682,496 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
- 2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
+ 2008-02-21 02:04:04 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
- 2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
+ 2008-02-21 02:04:04 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
- 2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
+ 2008-02-21 02:04:04 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
+ 2008-02-21 02:03:42 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
- 2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
+ 2008-02-21 02:05:52 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
- 2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
+ 2008-02-21 02:03:24 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
- 2007-12-07 01:07:12 1,023,488 ------w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 ------w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll
- 2007-12-07 01:07:12 151,040 ------w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
+ 2008-02-16 08:59:35 151,040 ------w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
- 2007-12-07 01:07:12 1,054,208 ------w C:\WINDOWS\SYSTEM32\dllcache\danim.dll
+ 2008-02-16 08:59:35 1,054,208 ------w C:\WINDOWS\SYSTEM32\dllcache\danim.dll
+ 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\SYSTEM32\dllcache\dao360.dll
- 2006-06-26 17:37:10 148,480 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsrslvr.dll
- 2007-12-07 01:07:12 357,888 ------w C:\WINDOWS\SYSTEM32\dllcache\dxtmsft.dll
+ 2008-02-16 08:59:35 357,888 ------w C:\WINDOWS\SYSTEM32\dllcache\dxtmsft.dll
- 2007-12-07 01:07:12 205,312 ------w C:\WINDOWS\SYSTEM32\dllcache\dxtrans.dll
+ 2008-02-16 08:59:35 205,312 ------w C:\WINDOWS\SYSTEM32\dllcache\dxtrans.dll
- 2007-12-07 01:07:12 55,808 ------w C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll
+ 2008-02-16 08:59:35 55,808 ------w C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 ------w C:\WINDOWS\SYSTEM32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ------w C:\WINDOWS\SYSTEM32\dllcache\gdi32.dll
- 2007-12-06 13:07:07 18,432 ------w C:\WINDOWS\SYSTEM32\dllcache\iedw.exe
+ 2008-02-15 09:23:37 18,432 ------w C:\WINDOWS\SYSTEM32\dllcache\iedw.exe
- 2007-12-07 01:07:12 251,392 ------w C:\WINDOWS\SYSTEM32\dllcache\iepeers.dll
+ 2008-02-16 08:59:35 251,392 ------w C:\WINDOWS\SYSTEM32\dllcache\iepeers.dll
- 2007-12-07 01:07:12 96,256 ------w C:\WINDOWS\SYSTEM32\dllcache\inseng.dll
+ 2008-02-16 08:59:35 96,256 ------w C:\WINDOWS\SYSTEM32\dllcache\inseng.dll
- 2007-11-14 07:26:56 450,560 ------w C:\WINDOWS\SYSTEM32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 ------w C:\WINDOWS\SYSTEM32\dllcache\jscript.dll
- 2007-12-07 01:07:12 16,384 ------w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll
+ 2008-02-16 08:59:35 16,384 ------w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll
+ 2001-08-17 13:36:36 2,000 ----a-w C:\WINDOWS\SYSTEM32\dllcache\keyboard.drv
+ 2001-08-17 22:33:26 2,560 ----a-w C:\WINDOWS\SYSTEM32\dllcache\lz32.dll
+ 2001-08-17 13:36:42 2,032 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mouse.drv
+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\SYSTEM32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\SYSTEM32\dllcache\msexcl40.dll
- 2007-12-07 14:37:14 3,059,200 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
+ 2008-02-16 22:29:38 3,059,712 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
- 2007-12-07 01:07:13 449,024 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll
+ 2008-02-16 08:59:37 449,024 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll
+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\SYSTEM32\dllcache\msjet40.dll
- 2004-03-01 18:52:15 358,976 ------w C:\WINDOWS\SYSTEM32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\SYSTEM32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\SYSTEM32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\SYSTEM32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\SYSTEM32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\SYSTEM32\dllcache\mspbde40.dll
- 2007-12-07 01:07:13 146,432 ------w C:\WINDOWS\SYSTEM32\dllcache\msrating.dll
+ 2008-02-16 08:59:37 146,432 ------w C:\WINDOWS\SYSTEM32\dllcache\msrating.dll
+ 2008-03-25 04:50:47 432,928 ------w C:\WINDOWS\SYSTEM32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 ------w C:\WINDOWS\SYSTEM32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\SYSTEM32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 ------w C:\WINDOWS\SYSTEM32\dllcache\mstext40.dll
- 2007-12-07 01:07:13 532,480 ------w C:\WINDOWS\SYSTEM32\dllcache\mstime.dll
+ 2008-02-16 08:59:37 532,480 ------w C:\WINDOWS\SYSTEM32\dllcache\mstime.dll
