Pick up a virus

**Randyvz** · 2009-01-23, 23:56

BTW, I didn't turn off the Recovery Console so whatever I picked up must have which would explain why I wasn't appear to restore when I first discovered I had picked up something. I didn't turn it back on yet, because I won't do anything until you tell me to. Here's the first part of my ComboFix log (it was too long to fit in one message):

ComboFix 09-01-20.05 - Administrator 2009-01-23 16:19:55.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1735 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: eTrust ITM *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090110201722890.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\BM52f0b073.txt
c:\windows\BM52f0b073.xml
c:\windows\cookies.ini
c:\windows\Downloaded Program Files\setup.inf
c:\windows\emMON.exe
c:\windows\system32\Drivers\TDSSmqlt.sys
c:\windows\system32\rakmdlkd83indfgnbu.dll
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSosvd.dll
c:\windows\system32\TDSSpaxt.dat
c:\windows\system32\TDSSrhym.log

----- BITS: Possible infected sites -----

hxxp://flounders
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-20 17:16 . 2009-01-20 17:16 <DIR> d-------- C:\SDFix
2009-01-11 09:10 . 2009-01-11 09:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue
2009-01-10 20:31 . 2009-01-23 12:18 2,207 --a------ c:\windows\system32\TDSScfum.dll
2009-01-10 20:18 . 2009-01-10 20:29 0 --a------ c:\windows\system32\drivers\4e6103db.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 18:53 --------- d-----w c:\documents and settings\Administrator\Application Data\XnView
2009-01-11 14:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 14:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-09 22:47 --------- d-----w c:\program files\TouchMeGames old
2008-12-09 22:47 --------- d-----w c:\program files\TouchMeGames
2008-12-06 13:46 --------- d-----w c:\program files\Java
2008-12-04 14:31 --------- d-----w c:\program files\SureThing CD Labeler 5
2008-12-02 23:13 --------- d-----w c:\program files\Common Files\Adobe
2008-12-02 23:10 --------- d-----w c:\program files\Adobe Media Player
2008-12-02 23:09 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-01 03:58 --------- d-----w c:\documents and settings\Administrator\Application Data\Download Manager
2008-09-10 16:59 14,290 ----a-w c:\program files\settings.dat
2008-05-15 17:36 3,222 ----a-w c:\program files\uninstal.log
2007-05-28 17:02 604 ---ha-w c:\program files\STLL Notifier
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w c:\windows\system32\Smab0.dll
2008-07-16 15:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071620080717\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-18_ 8.40.55.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 ----a-w c:\windows\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat
+ 2008-05-01 15:04:00 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:33:02 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:38:05 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB952287\update\updspapi.dll
+ 2004-08-04 08:00:00 53,248 -c----w c:\windows\$NtServicePackUninstall$\1394bus.sys
+ 2004-08-04 04:10:12 48,128 -c----w c:\windows\$NtServicePackUninstall$\61883.sys
+ 2006-08-16 11:58:05 100,352 -c----w c:\windows\$NtServicePackUninstall$\6to4svc.dll
+ 2006-11-13 06:02:58 116,736 -c----w c:\windows\$NtServicePackUninstall$\aaclient.dll
+ 2006-10-04 14:05:26 39,424 -c----w c:\windows\$NtServicePackUninstall$\acadproc.dll
+ 2006-10-04 14:05:26 39,424 -c----w c:\windows\$NtServicePackUninstall$\acadproc.dll.000
+ 2004-08-04 08:00:00 183,808 -c----w c:\windows\$NtServicePackUninstall$\accwiz.exe
+ 2004-08-04 08:00:00 1,852,416 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll
+ 2004-08-04 08:00:00 1,852,416 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll.000
+ 2004-08-04 08:00:00 450,048 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll
+ 2004-08-04 08:00:00 450,048 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll.000
+ 2004-08-04 08:00:00 137,728 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll
+ 2004-08-04 08:00:00 137,728 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll.000
+ 2004-08-04 08:00:00 114,688 -c----w c:\windows\$NtServicePackUninstall$\aclui.dll
+ 2004-08-04 08:00:00 187,776 -c----w c:\windows\$NtServicePackUninstall$\acpi.sys
+ 2004-08-04 08:00:00 244,736 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll
+ 2004-08-04 08:00:00 244,736 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll.000
+ 2004-08-04 08:00:00 194,048 -c----w c:\windows\$NtServicePackUninstall$\activeds.dll
+ 2004-08-04 08:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\actmovie.exe
+ 2004-08-04 08:00:00 101,888 -c----w c:\windows\$NtServicePackUninstall$\actxprxy.dll
+ 2004-08-04 08:00:00 116,224 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll
+ 2004-08-04 08:00:00 116,224 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll.000
+ 2004-08-04 08:00:00 175,616 -c----w c:\windows\$NtServicePackUninstall$\adsldp.dll
+ 2004-08-04 08:00:00 143,360 -c----w c:\windows\$NtServicePackUninstall$\adsldpc.dll
+ 2004-08-04 08:00:00 68,096 -c----w c:\windows\$NtServicePackUninstall$\adsmsext.dll
+ 2004-08-04 08:00:00 263,680 -c----w c:\windows\$NtServicePackUninstall$\adsnt.dll
+ 2004-08-04 08:00:00 109,568 -c----w c:\windows\$NtServicePackUninstall$\adsnw.dll
+ 2004-08-04 08:00:00 616,960 -c----w c:\windows\$NtServicePackUninstall$\advapi32.dll
+ 2006-02-15 00:22:26 142,464 -c----w c:\windows\$NtServicePackUninstall$\aec.sys
+ 2006-02-15 00:22:26 142,464 -c----w c:\windows\$NtServicePackUninstall$\aec.sys.000
+ 2004-08-04 08:00:00 138,496 -c----w c:\windows\$NtServicePackUninstall$\afd.sys
+ 2004-08-04 08:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\agentanm.dll
+ 2004-08-04 08:00:00 214,016 -c----w c:\windows\$NtServicePackUninstall$\agentctl.dll
+ 2006-10-12 14:02:52 42,496 -c----w c:\windows\$NtServicePackUninstall$\agentdp2.dll
+ 2007-03-09 13:46:24 57,344 -c----w c:\windows\$NtServicePackUninstall$\agentdpv.dll
+ 2004-08-04 08:00:00 49,152 -c----w c:\windows\$NtServicePackUninstall$\agentmpx.dll
+ 2004-08-04 08:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\agentpsh.dll
+ 2004-08-04 08:00:00 44,032 -c----w c:\windows\$NtServicePackUninstall$\agentsr.dll
+ 2006-10-12 11:09:53 256,512 -c----w c:\windows\$NtServicePackUninstall$\agentsvr.exe
+ 2004-08-04 13:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0401.dll
+ 2004-08-04 08:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0405.dll
+ 2004-08-04 08:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0406.dll
+ 2004-08-04 08:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt0407.dll
+ 2004-08-04 08:00:00 22,016 -c----w c:\windows\$NtServicePackUninstall$\agt0408.dll
+ 2004-08-04 08:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0409.dll
+ 2004-08-04 08:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt040b.dll
+ 2004-08-04 08:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt040c.dll
+ 2004-08-04 13:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt040d.dll
+ 2004-08-04 08:00:00 19,968 -c----w c:\windows\$NtServicePackUninstall$\agt040e.dll
+ 2004-08-04 08:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0410.dll
+ 2004-08-04 08:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0413.dll
+ 2004-08-04 08:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0414.dll
+ 2004-08-04 08:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0415.dll
+ 2004-08-04 08:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0416.dll
+ 2004-08-04 08:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0419.dll
+ 2004-08-04 08:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041d.dll
+ 2004-08-04 08:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041f.dll
+ 2004-08-04 08:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0816.dll
+ 2004-08-04 08:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0c0a.dll
+ 2004-08-04 08:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\agtintl.dll
+ 2004-08-04 08:00:00 98,304 -c----w c:\windows\$NtServicePackUninstall$\ahui.exe
+ 2004-08-04 08:00:00 44,544 -c----w c:\windows\$NtServicePackUninstall$\alg.exe
+ 2004-08-04 08:00:00 17,408 -c----w c:\windows\$NtServicePackUninstall$\alrsvc.dll
+ 2004-08-04 08:00:00 36,992 -c----w c:\windows\$NtServicePackUninstall$\amdk6.sys
+ 2004-08-04 08:00:00 37,376 -c----w c:\windows\$NtServicePackUninstall$\amdk7.sys
+ 2004-08-04 08:00:00 70,656 -c----w c:\windows\$NtServicePackUninstall$\amstream.dll
+ 2004-08-04 08:00:00 126,976 -c----w c:\windows\$NtServicePackUninstall$\apphelp.dll
+ 2004-08-04 08:00:00 167,936 -c----w c:\windows\$NtServicePackUninstall$\appmgmts.dll
+ 2004-08-04 08:00:00 295,936 -c----w c:\windows\$NtServicePackUninstall$\appmgr.dll
+ 2004-08-04 08:00:00 60,800 -c----w c:\windows\$NtServicePackUninstall$\arp1394.sys
+ 1999-12-20 18:16:40 15,360 -c----w c:\windows\$NtServicePackUninstall$\asfsipc.dll
+ 2004-08-04 08:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\asr_fmt.exe
+ 2004-08-04 08:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\asr_pfu.exe
+ 2004-08-04 08:00:00 65,024 -c----w c:\windows\$NtServicePackUninstall$\asycfilt.dll
+ 2004-08-04 08:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\asyncmac.sys
+ 2004-08-04 08:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\at.exe
+ 2004-08-04 00:59:44 95,360 -c----w c:\windows\$NtServicePackUninstall$\atapi.sys
+ 2004-08-04 08:00:00 58,880 -c----w c:\windows\$NtServicePackUninstall$\atl.dll
+ 2004-08-04 08:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\atmadm.exe
+ 2004-08-04 08:00:00 59,904 -c----w c:\windows\$NtServicePackUninstall$\atmarpc.sys
+ 2004-08-04 08:00:00 285,696 -c----w c:\windows\$NtServicePackUninstall$\atmfd.dll
+ 2004-08-04 08:00:00 55,936 -c----w c:\windows\$NtServicePackUninstall$\atmlane.sys
+ 2004-08-04 08:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\atmlib.dll
+ 2004-08-04 08:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\attrib.exe
+ 2004-08-04 08:00:00 42,496 -c----w c:\windows\$NtServicePackUninstall$\audiosrv.dll
+ 2004-08-04 08:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\auditusr.exe
+ 2005-03-02 18:09:29 56,832 -c----w c:\windows\$NtServicePackUninstall$\authz.dll
+ 2004-08-04 08:00:00 588,800 -c----w c:\windows\$NtServicePackUninstall$\autochk.exe
+ 2004-08-04 08:00:00 602,624 -c----w c:\windows\$NtServicePackUninstall$\autoconv.exe
+ 2004-08-04 08:00:00 580,608 -c----w c:\windows\$NtServicePackUninstall$\autofmt.exe
+ 2004-08-04 08:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\autolfn.exe
+ 2004-08-04 04:10:12 38,912 -c----w c:\windows\$NtServicePackUninstall$\avc.sys
+ 2004-08-04 08:00:00 84,992 -c----w c:\windows\$NtServicePackUninstall$\avifil32.dll
+ 2004-08-04 08:00:00 52,736 -c----w c:\windows\$NtServicePackUninstall$\basesrv.dll
+ 2004-08-04 08:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\batmeter.dll
+ 2004-08-04 08:00:00 8,704 -c----w c:\windows\$NtServicePackUninstall$\batt.dll
+ 2001-08-17 08:57:54 14,080 -c----w c:\windows\$NtServicePackUninstall$\battc.sys
+ 2004-08-04 04:10:14 11,776 -c----w c:\windows\$NtServicePackUninstall$\bdasup.sys
+ 2004-08-04 08:00:00 17,408 -c----w c:\windows\$NtServicePackUninstall$\bidispl.dll
+ 2004-08-04 08:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\bitsprx2.dll
+ 2004-08-04 08:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\bitsprx3.dll
+ 2004-08-04 08:00:00 71,680 -c----w c:\windows\$NtServicePackUninstall$\blastcln.exe
+ 2004-08-04 08:00:00 136,704 -c----w c:\windows\$NtServicePackUninstall$\bootcfg.exe
+ 2004-08-04 08:00:00 71,552 -c----w c:\windows\$NtServicePackUninstall$\bridge.sys
+ 2004-08-04 08:00:00 63,488 -c----w c:\windows\$NtServicePackUninstall$\browselc.dll
+ 2004-08-04 08:00:00 77,312 -c----w c:\windows\$NtServicePackUninstall$\browser.dll
+ 2007-06-15 08:12:28 1,022,976 -c----w c:\windows\$NtServicePackUninstall$\browseui.dll
+ 2004-08-04 08:00:00 78,336 -c----w c:\windows\$NtServicePackUninstall$\browsewm.dll
+ 2004-08-04 08:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\bthci.dll
+ 2004-08-04 08:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\bthserv.dll
+ 2004-08-04 08:00:00 50,688 -c----w c:\windows\$NtServicePackUninstall$\btpanui.dll
+ 2004-08-04 08:00:00 59,904 -c----w c:\windows\$NtServicePackUninstall$\cabinet.dll
+ 2004-08-04 08:00:00 84,480 -c----w c:\windows\$NtServicePackUninstall$\cabview.dll
+ 2004-08-04 08:00:00 18,432 -c----w c:\windows\$NtServicePackUninstall$\cacls.exe
+ 2004-08-04 08:00:00 385,024 -c----w c:\windows\$NtServicePackUninstall$\callcont.dll
+ 2004-08-04 08:00:00 50,688 -c----w c:\windows\$NtServicePackUninstall$\camocx.dll
+ 2004-08-04 08:00:00 142,848 -c----w c:\windows\$NtServicePackUninstall$\capesnpn.dll
+ 2005-07-26 04:39:42 225,792 -c----w c:\windows\$NtServicePackUninstall$\catsrv.dll
+ 2004-08-04 08:00:00 85,504 -c----w c:\windows\$NtServicePackUninstall$\catsrvps.dll
+ 2005-07-26 04:39:43 625,152 -c----w c:\windows\$NtServicePackUninstall$\catsrvut.dll
+ 2004-08-04 04:10:18 17,024 -c----w c:\windows\$NtServicePackUninstall$\ccdecode.sys
+ 2004-08-04 08:00:00 63,744 -c----w c:\windows\$NtServicePackUninstall$\cdfs.sys
+ 2007-06-15 08:12:28 151,040 -c----w c:\windows\$NtServicePackUninstall$\cdfview.dll
+ 2005-09-10 01:53:41 2,067,968 -c----w c:\windows\$NtServicePackUninstall$\cdosys.dll
+ 2004-08-04 08:00:00 49,536 -c----w c:\windows\$NtServicePackUninstall$\cdrom.sys
+ 2004-08-04 08:00:00 194,560 -c----w c:\windows\$NtServicePackUninstall$\certcli.dll
+ 2004-08-04 08:00:00 457,728 -c----w c:\windows\$NtServicePackUninstall$\certmgr.dll
+ 2004-08-04 08:00:00 38,912 -c----w c:\windows\$NtServicePackUninstall$\cfgbkend.dll
+ 2004-08-04 08:00:00 16,896 -c----w c:\windows\$NtServicePackUninstall$\cfgmgr32.dll
+ 2004-08-04 08:00:00 109,568 -c----w c:\windows\$NtServicePackUninstall$\cic.dll
+ 2004-08-04 08:00:00 1,352,192 -c----w c:\windows\$NtServicePackUninstall$\cimwin32.dll
+ 2006-06-22 05:06:29 69,120 -c----w c:\windows\$NtServicePackUninstall$\ciodm.dll
+ 2004-08-04 08:00:00 56,320 -c----w c:\windows\$NtServicePackUninstall$\cipher.exe
+ 2004-08-04 08:00:00 5,632 -c----w c:\windows\$NtServicePackUninstall$\cisvc.exe
+ 2004-08-04 08:00:00 49,664 -c----w c:\windows\$NtServicePackUninstall$\classpnp.sys
+ 2005-07-26 04:39:43 110,080 -c----w c:\windows\$NtServicePackUninstall$\clbcatex.dll
+ 2005-07-26 04:39:43 498,688 -c----w c:\windows\$NtServicePackUninstall$\clbcatq.dll
+ 2004-08-04 08:00:00 64,000 -c----w c:\windows\$NtServicePackUninstall$\cleanmgr.exe
+ 2004-08-04 08:00:00 77,824 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.dll
+ 2004-08-04 08:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.exe
+ 2004-08-04 08:00:00 102,912 -c----w c:\windows\$NtServicePackUninstall$\clipbrd.exe
+ 2004-08-04 08:00:00 33,280 -c----w c:\windows\$NtServicePackUninstall$\clipsrv.exe
+ 2004-08-04 08:00:00 57,856 -c----w c:\windows\$NtServicePackUninstall$\clusapi.dll
+ 2004-08-03 18:07:40 14,080 -c----w c:\windows\$NtServicePackUninstall$\cmbatt.sys
+ 2004-08-04 08:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\cmcfg32.dll
+ 2004-08-04 08:00:00 388,608 -c----w c:\windows\$NtServicePackUninstall$\cmd.exe
+ 2004-08-04 08:00:00 45,568 -c----w c:\windows\$NtServicePackUninstall$\cmdevtgprov.dll
+ 2004-08-04 08:00:00 343,040 -c----w c:\windows\$NtServicePackUninstall$\cmdial32.dll
+ 2004-08-04 08:00:00 47,104 -c----w c:\windows\$NtServicePackUninstall$\cmdl32.exe
+ 2004-08-04 08:00:00 39,936 -c----w c:\windows\$NtServicePackUninstall$\cmmon32.exe
+ 2004-08-04 08:00:00 185,344 -c----w c:\windows\$NtServicePackUninstall$\cmprops.dll
+ 2004-08-04 08:00:00 13,824 -c----w c:\windows\$NtServicePackUninstall$\cmsetacl.dll
+ 2004-08-04 08:00:00 63,488 -c----w c:\windows\$NtServicePackUninstall$\cmstp.exe
+ 2004-08-04 08:00:00 39,936 -c----w c:\windows\$NtServicePackUninstall$\cmutil.dll
+ 2004-08-04 08:00:00 47,104 -c----w c:\windows\$NtServicePackUninstall$\cnbjmon.dll
+ 2005-04-27 23:15:36 17,920 -c----w c:\windows\$NtServicePackUninstall$\cobramsg.dll
+ 2005-07-26 04:39:43 60,416 -c----w c:\windows\$NtServicePackUninstall$\colbact.dll
+ 2004-08-04 08:00:00 25,600 -c----w c:\windows\$NtServicePackUninstall$\comaddin.dll
+ 2005-07-26 04:39:44 195,072 -c----w c:\windows\$NtServicePackUninstall$\comadmin.dll
+ 2006-08-25 15:45:58 617,472 -c----w c:\windows\$NtServicePackUninstall$\comctl32.dll
+ 2004-08-04 08:00:00 276,992 -c----w c:\windows\$NtServicePackUninstall$\comdlg32.dll
+ 2004-08-04 08:00:00 252,928 -c----w c:\windows\$NtServicePackUninstall$\compatui.dll
+ 2001-08-17 08:58:00 9,344 -c----w c:\windows\$NtServicePackUninstall$\compbatt.sys
+ 2004-08-04 08:00:00 229,376 -c----w c:\windows\$NtServicePackUninstall$\compstui.dll
+ 2005-07-26 04:39:44 97,792 -c----w c:\windows\$NtServicePackUninstall$\comrepl.dll
+ 2004-08-04 08:00:00 9,728 -c----w c:\windows\$NtServicePackUninstall$\comrepl.exe
+ 2004-08-04 08:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\comrereg.exe
+ 2004-08-04 08:00:00 792,064 -c----w c:\windows\$NtServicePackUninstall$\comres.dll
+ 2004-08-04 08:00:00 259,584 -c----w c:\windows\$NtServicePackUninstall$\comsetup.dll
+ 2004-08-04 08:00:00 147,456 -c----w c:\windows\$NtServicePackUninstall$\comsnap.dll
+ 2005-07-26 04:39:44 1,267,200 -c----w c:\windows\$NtServicePackUninstall$\comsvcs.dll
+ 2005-07-26 04:39:45 540,160 -c----w c:\windows\$NtServicePackUninstall$\comuid.dll
+ 2004-08-04 08:00:00 1,032,192 -c----w c:\windows\$NtServicePackUninstall$\conf.exe
+ 2004-08-04 08:00:00 45,056 -c----w c:\windows\$NtServicePackUninstall$\confmrsl.dll
+ 2004-08-04 08:00:00 345,600 -c----w c:\windows\$NtServicePackUninstall$\confmsp.dll
+ 2004-08-04 08:00:00 27,648 -c----w c:\windows\$NtServicePackUninstall$\conime.exe
+ 2004-08-04 08:00:00 35,328 -c----w c:\windows\$NtServicePackUninstall$\corpol.dll
+ 2004-08-04 08:00:00 163,840 -c----w c:\windows\$NtServicePackUninstall$\credui.dll
+ 2004-08-04 08:00:00 36,480 -c----w c:\windows\$NtServicePackUninstall$\crusoe.sys
+ 2004-08-04 08:00:00 597,504 -c----w c:\windows\$NtServicePackUninstall$\crypt32.dll
+ 2004-08-04 08:00:00 74,752 -c----w c:\windows\$NtServicePackUninstall$\cryptdlg.dll
+ 2004-08-04 08:00:00 33,280 -c----w c:\windows\$NtServicePackUninstall$\cryptdll.dll
+ 2004-08-04 08:00:00 53,760 -c----w c:\windows\$NtServicePackUninstall$\cryptext.dll
+ 2004-08-04 08:00:00 63,488 -c----w c:\windows\$NtServicePackUninstall$\cryptnet.dll
+ 2006-02-11 03:48:12 62,464 -c----w c:\windows\$NtServicePackUninstall$\cryptsvc.dll
+ 2004-08-04 08:00:00 512,512 -c----w c:\windows\$NtServicePackUninstall$\cryptui.dll
+ 2004-08-04 08:00:00 101,888 -c----w c:\windows\$NtServicePackUninstall$\cscdll.dll
+ 2004-08-04 08:00:00 98,304 -c----w c:\windows\$NtServicePackUninstall$\cscript.exe
+ 2004-08-04 08:00:00 326,656 -c----w c:\windows\$NtServicePackUninstall$\cscui.dll
+ 2004-08-04 08:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\csrsrv.dll
+ 2004-08-04 08:00:00 6,144 -c----w c:\windows\$NtServicePackUninstall$\csrss.exe
+ 2004-08-04 08:00:00 15,360 -c----w c:\windows\$NtServicePackUninstall$\ctfmon.exe
+ 2006-06-03 11:40:49 33,792 -c----w c:\windows\$NtServicePackUninstall$\custsat.dll
+ 2004-08-04 08:00:00 1,179,648 -c----w c:\windows\$NtServicePackUninstall$\d3d8.dll
+ 2004-08-04 08:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\d3d8thk.dll
+ 2004-08-04 08:00:00 1,689,088 -c----w c:\windows\$NtServicePackUninstall$\d3d9.dll
+ 2004-08-04 08:00:00 825,344 -c----w c:\windows\$NtServicePackUninstall$\d3dim700.dll
+ 2007-06-15 08:12:28 1,054,208 -c----w c:\windows\$NtServicePackUninstall$\danim.dll
+ 2004-08-04 08:00:00 561,179 -c----w c:\windows\$NtServicePackUninstall$\dao360.dll
+ 2004-08-04 08:00:00 54,272 -c----w c:\windows\$NtServicePackUninstall$\dataclen.dll
+ 2004-08-04 08:00:00 152,064 -c----w c:\windows\$NtServicePackUninstall$\datime.dll
+ 2004-08-04 08:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\davclnt.dll
+ 2004-08-04 08:00:00 640,000 -c----w c:\windows\$NtServicePackUninstall$\dbghelp.dll
+ 2004-08-04 08:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\dbmsrpcn.dll
+ 2004-08-04 08:00:00 110,592 -c----w c:\windows\$NtServicePackUninstall$\dbnetlib.dll
+ 2004-08-04 08:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\dbnmpntw.dll
+ 2004-08-04 08:00:00 1,788 -c----w c:\windows\$NtServicePackUninstall$\dcache.bin
+ 2004-08-04 08:00:00 40,960 -c----w c:\windows\$NtServicePackUninstall$\dcap32.dll
+ 2004-08-04 08:00:00 8,704 -c----w c:\windows\$NtServicePackUninstall$\dciman32.dll
+ 2004-08-04 08:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\dcomcnfg.exe
+ 2004-08-04 08:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\ddeshare.exe
+ 2004-08-04 08:00:00 266,240 -c----w c:\windows\$NtServicePackUninstall$\ddraw.dll
+ 2004-08-04 08:00:00 27,136 -c----w c:\windows\$NtServicePackUninstall$\ddrawex.dll
+ 2004-08-04 08:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\defrag.exe
+ 2004-08-04 08:00:00 59,904 -c----w c:\windows\$NtServicePackUninstall$\devenum.dll
+ 2004-08-04 08:00:00 282,624 -c----w c:\windows\$NtServicePackUninstall$\devmgr.dll
+ 2004-08-04 08:00:00 82,432 -c----w c:\windows\$NtServicePackUninstall$\dfrgfat.exe
+ 2004-08-04 08:00:00 104,960 -c----w c:\windows\$NtServicePackUninstall$\dfrgntfs.exe
+ 2004-08-04 08:00:00 38,912 -c----w c:\windows\$NtServicePackUninstall$\dfrgsnap.dll
+ 2004-08-04 08:00:00 123,904 -c----w c:\windows\$NtServicePackUninstall$\dfrgui.dll
+ 2004-08-04 08:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\dfsshlex.dll
+ 2004-08-04 08:00:00 111,104 -c----w c:\windows\$NtServicePackUninstall$\dgnet.dll
+ 2006-05-19 12:59:41 111,616 -c----w c:\windows\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2004-08-04 08:00:00 370,176 -c----w c:\windows\$NtServicePackUninstall$\dhcpmon.dll
+ 2004-08-04 08:00:00 539,136 -c----w c:\windows\$NtServicePackUninstall$\dialer.exe
+ 2004-08-04 08:00:00 85,504 -c----w c:\windows\$NtServicePackUninstall$\diantz.exe
+ 2004-08-04 08:00:00 68,608 -c----w c:\windows\$NtServicePackUninstall$\digest.dll
+ 2004-08-04 08:00:00 159,232 -c----w c:\windows\$NtServicePackUninstall$\dinput.dll
+ 2004-08-04 08:00:00 181,760 -c----w c:\windows\$NtServicePackUninstall$\dinput8.dll
+ 2007-05-16 15:12:00 86,528 -c----w c:\windows\$NtServicePackUninstall$\directdb.dll
+ 2004-08-04 08:00:00 36,352 -c----w c:\windows\$NtServicePackUninstall$\disk.sys
+ 2004-08-04 08:00:00 1,501,696 -c----w c:\windows\$NtServicePackUninstall$\diskcopy.dll
+ 2004-08-04 08:00:00 14,208 -c----w c:\windows\$NtServicePackUninstall$\diskdump.sys
+ 2004-08-04 08:00:00 163,840 -c----w c:\windows\$NtServicePackUninstall$\diskpart.exe
+ 2004-08-04 08:00:00 45,083 -c----w c:\windows\$NtServicePackUninstall$\dispex.dll
+ 2004-08-04 08:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\dllhost.exe
+ 2004-08-04 08:00:00 224,768 -c----w c:\windows\$NtServicePackUninstall$\dmadmin.exe
+ 2004-08-04 08:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\dmband.dll
+ 2004-08-04 08:00:00 799,744 -c----w c:\windows\$NtServicePackUninstall$\dmboot.sys
+ 2004-08-04 08:00:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\dmcompos.dll
+ 2004-08-04 08:00:00 273,920 -c----w c:\windows\$NtServicePackUninstall$\dmdlgs.dll
+ 2004-08-04 08:00:00 200,704 -c----w c:\windows\$NtServicePackUninstall$\dmdskmgr.dll
+ 2004-08-04 08:00:00 181,248 -c----w c:\windows\$NtServicePackUninstall$\dmime.dll
+ 2004-08-04 08:00:00 153,344 -c----w c:\windows\$NtServicePackUninstall$\dmio.sys
+ 2004-08-04 08:00:00 35,840 -c----w c:\windows\$NtServicePackUninstall$\dmloader.dll
+ 2004-08-04 08:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\dmremote.exe
+ 2004-08-04 08:00:00 82,432 -c----w c:\windows\$NtServicePackUninstall$\dmscript.dll
+ 2004-08-04 08:00:00 23,552 -c----w c:\windows\$NtServicePackUninstall$\dmserver.dll
+ 2004-08-04 08:00:00 105,984 -c----w c:\windows\$NtServicePackUninstall$\dmstyle.dll
+ 2004-08-04 08:00:00 103,424 -c----w c:\windows\$NtServicePackUninstall$\dmsynth.dll
+ 2004-08-04 08:00:00 104,448 -c----w c:\windows\$NtServicePackUninstall$\dmusic.dll
+ 2004-08-04 06:07:40 52,864 -c----w c:\windows\$NtServicePackUninstall$\dmusic.sys
+ 2004-08-04 08:00:00 52,224 -c----w c:\windows\$NtServicePackUninstall$\dmutil.dll
+ 2008-02-20 05:32:43 148,992 -c----w c:\windows\$NtServicePackUninstall$\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 -c----w c:\windows\$NtServicePackUninstall$\dnsrslvr.dll
+ 2004-08-04 08:00:00 48,128 -c----w c:\windows\$NtServicePackUninstall$\docprop2.dll
+ 2004-08-04 08:00:00 96,768 -c----w c:\windows\$NtServicePackUninstall$\dpcdll.dll
+ 2004-08-04 08:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\dplaysvr.exe
+ 2004-08-04 08:00:00 229,888 -c----w c:\windows\$NtServicePackUninstall$\dplayx.dll
+ 2004-08-04 08:00:00 23,552 -c----w c:\windows\$NtServicePackUninstall$\dpmodemx.dll
+ 2004-08-04 08:00:00 3,584 -c----w c:\windows\$NtServicePackUninstall$\dpnaddr.dll
+ 2004-08-04 08:00:00 375,296 -c----w c:\windows\$NtServicePackUninstall$\dpnet.dll
+ 2004-08-04 08:00:00 35,328 -c----w c:\windows\$NtServicePackUninstall$\dpnhpast.dll
+ 2004-08-04 08:00:00 60,928 -c----w c:\windows\$NtServicePackUninstall$\dpnhupnp.dll
+ 2004-08-04 08:00:00 3,584 -c----w c:\windows\$NtServicePackUninstall$\dpnlobby.dll
+ 2004-08-04 08:00:00 18,432 -c----w c:\windows\$NtServicePackUninstall$\dpnsvr.exe
+ 2004-08-04 08:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\dpvacm.dll
+ 2004-08-04 08:00:00 212,480 -c----w c:\windows\$NtServicePackUninstall$\dpvoice.dll
+ 2004-08-04 08:00:00 83,456 -c----w c:\windows\$NtServicePackUninstall$\dpvsetup.exe
+ 2004-08-04 08:00:00 116,736 -c----w c:\windows\$NtServicePackUninstall$\dpvvox.dll
+ 2004-08-04 08:00:00 57,344 -c----w c:\windows\$NtServicePackUninstall$\dpwsockx.dll
+ 2004-08-04 08:00:00 58,368 -c----w c:\windows\$NtServicePackUninstall$\driverquery.exe