+ 2008-03-25 04:50:57 838,432 ------w C:\WINDOWS\SYSTEM32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:58 621,344 ------w C:\WINDOWS\SYSTEM32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\SYSTEM32\dllcache\msxbde40.dll
+ 2001-08-17 13:47:42 2,944 ----a-w C:\WINDOWS\SYSTEM32\dllcache\null.sys
- 2007-12-07 01:07:13 39,424 ------w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
+ 2008-02-16 08:59:37 39,424 ------w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
- 2007-12-07 01:07:13 1,494,528 ------w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 ------w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll
- 2007-12-07 01:07:13 474,112 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll
+ 2001-08-17 13:36:38 1,744 ----a-w C:\WINDOWS\SYSTEM32\dllcache\sound.drv
- 2007-12-07 01:07:14 615,424 ------w C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll
+ 2008-02-16 08:59:38 615,936 ------w C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll
+ 2007-12-18 14:40:58 417,792 ------w C:\WINDOWS\SYSTEM32\dllcache\vbscript.dll
+ 2001-08-17 13:36:42 2,176 ----a-w C:\WINDOWS\SYSTEM32\dllcache\vga.drv
- 2007-12-07 01:07:14 659,456 ------w C:\WINDOWS\SYSTEM32\dllcache\wininet.dll
+ 2008-02-16 08:59:39 659,456 ------w C:\WINDOWS\SYSTEM32\dllcache\wininet.dll
+ 2001-08-17 13:36:48 2,864 ----a-w C:\WINDOWS\SYSTEM32\dllcache\winsock.dll
+ 2001-08-17 13:36:42 2,112 ----a-w C:\WINDOWS\SYSTEM32\dllcache\winspool.exe
+ 2001-08-17 13:36:54 2,736 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wowdeb.exe
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
- 2004-08-04 07:56:42 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
- 2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
+ 2008-02-21 02:04:16 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
- 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
+ 2008-02-21 02:04:06 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
- 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
+ 2008-02-21 02:04:06 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
- 2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
+ 2008-02-21 02:04:08 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
- 2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
+ 2008-02-21 02:04:08 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
- 2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
+ 2008-02-21 02:04:06 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
- 2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
+ 2008-02-21 02:04:06 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
+ 2007-01-30 05:03:34 2,432 ------w C:\WINDOWS\SYSTEM32\drivers\cdr4_xp.sys
+ 2007-01-30 05:03:34 2,560 ------w C:\WINDOWS\SYSTEM32\drivers\cdralw2k.sys
+ 2004-08-04 06:07:57 2,944 ------w C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys
+ 2001-08-17 13:47:42 2,944 ----a-w C:\WINDOWS\SYSTEM32\drivers\null.sys
- 2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
+ 2008-02-21 02:04:16 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
- 2007-12-07 01:07:12 357,888 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2007-12-07 01:07:12 205,312 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-02-16 08:59:35 205,312 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-06-03 21:47:58 136,627 ----a-w C:\WINDOWS\SYSTEM32\expo\mtcon66225.exe
- 2007-12-07 01:07:12 55,808 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-02-16 08:59:35 55,808 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2007-09-22 18:37:20 527,296 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-04-10 04:54:24 527,296 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
- 2007-12-07 01:07:12 251,392 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
+ 2008-02-16 08:59:35 251,392 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
+ 2008-05-05 16:16:46 127,488 ----a-w C:\WINDOWS\SYSTEM32\inet2\xVXdll.exe
- 2007-12-07 01:07:12 96,256 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
+ 2008-02-16 08:59:35 96,256 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
- 2007-09-25 04:30:28 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2008-02-22 06:23:35 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
- 2007-09-25 04:30:30 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-02-22 06:23:39 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
- 2007-09-25 05:31:42 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
+ 2008-02-22 07:33:32 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
- 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
- 2007-12-07 01:07:12 16,384 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-02-16 08:59:35 16,384 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2001-08-17 13:36:36 2,000 ----a-w C:\WINDOWS\SYSTEM32\keyboard.drv