+ 2004-08-04 05:08:00 60,288 -c----w c:\windows\$NtServicePackUninstall$\drmk.sys
+ 2004-08-04 06:07:58 2,944 -c----w c:\windows\$NtServicePackUninstall$\drmkaud.sys
+ 2004-08-04 08:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\drprov.dll
+ 2004-08-04 08:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\ds32gt.dll
+ 2004-08-04 08:00:00 181,760 -c----w c:\windows\$NtServicePackUninstall$\dsdmo.dll
+ 2004-08-04 08:00:00 71,680 -c----w c:\windows\$NtServicePackUninstall$\dsdmoprp.dll
+ 2004-08-04 08:00:00 92,672 -c----w c:\windows\$NtServicePackUninstall$\dskquota.dll
+ 2004-08-04 08:00:00 144,384 -c----w c:\windows\$NtServicePackUninstall$\dskquoui.dll
+ 2004-08-04 08:00:00 367,616 -c----w c:\windows\$NtServicePackUninstall$\dsound.dll
+ 2004-08-04 08:00:00 1,294,336 -c----w c:\windows\$NtServicePackUninstall$\dsound3d.dll
+ 2004-08-04 08:00:00 142,336 -c----w c:\windows\$NtServicePackUninstall$\dsprop.dll
+ 2004-08-04 08:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\dsprpres.dll
+ 2004-08-04 08:00:00 239,104 -c----w c:\windows\$NtServicePackUninstall$\dsquery.dll
+ 2004-08-04 08:00:00 51,200 -c----w c:\windows\$NtServicePackUninstall$\dssec.dll
+ 2004-08-04 08:00:00 137,216 -c----w c:\windows\$NtServicePackUninstall$\dssenh.dll
+ 2004-08-04 08:00:00 113,152 -c----w c:\windows\$NtServicePackUninstall$\dsuiext.dll
+ 2004-08-04 08:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\dswave.dll
+ 2004-08-04 08:00:00 10,752 -c----w c:\windows\$NtServicePackUninstall$\dumprep.exe
+ 2004-08-04 08:00:00 304,128 -c----w c:\windows\$NtServicePackUninstall$\duser.dll
+ 2004-08-04 08:00:00 17,920 -c----w c:\windows\$NtServicePackUninstall$\dvdupgrd.exe
+ 2004-08-04 08:00:00 180,224 -c----w c:\windows\$NtServicePackUninstall$\dwwin.exe
+ 2004-08-04 08:00:00 619,008 -c----w c:\windows\$NtServicePackUninstall$\dx7vb.dll
+ 2004-08-04 08:00:00 1,227,264 -c----w c:\windows\$NtServicePackUninstall$\dx8vb.dll
+ 2004-08-04 08:00:00 1,298,432 -c----w c:\windows\$NtServicePackUninstall$\dxdiag.exe
+ 2004-08-04 08:00:00 2,113,536 -c----w c:\windows\$NtServicePackUninstall$\dxdiagn.dll
+ 2004-08-04 08:00:00 71,040 -c----w c:\windows\$NtServicePackUninstall$\dxg.sys
+ 2006-08-22 09:05:26 498,742 -c----w c:\windows\$NtServicePackUninstall$\dxmasf.dll
+ 2004-08-04 08:00:00 26,624 -c----w c:\windows\$NtServicePackUninstall$\efsadu.dll
+ 2004-08-04 08:00:00 183,296 -c----w c:\windows\$NtServicePackUninstall$\els.dll
+ 2004-08-04 08:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\encapi.dll
+ 2004-08-04 08:00:00 186,368 -c----w c:\windows\$NtServicePackUninstall$\encdec.dll
+ 2004-08-04 08:00:00 23,040 -c----w c:\windows\$NtServicePackUninstall$\ersvc.dll
+ 2005-07-26 04:39:45 243,200 -c----w c:\windows\$NtServicePackUninstall$\es.dll
+ 2005-10-20 22:20:03 1,082,368 -c----w c:\windows\$NtServicePackUninstall$\esent.dll
+ 2004-08-04 08:00:00 247,808 -c----w c:\windows\$NtServicePackUninstall$\esscli.dll
+ 2004-08-04 08:00:00 193,024 -c----w c:\windows\$NtServicePackUninstall$\eudcedit.exe
+ 2004-08-04 08:00:00 50,176 -c----w c:\windows\$NtServicePackUninstall$\eventcreate.exe
+ 2004-08-04 08:00:00 55,808 -c----w c:\windows\$NtServicePackUninstall$\eventlog.dll
+ 2004-08-04 08:00:00 77,824 -c----w c:\windows\$NtServicePackUninstall$\eventtriggers.exe
+ 2004-08-04 08:00:00 22,016 -c----w c:\windows\$NtServicePackUninstall$\evntrprv.dll
+ 2007-06-13 10:23:07 1,033,216 -c----w c:\windows\$NtServicePackUninstall$\explorer.exe
+ 2004-08-04 08:00:00 380,957 -c----w c:\windows\$NtServicePackUninstall$\expsrv.dll
+ 2004-08-04 08:00:00 45,568 -c----w c:\windows\$NtServicePackUninstall$\extrac32.exe
+ 2004-08-04 08:00:00 121,856 -c----w c:\windows\$NtServicePackUninstall$\exts.dll
+ 2004-08-04 08:00:00 143,360 -c----w c:\windows\$NtServicePackUninstall$\fastfat.sys
+ 2004-08-04 08:00:00 472,064 -c----w c:\windows\$NtServicePackUninstall$\fastprox.dll
+ 2004-08-04 08:00:00 80,384 -c----w c:\windows\$NtServicePackUninstall$\faultrep.dll
+ 2004-08-04 08:00:00 27,392 -c----w c:\windows\$NtServicePackUninstall$\fdc.sys
+ 2004-08-04 08:00:00 117,760 -c----w c:\windows\$NtServicePackUninstall$\fde.dll
+ 2004-08-04 08:00:00 73,728 -c----w c:\windows\$NtServicePackUninstall$\fdeploy.dll
+ 2004-08-04 08:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\feclient.dll
+ 2004-08-04 08:00:00 337,920 -c----w c:\windows\$NtServicePackUninstall$\filemgmt.dll
+ 2004-08-04 08:00:00 27,136 -c----w c:\windows\$NtServicePackUninstall$\findstr.exe
+ 2004-08-04 08:00:00 34,944 -c----w c:\windows\$NtServicePackUninstall$\fips.sys
+ 2004-08-04 08:00:00 87,552 -c----w c:\windows\$NtServicePackUninstall$\fldrclnr.dll
+ 2004-08-04 08:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\flpydisk.sys
+ 2006-08-21 12:21:06 16,896 -c----w c:\windows\$NtServicePackUninstall$\fltlib.dll
+ 2006-08-21 09:14:58 23,040 -c----w c:\windows\$NtServicePackUninstall$\fltmc.exe
+ 2006-08-21 09:14:58 128,896 -c----w c:\windows\$NtServicePackUninstall$\fltmgr.sys
+ 2004-08-04 08:00:00 382,976 -c----w c:\windows\$NtServicePackUninstall$\fontext.dll
+ 2005-10-17 21:14:45 80,896 -c----w c:\windows\$NtServicePackUninstall$\fontsub.dll
+ 2004-08-04 08:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\fontview.exe
+ 2004-08-04 08:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\forcedos.exe
+ 2004-08-04 08:00:00 25,600 -c----w c:\windows\$NtServicePackUninstall$\format.com
+ 2004-08-04 08:00:00 32,828 -c----w c:\windows\$NtServicePackUninstall$\fp40ext.dll
+ 2003-03-24 18:52:04 618,605 -c----w c:\windows\$NtServicePackUninstall$\fp4autl.dll
+ 2004-08-04 08:00:00 9,344 -c----w c:\windows\$NtServicePackUninstall$\framebuf.dll
+ 2004-08-04 08:00:00 185,856 -c----w c:\windows\$NtServicePackUninstall$\framedyn.dll
+ 2004-08-04 08:00:00 193,024 -c----w c:\windows\$NtServicePackUninstall$\fsquirt.exe
+ 2004-08-04 08:00:00 42,496 -c----w c:\windows\$NtServicePackUninstall$\ftp.exe
+ 2004-08-04 08:00:00 60,416 -c----w c:\windows\$NtServicePackUninstall$\fwcfg.dll
+ 2004-08-04 08:00:00 132,608 -c----w c:\windows\$NtServicePackUninstall$\fxsocm.dll
+ 2008-02-20 06:51:05 282,624 -c----w c:\windows\$NtServicePackUninstall$\gdi32.dll
+ 2004-08-04 08:00:00 55,296 -c----w c:\windows\$NtServicePackUninstall$\getmac.exe
+ 2004-08-04 08:00:00 122,880 -c----w c:\windows\$NtServicePackUninstall$\glu32.dll
+ 2004-08-04 08:00:00 566,784 -c----w c:\windows\$NtServicePackUninstall$\gpedit.dll
+ 2004-08-04 08:00:00 9,728 -c----w c:\windows\$NtServicePackUninstall$\gpkrsrc.dll
+ 2004-08-04 08:00:00 119,808 -c----w c:\windows\$NtServicePackUninstall$\gpresult.exe
+ 2004-08-04 08:00:00 119,808 -c----w c:\windows\$NtServicePackUninstall$\gprslt.exe
+ 2004-08-04 08:00:00 198,656 -c----w c:\windows\$NtServicePackUninstall$\gptext.dll
+ 2004-08-04 08:00:00 39,424 -c----w c:\windows\$NtServicePackUninstall$\grpconv.exe
+ 2005-04-28 19:16:29 133,120 -c----w c:\windows\$NtServicePackUninstall$\guitrn.dll
+ 2005-04-28 19:16:29 115,200 -c----w c:\windows\$NtServicePackUninstall$\guitrna.dll
+ 2004-08-04 08:00:00 57,344 -c----w c:\windows\$NtServicePackUninstall$\h323cc.dll
+ 2004-08-04 08:00:00 614,912 -c----w c:\windows\$NtServicePackUninstall$\h323msp.dll
+ 2005-09-28 23:35:25 134,272 -c----w c:\windows\$NtServicePackUninstall$\hal.dll
+ 2004-11-16 01:37:04 131,712 -c----w c:\windows\$NtServicePackUninstall$\halaacpi.dll
+ 2004-11-16 01:37:04 131,712 -c----w c:\windows\$NtServicePackUninstall$\halaacpi.dll.000
+ 2004-11-16 01:37:04 81,152 -c----w c:\windows\$NtServicePackUninstall$\halacpi.dll
+ 2004-11-16 01:37:04 81,152 -c----w c:\windows\$NtServicePackUninstall$\halacpi.dll.000
+ 2004-11-16 01:37:04 150,400 -c----w c:\windows\$NtServicePackUninstall$\halapic.dll
+ 2004-11-16 01:37:04 150,400 -c----w c:\windows\$NtServicePackUninstall$\halapic.dll.000
+ 2005-09-28 23:35:25 134,272 -c----w c:\windows\$NtServicePackUninstall$\halmacpi.dll
+ 2005-09-28 23:35:25 134,272 -c----w c:\windows\$NtServicePackUninstall$\halmacpi.dll.000
+ 2004-11-16 01:37:04 152,576 -c----w c:\windows\$NtServicePackUninstall$\halmps.dll
+ 2004-11-16 01:37:04 152,576 -c----w c:\windows\$NtServicePackUninstall$\halmps.dll.000
+ 2004-11-16 01:37:04 77,696 -c----w c:\windows\$NtServicePackUninstall$\halsp.dll
+ 2004-11-16 01:37:04 77,696 -c----w c:\windows\$NtServicePackUninstall$\halsp.dll.000
+ 2004-08-04 08:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\hccoin.dll
+ 2005-01-08 00:07:18 138,752 -c----w c:\windows\$NtServicePackUninstall$\hdaudbus.sys
+ 2004-08-04 08:00:00 14,848 -c----w c:\windows\$NtServicePackUninstall$\help.exe
+ 2004-08-04 08:00:00 768,512 -c----w c:\windows\$NtServicePackUninstall$\helpctr.exe
+ 2004-08-04 08:00:00 743,936 -c----w c:\windows\$NtServicePackUninstall$\helpsvc.exe
+ 2005-05-26 23:22:01 10,752 -c----w c:\windows\$NtServicePackUninstall$\hh.exe
+ 2005-05-27 02:04:27 41,472 -c----w c:\windows\$NtServicePackUninstall$\hhsetup.dll
+ 2004-08-04 08:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\hid.dll
+ 2004-08-04 08:00:00 36,224 -c----w c:\windows\$NtServicePackUninstall$\hidclass.sys
+ 2004-08-04 08:00:00 24,960 -c----w c:\windows\$NtServicePackUninstall$\hidparse.sys
+ 2001-08-17 19:02:20 9,600 -c----w c:\windows\$NtServicePackUninstall$\hidusb.sys
+ 2006-07-21 08:24:43 72,704 -c----w c:\windows\$NtServicePackUninstall$\hlink.dll
+ 2004-08-04 08:00:00 344,064 -c----w c:\windows\$NtServicePackUninstall$\hnetcfg.dll
+ 2004-08-04 08:00:00 330,752 -c----w c:\windows\$NtServicePackUninstall$\hnetwiz.dll
+ 2004-08-04 08:00:00 144,896 -c----w c:\windows\$NtServicePackUninstall$\hotplug.dll
+ 2004-08-04 05:56:44 10,752 -c----w c:\windows\$NtServicePackUninstall$\hpcjrr.dll
+ 2004-08-04 08:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\hscupd.exe
+ 2006-03-17 00:33:10 262,784 -c----w c:\windows\$NtServicePackUninstall$\http.sys
+ 2006-03-17 00:33:10 262,784 -c----w c:\windows\$NtServicePackUninstall$\http.sys.000
+ 2004-08-04 08:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\httpapi.dll
+ 2004-08-04 08:00:00 41,984 -c----w c:\windows\$NtServicePackUninstall$\htui.dll
+ 2004-11-17 17:41:24 347,136 -c----w c:\windows\$NtServicePackUninstall$\hypertrm.dll
+ 2004-08-04 05:14:38 52,736 -c----w c:\windows\$NtServicePackUninstall$\i8042prt.sys
+ 2004-08-04 08:00:00 119,808 -c----w c:\windows\$NtServicePackUninstall$\iasrad.dll
+ 2004-08-04 08:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\icaapi.dll
+ 2004-08-04 08:00:00 80,384 -c----w c:\windows\$NtServicePackUninstall$\iccvid.dll
+ 2005-06-29 01:46:00 254,976 -c----w c:\windows\$NtServicePackUninstall$\icm32.dll
+ 2004-08-04 08:00:00 3,584 -c----w c:\windows\$NtServicePackUninstall$\icmp.dll
+ 2005-04-27 23:15:45 2,560 -c----w c:\windows\$NtServicePackUninstall$\iconlib.dll
+ 2004-08-04 08:00:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\icwconn.dll
+ 2004-08-04 08:00:00 214,528 -c----w c:\windows\$NtServicePackUninstall$\icwconn1.exe
+ 2004-08-04 08:00:00 86,016 -c----w c:\windows\$NtServicePackUninstall$\icwconn2.exe
+ 2004-08-04 08:00:00 73,728 -c----w c:\windows\$NtServicePackUninstall$\icwdial.dll
+ 2004-08-04 08:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\icwdl.dll
+ 2004-08-04 08:00:00 172,032 -c----w c:\windows\$NtServicePackUninstall$\icwhelp.dll
+ 2004-08-04 08:00:00 65,536 -c----w c:\windows\$NtServicePackUninstall$\icwphbk.dll
+ 2004-08-04 08:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\icwrmind.exe
+ 2004-08-04 08:00:00 49,152 -c----w c:\windows\$NtServicePackUninstall$\icwutil.dll
+ 2004-08-04 08:00:00 120,832 -c----w c:\windows\$NtServicePackUninstall$\idq.dll
+ 2006-10-17 17:06:00 78,336 -c----w c:\windows\$NtServicePackUninstall$\ieencode.dll
+ 2004-08-04 08:00:00 114,688 -c----w c:\windows\$NtServicePackUninstall$\iexpress.exe
+ 2004-08-04 08:00:00 135,680 -c----w c:\windows\$NtServicePackUninstall$\ifmon.dll
+ 2004-08-04 08:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\igmpagnt.dll
+ 2004-08-04 08:00:00 505,344 -c----w c:\windows\$NtServicePackUninstall$\iis.dll
+ 2004-08-04 08:00:00 81,920 -c----w c:\windows\$NtServicePackUninstall$\ils.dll
+ 2004-08-04 08:00:00 144,384 -c----w c:\windows\$NtServicePackUninstall$\imagehlp.dll
+ 2004-08-04 08:00:00 150,016 -c----w c:\windows\$NtServicePackUninstall$\imapi.exe
+ 2004-08-04 08:00:00 41,856 -c----w c:\windows\$NtServicePackUninstall$\imapi.sys
+ 2004-08-04 08:00:00 36,921 -c----w c:\windows\$NtServicePackUninstall$\imeshare.dll
+ 2004-08-04 08:00:00 110,080 -c----w c:\windows\$NtServicePackUninstall$\imm32.dll
+ 2004-08-04 08:00:00 115,712 -c----w c:\windows\$NtServicePackUninstall$\imsinsnt.dll
+ 2004-08-04 08:00:00 274,432 -c----w c:\windows\$NtServicePackUninstall$\inetcfg.dll
+ 2007-08-21 06:15:44 683,520 -c----w c:\windows\$NtServicePackUninstall$\inetcomm.dll
+ 2004-08-04 08:00:00 33,280 -c----w c:\windows\$NtServicePackUninstall$\inetmib1.dll
+ 2004-08-04 08:00:00 75,264 -c----w c:\windows\$NtServicePackUninstall$\inetpp.dll
+ 2004-08-04 08:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\inetppui.dll
+ 2004-08-04 08:00:00 48,128 -c----w c:\windows\$NtServicePackUninstall$\inetres.dll
+ 2004-08-04 08:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\inetwiz.exe
+ 2004-08-04 08:00:00 147,456 -c----w c:\windows\$NtServicePackUninstall$\initpki.dll
+ 2004-08-04 08:00:00 123,392 -c----w c:\windows\$NtServicePackUninstall$\input.dll
+ 2004-08-04 00:59:42 5,504 -c----w c:\windows\$NtServicePackUninstall$\intelide.sys
+ 2004-08-27 21:42:45 36,096 -c----w c:\windows\$NtServicePackUninstall$\intelppm.sys
+ 2004-08-04 08:00:00 29,056 -c----w c:\windows\$NtServicePackUninstall$\ip6fw.sys
+ 2004-08-04 08:00:00 55,808 -c----w c:\windows\$NtServicePackUninstall$\ipconfig.exe
+ 2006-05-19 12:59:41 94,720 -c----w c:\windows\$NtServicePackUninstall$\iphlpapi.dll
+ 2004-08-04 08:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\ipinip.sys
+ 2004-08-04 08:00:00 154,112 -c----w c:\windows\$NtServicePackUninstall$\ipmontr.dll
+ 2004-09-29 22:28:37 134,912 -c----w c:\windows\$NtServicePackUninstall$\ipnat.sys
+ 2004-08-04 08:00:00 331,264 -c----w c:\windows\$NtServicePackUninstall$\ipnathlp.dll
+ 2004-08-04 08:00:00 330,752 -c----w c:\windows\$NtServicePackUninstall$\ippromon.dll
+ 2004-08-04 08:00:00 169,984 -c----w c:\windows\$NtServicePackUninstall$\iprtrmgr.dll
+ 2004-08-04 08:00:00 74,752 -c----w c:\windows\$NtServicePackUninstall$\ipsec.sys
+ 2004-08-04 08:00:00 349,696 -c----w c:\windows\$NtServicePackUninstall$\ipsecsnp.dll
+ 2004-08-04 08:00:00 182,784 -c----w c:\windows\$NtServicePackUninstall$\ipsecsvc.dll
+ 2004-08-04 08:00:00 384,000 -c----w c:\windows\$NtServicePackUninstall$\ipsmsnap.dll
+ 2004-08-04 08:00:00 53,248 -c----w c:\windows\$NtServicePackUninstall$\ipv6.exe
+ 2004-08-04 08:00:00 59,904 -c----w c:\windows\$NtServicePackUninstall$\ipv6mon.dll
+ 2004-08-04 08:00:00 23,552 -c----w c:\windows\$NtServicePackUninstall$\ipxroute.exe
+ 2004-08-04 08:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\ipxwan.dll
+ 2004-08-04 08:00:00 120,320 -c----w c:\windows\$NtServicePackUninstall$\ir41_qc.dll
+ 2004-08-04 08:00:00 338,432 -c----w c:\windows\$NtServicePackUninstall$\ir41_qcx.dll
+ 2004-08-04 08:00:00 755,200 -c----w c:\windows\$NtServicePackUninstall$\ir50_32.dll
+ 2004-08-04 08:00:00 200,192 -c----w c:\windows\$NtServicePackUninstall$\ir50_qc.dll
+ 2004-08-04 08:00:00 183,808 -c----w c:\windows\$NtServicePackUninstall$\ir50_qcx.dll
+ 2004-08-03 18:00:54 87,424 -c----w c:\windows\$NtServicePackUninstall$\irda.sys
+ 2004-08-04 08:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\irenum.sys
+ 2004-08-03 19:56:52 152,576 -c----w c:\windows\$NtServicePackUninstall$\irftp.exe
+ 2004-09-30 17:49:35 27,136 -c----w c:\windows\$NtServicePackUninstall$\irmon.dll
+ 2004-09-30 17:49:35 27,136 -c----w c:\windows\$NtServicePackUninstall$\irmon.dll.000
+ 2001-08-17 15:58:02 35,840 -c----w c:\windows\$NtServicePackUninstall$\isapnp.sys
+ 2004-08-04 08:00:00 81,920 -c----w c:\windows\$NtServicePackUninstall$\isign32.dll
+ 2004-08-04 08:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\isrdbg32.dll
+ 2005-05-27 02:04:27 155,136 -c----w c:\windows\$NtServicePackUninstall$\itircl.dll
+ 2005-05-27 02:04:27 137,216 -c----w c:\windows\$NtServicePackUninstall$\itss.dll
+ 2004-08-04 08:00:00 54,272 -c----w c:\windows\$NtServicePackUninstall$\ixsso.dll
+ 2004-08-04 05:56:44 47,616 -c----w c:\windows\$NtServicePackUninstall$\iyuv_32.dll
+ 2006-06-01 18:47:07 163,840 -c----w c:\windows\$NtServicePackUninstall$\jgdw400.dll
+ 2006-06-01 18:47:07 27,648 -c----w c:\windows\$NtServicePackUninstall$\jgpl400.dll
+ 2006-10-17 17:00:00 491,520 -c----w c:\windows\$NtServicePackUninstall$\jscript.dll
+ 2004-08-04 03:58:34 24,576 -c----w c:\windows\$NtServicePackUninstall$\kbdclass.sys
+ 2004-08-04 08:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\kbdfi1.dll
+ 2004-08-04 05:58:36 14,848 -c----w c:\windows\$NtServicePackUninstall$\kbdhid.sys
+ 2004-08-04 08:00:00 6,144 -c----w c:\windows\$NtServicePackUninstall$\kbdinbe1.dll
+ 2004-08-04 08:00:00 6,656 -c----w c:\windows\$NtServicePackUninstall$\kbdinben.dll
+ 2004-08-04 08:00:00 6,656 -c----w c:\windows\$NtServicePackUninstall$\kbdinmal.dll
+ 2004-08-04 08:00:00 5,632 -c----w c:\windows\$NtServicePackUninstall$\kbdmaori.dll
+ 2004-08-04 08:00:00 6,144 -c----w c:\windows\$NtServicePackUninstall$\kbdmlt47.dll
+ 2004-08-04 08:00:00 6,144 -c----w c:\windows\$NtServicePackUninstall$\kbdmlt48.dll
+ 2004-08-04 08:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\kbdnec.dll
+ 2004-08-04 08:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\kbdno1.dll
+ 2004-08-04 08:00:00 7,680 -c----w c:\windows\$NtServicePackUninstall$\kbdsmsfi.dll
+ 2004-08-04 08:00:00 7,680 -c----w c:\windows\$NtServicePackUninstall$\kbdsmsno.dll
+ 2004-08-04 08:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\kbdukx.dll
+ 2004-08-04 08:00:00 7,424 -c----w c:\windows\$NtServicePackUninstall$\kd1394.dll
+ 2005-06-15 17:49:30 295,936 -c----w c:\windows\$NtServicePackUninstall$\kerberos.dll
+ 2007-04-16 15:52:53 984,576 -c----w c:\windows\$NtServicePackUninstall$\kernel32.dll
+ 2004-08-04 08:00:00 150,528 -c----w c:\windows\$NtServicePackUninstall$\keymgr.dll
+ 2006-06-14 08:47:45 172,416 -c----w c:\windows\$NtServicePackUninstall$\kmixer.sys
+ 2006-06-14 08:47:45 172,416 -c----w c:\windows\$NtServicePackUninstall$\kmixer.sys.000
+ 2004-08-04 08:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\krnlprov.dll
+ 2004-08-04 04:15:22 140,928 -c----w c:\windows\$NtServicePackUninstall$\ks.sys
+ 2004-08-04 08:00:00 92,032 -c----w c:\windows\$NtServicePackUninstall$\ksecdd.sys
+ 2004-08-04 07:56:44 4,096 -c----w c:\windows\$NtServicePackUninstall$\ksuser.dll
+ 2004-08-04 08:00:00 423,936 -c----w c:\windows\$NtServicePackUninstall$\licdll.dll
+ 2004-08-04 08:00:00 58,880 -c----w c:\windows\$NtServicePackUninstall$\licwmi.dll
+ 2005-09-01 01:41:53 19,968 -c----w c:\windows\$NtServicePackUninstall$\linkinfo.dll
+ 2004-08-04 08:00:00 13,824 -c----w c:\windows\$NtServicePackUninstall$\lmhsvc.dll
+ 2004-08-04 08:00:00 399,872 -c----w c:\windows\$NtServicePackUninstall$\lmrt.dll
+ 2004-08-04 08:00:00 97,280 -c----w c:\windows\$NtServicePackUninstall$\loadperf.dll
+ 2004-08-04 08:00:00 221,696 -c----w c:\windows\$NtServicePackUninstall$\localsec.dll
+ 2004-08-04 08:00:00 341,504 -c----w c:\windows\$NtServicePackUninstall$\localspl.dll
+ 2004-08-04 08:00:00 11,776 -c----w c:\windows\$NtServicePackUninstall$\localui.dll
+ 2004-08-04 08:00:00 75,264 -c----w c:\windows\$NtServicePackUninstall$\locator.exe
+ 2005-04-28 19:16:29 19,968 -c----w c:\windows\$NtServicePackUninstall$\log.dll
+ 2004-08-04 08:00:00 59,392 -c----w c:\windows\$NtServicePackUninstall$\logman.exe
+ 2004-08-04 08:00:00 220,672 -c----w c:\windows\$NtServicePackUninstall$\logon.scr
+ 2004-08-04 08:00:00 514,560 -c----w c:\windows\$NtServicePackUninstall$\logonui.exe
+ 2004-08-04 08:00:00 22,016 -c----w c:\windows\$NtServicePackUninstall$\lpk.dll
+ 2004-08-04 08:00:00 10,240 -c----w c:\windows\$NtServicePackUninstall$\lprhelp.dll
+ 2007-11-07 09:26:56 721,920 -c----w c:\windows\$NtServicePackUninstall$\lsasrv.dll
+ 2004-08-04 08:00:00 13,312 -c----w c:\windows\$NtServicePackUninstall$\lsass.exe
+ 2006-10-04 08:48:36 72,704 -c----w c:\windows\$NtServicePackUninstall$\magnify.exe
+ 2004-08-04 08:00:00 85,504 -c----w c:\windows\$NtServicePackUninstall$\makecab.exe
+ 2004-08-04 08:00:00 14,848 -c----w c:\windows\$NtServicePackUninstall$\mcastmib.dll
+ 2004-08-04 08:00:00 84,480 -c----w c:\windows\$NtServicePackUninstall$\mciavi32.dll
+ 2004-08-04 08:00:00 35,328 -c----w c:\windows\$NtServicePackUninstall$\mciqtz32.dll
+ 2004-08-04 08:00:00 23,040 -c----w c:\windows\$NtServicePackUninstall$\mciseq.dll
+ 2004-08-04 08:00:00 23,552 -c----w c:\windows\$NtServicePackUninstall$\mciwave.dll
+ 2004-08-04 08:00:00 118,272 -c----w c:\windows\$NtServicePackUninstall$\mdminst.dll
+ 2004-08-04 08:00:00 16,896 -c----w c:\windows\$NtServicePackUninstall$\medctroc.dll
+ 2004-08-04 08:00:00 63,744 -c----w c:\windows\$NtServicePackUninstall$\mf.sys
+ 2007-03-08 15:36:28 40,960 -c----w c:\windows\$NtServicePackUninstall$\mf3216.dll
+ 2006-11-01 19:17:45 927,504 -c----w c:\windows\$NtServicePackUninstall$\mfc40u.dll
+ 2004-08-04 08:00:00 1,028,096 -c----w c:\windows\$NtServicePackUninstall$\mfc42.dll
+ 2004-08-04 08:00:00 22,528 -c----w c:\windows\$NtServicePackUninstall$\mfcsubs.dll
+ 2004-08-04 08:00:00 14,848 -c----w c:\windows\$NtServicePackUninstall$\mgmtapi.dll
+ 2004-08-04 08:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\midimap.dll
+ 2005-04-28 19:16:29 274,432 -c----w c:\windows\$NtServicePackUninstall$\migism.dll
+ 2005-04-28 18:16:30 261,120 -c----w c:\windows\$NtServicePackUninstall$\migisma.dll
+ 2004-08-04 08:00:00 60,928 -c----w c:\windows\$NtServicePackUninstall$\miglibnt.dll
+ 2005-04-28 00:12:58 103,424 -c----w c:\windows\$NtServicePackUninstall$\migload.exe
+ 2005-04-28 00:12:57 245,248 -c----w c:\windows\$NtServicePackUninstall$\migwiz.exe
+ 2005-04-28 00:12:57 241,152 -c----w c:\windows\$NtServicePackUninstall$\migwiza.exe
+ 2004-08-04 08:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\mimefilt.dll
+ 2004-08-04 08:00:00 586,240 -c----w c:\windows\$NtServicePackUninstall$\mlang.dll
+ 2004-08-04 08:00:00 815,104 -c----w c:\windows\$NtServicePackUninstall$\mmc.exe
+ 2004-08-04 08:00:00 70,656 -c----w c:\windows\$NtServicePackUninstall$\mmcbase.dll
+ 2004-08-04 08:00:00 1,192,960 -c----w c:\windows\$NtServicePackUninstall$\mmcndmgr.dll
+ 2004-08-04 08:00:00 50,688 -c----w c:\windows\$NtServicePackUninstall$\mmcshext.dll
+ 2004-08-04 08:00:00 17,408 -c----w c:\windows\$NtServicePackUninstall$\mmfutil.dll
+ 2004-08-04 08:00:00 34,560 -c----w c:\windows\$NtServicePackUninstall$\mnmdd.dll
+ 2004-08-04 08:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\mnmsrvc.exe
+ 2004-08-04 08:00:00 207,360 -c----w c:\windows\$NtServicePackUninstall$\mobsync.dll
+ 2004-08-04 08:00:00 143,360 -c----w c:\windows\$NtServicePackUninstall$\mobsync.exe
+ 2004-08-04 08:00:00 30,080 -c----w c:\windows\$NtServicePackUninstall$\modem.sys
+ 2004-08-04 08:00:00 153,600 -c----w c:\windows\$NtServicePackUninstall$\modemui.dll
+ 2004-08-04 08:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\mofcomp.exe
+ 2004-08-04 08:00:00 123,904 -c----w c:\windows\$NtServicePackUninstall$\mofd.dll
+ 2004-08-04 08:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\more.com
+ 2004-08-04 08:00:00 216,064 -c----w c:\windows\$NtServicePackUninstall$\moricons.dll
+ 2004-08-04 04:58:34 23,040 -c----w c:\windows\$NtServicePackUninstall$\mouclass.sys
+ 2004-08-04 08:00:00 42,240 -c----w c:\windows\$NtServicePackUninstall$\mountmgr.sys
+ 2004-08-04 08:00:00 3,555,328 -c----w c:\windows\$NtServicePackUninstall$\moviemk.exe
+ 2004-08-04 04:10:14 15,360 -c----w c:\windows\$NtServicePackUninstall$\mpe.sys
+ 2004-08-04 08:00:00 123,392 -c----w c:\windows\$NtServicePackUninstall$\mplay32.exe
+ 2004-08-04 08:00:00 4,639 -c----w c:\windows\$NtServicePackUninstall$\mplayer2.exe
+ 2004-08-04 08:00:00 59,904 -c----w c:\windows\$NtServicePackUninstall$\mpr.dll
+ 2004-08-04 08:00:00 87,040 -c----w c:\windows\$NtServicePackUninstall$\mprapi.dll
+ 2004-08-04 08:00:00 49,152 -c----w c:\windows\$NtServicePackUninstall$\mprdim.dll
+ 2007-07-06 10:05:47 72,960 -c----w c:\windows\$NtServicePackUninstall$\mqac.sys
+ 2007-07-06 12:46:59 138,240 -c----w c:\windows\$NtServicePackUninstall$\mqad.dll
+ 2004-08-04 08:00:00 19,968 -c----w c:\windows\$NtServicePackUninstall$\mqbkup.exe
+ 2007-07-06 12:46:59 47,104 -c----w c:\windows\$NtServicePackUninstall$\mqdscli.dll
+ 2007-07-06 12:46:59 16,896 -c----w c:\windows\$NtServicePackUninstall$\mqise.dll
+ 2004-08-04 08:00:00 89,088 -c----w c:\windows\$NtServicePackUninstall$\mqlogmgr.dll
+ 2004-08-04 08:00:00 225,280 -c----w c:\windows\$NtServicePackUninstall$\mqoa.dll
+ 2007-07-06 12:46:59 660,992 -c----w c:\windows\$NtServicePackUninstall$\mqqm.dll
+ 2007-07-06 12:46:59 177,152 -c----w c:\windows\$NtServicePackUninstall$\mqrt.dll
+ 2004-08-04 08:00:00 123,392 -c----w c:\windows\$NtServicePackUninstall$\mqrtdep.dll
+ 2007-07-06 12:46:59 95,744 -c----w c:\windows\$NtServicePackUninstall$\mqsec.dll
+ 2004-08-04 08:00:00 517,632 -c----w c:\windows\$NtServicePackUninstall$\mqsnap.dll
+ 2004-08-04 08:00:00 4,608 -c----w c:\windows\$NtServicePackUninstall$\mqsvc.exe
+ 2004-08-04 08:00:00 117,248 -c----w c:\windows\$NtServicePackUninstall$\mqtgsvc.exe
+ 2004-08-04 08:00:00 186,880 -c----w c:\windows\$NtServicePackUninstall$\mqtrig.dll
+ 2007-07-06 12:46:59 48,640 -c----w c:\windows\$NtServicePackUninstall$\mqupgrd.dll
+ 2007-07-06 12:46:59 471,552 -c----w c:\windows\$NtServicePackUninstall$\mqutil.dll
+ 2007-12-18 09:51:35 179,584 -c----w c:\windows\$NtServicePackUninstall$\mrxdav.sys
+ 2006-06-20 08:50:27 453,248 -c----w c:\windows\$NtServicePackUninstall$\mrxsmb.sys
+ 2006-06-20 08:50:27 453,248 -c----w c:\windows\$NtServicePackUninstall$\mrxsmb.sys.000