- 2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
+ 2008-02-21 02:05:34 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
+ 2001-08-17 22:33:26 2,560 ----a-w C:\WINDOWS\SYSTEM32\lz32.dll
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashUtil9f.exe
+ 2008-04-24 23:58:38 74,137 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
+ 2001-08-17 13:36:42 2,032 ----a-w C:\WINDOWS\SYSTEM32\mouse.drv
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2004-08-04 07:56:43 512,029 ----a-w C:\WINDOWS\SYSTEM32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\SYSTEM32\msexch40.dll
- 2004-08-04 07:56:43 319,517 ----a-w C:\WINDOWS\SYSTEM32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\SYSTEM32\msexcl40.dll
- 2007-12-07 14:37:14 3,059,200 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-02-16 22:29:38 3,059,712 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2007-12-07 01:07:13 449,024 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-02-16 08:59:37 449,024 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2004-08-04 07:56:43 1,507,356 ----a-w C:\WINDOWS\SYSTEM32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\SYSTEM32\msjet40.dll
- 2004-03-01 18:52:15 358,976 ------w C:\WINDOWS\SYSTEM32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\SYSTEM32\msjetoledb40.dll
- 2004-08-04 07:56:43 53,279 ----a-w C:\WINDOWS\SYSTEM32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\SYSTEM32\msjter40.dll
- 2004-08-04 07:56:43 241,693 ----a-w C:\WINDOWS\SYSTEM32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\SYSTEM32\msjtes40.dll
- 2004-08-04 07:56:43 213,023 ----a-w C:\WINDOWS\SYSTEM32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\SYSTEM32\msltus40.dll
- 2004-08-04 07:56:43 348,189 ----a-w C:\WINDOWS\SYSTEM32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\SYSTEM32\mspbde40.dll
- 2007-12-07 01:07:13 146,432 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-02-16 08:59:37 146,432 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2004-08-04 07:56:43 421,919 ----a-w C:\WINDOWS\SYSTEM32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\SYSTEM32\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 ----a-w C:\WINDOWS\SYSTEM32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\SYSTEM32\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 ----a-w C:\WINDOWS\SYSTEM32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\SYSTEM32\msrepl40.dll
- 2004-08-04 07:56:43 258,077 ----a-w C:\WINDOWS\SYSTEM32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\SYSTEM32\mstext40.dll
- 2007-12-07 01:07:13 532,480 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-02-16 08:59:37 532,480 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2004-08-04 07:56:44 831,519 ----a-w C:\WINDOWS\SYSTEM32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\SYSTEM32\mswdat10.dll
- 2004-08-04 07:56:44 614,429 ----a-w C:\WINDOWS\SYSTEM32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\SYSTEM32\mswstr10.dll
- 2004-08-04 07:56:44 348,189 ----a-w C:\WINDOWS\SYSTEM32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\SYSTEM32\msxbde40.dll
- 2007-12-07 01:07:13 39,424 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-02-16 08:59:37 39,424 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
+ 2008-02-21 02:05:44 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
+ 2007-06-29 16:23:23 2,624 ----a-w C:\WINDOWS\SYSTEM32\rpbylwha.exe
- 2007-12-07 01:07:13 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\shdocvw.dll
- 2007-12-07 01:07:13 474,112 ----a-w C:\WINDOWS\SYSTEM32\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 ----a-w C:\WINDOWS\SYSTEM32\shlwapi.dll
+ 2001-08-17 13:36:38 1,744 ----a-w C:\WINDOWS\SYSTEM32\sound.drv
+ 2005-03-08 10:00:00 2,693 ----a-w C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_FAIFADA.DAT
+ 2005-03-08 10:00:00 2,693 ----a-w C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\epsonstylus_cx4800f6be\E_FAIFADA.DAT
+ 2007-02-03 19:53:12 2,951 ----a-w C:\WINDOWS\SYSTEM32\SpoonUninstall-dBpoweramp FLAC Codec.dat
- 2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
+ 2008-02-21 02:05:34 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
+ 2003-07-13 12:33:01 2,368 ----a-w C:\WINDOWS\SYSTEM32\SVKP.sys
- 2007-12-07 01:07:14 615,424 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-02-16 08:59:38 615,936 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2004-08-04 07:56:46 417,792 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
+ 2001-08-17 13:36:42 2,176 ----a-w C:\WINDOWS\SYSTEM32\vga.drv
+ 1997-11-17 22:02:54 2,272 ----a-w C:\WINDOWS\SYSTEM32\w95inf16.dll
- 2007-