**Randyvz** · 2009-01-23, 23:57

+ 2004-08-04 08:00:00 71,680 -c----w c:\windows\$NtServicePackUninstall$\msacm32.dll
+ 2004-08-04 08:00:00 331,776 -c----w c:\windows\$NtServicePackUninstall$\msadce.dll
+ 2004-08-04 08:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\msadcer.dll
+ 2004-08-04 08:00:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\msadcf.dll
+ 2004-08-04 08:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\msadcfr.dll
+ 2006-03-23 05:44:21 143,360 -c----w c:\windows\$NtServicePackUninstall$\msadco.dll
+ 2004-08-04 08:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\msadcor.dll
+ 2004-08-04 08:00:00 53,248 -c----w c:\windows\$NtServicePackUninstall$\msadcs.dll
+ 2004-08-04 08:00:00 155,648 -c----w c:\windows\$NtServicePackUninstall$\msadds.dll
+ 2004-08-04 08:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\msaddsr.dll
+ 2004-08-04 08:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\msader15.dll
+ 2006-12-26 13:07:23 536,576 -c----w c:\windows\$NtServicePackUninstall$\msado15.dll
+ 2006-12-26 13:07:23 180,224 -c----w c:\windows\$NtServicePackUninstall$\msadomd.dll
+ 2004-08-04 08:00:00 57,344 -c----w c:\windows\$NtServicePackUninstall$\msador15.dll
+ 2006-12-26 13:07:23 200,704 -c----w c:\windows\$NtServicePackUninstall$\msadox.dll
+ 2004-08-04 08:00:00 57,344 -c----w c:\windows\$NtServicePackUninstall$\msadrh15.dll
+ 2004-08-04 08:00:00 3,584 -c----w c:\windows\$NtServicePackUninstall$\msafd.dll
+ 2004-08-04 08:00:00 86,016 -c----w c:\windows\$NtServicePackUninstall$\msapsspc.dll
+ 2004-08-04 08:00:00 57,344 -c----w c:\windows\$NtServicePackUninstall$\msasn1.dll
+ 2004-08-04 08:00:00 220,160 -c----w c:\windows\$NtServicePackUninstall$\mscandui.dll
+ 2005-06-29 01:46:00 74,240 -c----w c:\windows\$NtServicePackUninstall$\mscms.dll
+ 2004-08-04 08:00:00 69,632 -c----w c:\windows\$NtServicePackUninstall$\msconf.dll
+ 2004-08-04 08:00:00 158,208 -c----w c:\windows\$NtServicePackUninstall$\msconfig.exe
+ 2004-08-04 08:00:00 12,288 -c----w c:\windows\$NtServicePackUninstall$\mscpx32r.dll
+ 2004-08-04 08:00:00 36,864 -c----w c:\windows\$NtServicePackUninstall$\mscpxl32.dll
+ 2004-08-04 08:00:00 294,400 -c----w c:\windows\$NtServicePackUninstall$\msctf.dll
+ 2004-08-04 08:00:00 69,120 -c----w c:\windows\$NtServicePackUninstall$\msctfp.dll
+ 2004-08-04 08:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\msdadc.dll
+ 2004-08-04 08:00:00 118,784 -c----w c:\windows\$NtServicePackUninstall$\msdadiag.dll
+ 2004-08-04 08:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\msdaenum.dll
+ 2004-08-04 08:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\msdaer.dll
+ 2004-08-04 08:00:00 233,472 -c----w c:\windows\$NtServicePackUninstall$\msdaora.dll
+ 2004-08-04 08:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\msdaorar.dll
+ 2004-08-04 08:00:00 77,824 -c----w c:\windows\$NtServicePackUninstall$\msdaosp.dll
+ 2004-08-04 08:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\msdaprsr.dll
+ 2004-08-04 08:00:00 200,704 -c----w c:\windows\$NtServicePackUninstall$\msdaprst.dll
+ 2004-08-04 08:00:00 204,800 -c----w c:\windows\$NtServicePackUninstall$\msdaps.dll
+ 2004-08-04 08:00:00 118,784 -c----w c:\windows\$NtServicePackUninstall$\msdarem.dll
+ 2004-08-04 08:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\msdaremr.dll
+ 2004-08-04 08:00:00 151,552 -c----w c:\windows\$NtServicePackUninstall$\msdart.dll
+ 2004-08-04 08:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\msdasc.dll
+ 2004-08-04 08:00:00 315,392 -c----w c:\windows\$NtServicePackUninstall$\msdasql.dll
+ 2004-08-04 08:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\msdasqlr.dll
+ 2004-08-04 08:00:00 94,208 -c----w c:\windows\$NtServicePackUninstall$\msdatl3.dll
+ 2004-08-04 08:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\msdatt.dll
+ 2004-08-04 08:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\msdaurl.dll
+ 2004-08-04 08:00:00 36,864 -c----w c:\windows\$NtServicePackUninstall$\msdfmap.dll
+ 2004-08-04 08:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\msdmo.dll
+ 2004-08-04 08:00:00 6,144 -c----w c:\windows\$NtServicePackUninstall$\msdtc.exe
+ 2004-08-04 08:00:00 58,880 -c----w c:\windows\$NtServicePackUninstall$\msdtclog.dll
+ 2006-03-01 19:42:42 426,496 -c----w c:\windows\$NtServicePackUninstall$\msdtcprx.dll
+ 2004-08-04 08:00:00 82,432 -c----w c:\windows\$NtServicePackUninstall$\msdtcstp.dll
+ 2006-03-01 19:42:42 956,416 -c----w c:\windows\$NtServicePackUninstall$\msdtctm.dll
+ 2006-03-01 19:42:42 161,280 -c----w c:\windows\$NtServicePackUninstall$\msdtcuiu.dll
+ 2004-08-04 04:10:00 51,328 -c----w c:\windows\$NtServicePackUninstall$\msdv.sys
+ 2004-08-04 08:00:00 4,126 -c----w c:\windows\$NtServicePackUninstall$\msdxmlc.dll
+ 2004-08-04 08:00:00 512,029 -c----w c:\windows\$NtServicePackUninstall$\msexch40.dll
+ 2004-08-04 08:00:00 319,517 -c----w c:\windows\$NtServicePackUninstall$\msexcl40.dll
+ 2004-08-04 08:00:00 19,072 -c----w c:\windows\$NtServicePackUninstall$\msfs.sys
+ 2006-11-27 14:54:06 539,136 -c----w c:\windows\$NtServicePackUninstall$\msftedit.dll
+ 2004-08-04 08:00:00 994,304 -c----w c:\windows\$NtServicePackUninstall$\msgina.dll
+ 2004-08-04 08:00:00 35,072 -c----w c:\windows\$NtServicePackUninstall$\msgpc.sys
+ 2004-08-04 08:00:00 3,166,208 -c----w c:\windows\$NtServicePackUninstall$\msgr3en.dll
+ 2004-08-04 08:00:00 15,360 -c----w c:\windows\$NtServicePackUninstall$\msgrocm.dll
+ 2004-08-04 03:06:34 82,944 -c----w c:\windows\$NtServicePackUninstall$\msgsc.dll
+ 2004-08-04 03:06:34 180,224 -c----w c:\windows\$NtServicePackUninstall$\msgslang.dll
+ 2004-08-04 08:00:00 33,792 -c----w c:\windows\$NtServicePackUninstall$\msgsvc.dll
+ 2004-08-04 08:00:00 188,416 -c----w c:\windows\$NtServicePackUninstall$\msh261.drv
+ 2004-08-04 05:56:58 294,912 -c----w c:\windows\$NtServicePackUninstall$\msh263.drv
+ 2007-04-18 16:12:23 2,854,400 -c----w c:\windows\$NtServicePackUninstall$\msi.dll
+ 2004-08-04 08:00:00 51,712 -c----w c:\windows\$NtServicePackUninstall$\msident.dll
+ 2004-08-04 08:00:00 6,656 -c----w c:\windows\$NtServicePackUninstall$\msidle.dll
+ 2004-08-04 08:00:00 248,832 -c----w c:\windows\$NtServicePackUninstall$\msieftp.dll
+ 2005-05-03 19:58:36 78,848 -c----w c:\windows\$NtServicePackUninstall$\msiexec.exe
+ 2005-05-03 19:58:36 271,360 -c----w c:\windows\$NtServicePackUninstall$\msihnd.dll
+ 2004-08-04 08:00:00 4,608 -c----w c:\windows\$NtServicePackUninstall$\msimg32.dll
+ 2004-08-04 08:00:00 60,416 -c----w c:\windows\$NtServicePackUninstall$\msimn.exe
+ 2005-05-03 19:58:36 884,736 -c----w c:\windows\$NtServicePackUninstall$\msimsg.dll
+ 2004-08-04 08:00:00 159,232 -c----w c:\windows\$NtServicePackUninstall$\msimtf.dll
+ 2004-08-04 08:00:00 376,320 -c----w c:\windows\$NtServicePackUninstall$\msinfo.dll
+ 2005-05-03 19:58:36 15,360 -c----w c:\windows\$NtServicePackUninstall$\msisip.dll
+ 2004-08-04 08:00:00 1,507,356 -c----w c:\windows\$NtServicePackUninstall$\msjet40.dll
+ 2004-08-04 08:00:00 358,976 -c----w c:\windows\$NtServicePackUninstall$\msjetoledb40.dll
+ 2004-08-04 08:00:00 151,583 -c----w c:\windows\$NtServicePackUninstall$\msjint40.dll
+ 2006-12-26 13:07:23 102,400 -c----w c:\windows\$NtServicePackUninstall$\msjro.dll
+ 2004-08-04 08:00:00 53,279 -c----w c:\windows\$NtServicePackUninstall$\msjter40.dll
+ 2004-08-04 08:00:00 241,693 -c----w c:\windows\$NtServicePackUninstall$\msjtes40.dll
+ 2004-08-04 05:58:42 7,552 -c----w c:\windows\$NtServicePackUninstall$\mskssrv.sys
+ 2004-08-04 08:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\mslbui.dll
+ 2004-08-04 08:00:00 213,023 -c----w c:\windows\$NtServicePackUninstall$\msltus40.dll
+ 2004-08-04 08:00:00 39,936 -c----w c:\windows\$NtServicePackUninstall$\mslwvtts.dll
+ 2004-08-04 08:00:00 169,984 -c----w c:\windows\$NtServicePackUninstall$\msmqocm.dll
+ 2004-10-13 16:24:37 1,694,208 -c----w c:\windows\$NtServicePackUninstall$\msmsgs.exe
+ 2004-08-04 08:00:00 290,816 -c----w c:\windows\$NtServicePackUninstall$\msnsspc.dll
+ 2004-08-04 08:00:00 122,368 -c----w c:\windows\$NtServicePackUninstall$\msobcomm.dll
+ 2004-08-04 08:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\msobdl.dll
+ 2004-11-25 00:31:13 563,200 -c----w c:\windows\$NtServicePackUninstall$\msobmain.dll
+ 2004-08-04 08:00:00 30,720 -c----w c:\windows\$NtServicePackUninstall$\msobshel.dll
+ 2004-08-04 08:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\msobweb.dll
+ 2007-05-16 15:12:08 1,314,816 -c----w c:\windows\$NtServicePackUninstall$\msoe.dll
+ 2004-08-04 08:00:00 252,928 -c----w c:\windows\$NtServicePackUninstall$\msoeacct.dll
+ 2004-08-04 08:00:00 2,479,616 -c----w c:\windows\$NtServicePackUninstall$\msoeres.dll
+ 2004-08-04 08:00:00 105,984 -c----w c:\windows\$NtServicePackUninstall$\msoert2.dll
+ 2004-08-04 08:00:00 28,160 -c----w c:\windows\$NtServicePackUninstall$\msoobe.exe
+ 2004-08-04 08:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\msorc32r.dll
+ 2004-08-04 08:00:00 143,360 -c----w c:\windows\$NtServicePackUninstall$\msorcl32.dll
+ 2004-08-04 08:00:00 343,040 -c----w c:\windows\$NtServicePackUninstall$\mspaint.exe
+ 2004-08-04 08:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\mspatcha.dll
+ 2004-08-04 08:00:00 348,189 -c----w c:\windows\$NtServicePackUninstall$\mspbde40.dll
+ 2004-08-04 05:58:40 5,376 -c----w c:\windows\$NtServicePackUninstall$\mspclock.sys
+ 2004-08-04 05:58:42 4,992 -c----w c:\windows\$NtServicePackUninstall$\mspqm.sys
+ 2004-08-04 08:00:00 48,128 -c----w c:\windows\$NtServicePackUninstall$\msprivs.dll
+ 2004-08-04 08:00:00 421,919 -c----w c:\windows\$NtServicePackUninstall$\msrd2x40.dll
+ 2004-08-04 08:00:00 315,423 -c----w c:\windows\$NtServicePackUninstall$\msrd3x40.dll
+ 2004-08-04 08:00:00 552,989 -c----w c:\windows\$NtServicePackUninstall$\msrepl40.dll
+ 2004-08-04 08:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\msrle32.dll
+ 2004-08-04 08:00:00 134,656 -c----w c:\windows\$NtServicePackUninstall$\mssap.dll
+ 2004-08-04 08:00:00 15,488 -c----w c:\windows\$NtServicePackUninstall$\mssmbios.sys
+ 2004-08-04 08:00:00 274,432 -c----w c:\windows\$NtServicePackUninstall$\mst120.dll
+ 2004-08-04 08:00:00 57,344 -c----w c:\windows\$NtServicePackUninstall$\mst123.dll
+ 2004-08-04 08:00:00 274,944 -c----w c:\windows\$NtServicePackUninstall$\mstask.dll
+ 2004-08-04 03:58:40 5,504 -c----w c:\windows\$NtServicePackUninstall$\mstee.sys
+ 2004-08-04 08:00:00 258,077 -c----w c:\windows\$NtServicePackUninstall$\mstext40.dll
+ 2004-08-04 08:00:00 12,288 -c----w c:\windows\$NtServicePackUninstall$\mstinit.exe
+ 2004-08-04 08:00:00 115,712 -c----w c:\windows\$NtServicePackUninstall$\mstlsapi.dll
+ 2006-11-07 08:06:47 600,576 -c----w c:\windows\$NtServicePackUninstall$\mstsc.exe
+ 2006-11-13 06:02:58 1,866,240 -c----w c:\windows\$NtServicePackUninstall$\mstscax.dll
+ 2004-08-04 08:00:00 195,072 -c----w c:\windows\$NtServicePackUninstall$\msutb.dll
+ 2004-08-04 08:00:00 129,536 -c----w c:\windows\$NtServicePackUninstall$\msv1_0.dll
+ 2004-02-23 20:42:40 1,386,496 -c----w c:\windows\$NtServicePackUninstall$\msvbvm60.dll
+ 2004-08-04 08:00:00 54,784 -c----w c:\windows\$NtServicePackUninstall$\msvcirt.dll
+ 2004-08-04 08:00:00 413,696 -c----w c:\windows\$NtServicePackUninstall$\msvcp60.dll
+ 2004-08-04 08:00:00 343,040 -c----w c:\windows\$NtServicePackUninstall$\msvcrt.dll
+ 2004-08-04 08:00:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\msvcrt40.dll
+ 2004-08-04 08:00:00 120,832 -c----w c:\windows\$NtServicePackUninstall$\msvfw32.dll
+ 2004-08-04 08:00:00 1,428,480 -c----w c:\windows\$NtServicePackUninstall$\msvidctl.dll
+ 2004-08-04 08:00:00 72,704 -c----w c:\windows\$NtServicePackUninstall$\msw3prt.dll
+ 2004-08-04 08:00:00 831,519 -c----w c:\windows\$NtServicePackUninstall$\mswdat10.dll
+ 2004-08-04 08:00:00 204,288 -c----w c:\windows\$NtServicePackUninstall$\mswebdvd.dll
+ 2004-08-04 08:00:00 245,248 -c----w c:\windows\$NtServicePackUninstall$\mswsock.dll
+ 2004-08-04 08:00:00 614,429 -c----w c:\windows\$NtServicePackUninstall$\mswstr10.dll
+ 2004-08-04 08:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\msxactps.dll
+ 2004-08-04 08:00:00 348,189 -c----w c:\windows\$NtServicePackUninstall$\msxbde40.dll
+ 2004-08-04 08:00:00 506,368 -c----w c:\windows\$NtServicePackUninstall$\msxml.dll
+ 2004-08-04 08:00:00 701,440 -c----w c:\windows\$NtServicePackUninstall$\msxml2.dll
+ 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\$NtServicePackUninstall$\msxml3.dll
+ 2007-05-15 21:43:10 1,320,800 -c----w c:\windows\$NtServicePackUninstall$\msxml6.dll
+ 2006-10-19 19:33:20 86,728 -c----w c:\windows\$NtServicePackUninstall$\msxml6r.dll
+ 2004-08-04 05:56:46 17,408 -c----w c:\windows\$NtServicePackUninstall$\msyuv.dll
+ 2006-03-01 19:42:42 66,560 -c----w c:\windows\$NtServicePackUninstall$\mtxclu.dll
+ 2004-08-04 08:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\mtxdm.dll
+ 2004-08-04 08:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\mtxex.dll
+ 2004-08-04 08:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\mtxlegih.dll
+ 2006-03-01 19:42:42 91,136 -c----w c:\windows\$NtServicePackUninstall$\mtxoci.dll
+ 2004-08-04 08:00:00 90,624 -c----w c:\windows\$NtServicePackUninstall$\muisetup.exe
+ 2004-08-04 08:00:00 107,904 -c----w c:\windows\$NtServicePackUninstall$\mup.sys
+ 2004-08-04 08:00:00 90,624 -c----w c:\windows\$NtServicePackUninstall$\mydocs.dll
+ 2004-08-04 04:10:30 85,376 -c----w c:\windows\$NtServicePackUninstall$\nabtsfec.sys
+ 2004-08-04 08:00:00 221,184 -c----w c:\windows\$NtServicePackUninstall$\nac.dll
+ 2006-10-04 08:48:36 53,760 -c----w c:\windows\$NtServicePackUninstall$\narrator.exe
+ 2004-08-04 08:00:00 36,352 -c----w c:\windows\$NtServicePackUninstall$\ncobjapi.dll
+ 2004-08-04 08:00:00 47,104 -c----w c:\windows\$NtServicePackUninstall$\ncprov.dll
+ 2004-08-04 08:00:00 17,920 -c----w c:\windows\$NtServicePackUninstall$\nddeapi.dll
+ 2004-08-04 08:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\nddeapir.exe
+ 2004-08-04 08:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\nddenb32.dll
+ 2006-01-10 01:01:06 182,528 -c----w c:\windows\$NtServicePackUninstall$\ndis.sys
+ 2004-08-04 04:10:14 10,880 -c----w c:\windows\$NtServicePackUninstall$\ndisip.sys
+ 2004-08-04 08:00:00 57,344 -c----w c:\windows\$NtServicePackUninstall$\ndisnpp.dll
+ 2004-08-04 08:00:00 9,600 -c----w c:\windows\$NtServicePackUninstall$\ndistapi.sys
+ 2004-08-04 08:00:00 12,928 -c----w c:\windows\$NtServicePackUninstall$\ndisuio.sys
+ 2004-08-04 08:00:00 91,776 -c----w c:\windows\$NtServicePackUninstall$\ndiswan.sys
+ 2004-08-04 08:00:00 38,016 -c----w c:\windows\$NtServicePackUninstall$\ndproxy.sys
+ 2004-08-04 08:00:00 42,496 -c----w c:\windows\$NtServicePackUninstall$\net.exe
+ 2004-08-04 08:00:00 124,928 -c----w c:\windows\$NtServicePackUninstall$\net1.exe
+ 2006-08-17 12:28:27 332,288 -c----w c:\windows\$NtServicePackUninstall$\netapi32.dll
+ 2004-08-04 08:00:00 34,560 -c----w c:\windows\$NtServicePackUninstall$\netbios.sys
+ 2004-08-04 08:00:00 162,816 -c----w c:\windows\$NtServicePackUninstall$\netbt.sys
+ 2004-08-04 08:00:00 622,080 -c----w c:\windows\$NtServicePackUninstall$\netcfgx.dll
+ 2004-08-04 08:00:00 111,104 -c----w c:\windows\$NtServicePackUninstall$\netdde.exe
+ 2004-08-04 08:00:00 139,264 -c----w c:\windows\$NtServicePackUninstall$\netid.dll
+ 2004-08-04 08:00:00 407,040 -c----w c:\windows\$NtServicePackUninstall$\netlogon.dll
+ 2005-08-22 18:29:46 197,632 -c----w c:\windows\$NtServicePackUninstall$\netman.dll
+ 2004-08-04 08:00:00 77,312 -c----w c:\windows\$NtServicePackUninstall$\netoc.dll
+ 2004-08-04 08:00:00 875,008 -c----w c:\windows\$NtServicePackUninstall$\netplwiz.dll
+ 2004-08-04 08:00:00 12,288 -c----w c:\windows\$NtServicePackUninstall$\netrap.dll
+ 2004-08-04 08:00:00 329,728 -c----w c:\windows\$NtServicePackUninstall$\netsetup.exe
+ 2004-08-04 08:00:00 86,016 -c----w c:\windows\$NtServicePackUninstall$\netsh.exe
+ 2004-08-04 08:00:00 1,708,032 -c----w c:\windows\$NtServicePackUninstall$\netshell.dll
+ 2004-08-04 08:00:00 36,864 -c----w c:\windows\$NtServicePackUninstall$\netstat.exe
+ 2004-08-04 08:00:00 80,896 -c----w c:\windows\$NtServicePackUninstall$\netui0.dll
+ 2004-08-04 08:00:00 245,760 -c----w c:\windows\$NtServicePackUninstall$\netui1.dll
+ 2004-08-12 12:50:02 247,808 -c----w c:\windows\$NtServicePackUninstall$\newdev.dll
+ 2004-08-04 08:00:00 61,824 -c----w c:\windows\$NtServicePackUninstall$\nic1394.sys
+ 2004-08-04 08:00:00 103,936 -c----w c:\windows\$NtServicePackUninstall$\nlhtml.dll
+ 2004-08-04 08:00:00 229,376 -c----w c:\windows\$NtServicePackUninstall$\nmas.dll
+ 2004-08-04 08:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\nmasnt.dll
+ 2004-08-04 08:00:00 81,920 -c----w c:\windows\$NtServicePackUninstall$\nmchat.dll
+ 2004-08-04 08:00:00 77,824 -c----w c:\windows\$NtServicePackUninstall$\nmcom.dll
+ 2004-08-04 08:00:00 151,552 -c----w c:\windows\$NtServicePackUninstall$\nmft.dll
+ 2004-08-04 08:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\nmmkcert.dll
+ 2004-08-04 08:00:00 40,320 -c----w c:\windows\$NtServicePackUninstall$\nmnt.sys
+ 2004-08-04 08:00:00 172,032 -c----w c:\windows\$NtServicePackUninstall$\nmoldwb.dll
+ 2004-08-04 08:00:00 188,416 -c----w c:\windows\$NtServicePackUninstall$\nmwb.dll
+ 2004-08-04 08:00:00 69,120 -c----w c:\windows\$NtServicePackUninstall$\notepad.exe
+ 2004-08-04 08:00:00 226,816 -c----w c:\windows\$NtServicePackUninstall$\npdrmv2.dll
+ 2005-11-29 23:27:06 364,544 -c----w c:\windows\$NtServicePackUninstall$\npdsplay.dll
+ 2004-08-04 08:00:00 30,848 -c----w c:\windows\$NtServicePackUninstall$\npfs.sys
+ 2004-08-04 08:00:00 15,360 -c----w c:\windows\$NtServicePackUninstall$\nppagent.exe
+ 2004-08-04 08:00:00 54,784 -c----w c:\windows\$NtServicePackUninstall$\npptools.dll
+ 2004-08-04 08:00:00 10,240 -c----w c:\windows\$NtServicePackUninstall$\npwmsdrm.dll
+ 2004-08-04 08:00:00 76,800 -c----w c:\windows\$NtServicePackUninstall$\nslookup.exe
+ 2004-08-04 08:00:00 1,200,128 -c----w c:\windows\$NtServicePackUninstall$\ntbackup.exe
+ 2004-08-04 08:00:00 708,096 -c----w c:\windows\$NtServicePackUninstall$\ntdll.dll
+ 2004-08-04 08:00:00 67,072 -c----w c:\windows\$NtServicePackUninstall$\ntdsapi.dll
+ 2004-08-04 08:00:00 212,992 -c----w c:\windows\$NtServicePackUninstall$\ntevt.dll
+ 2007-02-09 11:10:35 574,464 -c----w c:\windows\$NtServicePackUninstall$\ntfs.sys
+ 2007-02-28 09:53:04 2,137,600 -c----w c:\windows\$NtServicePackUninstall$\ntkrnlmp.exe
+ 2007-02-28 09:53:04 2,137,600 -c----w c:\windows\$NtServicePackUninstall$\ntkrnlmp.exe.000
+ 2007-02-28 09:15:59 2,017,280 -c----w c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
+ 2007-02-28 09:15:59 2,017,280 -c----w c:\windows\$NtServicePackUninstall$\ntkrpamp.exe
+ 2007-02-28 09:15:59 2,017,280 -c----w c:\windows\$NtServicePackUninstall$\ntkrpamp.exe.000
+ 2004-08-04 08:00:00 43,520 -c----w c:\windows\$NtServicePackUninstall$\ntlanman.dll
+ 2004-08-04 08:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\ntlsapi.dll
+ 2004-08-04 08:00:00 118,784 -c----w c:\windows\$NtServicePackUninstall$\ntmarta.dll
+ 2004-08-04 08:00:00 40,960 -c----w c:\windows\$NtServicePackUninstall$\ntmsapi.dll
+ 2004-08-04 08:00:00 179,712 -c----w c:\windows\$NtServicePackUninstall$\ntmsdba.dll
+ 2004-08-04 08:00:00 488,448 -c----w c:\windows\$NtServicePackUninstall$\ntmsmgr.dll
+ 2004-08-04 08:00:00 435,200 -c----w c:\windows\$NtServicePackUninstall$\ntmssvc.dll
+ 2004-08-04 08:00:00 62,976 -c----w c:\windows\$NtServicePackUninstall$\ntoc.dll
+ 2007-02-28 09:53:04 2,137,600 -c----w c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
+ 2004-08-04 08:00:00 91,136 -c----w c:\windows\$NtServicePackUninstall$\ntprint.dll
+ 2004-08-04 08:00:00 143,872 -c----w c:\windows\$NtServicePackUninstall$\ntshrui.dll
+ 2004-08-04 08:00:00 419,840 -c----w c:\windows\$NtServicePackUninstall$\ntvdm.exe
+ 2004-08-04 08:00:00 13,312 -c----w c:\windows\$NtServicePackUninstall$\ntvdmd.dll
+ 2006-10-13 12:35:12 64,000 -c----w c:\windows\$NtServicePackUninstall$\nwapi32.dll
+ 2004-08-04 08:00:00 88,448 -c----w c:\windows\$NtServicePackUninstall$\nwlnkipx.sys
+ 2006-10-13 12:35:12 142,336 -c----w c:\windows\$NtServicePackUninstall$\nwprovau.dll
+ 2006-10-13 10:23:15 163,584 -c----w c:\windows\$NtServicePackUninstall$\nwrdr.sys
+ 2006-10-13 12:35:12 65,536 -c----w c:\windows\$NtServicePackUninstall$\nwwks.dll
+ 2004-08-04 08:00:00 266,752 -c----w c:\windows\$NtServicePackUninstall$\oakley.dll
+ 2004-08-04 08:00:00 229,376 -c----w c:\windows\$NtServicePackUninstall$\obelog.dll
+ 2004-08-04 08:00:00 966,656 -c----w c:\windows\$NtServicePackUninstall$\obemetal.dll
+ 2004-08-04 08:00:00 77,824 -c----w c:\windows\$NtServicePackUninstall$\obemtllc.dll
+ 2004-08-04 08:00:00 86,016 -c----w c:\windows\$NtServicePackUninstall$\obepopc.dll
+ 2004-08-04 08:00:00 285,696 -c----w c:\windows\$NtServicePackUninstall$\objsel.dll
+ 2004-08-04 08:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\ocgen.dll
+ 2004-08-04 08:00:00 60,928 -c----w c:\windows\$NtServicePackUninstall$\ocmanage.dll
+ 2004-08-04 08:00:00 17,408 -c----w c:\windows\$NtServicePackUninstall$\ocmsn.dll
+ 2004-08-04 08:00:00 249,856 -c----w c:\windows\$NtServicePackUninstall$\odbc32.dll
+ 2004-08-04 08:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\odbc32gt.dll
+ 2004-08-04 08:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\odbcad32.exe
+ 2004-08-04 08:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\odbcbcp.dll
+ 2004-08-04 08:00:00 135,168 -c----w c:\windows\$NtServicePackUninstall$\odbcconf.dll
+ 2004-08-04 08:00:00 69,632 -c----w c:\windows\$NtServicePackUninstall$\odbcconf.exe
+ 2004-08-04 08:00:00 106,496 -c----w c:\windows\$NtServicePackUninstall$\odbccp32.dll
+ 2004-08-04 08:00:00 65,536 -c----w c:\windows\$NtServicePackUninstall$\odbccr32.dll
+ 2004-08-04 08:00:00 65,536 -c----w c:\windows\$NtServicePackUninstall$\odbccu32.dll
+ 2004-08-04 08:00:00 94,208 -c----w c:\windows\$NtServicePackUninstall$\odbcint.dll
+ 2004-08-04 08:00:00 53,279 -c----w c:\windows\$NtServicePackUninstall$\odbcji32.dll
+ 2004-08-04 08:00:00 278,559 -c----w c:\windows\$NtServicePackUninstall$\odbcjt32.dll
+ 2004-08-04 08:00:00 12,288 -c----w c:\windows\$NtServicePackUninstall$\odbcp32r.dll
+ 2004-08-04 08:00:00 147,456 -c----w c:\windows\$NtServicePackUninstall$\odbctrac.dll
+ 2004-08-04 08:00:00 20,511 -c----w c:\windows\$NtServicePackUninstall$\oddbse32.dll
+ 2004-08-04 08:00:00 20,510 -c----w c:\windows\$NtServicePackUninstall$\odexl32.dll
+ 2004-08-04 08:00:00 20,510 -c----w c:\windows\$NtServicePackUninstall$\odfox32.dll
+ 2004-08-04 08:00:00 20,510 -c----w c:\windows\$NtServicePackUninstall$\odpdx32.dll
+ 2004-08-04 08:00:00 20,511 -c----w c:\windows\$NtServicePackUninstall$\odtext32.dll
+ 2004-08-04 08:00:00 104,448 -c----w c:\windows\$NtServicePackUninstall$\oeimport.dll
+ 2004-08-04 08:00:00 60,416 -c----w c:\windows\$NtServicePackUninstall$\oemig50.exe
+ 2004-08-04 08:00:00 35,328 -c----w c:\windows\$NtServicePackUninstall$\oemiglib.dll
+ 2004-08-04 08:00:00 120,832 -c----w c:\windows\$NtServicePackUninstall$\offfilt.dll
+ 2004-09-27 22:19:12 61,056 -c----w c:\windows\$NtServicePackUninstall$\ohci1394.sys
+ 2004-09-27 22:19:12 61,056 -c----w c:\windows\$NtServicePackUninstall$\ohci1394.sys.000
+ 2005-07-26 04:39:48 1,285,120 -c----w c:\windows\$NtServicePackUninstall$\ole32.dll
+ 2007-12-04 18:38:13 550,912 -c----w c:\windows\$NtServicePackUninstall$\oleaut32.dll
+ 2005-07-26 04:39:48 74,752 -c----w c:\windows\$NtServicePackUninstall$\olecli32.dll
+ 2005-07-26 04:39:49 37,888 -c----w c:\windows\$NtServicePackUninstall$\olecnv32.dll
+ 2004-08-04 08:00:00 487,424 -c----w c:\windows\$NtServicePackUninstall$\oledb32.dll
+ 2004-08-04 08:00:00 65,536 -c----w c:\windows\$NtServicePackUninstall$\oledb32r.dll
+ 2006-10-16 16:15:00 122,880 -c----w c:\windows\$NtServicePackUninstall$\oledlg.dll
+ 2004-08-04 08:00:00 107,008 -c----w c:\windows\$NtServicePackUninstall$\oleprn.dll
+ 2004-08-04 08:00:00 83,456 -c----w c:\windows\$NtServicePackUninstall$\olepro32.dll
+ 2004-08-04 08:00:00 51,200 -c----w c:\windows\$NtServicePackUninstall$\oobebaln.exe
+ 2004-08-04 08:00:00 67,584 -c----w c:\windows\$NtServicePackUninstall$\openfiles.exe
+ 2004-08-04 08:00:00 713,728 -c----w c:\windows\$NtServicePackUninstall$\opengl32.dll
+ 2006-10-04 08:48:37 215,552 -c----w c:\windows\$NtServicePackUninstall$\osk.exe
+ 2004-08-04 08:00:00 67,584 -c----w c:\windows\$NtServicePackUninstall$\osuninst.dll
+ 2006-10-11 16:24:45 153,088 -c----w c:\windows\$NtServicePackUninstall$\p2p.dll
+ 2006-10-11 16:24:45 104,960 -c----w c:\windows\$NtServicePackUninstall$\p2pgasvc.dll
+ 2006-10-11 16:24:45 313,344 -c----w c:\windows\$NtServicePackUninstall$\p2pgraph.dll
+ 2006-10-11 16:24:45 116,224 -c----w c:\windows\$NtServicePackUninstall$\p2pnetsh.dll
+ 2006-10-11 16:24:45 553,984 -c----w c:\windows\$NtServicePackUninstall$\p2psvc.dll
+ 2004-08-04 08:00:00 42,496 -c----w c:\windows\$NtServicePackUninstall$\p3.sys
+ 2004-08-04 08:00:00 58,368 -c----w c:\windows\$NtServicePackUninstall$\packager.exe
+ 2004-08-04 08:00:00 80,128 -c----w c:\windows\$NtServicePackUninstall$\parport.sys
+ 2004-08-04 08:00:00 18,688 -c----w c:\windows\$NtServicePackUninstall$\partmgr.sys
+ 2004-08-04 08:00:00 62,976 -c----w c:\windows\$NtServicePackUninstall$\pautoenr.dll
+ 2004-08-04 08:00:00 102,400 -c----w c:\windows\$NtServicePackUninstall$\pchshell.dll
+ 2004-08-04 08:00:00 38,912 -c----w c:\windows\$NtServicePackUninstall$\pchsvc.dll
+ 2004-08-04 01:07:48 68,224 -c----w c:\windows\$NtServicePackUninstall$\pci.sys
+ 2004-08-04 00:59:42 25,088 -c----w c:\windows\$NtServicePackUninstall$\pciidex.sys
+ 2004-08-04 05:56:24 676,864 -c----w c:\windows\$NtServicePackUninstall$\pcl5eres.dll
+ 2004-08-04 05:56:24 169,472 -c----w c:\windows\$NtServicePackUninstall$\pclxl.dll
+ 2004-08-04 08:00:00 119,936 -c----w c:\windows\$NtServicePackUninstall$\pcmcia.sys
+ 2004-08-04 08:00:00 283,648 -c----w c:\windows\$NtServicePackUninstall$\pdh.dll
+ 2004-08-04 08:00:00 39,936 -c----w c:\windows\$NtServicePackUninstall$\perfctrs.dll
+ 2004-08-04 08:00:00 26,624 -c----w c:\windows\$NtServicePackUninstall$\perfdisk.dll
+ 2004-08-04 08:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\perfmon.exe
+ 2004-08-04 08:00:00 16,896 -c----w c:\windows\$NtServicePackUninstall$\perfnet.dll
+ 2004-08-04 08:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\perfos.dll
+ 2004-08-04 08:00:00 34,816 -c----w c:\windows\$NtServicePackUninstall$\perfproc.dll
+ 2006-10-24 18:30:20 412,160 -c----w c:\windows\$NtServicePackUninstall$\photometadatahandler.dll
+ 2004-08-04 08:00:00 176,128 -c----w c:\windows\$NtServicePackUninstall$\photowiz.dll
+ 2004-08-04 08:00:00 35,328 -c----w c:\windows\$NtServicePackUninstall$\pid.dll
+ 2004-08-04 08:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\pidgen.dll
+ 2004-08-04 08:00:00 281,088 -c----w c:\windows\$NtServicePackUninstall$\pinball.exe
+ 2004-08-04 08:00:00 17,920 -c----w c:\windows\$NtServicePackUninstall$\ping.exe
+ 2004-08-04 08:00:00 15,360 -c----w c:\windows\$NtServicePackUninstall$\pjlmon.dll
+ 2006-10-11 16:24:45 58,880 -c----w c:\windows\$NtServicePackUninstall$\pnrpnsp.dll
+ 2004-08-04 08:00:00 92,672 -c----w c:\windows\$NtServicePackUninstall$\policman.dll
+ 2004-08-04 08:00:00 105,472 -c----w c:\windows\$NtServicePackUninstall$\polstore.dll
+ 2005-03-22 03:43:15 145,920 -c----w c:\windows\$NtServicePackUninstall$\portcls.sys
+ 2005-03-22 03:43:15 145,920 -c----w c:\windows\$NtServicePackUninstall$\portcls.sys.000
+ 2004-08-04 08:00:00 49,152 -c----w c:\windows\$NtServicePackUninstall$\powercfg.exe
+ 2004-08-04 08:00:00 17,408 -c----w c:\windows\$NtServicePackUninstall$\powrprof.dll
+ 2004-08-04 08:00:00 560,640 -c----w c:\windows\$NtServicePackUninstall$\printui.dll
+ 2004-08-27 21:42:45 35,456 -c----w c:\windows\$NtServicePackUninstall$\processr.sys
+ 2004-08-27 21:42:45 35,456 -c----w c:\windows\$NtServicePackUninstall$\processr.sys.000
+ 2004-08-04 08:00:00 27,648 -c----w c:\windows\$NtServicePackUninstall$\profmap.dll
+ 2004-08-04 08:00:00 109,568 -c----w c:\windows\$NtServicePackUninstall$\progman.exe
+ 2004-08-04 08:00:00 50,176 -c----w c:\windows\$NtServicePackUninstall$\proquota.exe
+ 2004-08-04 08:00:00 237,056 -c----w c:\windows\$NtServicePackUninstall$\provthrd.dll
+ 2004-08-04 08:00:00 9,216 -c----w c:\windows\$NtServicePackUninstall$\proxycfg.exe
+ 2003-11-04 08:00:14 132,608 -c----w c:\windows\$NtServicePackUninstall$\ps5ui.dll
+ 2004-08-04 08:00:00 23,040 -c----w c:\windows\$NtServicePackUninstall$\psapi.dll
+ 2004-08-04 08:00:00 96,768 -c----w c:\windows\$NtServicePackUninstall$\psbase.dll
+ 2004-08-04 08:00:00 69,120 -c----w c:\windows\$NtServicePackUninstall$\psched.sys
+ 2003-11-04 08:00:14 464,384 -c----w c:\windows\$NtServicePackUninstall$\pscript5.dll
+ 2004-08-04 05:56:46 363,520 -c----w c:\windows\$NtServicePackUninstall$\psisdecd.dll
+ 2004-08-04 08:00:00 43,520 -c----w c:\windows\$NtServicePackUninstall$\pstorec.dll
+ 2004-08-04 08:00:00 34,304 -c----w c:\windows\$NtServicePackUninstall$\pstorsvc.dll
+ 2004-08-04 08:00:00 192,512 -c----w c:\windows\$NtServicePackUninstall$\qcap.dll
+ 2004-08-04 08:00:00 279,040 -c----w c:\windows\$NtServicePackUninstall$\qdv.dll
+ 2004-08-04 08:00:00 385,024 -c----w c:\windows\$NtServicePackUninstall$\qdvd.dll
+ 2004-08-04 08:00:00 562,176 -c----w c:\windows\$NtServicePackUninstall$\qedit.dll
+ 2004-08-04 08:00:00 733,696 -c----w c:\windows\$NtServicePackUninstall$\qedwipes.dll
+ 2004-08-04 08:00:00 382,464 -c----w c:\windows\$NtServicePackUninstall$\qmgr.dll
+ 2004-08-04 08:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\qmgrprxy.dll
+ 2004-08-04 08:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\qprocess.exe
+ 2007-10-29 22:43:03 1,287,680 -c----w c:\windows\$NtServicePackUninstall$\quartz.dll
+ 2006-06-22 05:06:30 1,435,648 -c----w c:\windows\$NtServicePackUninstall$\query.dll
+ 2004-08-04 08:00:00 43,520 -c----w c:\windows\$NtServicePackUninstall$\racpldlg.dll
+ 2006-06-26 17:37:10 8,192 -c----w c:\windows\$NtServicePackUninstall$\rasadhlp.dll
+ 2004-08-04 08:00:00 236,544 -c----w c:\windows\$NtServicePackUninstall$\rasapi32.dll
+ 2004-08-04 08:00:00 89,088 -c----w c:\windows\$NtServicePackUninstall$\rasauto.dll
+ 2004-08-04 08:00:00 69,632 -c----w c:\windows\$NtServicePackUninstall$\raschap.dll
+ 2004-08-04 08:00:00 657,920 -c----w c:\windows\$NtServicePackUninstall$\rasdlg.dll
+ 2004-08-04 08:00:00 51,328 -c----w c:\windows\$NtServicePackUninstall$\rasl2tp.sys
+ 2004-08-04 08:00:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\rasman.dll
+ 2006-06-22 10:47:18 181,248 -c----w c:\windows\$NtServicePackUninstall$\rasmans.dll
+ 2004-08-04 08:00:00 56,832 -c----w c:\windows\$NtServicePackUninstall$\rasphone.exe
+ 2004-08-04 08:00:00 206,336 -c----w c:\windows\$NtServicePackUninstall$\rasppp.dll
+ 2004-08-04 08:00:00 41,472 -c----w c:\windows\$NtServicePackUninstall$\raspppoe.sys
+ 2004-08-04 08:00:00 48,384 -c----w c:\windows\$NtServicePackUninstall$\raspptp.sys
+ 2004-08-04 08:00:00 16,896 -c----w c:\windows\$NtServicePackUninstall$\rassapi.dll
+ 2004-08-04 08:00:00 58,880 -c----w c:\windows\$NtServicePackUninstall$\rastapi.dll
+ 2004-08-04 08:00:00 112,128 -c----w c:\windows\$NtServicePackUninstall$\rastls.dll
+ 2004-08-04 08:00:00 102,400 -c----w c:\windows\$NtServicePackUninstall$\rcbdyctl.dll
+ 2004-08-04 08:00:00 35,840 -c----w c:\windows\$NtServicePackUninstall$\rcimlby.exe
+ 2004-08-04 08:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\rcp.exe
+ 2006-05-05 09:47:57 174,592 -c----w c:\windows\$NtServicePackUninstall$\rdbss.sys
+ 2004-08-04 08:00:00 147,968 -c----w c:\windows\$NtServicePackUninstall$\rdchost.dll
+ 2004-08-04 08:00:00 62,464 -c----w c:\windows\$NtServicePackUninstall$\rdpclip.exe
+ 2004-08-04 08:00:00 92,168 -c----w c:\windows\$NtServicePackUninstall$\rdpdd.dll
+ 2004-08-04 01:01:16 196,864 -c----w c:\windows\$NtServicePackUninstall$\rdpdr.sys
+ 2004-08-04 08:00:00 19,968 -c----w c:\windows\$NtServicePackUninstall$\rdpsnd.dll
+ 2005-06-10 04:09:46 139,528 -c----w c:\windows\$NtServicePackUninstall$\rdpwd.sys
+ 2004-08-04 08:00:00 87,176 -c----w c:\windows\$NtServicePackUninstall$\rdpwsx.dll
+ 2004-08-04 08:00:00 13,824 -c----w c:\windows\$NtServicePackUninstall$\rdsaddin.exe
+ 2004-08-04 08:00:00 67,072 -c----w c:\windows\$NtServicePackUninstall$\rdshost.exe
+ 2006-02-28 00:10:19 57,344 -c----w c:\windows\$NtServicePackUninstall$\redbook.sys
+ 2006-02-28 00:10:19 57,344 -c----w c:\windows\$NtServicePackUninstall$\redbook.sys.000
+ 2004-08-04 08:00:00 50,176 -c----w c:\windows\$NtServicePackUninstall$\reg.exe
+ 2004-08-04 08:00:00 49,664 -c----w c:\windows\$NtServicePackUninstall$\regapi.dll
+ 2004-08-04 08:00:00 146,432 -c----w c:\windows\$NtServicePackUninstall$\regedit.exe
+ 2004-08-04 08:00:00 59,904 -c----w c:\windows\$NtServicePackUninstall$\regsvc.dll
+ 2004-08-04 08:00:00 11,776 -c----w c:\windows\$NtServicePackUninstall$\regsvr32.exe
+ 2004-08-04 08:00:00 397,824 -c----w c:\windows\$NtServicePackUninstall$\regwizc.dll
+ 2004-08-04 08:00:00 60,416 -c----w c:\windows\$NtServicePackUninstall$\remotepg.dll
+ 2004-08-04 08:00:00 177,152 -c----w c:\windows\$NtServicePackUninstall$\repdrvfs.dll
+ 2004-08-04 08:00:00 58,880 -c----w c:\windows\$NtServicePackUninstall$\resutils.dll
+ 2004-08-04 08:00:00 13,824 -c----w c:\windows\$NtServicePackUninstall$\rexec.exe
+ 2006-11-13 06:02:58 288,768 -c----w c:\windows\$NtServicePackUninstall$\rhttpaa.dll
+ 2006-11-27 14:54:06 433,152 -c----w c:\windows\$NtServicePackUninstall$\riched20.dll
+ 2006-07-13 08:48:58 202,240 -c----w c:\windows\$NtServicePackUninstall$\rmcast.sys
+ 2004-08-04 08:00:00 30,080 -c----w c:\windows\$NtServicePackUninstall$\rndismp.sys
+ 2007-07-09 13:09:42 584,192 -c----w c:\windows\$NtServicePackUninstall$\rpcrt4.dll
+ 2005-07-26 04:39:49 397,824 -c----w c:\windows\$NtServicePackUninstall$\rpcss.dll
+ 2004-08-04 08:00:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\rrcm.dll
+ 2004-08-04 08:00:00 152,576 -c----w c:\windows\$NtServicePackUninstall$\rsaenh.dll
+ 2004-08-04 08:00:00 14,848 -c----w c:\windows\$NtServicePackUninstall$\rsh.exe
+ 2004-08-04 08:00:00 39,936 -c----w c:\windows\$NtServicePackUninstall$\rshx32.dll
+ 2004-08-04 08:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\rsmps.dll
+ 2004-08-04 08:00:00 107,520 -c----w c:\windows\$NtServicePackUninstall$\rsnotify.exe
+ 2004-08-04 08:00:00 380,416 -c----w c:\windows\$NtServicePackUninstall$\rstrui.exe
+ 2004-08-04 08:00:00 90,112 -c----w c:\windows\$NtServicePackUninstall$\rsvpsp.dll
+ 2004-08-04 08:00:00 77,312 -c----w c:\windows\$NtServicePackUninstall$\rtcshare.exe
+ 2004-08-04 08:00:00 31,744 -c----w c:\windows\$NtServicePackUninstall$\rtipxmib.dll
+ 2004-08-04 08:00:00 44,032 -c----w c:\windows\$NtServicePackUninstall$\rtutils.dll
+ 2004-08-04 08:00:00 33,280 -c----w c:\windows\$NtServicePackUninstall$\rundll32.exe
+ 2004-08-04 08:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\runonce.exe

**Randyvz** · 2009-01-24, 00:00

+ 2004-08-04 08:00:00 43,520 -c----w c:\windows\$NtServicePackUninstall$\safrcdlg.dll
+ 2004-08-04 08:00:00 29,696 -c----w c:\windows\$NtServicePackUninstall$\safrdm.dll
+ 2004-08-04 08:00:00 45,568 -c----w c:\windows\$NtServicePackUninstall$\safrslv.dll
+ 2004-08-04 08:00:00 64,000 -c----w c:\windows\$NtServicePackUninstall$\samlib.dll
+ 2004-08-04 08:00:00 415,744 -c----w c:\windows\$NtServicePackUninstall$\samsrv.dll
+ 2004-08-04 08:00:00 741,376 -c----w c:\windows\$NtServicePackUninstall$\sapi.dll
+ 2004-08-04 08:00:00 13,312 -c----w c:\windows\$NtServicePackUninstall$\savedump.exe
+ 2004-08-04 08:00:00 270,848 -c----w c:\windows\$NtServicePackUninstall$\sbe.dll
+ 2004-08-04 08:00:00 159,232 -c----w c:\windows\$NtServicePackUninstall$\sbeio.dll
+ 2004-08-04 03:59:58 43,136 -c----w c:\windows\$NtServicePackUninstall$\sbp2port.sys
+ 2004-08-04 08:00:00 69,632 -c----w c:\windows\$NtServicePackUninstall$\scarddlg.dll
+ 2004-08-04 08:00:00 95,744 -c----w c:\windows\$NtServicePackUninstall$\scardsvr.exe
+ 2004-08-04 08:00:00 171,008 -c----w c:\windows\$NtServicePackUninstall$\sccsccp.dll
+ 2004-08-04 08:00:00 180,224 -c----w c:\windows\$NtServicePackUninstall$\scecli.dll
+ 2004-08-04 08:00:00 313,856 -c----w c:\windows\$NtServicePackUninstall$\scesrv.dll
+ 2007-04-25 14:21:15 144,896 -c----w c:\windows\$NtServicePackUninstall$\schannel.dll
+ 2004-08-04 08:00:00 190,976 -c----w c:\windows\$NtServicePackUninstall$\schedsvc.dll
+ 2004-08-04 08:00:00 121,856 -c----w c:\windows\$NtServicePackUninstall$\schtasks.exe
+ 2004-08-04 08:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\sclgntfy.dll
+ 2004-08-04 08:00:00 36,864 -c----w c:\windows\$NtServicePackUninstall$\scrcons.exe
+ 2005-04-28 19:16:29 215,552 -c----w c:\windows\$NtServicePackUninstall$\script.dll
+ 2005-04-28 19:16:29 199,680 -c----w c:\windows\$NtServicePackUninstall$\scripta.dll
+ 2004-08-04 08:00:00 9,216 -c----w c:\windows\$NtServicePackUninstall$\scrnsave.scr
+ 2004-08-04 08:00:00 159,744 -c----w c:\windows\$NtServicePackUninstall$\scrobj.dll
+ 2004-08-04 08:00:00 151,552 -c----w c:\windows\$NtServicePackUninstall$\scrrun.dll
+ 2004-08-04 08:00:00 96,256 -c----w c:\windows\$NtServicePackUninstall$\scsiport.sys
+ 2004-08-04 08:00:00 77,312 -c----w c:\windows\$NtServicePackUninstall$\sdbinst.exe
+ 2005-12-21 01:04:58 76,544 -c----w c:\windows\$NtServicePackUninstall$\sdbus.sys
+ 2005-12-21 01:04:58 76,544 -c----w c:\windows\$NtServicePackUninstall$\sdbus.sys.000
+ 2004-08-04 08:00:00 29,184 -c----w c:\windows\$NtServicePackUninstall$\sdhcinst.dll
+ 2004-08-04 08:00:00 18,432 -c----w c:\windows\$NtServicePackUninstall$\secedit.exe
+ 2004-08-04 08:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\seclogon.dll
+ 2004-08-04 08:00:00 55,808 -c----w c:\windows\$NtServicePackUninstall$\secur32.dll
+ 2004-08-04 08:00:00 5,632 -c----w c:\windows\$NtServicePackUninstall$\security.dll
+ 2004-08-04 08:00:00 29,184 -c----w c:\windows\$NtServicePackUninstall$\sendcmsg.dll
+ 2004-08-04 08:00:00 55,296 -c----w c:\windows\$NtServicePackUninstall$\sendmail.dll
+ 2004-08-04 08:00:00 38,912 -c----w c:\windows\$NtServicePackUninstall$\sens.dll
+ 2004-08-04 08:00:00 6,656 -c----w c:\windows\$NtServicePackUninstall$\sensapi.dll
+ 2004-08-04 08:00:00 15,488 -c----w c:\windows\$NtServicePackUninstall$\serenum.sys
+ 2004-08-04 08:00:00 64,896 -c----w c:\windows\$NtServicePackUninstall$\serial.sys
+ 2004-08-04 08:00:00 56,320 -c----w c:\windows\$NtServicePackUninstall$\servdeps.dll
+ 2004-08-04 08:00:00 108,032 -c----w c:\windows\$NtServicePackUninstall$\services.exe
+ 2004-08-04 08:00:00 140,800 -c----w c:\windows\$NtServicePackUninstall$\sessmgr.exe
+ 2004-08-04 08:00:00 31,232 -c----w c:\windows\$NtServicePackUninstall$\sethc.exe
+ 2004-08-04 08:00:00 23,040 -c----w c:\windows\$NtServicePackUninstall$\setup.exe
+ 2004-08-04 08:00:00 73,216 -c----w c:\windows\$NtServicePackUninstall$\setup50.exe
+ 2004-08-04 08:00:00 983,552 -c----w c:\windows\$NtServicePackUninstall$\setupapi.dll
+ 2004-08-04 08:00:00 101,376 -c----w c:\windows\$NtServicePackUninstall$\setupqry.dll
+ 2004-08-04 08:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\sfc.dll
+ 2004-08-04 08:00:00 140,288 -c----w c:\windows\$NtServicePackUninstall$\sfc_os.dll
+ 2004-08-04 08:00:00 1,580,544 -c----w c:\windows\$NtServicePackUninstall$\sfcfiles.dll
+ 2005-12-21 01:11:11 11,136 -c----w c:\windows\$NtServicePackUninstall$\sffdisk.sys
+ 2005-12-21 01:11:11 11,136 -c----w c:\windows\$NtServicePackUninstall$\sffdisk.sys.000
+ 2005-12-21 01:11:11 9,984 -c----w c:\windows\$NtServicePackUninstall$\sffp_mmc.sys
+ 2005-12-21 01:11:11 10,368 -c----w c:\windows\$NtServicePackUninstall$\sffp_sd.sys
+ 2005-12-21 01:11:11 10,368 -c----w c:\windows\$NtServicePackUninstall$\sffp_sd.sys.000
+ 2004-08-04 08:00:00 11,392 -c----w c:\windows\$NtServicePackUninstall$\sfloppy.sys
+ 2004-08-04 08:00:00 549,376 -c----w c:\windows\$NtServicePackUninstall$\shdoclc.dll
+ 2007-06-15 08:12:30 1,498,112 -c----w c:\windows\$NtServicePackUninstall$\shdocvw.dll
+ 2007-10-26 03:34:01 8,460,288 -c----w c:\windows\$NtServicePackUninstall$\shell32.dll
+ 2004-08-04 08:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\shfolder.dll
+ 2004-08-04 08:00:00 68,096 -c----w c:\windows\$NtServicePackUninstall$\shgina.dll
+ 2004-08-04 08:00:00 65,536 -c----w c:\windows\$NtServicePackUninstall$\shimeng.dll
+ 2004-08-04 08:00:00 438,272 -c----w c:\windows\$NtServicePackUninstall$\shimgvw.dll
+ 2007-06-15 08:12:30 474,112 -c----w c:\windows\$NtServicePackUninstall$\shlwapi.dll
+ 2004-08-04 08:00:00 151,552 -c----w c:\windows\$NtServicePackUninstall$\shmedia.dll
+ 2004-08-04 08:00:00 42,496 -c----w c:\windows\$NtServicePackUninstall$\shmgrate.exe
+ 2004-08-04 08:00:00 77,824 -c----w c:\windows\$NtServicePackUninstall$\shrpubw.exe
+ 2004-08-04 08:00:00 27,648 -c----w c:\windows\$NtServicePackUninstall$\shscrap.dll
+ 2006-12-19 21:52:18 134,656 -c----w c:\windows\$NtServicePackUninstall$\shsvcs.dll
+ 2004-08-04 08:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\shutdown.exe
+ 2004-08-04 08:00:00 13,312 -c----w c:\windows\$NtServicePackUninstall$\sigtab.dll
+ 2004-08-04 08:00:00 70,144 -c----w c:\windows\$NtServicePackUninstall$\sigverif.exe
+ 2004-08-04 08:00:00 26,112 -c----w c:\windows\$NtServicePackUninstall$\skeys.exe
+ 2004-08-04 08:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\slayerxp.dll
+ 2004-08-04 08:00:00 98,304 -c----w c:\windows\$NtServicePackUninstall$\slbiop.dll
+ 2004-08-04 04:10:18 11,136 -c----w c:\windows\$NtServicePackUninstall$\slip.sys
+ 2004-08-04 08:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\smbinst.exe
+ 2004-08-04 08:00:00 363,008 -c----w c:\windows\$NtServicePackUninstall$\smlogcfg.dll
+ 2004-08-04 08:00:00 89,600 -c----w c:\windows\$NtServicePackUninstall$\smlogsvc.exe
+ 2004-08-04 08:00:00 50,688 -c----w c:\windows\$NtServicePackUninstall$\smss.exe
+ 2004-08-04 08:00:00 131,584 -c----w c:\windows\$NtServicePackUninstall$\sndrec32.exe
+ 2004-08-04 08:00:00 34,816 -c----w c:\windows\$NtServicePackUninstall$\sniffpol.dll
+ 2004-08-04 08:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\snmpapi.dll
+ 2004-08-04 08:00:00 182,272 -c----w c:\windows\$NtServicePackUninstall$\snmpsnap.dll
+ 2004-08-04 08:00:00 130,048 -c----w c:\windows\$NtServicePackUninstall$\softkbd.dll
+ 2004-08-04 08:00:00 25,472 -c----w c:\windows\$NtServicePackUninstall$\sonydcam.sys
+ 2004-08-04 08:00:00 23,552 -c----w c:\windows\$NtServicePackUninstall$\sort.exe
+ 2004-08-04 08:00:00 62,976 -c----w c:\windows\$NtServicePackUninstall$\spgrmr.dll
+ 2004-08-04 08:00:00 538,624 -c----w c:\windows\$NtServicePackUninstall$\spider.exe
+ 2004-08-04 08:00:00 12,800 -c----w c:\windows\$NtServicePackUninstall$\spiisupd.exe
+ 2006-06-14 08:47:46 6,400 -c----w c:\windows\$NtServicePackUninstall$\splitter.sys
+ 2006-06-14 08:47:46 6,400 -c----w c:\windows\$NtServicePackUninstall$\splitter.sys.000
+ 2004-08-04 08:00:00 11,776 -c----w c:\windows\$NtServicePackUninstall$\spnpinst.exe
+ 2004-08-04 08:00:00 74,752 -c----w c:\windows\$NtServicePackUninstall$\spoolss.dll
+ 2005-06-10 23:53:32 57,856 -c----w c:\windows\$NtServicePackUninstall$\spoolsv.exe
+ 2004-08-04 08:00:00 250,880 -c----w c:\windows\$NtServicePackUninstall$\sptip.dll
+ 2008-04-14 10:42:08 438,272 -c----w c:\windows\$NtServicePackUninstall$\spuninst\spcompat.dll
+ 2007-08-11 01:46:18 231,288 -c----w c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe
+ 2007-08-11 01:46:28 382,840 -c----w c:\windows\$NtServicePackUninstall$\spuninst\updspapi.dll
+ 2004-08-04 08:00:00 151,552 -c----w c:\windows\$NtServicePackUninstall$\sqldb20.dll
+ 2004-08-04 08:00:00 528,384 -c----w c:\windows\$NtServicePackUninstall$\sqloledb.dll
+ 2004-08-04 08:00:00 462,848 -c----w c:\windows\$NtServicePackUninstall$\sqlqp20.dll
+ 2004-08-04 08:00:00 110,592 -c----w c:\windows\$NtServicePackUninstall$\sqlse20.dll
+ 2004-08-04 08:00:00 442,368 -c----w c:\windows\$NtServicePackUninstall$\sqlsrv32.dll
+ 2004-08-04 08:00:00 180,800 -c----w c:\windows\$NtServicePackUninstall$\sqlunirl.dll
+ 2004-08-04 08:00:00 217,088 -c----w c:\windows\$NtServicePackUninstall$\sqlxmlx.dll
+ 2004-08-04 08:00:00 73,472 -c----w c:\windows\$NtServicePackUninstall$\sr.sys
+ 2004-08-04 08:00:00 58,434 -c----w c:\windows\$NtServicePackUninstall$\srchctls.dll
+ 2004-08-04 08:00:00 725,566 -c----w c:\windows\$NtServicePackUninstall$\srchui.dll
+ 2004-08-04 08:00:00 67,584 -c----w c:\windows\$NtServicePackUninstall$\srclient.dll
+ 2004-11-17 23:25:04 239,104 -c----w c:\windows\$NtServicePackUninstall$\srrstr.dll
+ 2004-11-17 23:25:04 171,008 -c----w c:\windows\$NtServicePackUninstall$\srsvc.dll
+ 2006-08-14 10:34:41 332,928 -c----w c:\windows\$NtServicePackUninstall$\srv.sys
+ 2004-12-07 19:32:34 96,768 -c----w c:\windows\$NtServicePackUninstall$\srvsvc.dll
+ 2004-08-04 08:00:00 704,512 -c----w c:\windows\$NtServicePackUninstall$\ss3dfo.scr
+ 2004-08-04 08:00:00 19,968 -c----w c:\windows\$NtServicePackUninstall$\ssbezier.scr
+ 2004-08-04 08:00:00 34,816 -c----w c:\windows\$NtServicePackUninstall$\ssdpapi.dll
+ 2004-08-04 08:00:00 71,680 -c----w c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
+ 2004-08-04 08:00:00 393,216 -c----w c:\windows\$NtServicePackUninstall$\ssflwbox.scr
+ 2004-08-04 08:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\ssmarque.scr
+ 2004-08-04 08:00:00 47,104 -c----w c:\windows\$NtServicePackUninstall$\ssmypics.scr
+ 2004-08-04 08:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\ssmyst.scr
+ 2004-08-04 08:00:00 610,304 -c----w c:\windows\$NtServicePackUninstall$\sspipes.scr
+ 2004-08-04 08:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\ssstars.scr
+ 2004-08-04 08:00:00 679,936 -c----w c:\windows\$NtServicePackUninstall$\sstext3d.scr
+ 2004-08-04 08:00:00 33,280 -c----w c:\windows\$NtServicePackUninstall$\sstub.dll
+ 2004-08-04 08:00:00 54,272 -c----w c:\windows\$NtServicePackUninstall$\stclient.dll
+ 2004-08-04 08:00:00 86,528 -c----w c:\windows\$NtServicePackUninstall$\stdprov.dll
+ 2004-08-04 08:00:00 67,584 -c----w c:\windows\$NtServicePackUninstall$\sti.dll
+ 2004-08-04 08:00:00 136,704 -c----w c:\windows\$NtServicePackUninstall$\sti_ci.dll
+ 2004-08-04 08:00:00 14,848 -c----w c:\windows\$NtServicePackUninstall$\stimon.exe
+ 2004-08-04 08:00:00 121,856 -c----w c:\windows\$NtServicePackUninstall$\stobject.dll
+ 2004-08-03 19:56:46 74,752 -c----w c:\windows\$NtServicePackUninstall$\storprop.dll
+ 2004-08-04 05:08:04 48,640 -c----w c:\windows\$NtServicePackUninstall$\stream.sys
+ 2004-08-04 04:10:14 15,360 -c----w c:\windows\$NtServicePackUninstall$\streamip.sys
+ 2006-08-21 14:52:08 246,814 -c----w c:\windows\$NtServicePackUninstall$\strmdll.dll
+ 2004-08-04 08:00:00 75,776 -c----w c:\windows\$NtServicePackUninstall$\strmfilt.dll
+ 2004-08-04 08:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\svchost.exe
+ 2004-08-04 08:00:00 4,352 -c----w c:\windows\$NtServicePackUninstall$\swenum.sys
+ 2001-08-17 21:00:52 54,272 -c----w c:\windows\$NtServicePackUninstall$\swmidi.sys
+ 2006-10-19 13:56:32 713,216 -c----w c:\windows\$NtServicePackUninstall$\sxs.dll
+ 2004-08-04 08:00:00 57,856 -c----w c:\windows\$NtServicePackUninstall$\synceng.dll
+ 2004-08-04 08:00:00 191,488 -c----w c:\windows\$NtServicePackUninstall$\syncui.dll
+ 2004-08-04 06:15:56 60,800 -c----w c:\windows\$NtServicePackUninstall$\sysaudio.sys
+ 2005-04-28 19:16:29 193,024 -c----w c:\windows\$NtServicePackUninstall$\sysmod.dll
+ 2005-04-28 19:16:29 173,568 -c----w c:\windows\$NtServicePackUninstall$\sysmoda.dll
+ 2004-08-04 08:00:00 105,984 -c----w c:\windows\$NtServicePackUninstall$\sysocmgr.exe
+ 2004-08-04 08:00:00 984,576 -c----w c:\windows\$NtServicePackUninstall$\syssetup.dll
+ 2004-08-04 08:00:00 68,096 -c----w c:\windows\$NtServicePackUninstall$\systeminfo.exe
+ 2005-10-17 21:14:46 118,272 -c----w c:\windows\$NtServicePackUninstall$\t2embed.dll
+ 2004-08-04 08:00:00 33,792 -c----w c:\windows\$NtServicePackUninstall$\tabletoc.dll
+ 2004-08-04 08:00:00 14,976 -c----w c:\windows\$NtServicePackUninstall$\tape.sys
+ 2004-08-04 08:00:00 858,624 -c----w c:\windows\$NtServicePackUninstall$\tapi3.dll
+ 2004-08-04 08:00:00 181,760 -c----w c:\windows\$NtServicePackUninstall$\tapi32.dll
+ 2005-07-08 16:27:56 249,344 -c----w c:\windows\$NtServicePackUninstall$\tapisrv.dll
+ 2004-08-04 08:00:00 72,192 -c----w c:\windows\$NtServicePackUninstall$\taskkill.exe
+ 2004-08-04 08:00:00 72,192 -c----w c:\windows\$NtServicePackUninstall$\tasklist.exe
+ 2004-08-04 08:00:00 135,680 -c----w c:\windows\$NtServicePackUninstall$\taskmgr.exe
+ 2007-10-30 17:20:55 360,064 -c----w c:\windows\$NtServicePackUninstall$\tcpip.sys
+ 2006-08-16 09:37:30 225,664 -c----w c:\windows\$NtServicePackUninstall$\tcpip6.sys
+ 2004-08-04 08:00:00 14,848 -c----w c:\windows\$NtServicePackUninstall$\tcpmib.dll
+ 2004-08-04 08:00:00 45,568 -c----w c:\windows\$NtServicePackUninstall$\tcpmon.dll
+ 2004-08-04 08:00:00 45,568 -c----w c:\windows\$NtServicePackUninstall$\tcpmonui.dll
+ 2004-08-04 08:00:00 18,560 -c----w c:\windows\$NtServicePackUninstall$\tdi.sys
+ 2004-08-04 08:00:00 12,040 -c----w c:\windows\$NtServicePackUninstall$\tdpipe.sys
+ 2004-08-04 08:00:00 21,896 -c----w c:\windows\$NtServicePackUninstall$\tdtcp.sys
+ 2005-05-10 23:45:48 75,776 -c----w c:\windows\$NtServicePackUninstall$\telnet.exe
+ 2004-08-04 03:01:08 40,840 -c----w c:\windows\$NtServicePackUninstall$\termdd.sys
+ 2004-08-04 08:00:00 358,400 -c----w c:\windows\$NtServicePackUninstall$\termmgr.dll
+ 2004-08-04 08:00:00 295,424 -c----w c:\windows\$NtServicePackUninstall$\termsrv.dll
+ 2005-11-23 05:39:29 385,536 -c----w c:\windows\$NtServicePackUninstall$\themeui.dll
+ 2004-08-04 08:00:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\tlntadmn.exe
+ 2004-08-04 08:00:00 78,336 -c----w c:\windows\$NtServicePackUninstall$\tlntsess.exe
+ 2004-08-04 08:00:00 73,216 -c----w c:\windows\$NtServicePackUninstall$\tlntsvr.exe
+ 2004-08-04 08:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\tlntsvrp.dll
+ 2004-08-04 08:00:00 347,136 -c----w c:\windows\$NtServicePackUninstall$\tourstart.exe
+ 2004-08-04 08:00:00 259,584 -c----w c:\windows\$NtServicePackUninstall$\tracerpt.exe
+ 2004-08-04 08:00:00 12,288 -c----w c:\windows\$NtServicePackUninstall$\tracert.exe
+ 2004-08-04 08:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\tree.com
+ 2004-08-04 08:00:00 153,088 -c----w c:\windows\$NtServicePackUninstall$\triedit.dll
+ 2004-08-04 08:00:00 90,624 -c----w c:\windows\$NtServicePackUninstall$\trkwks.dll
+ 2004-08-04 08:00:00 93,696 -c----w c:\windows\$NtServicePackUninstall$\tscfgwmi.dll
+ 2006-11-07 08:06:47 16,832 -c----w c:\windows\$NtServicePackUninstall$\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 -c----w c:\windows\$NtServicePackUninstall$\tscuinst.vbs
+ 2004-08-04 08:00:00 12,168 -c----w c:\windows\$NtServicePackUninstall$\tsddd.dll
+ 2006-11-13 06:02:58 36,352 -c----w c:\windows\$NtServicePackUninstall$\tsgqec.dll
+ 2004-08-04 08:00:00 279,040 -c----w c:\windows\$NtServicePackUninstall$\tshoot.dll
+ 2004-08-04 08:00:00 121,856 -c----w c:\windows\$NtServicePackUninstall$\tsoc.dll
+ 2004-08-04 08:00:00 12,416 -c----w c:\windows\$NtServicePackUninstall$\tunmp.sys
+ 2004-08-04 08:00:00 50,688 -c----w c:\windows\$NtServicePackUninstall$\twain_32.dll
+ 2004-08-04 08:00:00 44,032 -c----w c:\windows\$NtServicePackUninstall$\twext.dll
+ 2005-07-26 04:39:49 101,376 -c----w c:\windows\$NtServicePackUninstall$\txflog.dll
+ 2007-11-13 11:31:11 60,416 -c----w c:\windows\$NtServicePackUninstall$\tzchange.exe
+ 2004-08-04 08:00:00 66,176 -c----w c:\windows\$NtServicePackUninstall$\udfs.sys
+ 2004-08-04 08:00:00 25,600 -c----w c:\windows\$NtServicePackUninstall$\udhisapi.dll
+ 2004-08-04 08:00:00 275,456 -c----w c:\windows\$NtServicePackUninstall$\ulib.dll
+ 2006-10-04 13:33:38 35,840 -c----w c:\windows\$NtServicePackUninstall$\umandlg.dll
+ 2005-08-23 03:35:42 123,392 -c----w c:\windows\$NtServicePackUninstall$\umpnpmgr.dll
+ 2007-03-23 02:24:06 376,832 -c----w c:\windows\$NtServicePackUninstall$\unidrv.dll
+ 2007-03-23 03:03:54 749,568 -c----w c:\windows\$NtServicePackUninstall$\unidrvui.dll
+ 2004-08-04 08:00:00 74,240 -c----w c:\windows\$NtServicePackUninstall$\unimdmat.dll
+ 2004-08-04 08:00:00 13,824 -c----w c:\windows\$NtServicePackUninstall$\uniplat.dll
+ 2004-08-04 08:00:00 316,416 -c----w c:\windows\$NtServicePackUninstall$\untfs.dll
+ 2007-04-23 10:32:54 364,160 -c----w c:\windows\$NtServicePackUninstall$\update.sys
+ 2004-08-04 08:00:00 150,528 -c----w c:\windows\$NtServicePackUninstall$\uploadm.exe
+ 2004-08-04 08:00:00 132,608 -c----w c:\windows\$NtServicePackUninstall$\upnp.dll
+ 2004-08-04 08:00:00 16,896 -c----w c:\windows\$NtServicePackUninstall$\upnpcont.exe
+ 2007-02-05 20:17:02 185,344 -c----w c:\windows\$NtServicePackUninstall$\upnphost.dll
+ 2004-08-04 08:00:00 239,616 -c----w c:\windows\$NtServicePackUninstall$\upnpui.dll
+ 2004-08-04 08:00:00 18,432 -c----w c:\windows\$NtServicePackUninstall$\ups.exe
+ 2004-08-04 08:00:00 12,672 -c----w c:\windows\$NtServicePackUninstall$\usb8023.sys
+ 2004-08-04 08:00:00 23,808 -c----w c:\windows\$NtServicePackUninstall$\usbcamd.sys
+ 2004-08-04 08:00:00 23,936 -c----w c:\windows\$NtServicePackUninstall$\usbcamd2.sys
+ 2004-08-04 04:08:48 31,616 -c----w c:\windows\$NtServicePackUninstall$\usbccgp.sys
+ 2006-04-19 11:50:49 30,080 -c----w c:\windows\$NtServicePackUninstall$\usbehci.sys
+ 2006-04-19 11:50:49 30,080 -c----w c:\windows\$NtServicePackUninstall$\usbehci.sys.000
+ 2004-08-04 08:00:00 57,600 -c----w c:\windows\$NtServicePackUninstall$\usbhub.sys
+ 2004-08-04 08:00:00 16,000 -c----w c:\windows\$NtServicePackUninstall$\usbintel.sys
+ 2004-08-04 08:00:00 16,896 -c----w c:\windows\$NtServicePackUninstall$\usbmon.dll
+ 2006-04-19 11:50:50 17,152 -c----w c:\windows\$NtServicePackUninstall$\usbohci.sys
+ 2006-04-19 11:50:50 17,152 -c----w c:\windows\$NtServicePackUninstall$\usbohci.sys.000
+ 2006-04-19 11:50:49 143,360 -c----w c:\windows\$NtServicePackUninstall$\usbport.sys
+ 2006-04-19 11:50:49 143,360 -c----w c:\windows\$NtServicePackUninstall$\usbport.sys.000
+ 2004-08-04 04:01:26 25,856 -c----w c:\windows\$NtServicePackUninstall$\usbprint.sys
+ 2004-08-04 03:58:46 15,104 -c----w c:\windows\$NtServicePackUninstall$\usbscan.sys
+ 2004-08-04 06:08:48 26,496 -c----w c:\windows\$NtServicePackUninstall$\usbstor.sys
+ 2006-04-19 11:50:50 20,608 -c----w c:\windows\$NtServicePackUninstall$\usbuhci.sys
+ 2006-04-19 11:50:50 20,608 -c----w c:\windows\$NtServicePackUninstall$\usbuhci.sys.000
+ 2004-08-03 19:56:48 74,240 -c----w c:\windows\$NtServicePackUninstall$\usbui.dll
+ 2007-03-08 15:36:28 577,536 -c----w c:\windows\$NtServicePackUninstall$\user32.dll
+ 2004-08-04 08:00:00 723,456 -c----w c:\windows\$NtServicePackUninstall$\userenv.dll
+ 2004-08-04 08:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\userinit.exe
+ 2004-08-04 08:00:00 406,528 -c----w c:\windows\$NtServicePackUninstall$\usp10.dll
+ 2006-10-04 08:48:37 50,176 -c----w c:\windows\$NtServicePackUninstall$\utilman.exe
+ 2004-08-04 08:00:00 218,624 -c----w c:\windows\$NtServicePackUninstall$\uxtheme.dll
+ 2004-08-04 08:00:00 30,749 -c----w c:\windows\$NtServicePackUninstall$\vbajet32.dll
+ 2006-11-08 02:03:36 413,696 -c----w c:\windows\$NtServicePackUninstall$\vbscript.dll
+ 2004-08-04 08:00:00 26,112 -c----w c:\windows\$NtServicePackUninstall$\vdmdbg.dll
+ 2004-08-04 08:00:00 51,712 -c----w c:\windows\$NtServicePackUninstall$\vdmredir.dll
+ 2006-03-17 00:38:01 28,672 -c----w c:\windows\$NtServicePackUninstall$\verclsid.exe
+ 2004-08-04 08:00:00 13,312 -c----w c:\windows\$NtServicePackUninstall$\verifier.dll
+ 2004-08-04 08:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\version.dll
+ 2004-08-04 05:56:48 53,760 -c----w c:\windows\$NtServicePackUninstall$\vfwwdm32.dll
+ 2004-08-04 08:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\vga.sys
+ 2004-08-04 00:59:44 5,376 -c----w c:\windows\$NtServicePackUninstall$\viaide.sys
+ 2004-08-04 08:00:00 79,744 -c----w c:\windows\$NtServicePackUninstall$\videoprt.sys
+ 2004-08-04 08:00:00 131,584 -c----w c:\windows\$NtServicePackUninstall$\viewprov.dll
+ 2004-08-04 08:00:00 52,352 -c----w c:\windows\$NtServicePackUninstall$\volsnap.sys
+ 2004-08-04 08:00:00 430,592 -c----w c:\windows\$NtServicePackUninstall$\vssapi.dll
+ 2004-08-04 08:00:00 289,792 -c----w c:\windows\$NtServicePackUninstall$\vssvc.exe
+ 2004-08-04 08:00:00 174,592 -c----w c:\windows\$NtServicePackUninstall$\w32time.dll
+ 2004-08-04 08:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\w3ssl.dll
+ 2004-08-04 08:00:00 46,080 -c----w c:\windows\$NtServicePackUninstall$\wab.exe
+ 2007-05-16 15:12:12 510,976 -c----w c:\windows\$NtServicePackUninstall$\wab32.dll
+ 2004-08-04 08:00:00 249,856 -c----w c:\windows\$NtServicePackUninstall$\wab32res.dll
+ 2004-08-04 08:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\wabfind.dll
+ 2007-05-16 15:12:15 85,504 -c----w c:\windows\$NtServicePackUninstall$\wabimp.dll
+ 2004-08-04 08:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\wabmig.exe
+ 2004-08-04 08:00:00 34,560 -c----w c:\windows\$NtServicePackUninstall$\wanarp.sys
+ 2004-08-04 08:00:00 17,664 -c----w c:\windows\$NtServicePackUninstall$\watchdog.sys
+ 2004-08-04 08:00:00 208,896 -c----w c:\windows\$NtServicePackUninstall$\wavemsp.dll
+ 2004-08-04 08:00:00 196,608 -c----w c:\windows\$NtServicePackUninstall$\wbemcntl.dll
+ 2004-08-04 08:00:00 214,528 -c----w c:\windows\$NtServicePackUninstall$\wbemcomn.dll
+ 2004-08-04 08:00:00 71,680 -c----w c:\windows\$NtServicePackUninstall$\wbemcons.dll
+ 2004-08-04 08:00:00 530,944 -c----w c:\windows\$NtServicePackUninstall$\wbemcore.dll
+ 2004-08-04 08:00:00 178,176 -c----w c:\windows\$NtServicePackUninstall$\wbemdisp.dll
+ 2004-08-04 08:00:00 273,920 -c----w c:\windows\$NtServicePackUninstall$\wbemess.dll
+ 2004-08-04 08:00:00 43,008 -c----w c:\windows\$NtServicePackUninstall$\wbemperf.dll
+ 2004-08-04 08:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\wbemprox.dll
+ 2004-08-04 08:00:00 43,520 -c----w c:\windows\$NtServicePackUninstall$\wbemsvc.dll
+ 2004-08-04 08:00:00 116,224 -c----w c:\windows\$NtServicePackUninstall$\wbemtest.exe
+ 2004-08-04 08:00:00 197,120 -c----w c:\windows\$NtServicePackUninstall$\wbemupgd.dll
+ 2006-03-24 04:37:50 49,152 -c----w c:\windows\$NtServicePackUninstall$\wdigest.dll
+ 2004-08-04 08:00:00 23,552 -c----w c:\windows\$NtServicePackUninstall$\wdmaud.drv
+ 2006-06-14 09:00:45 82,944 -c----w c:\windows\$NtServicePackUninstall$\wdmaud.sys
+ 2006-06-14 09:00:45 82,944 -c----w c:\windows\$NtServicePackUninstall$\wdmaud.sys.000
+ 2006-01-04 03:35:05 68,096 -c----w c:\windows\$NtServicePackUninstall$\webclnt.dll
+ 2004-08-04 08:00:00 135,680 -c----w c:\windows\$NtServicePackUninstall$\webvw.dll
+ 2004-08-04 08:00:00 65,536 -c----w c:\windows\$NtServicePackUninstall$\wextract.exe
+ 2004-08-04 08:00:00 433,664 -c----w c:\windows\$NtServicePackUninstall$\wiaacmgr.exe
+ 2004-08-04 08:00:00 463,360 -c----w c:\windows\$NtServicePackUninstall$\wiadefui.dll
+ 2004-08-04 08:00:00 124,416 -c----w c:\windows\$NtServicePackUninstall$\wiadss.dll
+ 2004-08-04 08:00:00 75,776 -c----w c:\windows\$NtServicePackUninstall$\wiascr.dll
+ 2006-12-19 18:16:47 333,824 -c----w c:\windows\$NtServicePackUninstall$\wiaservc.dll
+ 2004-08-04 08:00:00 589,312 -c----w c:\windows\$NtServicePackUninstall$\wiashext.dll
+ 2004-08-04 08:00:00 111,104 -c----w c:\windows\$NtServicePackUninstall$\wiavideo.dll
+ 2008-03-19 09:47:00 1,845,248 -c----w c:\windows\$NtServicePackUninstall$\win32k.sys
+ 2004-08-04 08:00:00 101,888 -c----w c:\windows\$NtServicePackUninstall$\win32spl.dll
+ 2004-08-04 08:00:00 937,984 -c----w c:\windows\$NtServicePackUninstall$\winbrand.dll
+ 2006-10-24 18:30:06 716,288 -c----w c:\windows\$NtServicePackUninstall$\windowscodecs.dll
+ 2006-10-24 18:29:50 352,256 -c----w c:\windows\$NtServicePackUninstall$\windowscodecsext.dll
+ 2004-08-04 08:00:00 283,648 -c----w c:\windows\$NtServicePackUninstall$\winhlp32.exe
+ 2004-08-04 08:00:00 351,232 -c----w c:\windows\$NtServicePackUninstall$\winhttp.dll
+ 2004-08-04 08:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\winipsec.dll
+ 2004-08-04 08:00:00 502,272 -c----w c:\windows\$NtServicePackUninstall$\winlogon.exe
+ 2004-08-04 08:00:00 176,128 -c----w c:\windows\$NtServicePackUninstall$\winmm.dll
+ 2004-08-04 08:00:00 764,928 -c----w c:\windows\$NtServicePackUninstall$\winntbbu.dll
+ 2004-08-04 08:00:00 16,896 -c----w c:\windows\$NtServicePackUninstall$\winrnr.dll
+ 2004-08-04 08:00:00 99,328 -c----w c:\windows\$NtServicePackUninstall$\winscard.dll
+ 2004-08-04 08:00:00 17,408 -c----w c:\windows\$NtServicePackUninstall$\winshfhc.dll
+ 2004-08-04 08:00:00 146,432 -c----w c:\windows\$NtServicePackUninstall$\winspool.drv
+ 2007-03-17 13:43:01 292,864 -c----w c:\windows\$NtServicePackUninstall$\winsrv.dll
+ 2004-08-04 08:00:00 53,760 -c----w c:\windows\$NtServicePackUninstall$\winsta.dll
+ 2004-08-04 08:00:00 176,640 -c----w c:\windows\$NtServicePackUninstall$\wintrust.dll
+ 2004-08-04 08:00:00 5,632 -c----w c:\windows\$NtServicePackUninstall$\winver.exe
+ 2006-08-17 12:28:27 132,096 -c----w c:\windows\$NtServicePackUninstall$\wkssvc.dll
+ 2004-08-04 08:00:00 172,032 -c----w c:\windows\$NtServicePackUninstall$\wldap32.dll
+ 2004-08-04 08:00:00 92,672 -c----w c:\windows\$NtServicePackUninstall$\wlnotify.dll
+ 2004-08-04 08:00:00 5,632 -c----w c:\windows\$NtServicePackUninstall$\wmi.dll
+ 2004-08-03 18:07:42 8,832 -c----w c:\windows\$NtServicePackUninstall$\wmiacpi.sys
+ 2004-08-04 08:00:00 196,608 -c----w c:\windows\$NtServicePackUninstall$\wmiadap.exe
+ 2004-08-04 08:00:00 6,656 -c----w c:\windows\$NtServicePackUninstall$\wmiapres.dll
+ 2004-08-04 08:00:00 89,088 -c----w c:\windows\$NtServicePackUninstall$\wmiaprpl.dll
+ 2004-08-04 08:00:00 126,464 -c----w c:\windows\$NtServicePackUninstall$\wmiapsrv.exe
+ 2004-08-04 08:00:00 358,912 -c----w c:\windows\$NtServicePackUninstall$\wmic.exe
+ 2004-08-04 08:00:00 60,928 -c----w c:\windows\$NtServicePackUninstall$\wmicookr.dll
+ 2004-08-04 08:00:00 140,800 -c----w c:\windows\$NtServicePackUninstall$\wmidcprv.dll
+ 2004-08-04 08:00:00 156,672 -c----w c:\windows\$NtServicePackUninstall$\wmipcima.dll
+ 2004-08-04 08:00:00 132,096 -c----w c:\windows\$NtServicePackUninstall$\wmipdskq.dll
+ 2004-08-04 08:00:00 62,464 -c----w c:\windows\$NtServicePackUninstall$\wmipiprt.dll
+ 2004-08-04 08:00:00 62,976 -c----w c:\windows\$NtServicePackUninstall$\wmipjobj.dll
+ 2004-08-04 08:00:00 144,896 -c----w c:\windows\$NtServicePackUninstall$\wmiprov.dll
+ 2004-08-04 08:00:00 437,248 -c----w c:\windows\$NtServicePackUninstall$\wmiprvsd.dll
+ 2004-08-04 08:00:00 218,112 -c----w c:\windows\$NtServicePackUninstall$\wmiprvse.exe
+ 2004-08-04 08:00:00 41,472 -c----w c:\windows\$NtServicePackUninstall$\wmipsess.dll
+ 2004-08-04 08:00:00 144,896 -c----w c:\windows\$NtServicePackUninstall$\wmisvc.dll
+ 2004-08-04 08:00:00 95,232 -c----w c:\windows\$NtServicePackUninstall$\wmiutils.dll
+ 2004-08-04 08:00:00 167,936 -c----w c:\windows\$NtServicePackUninstall$\wmm2ae.dll
+ 2004-08-04 08:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\wmm2eres.dll
+ 2004-08-04 08:00:00 7,680 -c----w c:\windows\$NtServicePackUninstall$\wmm2ext.dll
+ 2004-08-04 08:00:00 402,432 -c----w c:\windows\$NtServicePackUninstall$\wmm2filt.dll
+ 2004-08-04 08:00:00 502,272 -c----w c:\windows\$NtServicePackUninstall$\wmm2fxa.dll
+ 2004-08-04 08:00:00 325,632 -c----w c:\windows\$NtServicePackUninstall$\wmm2fxb.dll
+ 2004-08-04 08:00:00 4,256,768 -c----w c:\windows\$NtServicePackUninstall$\wmm2res.dll
+ 2004-08-04 08:00:00 5,632 -c----w c:\windows\$NtServicePackUninstall$\wmm2res2.dll
+ 2006-10-24 18:30:00 276,992 -c----w c:\windows\$NtServicePackUninstall$\wmphoto.dll
+ 2004-08-04 08:00:00 115,200 -c----w c:\windows\$NtServicePackUninstall$\wmsdmoe.dll
+ 2004-08-04 08:00:00 303,616 -c----w c:\windows\$NtServicePackUninstall$\wmstream.dll
+ 2004-08-04 08:00:00 214,528 -c----w c:\windows\$NtServicePackUninstall$\wordpad.exe
+ 2004-08-04 08:00:00 264,192 -c----w c:\windows\$NtServicePackUninstall$\wow32.dll
+ 2004-08-04 08:00:00 32,256 -c----w c:\windows\$NtServicePackUninstall$\wpabaln.exe
+ 2004-08-04 08:00:00 32,256 -c----w c:\windows\$NtServicePackUninstall$\wpnpinst.exe
+ 2004-08-04 08:00:00 82,944 -c----w c:\windows\$NtServicePackUninstall$\ws2_32.dll
+ 2004-08-04 08:00:00 19,968 -c----w c:\windows\$NtServicePackUninstall$\ws2help.dll
+ 2004-08-04 08:00:00 13,824 -c----w c:\windows\$NtServicePackUninstall$\wscntfy.exe
+ 2004-08-04 08:00:00 114,688 -c----w c:\windows\$NtServicePackUninstall$\wscript.exe
+ 2004-08-04 08:00:00 81,408 -c----w c:\windows\$NtServicePackUninstall$\wscsvc.dll
+ 2004-08-04 08:00:00 596,992 -c----w c:\windows\$NtServicePackUninstall$\wsecedit.dll
+ 2004-08-04 08:00:00 108,032 -c----w c:\windows\$NtServicePackUninstall$\wshbth.dll
+ 2004-08-04 08:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\wshcon.dll
+ 2004-08-04 08:00:00 65,536 -c----w c:\windows\$NtServicePackUninstall$\wshext.dll
+ 2004-08-04 08:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\wship6.dll
+ 2004-08-03 19:56:48 8,192 -c----w c:\windows\$NtServicePackUninstall$\wshirda.dll
+ 2004-08-04 08:00:00 11,776 -c----w c:\windows\$NtServicePackUninstall$\wshrm.dll
+ 2004-08-04 08:00:00 19,968 -c----w c:\windows\$NtServicePackUninstall$\wshtcpip.dll
+ 2004-08-04 08:00:00 42,496 -c----w c:\windows\$NtServicePackUninstall$\wsnmp32.dll
+ 2004-08-04 08:00:00 22,528 -c----w c:\windows\$NtServicePackUninstall$\wsock32.dll
+ 2004-08-04 04:10:22 19,328 -c----w c:\windows\$NtServicePackUninstall$\wstcodec.sys
+ 2004-08-04 08:00:00 50,688 -c----w c:\windows\$NtServicePackUninstall$\wstdecod.dll
+ 2004-08-04 08:00:00 18,432 -c----w c:\windows\$NtServicePackUninstall$\wtsapi32.dll
+ 2004-08-04 08:00:00 6,656 -c----w c:\windows\$NtServicePackUninstall$\wuauserv.dll
+ 2004-08-04 08:00:00 378,368 -c----w c:\windows\$NtServicePackUninstall$\wzcdlg.dll
+ 2004-08-04 08:00:00 51,712 -c----w c:\windows\$NtServicePackUninstall$\wzcsapi.dll
+ 2004-08-04 08:00:00 359,936 -c----w c:\windows\$NtServicePackUninstall$\wzcsvc.dll
+ 2004-08-04 08:00:00 91,648 -c----w c:\windows\$NtServicePackUninstall$\xactsrv.dll
+ 2004-08-04 08:00:00 30,720 -c----w c:\windows\$NtServicePackUninstall$\xcopy.exe
+ 2006-07-14 15:51:52 121,856 -c----w c:\windows\$NtServicePackUninstall$\xmllite.dll
+ 2004-08-04 08:00:00 129,536 -c----w c:\windows\$NtServicePackUninstall$\xmlprov.dll
+ 2004-08-04 08:00:00 50,176 -c----w c:\windows\$NtServicePackUninstall$\xmlprovi.dll
+ 2006-03-01 19:42:42 11,776 -c----w c:\windows\$NtServicePackUninstall$\xolehlp.dll
+ 2006-10-10 12:44:50 557,568 -c----w c:\windows\$NtServicePackUninstall$\xpnetdiag.exe
+ 2004-08-04 08:00:00 438,784 -c----w c:\windows\$NtServicePackUninstall$\xpob2res.dll
+ 2004-08-04 08:00:00 187,392 -c----w c:\windows\$NtServicePackUninstall$\xpsp1res.dll
+ 2004-08-04 08:00:00 187,392 -c----w c:\windows\$NtServicePackUninstall$\xpsp1res.dll.026
+ 2004-08-04 08:00:00 2,897,920 -c----w c:\windows\$NtServicePackUninstall$\xpsp2res.dll
+ 2007-10-29 10:04:03 350,720 -c----w c:\windows\$NtServicePackUninstall$\xpsp3res.dll
+ 2004-08-04 08:00:00 337,920 -c----w c:\windows\$NtServicePackUninstall$\zipfldr.dll
+ 2004-08-04 08:00:00 294,400 -c----w c:\windows\$NtUninstallKB932823-v3$\msctf.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB932823-v3$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB932823-v3$\spuninst\updspapi.dll
+ 2004-08-04 08:00:00 331,776 -c----w c:\windows\$NtUninstallKB952287$\msadce.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB952287$\spuninst\updspapi.dll
+ 2006-10-04 14:05:26 39,424 ----a-w c:\windows\AppPatch\acadproc(3).dll
- 2005-08-26 20:27:58 45,056 ----a-w c:\windows\devenum.exe
+ 2005-08-26 19:27:58 45,056 ----a-w c:\windows\devenum.exe
+ 2008-03-25 00:33:02 1,527,056 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-01-22 17:41:40 206,208 ----a-w c:\windows\Downloaded Program Files\HPISDataManager.dll
+ 2008-06-06 00:40:24 660,856 ----a-w c:\windows\Downloaded Program Files\Manager.exe
+ 2008-01-22 02:34:22 465,472 ----a-w c:\windows\Downloaded Program Files\wlscBase.dll
+ 2007-01-18 04:51:48 49,152 ----a-w c:\windows\emunist.exe
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2007-06-13 10:23:07 1,033,216 ----a-w c:\windows\explorer(2).exe
+ 2008-01-14 21:47:06 99,712 ----a-w c:\windows\HPBroker.dll
+ 2007-10-16 15:29:08 40,960 ----a-w c:\windows\hpmonZ.exe
+ 2006-10-27 01:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 20:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2008-05-02 23:22:34 123,426 ----a-r c:\windows\Installer\{2B2631B3-5E71-4855-904A-C0C354ACC137}\_6FEFF9B68218417F98F549.exe
+ 2008-05-02 23:22:34 123,426 ----a-r c:\windows\Installer\{2B2631B3-5E71-4855-904A-C0C354ACC137}\_BF97A9A4F8D8F40835CDB2.exe
+ 2008-05-02 23:22:34 123,426 ----a-r c:\windows\Installer\{2B2631B3-5E71-4855-904A-C0C354ACC137}\_FBDD4266C14D4C2109B65F.exe
+ 2008-11-12 23:36:03 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
- 2008-04-10 02:50:31 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-18 05:29:03 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-04-10 02:50:31 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-18 05:29:03 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-10 02:50:31 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-18 05:29:03 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-10 02:50:31 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-18 05:29:03 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-10 02:50:31 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-11-18 05:29:03 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-10 02:50:31 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-11-18 05:29:03 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-04-10 02:50:31 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-11-18 05:29:03 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-10 02:50:31 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-11-18 05:29:03 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-10 02:50:31 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-11-18 05:29:03 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-10 02:50:31 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-18 05:29:03 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-06-03 22:38:07 32,768 ----a-r c:\windows\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
+ 2008-06-06 15:39:10 689,456 ----a-r c:\windows\Installer\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
- 2006-04-12 15:47:22 217,073 ----a-w c:\windows\meta4.exe
+ 2006-04-12 14:47:22 217,073 ----a-w c:\windows\meta4.exe
- 2000-08-31 13:00:00 28,160 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 14:00:00 29,696 ----a-w c:\windows\Nircmd.exe
+ 2004-08-04 08:00:00 38,912 ----a-w c:\windows\pchealth\helpctr\binaries\pchsvc(3).dll
- 2006-08-18 08:59:18 91,823 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2008-07-16 15:07:09 91,823 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2006-08-18 08:59:18 19,718 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-07-16 15:07:09 20,456 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-09-10 16:59:57 253,116 ----a-w c:\windows\PDFCreator_Toolbar_Uninstaller_8671.exe
+ 2008-04-14 00:25:26 1,804 ------w c:\windows\ServicePackFiles\i386\dcache.bin
+ 2006-12-31 12:57:08 4,569 ------w c:\windows\ServicePackFiles\i386\secupd.dat
+ 2005-08-26 19:28:20 24,576 ----a-w c:\windows\shortcut.exe
- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 14:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2008-04-30 04:44:10 127,712 ----a-w c:\windows\system\CardView.dll

**Randyvz** · 2009-01-24, 00:01

+ 2004-08-04 08:00:00 194,048 ----a-w c:\windows\system32\activeds(2).dll
+ 2004-08-04 08:00:00 101,888 ----a-w c:\windows\system32\actxprxy(2).dll
+ 2008-08-06 21:22:02 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-08-06 21:30:48 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll
+ 2008-08-06 21:31:08 67,000 ----a-w c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2008-08-06 21:22:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2008-08-06 20:45:40 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-08-06 21:22:44 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-08-06 20:35:52 706,048 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2008-08-06 20:35:52 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2008-08-06 20:35:52 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-08-06 20:42:04 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-08-06 20:35:52 54,656 ----a-w c:\windows\system32\Adobe\Shockwave 11\pccuapi.dll
+ 2008-08-06 21:21:14 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-08-06 21:24:14 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-08-06 21:30:30 447,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1100465.exe
+ 2008-08-06 21:24:56 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-08-06 21:21:04 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-08-06 20:35:52 50,808 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 15:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 2004-08-04 08:00:00 143,360 ----a-w c:\windows\system32\adsldpc(2).dll
+ 2008-03-01 13:06:20 124,928 ----a-w c:\windows\system32\advpack(2).dll
+ 2004-08-04 08:00:00 44,544 ----a-w c:\windows\system32\alg(2).exe
+ 2004-08-04 08:00:00 58,880 ----a-w c:\windows\system32\atl(3).dll
+ 2002-01-05 17:18:20 84,992 ------w c:\windows\system32\ATL70.DLL
- 2003-03-19 04:05:50 89,088 ----a-r c:\windows\system32\atl71.dll
+ 2003-03-19 11:05:48 89,088 ------w c:\windows\system32\atl71.dll
+ 2004-08-04 08:00:00 285,696 ----a-w c:\windows\system32\atmfd(3).dll
+ 2004-08-04 08:00:00 42,496 ----a-w c:\windows\system32\audiosrv(2).dll
+ 2005-03-02 18:09:29 56,832 ----a-w c:\windows\system32\authz(3).dll
+ 2004-01-02 18:28:28 126,976 ------w c:\windows\system32\AVIPrAx.dll
+ 2004-08-04 08:00:00 28,672 ----a-w c:\windows\system32\batmeter(2).dll
+ 2004-08-04 08:00:00 63,488 ----a-w c:\windows\system32\browselc(2).dll
+ 2004-08-04 08:00:00 77,312 ----a-w c:\windows\system32\browser(2).dll
+ 2007-06-15 08:12:28 1,022,976 ----a-w c:\windows\system32\browseui(2).dll
+ 2004-08-04 08:00:00 59,904 ----a-w c:\windows\system32\cabinet(3).dll
+ 2006-07-06 19:32:28 39,936 ------w c:\windows\system32\CacheX.dll
+ 2005-07-26 04:39:42 225,792 ----a-w c:\windows\system32\catsrv(3).dll
+ 2005-07-26 04:39:43 625,152 ----a-w c:\windows\system32\catsrvut(3).dll
+ 2004-08-04 08:00:00 194,560 ----a-w c:\windows\system32\certcli(3).dll
+ 2004-08-04 08:00:00 16,896 ----a-w c:\windows\system32\cfgmgr32(2).dll
+ 2005-07-26 04:39:43 498,688 ----a-w c:\windows\system32\clbcatq(3).dll
+ 2004-08-04 08:00:00 57,856 ----a-w c:\windows\system32\clusapi(3).dll
+ 2004-08-04 08:00:00 47,104 ----a-w c:\windows\system32\cnbjmon(2).dll
+ 2005-07-26 04:39:43 60,416 ----a-w c:\windows\system32\colbact(3).dll
+ 2004-08-04 08:00:00 792,064 ----a-w c:\windows\system32\comres(3).dll
+ 2005-07-26 04:39:44 1,267,200 ----a-w c:\windows\system32\comsvcs(3).dll
- 2007-04-12 10:04:31 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-23 18:18:13 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-04-12 10:04:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-23 18:18:13 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-08-04 08:00:00 35,328 ----a-w c:\windows\system32\corpol(2).dll
+ 2004-08-04 08:00:00 163,840 ----a-w c:\windows\system32\credui(2).dll
+ 1997-03-14 05:00:00 2,783,232 ----a-w c:\windows\system32\Crpe.dll
+ 2004-08-04 08:00:00 597,504 ----a-w c:\windows\system32\crypt32(3).dll
+ 2004-08-04 08:00:00 33,280 ----a-w c:\windows\system32\cryptdll(3).dll
+ 2004-08-04 08:00:00 63,488 ----a-w c:\windows\system32\cryptnet(3).dll
+ 2006-02-11 03:48:12 62,464 ----a-w c:\windows\system32\cryptsvc(3).dll
+ 2004-08-04 08:00:00 512,512 ----a-w c:\windows\system32\cryptui(3).dll
+ 2004-08-04 08:00:00 101,888 ----a-w c:\windows\system32\cscdll(3).dll
+ 2004-08-04 08:00:00 326,656 ----a-w c:\windows\system32\cscui(2).dll
+ 2004-08-04 08:00:00 6,144 ----a-w c:\windows\system32\csrss(3).exe
+ 2004-08-04 08:00:00 15,360 ----a-w c:\windows\system32\ctfmon(2).exe
+ 2004-08-04 08:00:00 24,576 ----a-w c:\windows\system32\davclnt(3).dll
+ 2004-08-04 08:00:00 640,000 ----a-w c:\windows\system32\dbghelp(2).dll
- 2004-08-04 08:00:00 1,788 ----a-w c:\windows\system32\Dcache.bin
+ 2008-04-14 00:25:26 1,804 ----a-w c:\windows\system32\dcache.bin
+ 2004-08-04 08:00:00 8,704 ----a-w c:\windows\system32\dciman32(2).dll
+ 2004-08-04 08:00:00 266,240 ----a-w c:\windows\system32\ddraw(2).dll
+ 2004-08-04 08:00:00 27,136 ----a-w c:\windows\system32\ddrawex(2).dll
+ 2008-12-06 13:46:57 410,976 ----a-w c:\windows\system32\deploytk.dll
+ 2007-08-08 20:07:12 319,456 ----a-w c:\windows\system32\difxapi.dll
+ 2006-04-11 21:03:14 233,472 ------w c:\windows\system32\DiskIO.dll
+ 2004-08-04 04:10:14 11,776 ----a-w c:\windows\system32\dllcache\bdasup.sys
+ 2004-08-04 08:00:00 4,224 ----a-w c:\windows\system32\dllcache\beep.sys
+ 2004-08-04 05:56:44 47,616 ----a-w c:\windows\system32\dllcache\iyuv_32.dll
- 2004-08-04 05:15:22 140,928 ----a-w c:\windows\system32\dllcache\ks.sys
+ 2004-08-04 04:15:22 140,928 ----a-w c:\windows\system32\dllcache\ks.sys
+ 2004-08-04 04:10:14 15,360 ----a-w c:\windows\system32\dllcache\mpe.sys
+ 2008-05-01 14:30:33 331,776 ------w c:\windows\system32\dllcache\msadce.dll
+ 2008-02-26 11:59:50 294,912 ------w c:\windows\system32\dllcache\msctf.dll
+ 2004-08-04 05:56:46 17,408 ----a-w c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 05:56:46 363,520 ----a-w c:\windows\system32\dllcache\psisdecd.dll
+ 2004-08-04 03:59:58 43,136 ----a-w c:\windows\system32\dllcache\sbp2port.sys
+ 2001-08-18 03:36:34 8,192 ----a-w c:\windows\system32\dllcache\tsbyuv.dll
+ 2004-08-04 08:00:00 5,120 ----a-w c:\windows\system32\dllhost(2).exe
+ 2004-08-04 08:00:00 23,552 ----a-w c:\windows\system32\dmserver(3).dll
+ 2008-02-20 05:32:43 148,992 ----a-w c:\windows\system32\dnsapi(3).dll
+ 2008-02-20 05:32:43 45,568 ----a-w c:\windows\system32\dnsrslvr(2).dll
+ 2008-04-27 22:56:06 8,552 ----a-w c:\windows\system32\drivers\asctrm.sys
+ 2004-08-04 04:10:14 11,776 ----a-w c:\windows\system32\drivers\BdaSup.sys
+ 2007-12-10 09:00:00 9,072 ----a-w c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-12-10 09:00:00 9,200 ----a-w c:\windows\system32\drivers\cdralw2k.sys
+ 2005-12-21 15:14:52 19,712 ----a-w c:\windows\system32\drivers\emAudio.sys
+ 2007-01-29 12:20:04 361,728 ----a-r c:\windows\system32\drivers\emBDA.sys
+ 2005-12-21 15:14:52 100,957 ----a-w c:\windows\system32\drivers\emDevice.sys
+ 2005-12-21 15:14:52 5,245 ----a-w c:\windows\system32\drivers\emFilter.sys
+ 2007-01-29 12:19:48 39,680 ----a-r c:\windows\system32\drivers\emOEM.sys
+ 2005-12-21 15:14:52 4,493 ----a-w c:\windows\system32\drivers\emScan.sys
+ 2005-12-21 15:14:52 24,269 ----a-w c:\windows\system32\drivers\emStream.sys
+ 2007-08-08 20:07:16 5,760,096 ----a-w c:\windows\system32\drivers\igxpmp32.sys
- 2004-08-04 05:15:22 140,928 ----a-w c:\windows\system32\drivers\ks.sys
+ 2004-08-04 04:15:22 140,928 ----a-w c:\windows\system32\drivers\ks.sys
+ 2007-04-09 14:53:24 12,672 ----a-w c:\windows\system32\drivers\lgusbbus.sys
+ 2007-04-09 14:56:22 21,248 ----a-w c:\windows\system32\drivers\lgusbdiag.sys
+ 2007-04-09 14:55:08 22,912 ----a-w c:\windows\system32\drivers\lgusbmodem.sys
+ 2005-06-03 00:28:38 171,008 ----a-w c:\windows\system32\drivers\MarvinBus.sys
+ 2004-08-04 04:10:14 15,360 ----a-w c:\windows\system32\drivers\MPE.sys
- 2005-04-25 09:03:00 20,640 ----a-w c:\windows\system32\drivers\pxhelp20.sys
+ 2008-02-06 09:00:00 44,608 ----a-w c:\windows\system32\drivers\pxhelp20.sys
+ 2004-08-04 03:59:58 43,136 ----a-w c:\windows\system32\drivers\sbp2port.sys
+ 2004-08-04 08:00:00 14,336 ----a-w c:\windows\system32\drprov(3).dll
+ 2008-02-06 21:52:12 68,080 ----a-w c:\windows\system32\drvins64.exe
+ 2007-08-08 20:07:12 102,400 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\hccutils.dll
+ 2007-08-08 20:07:20 162,328 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\hkcmd.exe
+ 2007-08-08 20:07:20 526,872 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igfxcfg.exe
+ 2007-08-08 20:07:12 204,800 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igfxdev.dll
+ 2007-08-08 20:07:12 135,168 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igfxdo.dll
+ 2007-08-08 20:07:12 24,576 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igfxexps.dll
+ 2007-08-08 20:07:20 166,424 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igfxext.exe
+ 2007-08-08 20:07:20 137,752 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igfxpers.exe
+ 2007-08-08 20:07:12 204,800 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igfxpph.dll
+ 2007-08-08 20:07:14 3,293,184 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igfxress.dll
+ 2007-08-08 20:07:14 47,616 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igfxsrvc.dll
+ 2007-08-08 20:07:20 252,440 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igfxsrvc.exe
+ 2007-08-08 20:07:20 141,848 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igfxtray.exe
+ 2007-08-08 20:07:20 170,520 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igfxzoom.exe
+ 2007-08-08 20:07:14 450,560 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igldev32.dll
+ 2007-08-08 20:07:14 2,334,720 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\iglicd32.dll
+ 2007-08-08 20:07:14 204,800 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igxpco32.dll
+ 2007-08-08 20:07:16 1,717,920 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igxpdv32.dll
+ 2007-08-08 20:07:16 2,681,344 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igxpdx32.dll
+ 2007-08-08 20:07:16 150,528 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igxpgd32.dll
+ 2007-08-08 20:07:16 5,760,096 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igxpmp32.sys
+ 2007-08-08 20:07:16 57,344 -c--a-w c:\windows\system32\DRVSTORE\igxp32_BAC45AB039B0A9649F6AF508B6B12325D7D8FD11\igxprd32.dll
+ 2004-08-04 08:00:00 367,616 ----a-w c:\windows\system32\dsound(2).dll
+ 2004-08-04 08:00:00 137,216 ----a-w c:\windows\system32\dssenh(2).dll
+ 2004-08-04 08:00:00 304,128 ----a-w c:\windows\system32\duser(3).dll
+ 2005-12-21 15:14:52 9,739 ----a-w c:\windows\system32\emUSD.dll
+ 2005-12-21 15:14:52 45,056 ----a-w c:\windows\system32\emVFW.dll
+ 2005-12-21 15:14:52 17,808 ----a-w c:\windows\system32\emYUV.dll
+ 2004-08-04 08:00:00 23,040 ----a-w c:\windows\system32\ersvc(2).dll
+ 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es(2).dll
+ 2005-10-20 22:20:03 1,082,368 ----a-w c:\windows\system32\esent(3).dll
+ 2004-08-04 08:00:00 55,808 ----a-w c:\windows\system32\eventlog(3).dll
+ 2004-08-04 08:00:00 80,384 ----a-w c:\windows\system32\faultrep(2).dll
- 2008-04-09 21:46:17 1,689,896 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-03 13:44:50 2,554,784 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2006-06-06 15:05:36 73,728 ----a-w c:\windows\system32\hccutils.dll
+ 2007-08-08 20:07:12 102,400 ----a-w c:\windows\system32\hccutils.dll
+ 2004-08-04 08:00:00 20,992 ----a-w c:\windows\system32\hid(2).dll
- 2006-06-06 15:06:44 77,824 ----a-w c:\windows\system32\hkcmd.exe
+ 2007-08-08 20:07:20 162,328 ----a-w c:\windows\system32\hkcmd.exe
+ 2004-08-04 08:00:00 344,064 ----a-w c:\windows\system32\hnetcfg(3).dll
+ 2004-08-04 08:00:00 24,576 ----a-w c:\windows\system32\httpapi(2).dll
+ 2004-08-04 08:00:00 11,264 ----a-w c:\windows\system32\icaapi(2).dll
+ 2004-08-04 08:00:00 3,584 ----a-w c:\windows\system32\icmp(2).dll
- 2006-06-06 15:09:18 450,560 ----a-w c:\windows\system32\igfxcfg.exe
+ 2007-08-08 20:07:20 526,872 ----a-w c:\windows\system32\igfxcfg.exe
+ 2007-08-08 20:07:14 204,800 ----a-w c:\windows\system32\igfxCoIn_v4820.dll
- 2006-06-06 15:05:50 139,264 ----a-w c:\windows\system32\igfxdev.dll
+ 2007-08-08 20:07:12 204,800 ----a-w c:\windows\system32\igfxdev.dll
- 2006-06-06 15:06:50 86,016 ----a-w c:\windows\system32\igfxdo.dll
+ 2007-08-08 20:07:12 135,168 ----a-w c:\windows\system32\igfxdo.dll
- 2006-06-06 15:10:32 40,960 ----a-w c:\windows\system32\igfxexps.dll
+ 2007-08-08 20:07:12 24,576 ----a-w c:\windows\system32\igfxexps.dll
- 2006-06-06 15:10:32 94,208 ----a-w c:\windows\system32\igfxext.exe
+ 2007-08-08 20:07:20 166,424 ----a-w c:\windows\system32\igfxext.exe
- 2006-06-06 15:10:40 118,784 ----a-w c:\windows\system32\igfxpers.exe
+ 2007-08-08 20:07:20 137,752 ----a-w c:\windows\system32\igfxpers.exe
- 2006-06-06 15:09:40 143,360 ----a-w c:\windows\system32\igfxpph.dll
+ 2007-08-08 20:07:12 204,800 ----a-w c:\windows\system32\igfxpph.dll
- 2006-06-06 15:05:56 139,264 ----a-w c:\windows\system32\igfxres.dll
+ 2007-08-08 20:07:14 172,032 ----a-w c:\windows\system32\igfxres.dll
- 2006-06-06 15:09:46 1,503,232 ----a-w c:\windows\system32\igfxress.dll
+ 2007-08-08 20:07:14 3,293,184 ----a-w c:\windows\system32\igfxress.dll
- 2006-06-06 15:06:38 61,440 ----a-w c:\windows\system32\igfxsrvc.dll
+ 2007-08-08 20:07:14 47,616 ----a-w c:\windows\system32\igfxsrvc.dll
- 2006-06-06 15:06:36 163,840 ----a-w c:\windows\system32\igfxsrvc.exe
+ 2007-08-08 20:07:20 252,440 ----a-w c:\windows\system32\igfxsrvc.exe
- 2006-06-06 15:09:58 94,208 ----a-w c:\windows\system32\igfxtray.exe
+ 2007-08-08 20:07:20 141,848 ----a-w c:\windows\system32\igfxtray.exe
- 2006-06-06 15:10:26 114,688 ----a-w c:\windows\system32\igfxzoom.exe
+ 2007-08-08 20:07:20 170,520 ----a-w c:\windows\system32\igfxzoom.exe
- 2006-06-06 15:18:20 524,288 ----a-w c:\windows\system32\igldev32.dll
+ 2007-08-08 20:07:14 450,560 ----a-w c:\windows\system32\igldev32.dll
- 2006-06-06 15:16:54 2,318,336 ----a-w c:\windows\system32\iglicd32.dll
+ 2007-08-08 20:07:14 2,334,720 ----a-w c:\windows\system32\iglicd32.dll
+ 2007-08-08 20:07:16 1,717,920 ----a-w c:\windows\system32\igxpdv32.dll
+ 2007-08-08 20:07:16 2,681,344 ----a-w c:\windows\system32\igxpdx32.dll
+ 2007-08-08 20:07:16 150,528 ----a-w c:\windows\system32\igxpgd32.dll
+ 2007-08-08 20:07:16 57,344 ----a-w c:\windows\system32\igxprd32.dll
+ 2007-08-08 20:07:20 399,896 ----a-w c:\windows\system32\igxpun.exe
+ 2004-08-04 08:00:00 75,264 ----a-w c:\windows\system32\inetpp(2).dll
+ 1996-10-15 14:40:38 78,848 ----a-w c:\windows\system32\INLOADER.DLL
+ 2006-05-19 12:59:41 94,720 ----a-w c:\windows\system32\iphlpapi(3).dll
+ 2004-08-04 08:00:00 331,264 ----a-w c:\windows\system32\ipnathlp(2).dll
+ 2004-08-04 08:00:00 182,784 ----a-w c:\windows\system32\ipsecsvc(2).dll
+ 1998-10-11 05:07:38 88,576 ----a-w c:\windows\system32\Iticheck.dll
+ 1999-05-22 03:37:16 26,112 ----a-w c:\windows\system32\itidat.dll
+ 1999-05-22 03:37:28 39,424 ----a-w c:\windows\system32\itidib.dll
+ 1998-07-16 02:40:50 350,208 ----a-w c:\windows\system32\itiimg2.dll
- 2004-08-04 08:00:00 47,616 ----a-w c:\windows\system32\iyuv_32.dll
+ 2004-08-04 05:56:44 47,616 ----a-w c:\windows\system32\iyuv_32.dll
- 2007-09-25 04:30:28 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-06 13:46:57 144,792 ----a-w c:\windows\system32\java.exe
- 2007-09-25 04:30:30 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-06 13:46:57 144,792 ----a-w c:\windows\system32\javaw.exe
- 2007-09-25 05:31:42 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-06 13:46:57 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-04-14 00:11:56 512,000 ----a-w c:\windows\system32\jscript(2).dll
+ 2006-10-17 17:00:00 491,520 ----a-w c:\windows\system32\jscript(3).dll
+ 2005-06-15 17:49:30 295,936 ----a-w c:\windows\system32\kerberos(3).dll
+ 2004-08-04 07:56:44 4,096 ----a-w c:\windows\system32\ksuser(2).dll
+ 2007-08-08 20:07:20 50,688 ----a-w c:\windows\system32\Lang\HDMI\ENU\HDMIENU.dll
- 2004-05-24 22:59:52 30,208 ----a-w c:\windows\system32\lfbmp13n.dll
+ 2003-11-05 04:40:24 30,208 ------w c:\windows\system32\lfbmp13n.dll
+ 2004-03-03 17:50:04 70,144 ------w c:\windows\system32\lfbmp13s.dll
- 2004-05-24 23:00:04 351,744 ----a-w c:\windows\system32\LFCMP13n.dll
+ 2005-06-28 15:14:58 393,216 ------w c:\windows\system32\LFCMP13n.DLL
+ 2004-03-03 18:50:04 409,600 ------w c:\windows\system32\LFCMP13s.DLL
+ 2004-03-03 17:50:04 110,080 ------w c:\windows\system32\lfpsd13s.dll
- 2004-05-24 23:01:32 23,552 ----a-w c:\windows\system32\lftga13n.dll
+ 2003-11-05 04:40:24 24,576 ------w c:\windows\system32\lftga13n.dll
+ 2004-03-03 17:50:04 64,512 ------w c:\windows\system32\lftga13s.dll
+ 2004-08-04 08:00:00 423,936 ----a-w c:\windows\system32\licdll(2).dll
+ 2005-09-01 01:41:53 19,968 ----a-w c:\windows\system32\linkinfo(2).dll
+ 2004-03-03 17:50:04 12,288 ------w c:\windows\system32\LMLRes.dll
+ 2004-03-03 17:50:04 884,736 ------w c:\windows\system32\LMUIRes.dll
+ 2004-08-04 08:00:00 97,280 ----a-w c:\windows\system32\loadperf(2).dll
+ 2004-08-04 08:00:00 22,016 ----a-w c:\windows\system32\lpk(3).dll
+ 2004-08-04 08:00:00 13,312 ----a-w c:\windows\system32\lsass(3).exe
- 2004-05-24 23:03:02 1,685,504 ----a-w c:\windows\system32\LTCLR13n.dll
+ 2003-11-05 01:37:46 1,693,696 ------w c:\windows\system32\LTCLR13n.dll
+ 2004-03-03 17:50:04 2,079,232 ------w c:\windows\system32\LTCLR13s.dll
- 2004-05-24 23:04:22 137,728 ----a-w c:\windows\system32\LTFIL13n.dll
+ 2003-11-05 04:40:24 153,088 ------w c:\windows\system32\ltfil13n.DLL
- 2004-05-24 23:05:42 437,248 ----a-w c:\windows\system32\ltkrn13n.dll
+ 2003-11-05 01:37:46 453,120 ------w c:\windows\system32\ltkrn13n.dll
+ 2004-03-03 17:50:04 930,992 ------w c:\windows\system32\Ltr13n.dll
+ 2004-03-03 17:50:04 306,352 ------w c:\windows\system32\Ltrio13n.dll
- 2004-05-24 23:05:24 888,832 ----a-w c:\windows\system32\LTWVC13n.dll
+ 2004-03-03 17:50:04 1,013,248 ------w c:\windows\system32\Ltwvc13n.dll
+ 1998-11-03 01:57:36 27,648 ------w c:\windows\system32\MA32.DLL
+ 1998-11-03 01:57:36 196,096 ------w c:\windows\system32\MACD32.DLL
+ 2008-03-15 04:31:26 57,344 ----a-w c:\windows\system32\Macromed\Common\SwSupport.dll
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
+ 2008-12-17 17:32:19 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-03-15 04:29:22 581,632 ----a-w c:\windows\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 04:12:30 1,490,944 ----a-w c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll
+ 2008-03-15 04:29:58 24,576 ----a-w c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 04:10:06 606,208 ----a-w c:\windows\system32\Macromed\Shockwave 10\iml32X.dll
+ 2008-03-15 04:28:48 339,968 ----a-w c:\windows\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-15 04:28:56 475,136 ----a-w c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-03-15 04:21:52 180,224 ----a-w c:\windows\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-03-15 04:31:28 77,824 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 16:38:08 86,016 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll
+ 2008-03-15 04:31:28 98,304 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 1998-11-03 01:57:36 136,192 ------w c:\windows\system32\MAMC32.DLL
+ 1998-11-03 01:57:36 57,856 ------w c:\windows\system32\MASD32.DLL
+ 1998-11-03 01:57:36 138,752 ------w c:\windows\system32\MASE32.DLL
+ 2004-08-04 08:00:00 1,028,096 ----a-w c:\windows\system32\mfc42(2).dll
- 2003-03-18 21:20:00 1,060,864 ----a-w c:\windows\system32\mfc71.dll
+ 2003-03-19 13:20:00 1,060,864 ----a-w c:\windows\system32\MFC71.dll
+ 1995-04-26 05:00:00 146,976 ----a-w c:\windows\system32\Mfcoleui.dll
+ 2004-08-04 08:00:00 22,528 ----a-w c:\windows\system32\mfcsubs(3).dll
+ 1998-04-27 19:57:16 73,008 ----a-w c:\windows\system32\Mhrun500.dll
+ 2004-08-04 08:00:00 18,944 ----a-w c:\windows\system32\midimap(2).dll
+ 2004-08-04 08:00:00 586,240 ----a-w c:\windows\system32\mlang(2).dll
+ 2005-12-12 21:57:10 32,768 ------w c:\windows\system32\MLPagAx.dll
+ 2001-12-12 04:21:32 73,728 ------w c:\windows\system32\MMAviAx.dll
+ 2001-05-11 18:18:14 420,240 ----a-w c:\windows\system32\mpg4c32.dll
+ 2004-08-04 08:00:00 59,904 ----a-w c:\windows\system32\mpr(3).dll
+ 2004-08-04 08:00:00 87,040 ----a-w c:\windows\system32\mprapi(2).dll
+ 2004-08-04 08:00:00 89,088 ----a-w c:\windows\system32\mqlogmgr(2).dll
+ 2007-07-06 12:46:59 660,992 ----a-w c:\windows\system32\mqqm(2).dll
+ 2007-07-06 12:46:59 177,152 ----a-w c:\windows\system32\mqrt(2).dll
+ 2007-07-06 12:46:59 95,744 ----a-w c:\windows\system32\mqsec(2).dll
+ 2004-08-04 08:00:00 4,608 ----a-w c:\windows\system32\mqsvc(2).exe
+ 2004-08-04 08:00:00 117,248 ----a-w c:\windows\system32\mqtgsvc(2).exe
+ 2004-08-04 08:00:00 186,880 ----a-w c:\windows\system32\mqtrig(2).dll
+ 2007-07-06 12:46:59 471,552 ----a-w c:\windows\system32\mqutil(2).dll
+ 1993-04-28 05:00:00 279,568 ----a-w c:\windows\system32\Msabc110.dll
+ 1994-04-05 05:00:00 306,176 ----a-w c:\windows\system32\Msabc200.dll
+ 2004-08-04 08:00:00 71,680 ----a-w c:\windows\system32\msacm32(3).dll
+ 1993-04-28 05:00:00 33,280 ----a-w c:\windows\system32\Msaes110.dll
+ 1994-04-11 05:00:00 17,440 ----a-w c:\windows\system32\Msajt112.dll
+ 1994-11-20 05:00:00 995,136 ----a-w c:\windows\system32\Msajt200.dll
+ 2004-08-04 08:00:00 57,344 ----a-w c:\windows\system32\msasn1(3).dll
+ 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms(2).dll
+ 2004-08-04 08:00:00 294,400 ----a-w c:\windows\system32\MSCTF(2).dll
- 2004-08-04 08:00:00 294,400 ----a-w c:\windows\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w c:\windows\system32\msctf.dll
+ 2004-08-04 08:00:00 6,144 ----a-w c:\windows\system32\msdtc(2).exe
+ 2004-08-04 08:00:00 58,880 ----a-w c:\windows\system32\msdtclog(2).dll
+ 2006-03-01 19:42:42 426,496 ----a-w c:\windows\system32\msdtcprx(2).dll
+ 2006-03-01 19:42:42 956,416 ----a-w c:\windows\system32\msdtctm(2).dll
- 2004-08-04 08:00:00 294,912 ----a-w c:\windows\system32\msh263.drv
+ 2004-08-04 05:56:58 294,912 ----a-w c:\windows\system32\msh263.drv
+ 2008-03-01 13:06:28 478,208 ----a-w c:\windows\system32\mshtmled(2).dll
+ 2004-08-04 08:00:00 6,656 ----a-w c:\windows\system32\msidle(2).dll
+ 2004-08-04 08:00:00 4,608 ----a-w c:\windows\system32\msimg32(3).dll
+ 2004-08-04 08:00:00 159,232 ----a-w c:\windows\system32\MSIMTF(2).dll
+ 2008-07-31 16:16:54 947,472 ----a-w c:\windows\system32\msjava.dll
+ 1998-07-06 05:00:00 23,552 ----a-w c:\windows\system32\MSMPIDE.DLL
+ 2004-08-04 08:00:00 30,208 ----a-w c:\windows\system32\mspatcha(2).dll
+ 2004-08-04 08:00:00 48,128 ----a-w c:\windows\system32\msprivs(3).dll
+ 2004-08-04 08:00:00 115,712 ----a-w c:\windows\system32\mstlsapi(2).dll
+ 2004-08-04 08:00:00 195,072 ----a-w c:\windows\system32\msutb(2).dll
+ 2004-08-04 08:00:00 413,696 ----a-w c:\windows\system32\msvcp60(3).dll
+ 2004-08-04 08:00:00 343,040 ----a-w c:\windows\system32\msvcrt(3).dll
+ 2004-08-04 08:00:00 120,832 ----a-w c:\windows\system32\msvfw32(2).dll
+ 2004-08-04 08:00:00 245,248 ----a-w c:\windows\system32\mswsock(3).dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3(2).dll
+ 2007-05-08 20:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-06-03 00:36:46 82,432 ----a-w c:\windows\system32\msxml4r.dll
+ 2007-05-15 21:43:10 1,320,800 ----a-w c:\windows\system32\msxml6(2).dll
- 2004-08-04 08:00:00 17,408 ----a-w c:\windows\system32\msyuv.dll
+ 2004-08-04 05:56:46 17,408 ----a-w c:\windows\system32\msyuv.dll
+ 2006-03-01 19:42:42 66,560 ----a-w c:\windows\system32\mtxclu(3).dll
+ 2006-03-01 19:42:42 91,136 ----a-w c:\windows\system32\mtxoci(2).dll
+ 2004-08-04 08:00:00 90,624 ----a-w c:\windows\system32\mydocs(2).dll
+ 2004-08-04 08:00:00 17,920 ----a-w c:\windows\system32\nddeapi(3).dll
+ 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32(3).dll
+ 2004-08-04 08:00:00 622,080 ----a-w c:\windows\system32\netcfgx(2).dll
+ 2004-08-04 08:00:00 407,040 ----a-w c:\windows\system32\netlogon(3).dll
+ 2005-08-22 18:29:46 197,632 ----a-w c:\windows\system32\netman(2).dll
+ 2004-08-04 08:00:00 12,288 ----a-w c:\windows\system32\netrap(3).dll
+ 2004-08-04 08:00:00 1,708,032 ----a-w c:\windows\system32\netshell(2).dll
+ 2004-08-04 08:00:00 80,896 ----a-w c:\windows\system32\netui0(3).dll
+ 2004-08-04 08:00:00 245,760 ----a-w c:\windows\system32\netui1(3).dll
+ 2004-08-12 12:50:02 247,808 ----a-w c:\windows\system32\newdev(2).dll
+ 2004-08-04 08:00:00 67,072 ----a-w c:\windows\system32\ntdsapi(3).dll
+ 2004-08-04 08:00:00 43,520 ----a-w c:\windows\system32\ntlanman(3).dll
+ 2004-08-04 08:00:00 118,784 ----a-w c:\windows\system32\ntmarta(3).dll
+ 2004-08-04 08:00:00 143,872 ----a-w c:\windows\system32\ntshrui(2).dll
+ 2004-08-04 08:00:00 266,752 ----a-w c:\windows\system32\oakley(2).dll
+ 2004-08-04 08:00:00 60,928 ----a-w c:\windows\system32\ocmanage(2).dll
+ 2005-07-26 04:39:48 1,285,120 ----a-w c:\windows\system32\ole32(3).dll
+ 2005-07-26 04:39:48 74,752 ----a-w c:\windows\system32\olecli32(3).dll
+ 2006-10-16 16:15:00 122,880 ----a-w c:\windows\system32\oledlg(2).dll
+ 2004-08-04 08:00:00 83,456 ----a-w c:\windows\system32\olepro32(2).dll
+ 2005-12-21 15:14:52 73,728 ----a-w c:\windows\system32\PCLECoInst.dll
+ 1997-02-17 19:39:44 94,551 ----a-w c:\windows\system32\Pdbjet.dll
+ 1997-03-14 05:00:00 77,840 ----a-w c:\windows\system32\Pdctjet.dll
+ 2005-10-15 17:32:54 196,608 ----a-w c:\windows\system32\pdfcmnnt.dll
+ 1997-03-14 05:00:00 85,520 ----a-w c:\windows\system32\Pdirjet.dll
- 2008-04-16 14:12:50 76,742 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-13 14:07:23 76,742 ----a-w c:\windows\system32\perfc009.dat
- 2008-04-16 14:12:50 457,046 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-13 14:07:23 457,046 ----a-w c:\windows\system32\perfh009.dat
+ 2004-08-04 08:00:00 15,360 ----a-w c:\windows\system32\pjlmon(2).dll
+ 2008-04-27 22:55:59 278,528 ----a-w c:\windows\system32\pncrt.dll
+ 2008-04-27 22:56:00 6,656 ----a-w c:\windows\system32\pndx5016.dll
+ 2008-04-27 22:56:00 5,632 ----a-w c:\windows\system32\pndx5032.dll
+ 2004-08-04 08:00:00 17,408 ----a-w c:\windows\system32\powrprof(3).dll
+ 2004-08-04 08:00:00 27,648 ----a-w c:\windows\system32\profmap(3).dll
+ 2004-08-04 08:00:00 23,040 ----a-w c:\windows\system32\psapi(3).dll
+ 2004-08-04 08:00:00 96,768 ----a-w c:\windows\system32\psbase(2).dll
+ 2004-08-04 05:56:46 363,520 ----a-w c:\windows\system32\PsisDecd.dll
+ 2004-08-04 08:00:00 34,304 ----a-w c:\windows\system32\pstorsvc(2).dll
+ 2008-02-06 21:52:20 66,544 ----a-w c:\windows\system32\pxcpya64.exe
+ 2008-02-06 21:52:18 120,304 ----a-w c:\windows\system32\pxcpyi64.exe
- 2004-05-07 21:01:14 53,248 ------w c:\windows\system32\pxhpinst.exe
+ 2008-06-03 00:35:29 61,440 ------w c:\windows\system32\pxhpinst.exe
+ 2008-02-06 21:52:14 65,008 ----a-w c:\windows\system32\pxinsa64.exe
+ 2008-02-06 21:52:16 118,256 ----a-w c:\windows\system32\pxinsi64.exe
+ 2006-04-11 21:03:14 184,320 ------w c:\windows\system32\RALMain.dll
+ 2006-06-26 17:37:10 8,192 ----a-w c:\windows\system32\rasadhlp(3).dll
+ 2004-08-04 08:00:00 69,632 ----a-w c:\windows\system32\raschap(2).dll
+ 2006-06-22 10:47:18 181,248 ----a-w c:\windows\system32\rasmans(2).dll
+ 2004-08-04 08:00:00 206,336 ----a-w c:\windows\system32\rasppp(2).dll
+ 2004-08-04 08:00:00 112,128 ----a-w c:\windows\system32\rastls(2).dll
+ 2004-08-04 08:00:00 87,176 ----a-w c:\windows\system32\rdpwsx(2).dll
+ 2004-08-04 08:00:00 49,664 ----a-w c:\windows\system32\regapi(3).dll
+ 2008-07-07 21:02:56 516,096 ----a-w c:\windows\system32\RegisterDialog.dll
+ 2004-08-04 08:00:00 59,904 ----a-w c:\windows\system32\regsvc(2).dll
- 2007-10-11 12:25:40 5,593,880 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-07-16 17:37:47 3,978,776 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-04 08:00:00 58,880 ----a-w c:\windows\system32\resutils(3).dll
+ 2008-04-27 22:56:01 157,696 ----a-w c:\windows\system32\rmoc3260.dll
+ 2007-07-09 13:09:42 584,192 ----a-w c:\windows\system32\rpcrt4(3).dll
+ 2005-07-26 04:39:49 397,824 ----a-w c:\windows\system32\rpcss(3).dll
+ 2004-08-04 08:00:00 152,576 ----a-w c:\windows\system32\rsaenh(3).dll
+ 2004-08-04 08:00:00 44,032 ----a-w c:\windows\system32\rtutils(3).dll
+ 2004-08-04 08:00:00 69,632 ----a-w c:\windows\system32\scarddlg(2).dll
+ 2004-08-04 08:00:00 180,224 ----a-w c:\windows\system32\scecli(3).dll
+ 2004-08-04 08:00:00 313,856 ----a-w c:\windows\system32\scesrv(3).dll
+ 2004-08-04 08:00:00 190,976 ----a-w c:\windows\system32\schedsvc(2).dll
+ 2004-08-04 08:00:00 18,944 ----a-w c:\windows\system32\seclogon(2).dll
+ 2004-08-04 08:00:00 55,808 ----a-w c:\windows\system32\secur32(3).dll
+ 2004-08-04 08:00:00 5,632 ----a-w c:\windows\system32\security(2).dll
+ 2004-08-04 08:00:00 38,912 ----a-w c:\windows\system32\sens(2).dll
+ 2004-08-04 08:00:00 6,656 ----a-w c:\windows\system32\sensapi(3).dll
+ 2004-08-04 08:00:00 259,584 ----a-w c:\windows\system32\Setup\comsetup(2).dll
+ 2004-08-04 08:00:00 32,828 ----a-w c:\windows\system32\Setup\fp40ext(2).dll
+ 2004-08-04 08:00:00 132,608 ----a-w c:\windows\system32\Setup\fxsocm(2).dll
+ 2004-08-04 08:00:00 505,344 ----a-w c:\windows\system32\Setup\iis(2).dll
+ 2004-08-04 08:00:00 115,712 ----a-w c:\windows\system32\Setup\imsinsnt(2).dll
+ 2004-08-04 08:00:00 16,896 ----a-w c:\windows\system32\Setup\medctroc(2).dll
+ 2004-08-04 08:00:00 82,432 ----a-w c:\windows\system32\Setup\msdtcstp(2).dll
+ 2004-08-04 08:00:00 15,360 ----a-w c:\windows\system32\Setup\msgrocm(2).dll
+ 2004-08-04 08:00:00 169,984 ----a-w c:\windows\system32\Setup\msmqocm(2).dll
+ 2004-08-04 08:00:00 77,312 ----a-w c:\windows\system32\Setup\netoc(2).dll
+ 2004-08-04 08:00:00 62,976 ----a-w c:\windows\system32\Setup\ntoc(2).dll
+ 2004-08-04 08:00:00 15,872 ----a-w c:\windows\system32\Setup\ocgen(2).dll
+ 2004-08-04 08:00:00 17,408 ----a-w c:\windows\system32\Setup\ocmsn(2).dll
+ 2004-08-04 08:00:00 101,376 ----a-w c:\windows\system32\Setup\setupqry(2).dll
+ 2004-08-04 08:00:00 33,792 ----a-w c:\windows\system32\Setup\tabletoc(2).dll
+ 2004-08-04 08:00:00 121,856 ----a-w c:\windows\system32\Setup\tsoc(2).dll
+ 2004-08-04 08:00:00 5,120 ----a-w c:\windows\system32\sfc(3).dll
+ 2004-08-04 08:00:00 140,288 ----a-w c:\windows\system32\sfc_os(3).dll
+ 2004-08-04 08:00:00 549,376 ----a-w c:\windows\system32\shdoclc(2).dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w c:\windows\system32\shell32(3).dll
+ 2004-08-04 08:00:00 25,088 ----a-w c:\windows\system32\shfolder(2).dll
+ 2004-08-04 08:00:00 438,272 ----a-w c:\windows\system32\shimgvw(2).dll
+ 2007-06-15 08:12:30 474,112 ----a-w c:\windows\system32\shlwapi(3).dll
+ 2006-12-19 21:52:18 134,656 ----a-w c:\windows\system32\shsvcs(3).dll
- 2007-11-13 15:31:46 399,360 ----a-w c:\windows\system32\Smab.dll
+ 2008-02-07 21:15:06 408,576 ----a-w c:\windows\system32\Smab.dll
+ 2004-08-04 08:00:00 18,944 ----a-w c:\windows\system32\snmpapi(2).dll
- 2006-10-16 22:10:58 14,640 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2003-11-04 08:00:14 132,608 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2005-06-25 18:16:50 138,240 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
- 2003-11-04 08:00:14 464,384 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2005-06-25 18:16:52 480,256 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2004-08-04 08:00:00 74,752 ----a-w c:\windows\system32\spoolss(2).dll
+ 2005-06-10 23:53:32 57,856 ----a-w c:\windows\system32\spoolsv(2).exe
+ 2004-08-04 08:00:00 67,584 ----a-w c:\windows\system32\srclient(3).dll
+ 2004-11-17 23:25:04 171,008 ----a-w c:\windows\system32\srsvc(3).dll
+ 2004-08-04 08:00:00 34,816 ----a-w c:\windows\system32\ssdpapi(2).dll
+ 2004-08-04 08:00:00 71,680 ----a-w c:\windows\system32\ssdpsrv(2).dll
+ 2004-08-04 08:00:00 67,584 ----a-w c:\windows\system32\sti(2).dll
+ 2004-08-04 08:00:00 121,856 ----a-w c:\windows\system32\stobject(2).dll
+ 2004-08-04 08:00:00 75,776 ----a-w c:\windows\system32\strmfilt(2).dll
+ 2004-08-04 08:00:00 14,336 ----a-w c:\windows\system32\svchost(3).exe
+ 2006-10-19 13:56:32 713,216 ----a-w c:\windows\system32\sxs(3).dll
+ 2004-08-04 08:00:00 181,760 ----a-w c:\windows\system32\tapi32(3).dll
+ 2005-07-08 16:27:56 249,344 ----a-w c:\windows\system32\tapisrv(2).dll
+ 2004-08-04 08:00:00 14,848 ----a-w c:\windows\system32\tcpmib(2).dll
+ 2004-08-04 08:00:00 45,568 ----a-w c:\windows\system32\tcpmon(2).dll
+ 2004-08-04 08:00:00 295,424 ----a-w c:\windows\system32\termsrv(2).dll
+ 2005-11-23 05:39:29 385,536 ----a-w c:\windows\system32\themeui(2).dll
+ 2004-08-04 08:00:00 90,624 ----a-w c:\windows\system32\trkwks(2).dll
- 2004-08-04 08:00:00 8,192 ----a-w c:\windows\system32\tsbyuv.dll
+ 2001-08-18 03:36:34 8,192 ----a-w c:\windows\system32\tsbyuv.dll
+ 2004-08-04 08:00:00 25,600 ----a-w c:\windows\system32\udhisapi(2).dll
+ 2005-08-23 03:35:42 123,392 ----a-w c:\windows\system32\umpnpmgr(3).dll
+ 2004-08-04 08:00:00 132,608 ----a-w c:\windows\system32\upnp(2).dll
+ 2007-02-05 20:17:02 185,344 ----a-w c:\windows\system32\upnphost(2).dll
+ 2008-03-01 13:06:29 105,984 ----a-w c:\windows\system32\url(3).dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w c:\windows\system32\urlmon(3).dll
+ 2004-08-04 08:00:00 16,896 ----a-w c:\windows\system32\usbmon(2).dll
+ 2004-08-04 08:00:00 406,528 ----a-w c:\windows\system32\usp10(3).dll
+ 2004-08-04 08:00:00 218,624 ----a-w c:\windows\system32\uxtheme(3).dll
+ 1994-03-24 05:00:00 95,200 ----a-w c:\windows\system32\Vbdb300.dll
- 1993-05-12 05:00:00 398,416 ----a-w c:\windows\system32\Vbrun300.dll
+ 1996-08-24 16:11:10 398,416 ----a-w c:\windows\system32\Vbrun300.dll
+ 2004-08-04 08:00:00 18,944 ----a-w c:\windows\system32\version(3).dll
+ 2004-08-04 08:00:00 430,592 ----a-w c:\windows\system32\vssapi(3).dll
+ 2004-08-04 08:00:00 174,592 ----a-w c:\windows\system32\w32time(3).dll
+ 2004-08-04 08:00:00 15,872 ----a-w c:\windows\system32\w3ssl(2).dll
+ 2004-08-04 08:00:00 185,856 ----a-w c:\windows\system32\wbem\framedyn(3).dll
+ 2004-08-04 08:00:00 18,944 ----a-w c:\windows\system32\wbem\wbemprox(2).dll
+ 2006-03-24 04:37:50 49,152 ----a-w c:\windows\system32\wdigest(3).dll
+ 2004-08-04 08:00:00 23,552 ----a-w c:\windows\system32\wdmaud(2).drv
+ 2008-03-01 13:06:30 233,472 ----a-w c:\windows\system32\webcheck(2).dll
+ 2006-01-04 03:35:05 68,096 ----a-w c:\windows\system32\webclnt(2).dll
+ 2006-12-19 18:16:47 333,824 ----a-w c:\windows\system32\wiaservc(2).dll
+ 2004-08-04 08:00:00 351,232 ----a-w c:\windows\system32\winhttp(3).dll
+ 2008-03-01 13:06:31 826,368 ----a-w c:\windows\system32\wininet(3).dll
+ 2004-08-04 08:00:00 32,768 ----a-w c:\windows\system32\winipsec(2).dll
+ 2004-08-04 08:00:00 176,128 ----a-w c:\windows\system32\winmm(3).dll
+ 2004-08-04 08:00:00 16,896 ----a-w c:\windows\system32\winrnr(3).dll
+ 2004-08-04 08:00:00 99,328 ----a-w c:\windows\system32\winscard(3).dll
+ 2004-08-04 08:00:00 176,640 ----a-w c:\windows\system32\wintrust(3).dll
+ 2004-08-04 08:00:00 172,032 ----a-w c:\windows\system32\wldap32(3).dll
+ 2004-08-04 08:00:00 92,672 ----a-w c:\windows\system32\wlnotify(3).dll
+ 2004-08-04 08:00:00 5,632 ----a-w c:\windows\system32\wmi(2).dll
+ 2001-05-16 22:54:44 309,616 ----a-w c:\windows\system32\wmv8dmod.dll
+ 2004-08-04 08:00:00 264,192 ----a-w c:\windows\system32\wow32(3).dll
+ 2004-08-04 08:00:00 82,944 ----a-w c:\windows\system32\ws2_32(3).dll
+ 2004-08-04 08:00:00 19,968 ----a-w c:\windows\system32\ws2help(3).dll
+ 2004-08-04 08:00:00 81,408 ----a-w c:\windows\system32\wscsvc(2).dll
+ 2004-08-04 08:00:00 19,968 ----a-w c:\windows\system32\wshtcpip(3).dll
+ 2004-08-04 08:00:00 42,496 ----a-w c:\windows\system32\wsnmp32(2).dll
+ 2004-08-04 08:00:00 22,528 ----a-w c:\windows\system32\wsock32(3).dll
+ 2004-08-04 08:00:00 18,432 ----a-w c:\windows\system32\wtsapi32(3).dll
+ 2004-08-04 08:00:00 6,656 ----a-w c:\windows\system32\wuauserv(2).dll
+ 2004-08-04 08:00:00 378,368 ----a-w c:\windows\system32\wzcdlg(2).dll
+ 2004-08-04 08:00:00 51,712 ----a-w c:\windows\system32\wzcsapi(2).dll
+ 2004-08-04 08:00:00 359,936 ----a-w c:\windows\system32\wzcsvc(2).dll
+ 2006-07-14 15:51:52 121,856 ----a-w c:\windows\system32\xmllite(2).dll
+ 2004-08-04 08:00:00 50,176 ----a-w c:\windows\system32\xmlprovi(2).dll
+ 2006-03-01 19:42:42 11,776 ----a-w c:\windows\system32\xolehlp(2).dll
+ 2009-01-23 22:26:19 16,384 ----atw c:\windows\temp\Perflib_Perfdata_9ec.dat
+ 2008-06-14 15:44:51 397,824 ----a-w c:\windows\uninstall\Child Control 2004\setup.exe
+ 2004-03-29 21:23:44 90,112 ----a-w c:\windows\unvise32.exe
- 2005-08-26 20:28:34 143,360 ----a-w c:\windows\unzip.exe
+ 2005-08-26 19:28:34 143,360 ----a-w c:\windows\unzip.exe
+ 2002-05-02 22:26:56 65,536 ----a-w c:\windows\V58\amcap.exe
+ 2004-12-16 14:20:08 192,512 ----a-w c:\windows\V58\CopyINF.exe
+ 2002-08-15 20:15:50 20,480 ----a-w c:\windows\V58\DELOEM_FILE.exe
+ 2002-06-10 15:11:16 94,208 ----a-w c:\windows\V58\DelReg.exe
+ 2002-06-10 15:11:16 81,920 ----a-w c:\windows\V58\Ping.exe
+ 2002-06-10 15:11:16 81,920 ----a-w c:\windows\V58\Ping1.exe
+ 2004-11-24 19:36:18 10,368 ----a-w c:\windows\V58\Win2K\CoachAud.sys
+ 2004-07-12 15:48:02 16,896 ----a-w c:\windows\V58\Win2K\CoachDlg.dll
+ 2004-07-12 16:09:46 5,632 ----a-w c:\windows\V58\Win2K\CoachSti.dll
+ 2003-03-27 03:06:26 2,560 ----a-w c:\windows\V58\Win2K\CoachTW.dll
+ 2004-11-24 19:34:48 50,976 ----a-w c:\windows\V58\Win2K\CoachUsb.sys
+ 2004-11-24 19:36:42 44,256 ----a-w c:\windows\V58\Win2K\CoachVc.sys
+ 2004-07-15 22:40:42 8,192 ----a-w c:\windows\V58\Win2K\CoachWrp.dll
+ 2003-01-21 20:45:14 114,688 ----a-w c:\windows\V58\Win2K\JpegCode.dll
+ 2004-09-30 18:45:48 10,784 ----a-w c:\windows\V58\Win98\CoachAud.sys
+ 2004-07-12 16:48:02 16,896 ----a-w c:\windows\V58\Win98\CoachDlg.dll
+ 2004-07-12 17:09:46 5,632 ----a-w c:\windows\V58\Win98\CoachSti.dll
+ 2003-03-27 04:06:26 2,560 ----a-w c:\windows\V58\Win98\CoachTW.dll
+ 2004-09-30 18:55:54 51,136 ----a-w c:\windows\V58\Win98\CoachUsb.sys
+ 2004-09-30 18:46:40 44,672 ----a-w c:\windows\V58\Win98\CoachVc.sys
+ 2004-07-15 23:40:42 8,192 ----a-w c:\windows\V58\Win98\CoachWrp.dll
+ 2003-01-21 21:45:14 114,688 ----a-w c:\windows\V58\Win98\JpegCode.dll
+ 2004-09-30 18:45:48 10,784 ----a-w c:\windows\V58\WinMe\CoachAud.sys
+ 2004-07-12 16:48:02 16,896 ----a-w c:\windows\V58\WinMe\CoachDlg.dll
+ 2004-09-30 18:55:54 51,136 ----a-w c:\windows\V58\WinMe\CoachUsb.sys
+ 2004-09-30 18:46:40 44,672 ----a-w c:\windows\V58\WinMe\CoachVc.sys
+ 2004-07-12 17:14:16 41,984 ----a-w c:\windows\V58\WinMe\CoachWia.dll
+ 2004-07-15 23:40:42 8,192 ----a-w c:\windows\V58\WinMe\CoachWrp.dll
+ 2003-01-21 21:45:14 114,688 ----a-w c:\windows\V58\WinMe\JpegCode.dll
+ 2004-11-24 19:36:18 10,368 ----a-w c:\windows\V58\WinXP\CoachAud.sys
+ 2004-07-12 15:48:02 16,896 ----a-w c:\windows\V58\WinXP\CoachDlg.dll
+ 2004-11-24 19:34:48 50,976 ----a-w c:\windows\V58\WinXP\CoachUsb.sys
+ 2004-11-24 19:36:42 44,256 ----a-w c:\windows\V58\WinXP\CoachVc.sys
+ 2004-11-19 23:28:06 49,152 ----a-w c:\windows\V58\WinXP\CoachWia.dll
+ 2004-07-15 22:40:42 8,192 ----a-w c:\windows\V58\WinXP\CoachWrp.dll
+ 2003-01-21 20:45:14 114,688 ----a-w c:\windows\V58\WinXP\JpegCode.dll
+ 2007-05-08 20:06:44 1,275,392 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2007-04-18 15:36:40 82,432 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2006-12-02 05:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2007-11-07 01:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-07 06:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 06:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 06:19:22 54,272 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
.
-- Snapshot reset to current date --
.

**Randyvz** · 2009-01-24, 00:02

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-01 98304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"EPSON Stylus CX4800 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-01 98304]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-08 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-08 137752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"MsmqIntCert"="mqrt.dll" [2007-07-06 c:\windows\system32\mqrt.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk.disabled [2007-04-12 1714]
SMART Board Tools.lnk.disabled [2008-02-06 2042]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 12:41 40960 c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CmFlywaveName"=c:\windows\System\CmFlywav.exe
"MediaFace Integration"=c:\program files\Fellowes\MediaFACE 4.2\SetHook.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Scheduler"=c:\windows\SMINST\Scheduler.exe
"SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"WatchDog"=c:\program files\InterVideo\DVD Check\DVDCheck.exe
"Linksys WMB54G Utility"=c:\program files\Wireless-G Music Bridge\WMB54G.exe -R
"PCLEUSBTip"=c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
"RealTray"=f:\program files\Real\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"Reminder"=c:\windows\Creator\Remind_XP.exe
"USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-02-27 2996]
R3 cmvad;C-Media Wi-Sonic Wireless Audio Interface;c:\windows\system32\drivers\cmudaxv.sys [2007-09-06 1351360]
R4 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336]
S1 4e6103db;4e6103db;c:\windows\system32\drivers\4e6103db.sys [2009-01-10 0]
S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [2007-11-02 767240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e70c03d-5da1-11dc-86d9-0019d279814b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://info.conroeisd.net/~rveazey
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = bess.conroeisd.net:80
uInternet Settings,ProxyOverride = *.conroeisd.net;10.10.0.1;*.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 16:27:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????h??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,70,06,14,35,04,
b0,12,12,c8,28,51,af,b0,29,a3,98,ef,33,93,68,2c,2a,00,97,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,09,8c,12,4b,c1,
98,e9,21,71,3b,04,66,8b,46,0d,96,05,54,26,c9,77,5e,e2,0a,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,31,ec,d9,0b,59,
b5,97,53,25,da,ec,7e,55,20,c9,26,25,85,9e,b1,94,37,6c,bf,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,7b,af,6e,68,01,
2d,81,7a,3e,1e,9e,e0,57,5a,93,61,68,16,3b,5b,80,0b,00,e5,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,47,ae,a1,3e,07,
07,2b,36,cd,44,cd,b9,a6,33,6c,cd,02,82,cd,09,58,60,b1,46,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b1,b1,4b,dd,2c,
c4,bb,d0,b0,18,ed,a7,3f,8d,37,a4,57,16,e1,61,b2,f4,98,2d,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,17,71,bd,e3,64,
ec,96,07,31,77,e1,ba,b1,f8,68,02,ed,77,39,34,9b,f5,17,7c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:c9,6b,dc,73,db,34,6b,57,52,74,01,8e,52,4d,04,24,ed,de,4a,6b,71,
43,0e,b6,1e,f5,8f,51,e5,d2,cb,8d,96,74,54,ce,64,91,60,2e,ec,fa,75,92,fc,57,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,fa,e7,30,9e,d2,
31,40,25,83,6c,56,8b,a0,85,96,ab,74,f4,e0,ee,42,2b,e9,29,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,4d,0c,dd,75,54,
b7,cc,cb,51,fa,6e,91,28,9e,14,cc,f1,a7,96,01,64,7c,51,e0,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,77,57,86,57,0d,
01,2b,2f,b1,cd,45,5a,a8,c4,f8,b9,03,f8,09,dd,ac,2a,0c,43,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,b1,02,3a,34,7b,
9f,c7,40,e3,0e,66,d5,eb,bc,2f,6b,ff,78,5c,08,07,67,36,ad,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,3b,43,ff,33,ce,
eb,7c,06,fa,ea,66,7f,d4,3b,6b,70,52,d4,82,e3,ac,5c,4b,14,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c9,6b,dc,73,db,34,6b,57,52,74,01,8e,52,4d,04,24,ed,de,4a,6b,71,
43,0e,b6,1e,f5,8f,51,e5,d2,cb,8d,96,74,54,ce,64,91,60,2e,ec,fa,75,92,fc,57,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\dllhost.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\program files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.

**Randyvz** · 2009-01-24, 00:03

After running ComboFix this is my new HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:34:17 PM, on 1/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://info.conroeisd.net/~rveazey
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = bess.conroeisd.net:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.conroeisd.net;10.10.0.1;*.local;<local>
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB003" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O6 "USB004" /M "Stylus CX4800"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DVD Check.lnk.disabled
O4 - Global Startup: SMART Board Tools.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Cu...ataManager.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

**peku006** · 2009-01-24, 09:31

Looking better Randyvz

1 - Run CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\TDSScfum.dll
c:\windows\system32\drivers\4e6103db.sys
c:\windows\system32\Smab0.dll

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

2 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

4 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)
2. the Malwarebytes' Anti-Malware Log
How's the computer running now? Any problems?

Thanks peku006

**Randyvz** · 2009-01-24, 18:08

ComboFix Log:

ComboFix 09-01-21.04 - Administrator 2009-01-24 9:36:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1443 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: eTrust ITM *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\drivers\4e6103db.sys
c:\windows\system32\Smab0.dll
c:\windows\system32\TDSScfum.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\4e6103db.sys
c:\windows\system32\Smab0.dll
c:\windows\system32\TDSScfum.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-20 17:16 . 2009-01-20 17:16 <DIR> d-------- C:\SDFix
2009-01-11 09:10 . 2009-01-11 09:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 23:07 --------- d-----w c:\documents and settings\Administrator\Application Data\XnView
2009-01-11 14:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 14:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-09 22:47 --------- d-----w c:\program files\TouchMeGames old
2008-12-09 22:47 --------- d-----w c:\program files\TouchMeGames
2008-12-06 13:46 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-12-06 13:46 --------- d-----w c:\program files\Java
2008-12-04 14:31 --------- d-----w c:\program files\SureThing CD Labeler 5
2008-12-02 23:13 --------- d-----w c:\program files\Common Files\Adobe
2008-12-02 23:10 --------- d-----w c:\program files\Adobe Media Player
2008-12-02 23:09 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-01 03:58 --------- d-----w c:\documents and settings\Administrator\Application Data\Download Manager
2008-09-10 16:59 14,290 ----a-w c:\program files\settings.dat
2008-05-15 17:36 3,222 ----a-w c:\program files\uninstal.log
2007-05-28 17:02 604 ---ha-w c:\program files\STLL Notifier
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-07-16 15:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071620080717\index.dat
.

((((((((((((((((((((((((((((( snapshot_2009-01-23_16.30.55.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-24 01:37:57 16,384 ----atw c:\windows\temp\Perflib_Perfdata_908.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-16 407632]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-01 98304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"EPSON Stylus CX4800 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-01 98304]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-08 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-08 137752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"MsmqIntCert"="mqrt.dll" [2007-07-06 c:\windows\system32\mqrt.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk.disabled [2007-04-12 1714]
SMART Board Tools.lnk.disabled [2008-02-06 2042]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 12:41 40960 c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CmFlywaveName"=c:\windows\System\CmFlywav.exe
"MediaFace Integration"=c:\program files\Fellowes\MediaFACE 4.2\SetHook.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Scheduler"=c:\windows\SMINST\Scheduler.exe
"SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"WatchDog"=c:\program files\InterVideo\DVD Check\DVDCheck.exe
"Linksys WMB54G Utility"=c:\program files\Wireless-G Music Bridge\WMB54G.exe -R
"PCLEUSBTip"=c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
"RealTray"=f:\program files\Real\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"Reminder"=c:\windows\Creator\Remind_XP.exe
"USB2Check"=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-02-27 2996]
R3 cmvad;C-Media Wi-Sonic Wireless Audio Interface;c:\windows\system32\drivers\cmudaxv.sys [2007-09-06 1351360]
R4 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336]
S1 4e6103db;4e6103db;c:\windows\system32\drivers\4e6103db.sys --> c:\windows\system32\drivers\4e6103db.sys [?]
S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [2007-11-02 767240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e70c03d-5da1-11dc-86d9-0019d279814b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://info.conroeisd.net/~rveazey
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = bess.conroeisd.net:80
uInternet Settings,ProxyOverride = *.conroeisd.net;10.10.0.1;*.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 09:38:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????h??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,70,06,14,35,04,
b0,12,12,c8,28,51,af,b0,29,a3,98,ef,33,93,68,2c,2a,00,97,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,09,8c,12,4b,c1,
98,e9,21,71,3b,04,66,8b,46,0d,96,05,54,26,c9,77,5e,e2,0a,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,31,ec,d9,0b,59,
b5,97,53,25,da,ec,7e,55,20,c9,26,25,85,9e,b1,94,37,6c,bf,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,7b,af,6e,68,01,
2d,81,7a,3e,1e,9e,e0,57,5a,93,61,68,16,3b,5b,80,0b,00,e5,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,47,ae,a1,3e,07,
07,2b,36,cd,44,cd,b9,a6,33,6c,cd,02,82,cd,09,58,60,b1,46,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b1,b1,4b,dd,2c,
c4,bb,d0,b0,18,ed,a7,3f,8d,37,a4,57,16,e1,61,b2,f4,98,2d,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,17,71,bd,e3,64,
ec,96,07,31,77,e1,ba,b1,f8,68,02,ed,77,39,34,9b,f5,17,7c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:c9,6b,dc,73,db,34,6b,57,52,74,01,8e,52,4d,04,24,ed,de,4a,6b,71,
43,0e,b6,1e,f5,8f,51,e5,d2,cb,8d,96,74,54,ce,64,91,60,2e,ec,fa,75,92,fc,57,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,fa,e7,30,9e,d2,
31,40,25,83,6c,56,8b,a0,85,96,ab,74,f4,e0,ee,42,2b,e9,29,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,4d,0c,dd,75,54,
b7,cc,cb,51,fa,6e,91,28,9e,14,cc,f1,a7,96,01,64,7c,51,e0,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,77,57,86,57,0d,
01,2b,2f,b1,cd,45,5a,a8,c4,f8,b9,03,f8,09,dd,ac,2a,0c,43,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,b1,02,3a,34,7b,
9f,c7,40,e3,0e,66,d5,eb,bc,2f,6b,ff,78,5c,08,07,67,36,ad,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,3b,43,ff,33,ce,
eb,7c,06,fa,ea,66,7f,d4,3b,6b,70,52,d4,82,e3,ac,5c,4b,14,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c9,6b,dc,73,db,34,6b,57,52,74,01,8e,52,4d,04,24,ed,de,4a,6b,71,
43,0e,b6,1e,f5,8f,51,e5,d2,cb,8d,96,74,54,ce,64,91,60,2e,ec,fa,75,92,fc,57,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-01-24 9:40:08
ComboFix-quarantined-files.txt 2009-01-24 15:40:06
ComboFix2.txt 2009-01-23 22:32:02
ComboFix3.txt 2008-04-18 13:41:18

Pre-Run: 9,150,017,536 bytes free
Post-Run: 9,167,986,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

250 --- E O F --- 2008-11-18 05:29:05

MBAM log:

Malwarebytes' Anti-Malware 1.33
Database version: 1688
Windows 5.1.2600 Service Pack 2

1/24/2009 10:58:03 AM
mbam-log-2009-01-24 (10-58-03).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 237162
Time elapsed: 1 hour(s), 11 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSnrsr.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSosvd.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\TDSSmqlt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

I just finished running these so I haven't had a chance to see how things work, but things were already getting better before this. I could actually go to safer-networking.org for example. Please let me know if I need to do anything else. I'll reply in a day or so and let you know how things are running.

THANK YOU!!!!!!!!!!!!!

**peku006** · 2009-01-24, 18:41

Hi Randyvz
Looking good

Let's make sure we got everything

1 - Clean temp files

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) CleanerÂ© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose:
- Windows Temp
  Current User Temp
  All Users Temp
  Temporary Internet Files
  Prefetch
  Java Cache
  *The other boxes are optional*
  Then click the Empty Selected button.
if you use Firefox:
- Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
- Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program

2 - F-secure Online Scan

Please go to F-Secure website to perform an online scan. Click on Start scanning at the bottom of the page.
You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
Click on Accept to accept the License Agreement.
Click on Custom Scan.
- Under Virus Scan Options, select the Scan whole system option.
- Under Other Scan Options, select these options:
  - Scan all files
  - Scan whole system for rootkits
  - Scan whole system for spyware
  - Scan inside archives
  - Use advanced heuristics
Click Start.
It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
Click on I want decide item by item.
Under Actions, select None for all infections found.
Click Next.
Click on Show Report.
Please copy and paste this report in your next reply.
Click Finish.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the F-Secure online scanner report
2. a fresh HijackThis log

Thanks peku006

**Randyvz** · 2009-01-26, 02:17

F Scan report:

Scanning Report
Sunday, January 25, 2009 12:01:13 - 18:27:30
Computer name: 067-LAP-678D
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ E:\
________________________________________
Result: 7 malware found
INI/Vundo.A (virus)
• C:\QooBox\Quarantine\C\WINDOWS\system32\VxxHRqss.ini.vir (Submitted)
• C:\QooBox\Quarantine\C\WINDOWS\system32\VxxHRqss.ini2.vir (Submitted)
Trojan-Downloader.Win32.Agent.bcij (virus)
• C:\QooBox\Quarantine\C\WINDOWS\system32\rakmdlkd83indfgnbu.dll.vir (Submitted)
Vundo.DZC (virus)
• C:\QooBox\Quarantine\C\WINDOWS\system32\TDSScfum.dll.vir (Submitted)
Vundo.FBW (virus)
• C:\QooBox\Quarantine\C\WINDOWS\system32\ebbjfjhb.ini.vir (Submitted)
W32/Expiro.A (virus)
• C:\etupdate.zip\etrust81_install\Common\Bin\eAV_S.Win\Setup.exe
• C:\etupdate.zip\etrust81_install\Common\Bin\eAV_S.Win\Utility\InoPW.exe
________________________________________
Statistics
Scanned:
• Files: 663692
• System: 5357
• Not scanned: 342
Actions:
• Disinfected: 0
• Renamed: 0
• Deleted: 0
• None: 7
• Submitted: 5
Files not scanned:
� �tupdate.zip\etrust81_install\Common\Bin\eav.ppc\caavppc.exe\avce.ini
• C:\etupdate.zip\etrust81_install\Common\Bin\eav.ppc\caavppc.exe\avce.PPC3_ARM.CAB
• C:\etupdate.zip\etrust81_install\Common\Bin\eav.ppc\caavppc.exe\license.txt
• C:\etupdate.zip\etrust81_install\Common\Bin\eav.ppc\caavppc.exe\CESLoad.exe
• C:\etupdate.zip\etrust81_install\Common\Bin\eav.ppc\caavppc.exe\ppc.txt
• C:\etupdate.zip\etrust81_install\Common\Bin\eav.ppc\caavppc.exe\instchk.dll
• C:\etupdate.zip\etrust81_install\Common\Bin\eav.ppc\caavsp.exe\avsp.ini
• C:\etupdate.zip\etrust81_install\Common\Bin\eav.ppc\caavsp.exe\avsp.ARM720.CAB
• C:\etupdate.zip\etrust81_install\Common\Bin\eav.ppc\caavsp.exe\license.txt
• C:\etupdate.zip\etrust81_install\Common\Bin\eav.ppc\caavsp.exe\CESLoad.exe
• C:\etupdate.zip\etrust81_install\Common\Bin\eav.ppc\caavsp.exe\sp.txt
• C:\etupdate.zip\etrust81_install\Common\Bin\eav.ppc\caavsp.exe\instchk.dll
• C:\HIBERFIL.SYS
• C:\PAGEFILE.SYS
• C:\WINDOWS\TEMP\PERFLIB_PERFDATA_928.DAT
• C:\WINDOWS\TEMP\HSPERFDATA_SYSTEM\2076
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
• C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
• C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
• C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
• C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
• C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{06B2A6A0-7ECE-4646-B00D-A30E2343A27A}.BIN
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp
• C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp
• C:\Program Files\Lavasoft\Ad-Awa��
________________________________________
Options
Scanning engines:
• F-Secure USS: 3.0.0
• F-Secure Hydra: 2.8.8110, 2009-01-25
• F-Secure AVP: 7.0.171, 2009-01-25
• F-Secure Pegasus: 1.20.0, 1969-11-31
• F-Secure Blacklight: 0.0.0
Scanning options:
• Scan all files
• Scan inside archives
• Use Advanced heuristics

HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 6:30:37 PM, on 1/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Administrator\Desktop\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://info.conroeisd.net/~rveazey
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = bess.conroeisd.net:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.conroeisd.net;10.10.0.1;*.local;<local>
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB003" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P35 "EPSON Stylus CX4800 Series (Copy 1)" /O6 "USB004" /M "Stylus CX4800"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DVD Check.lnk.disabled
O4 - Global Startup: SMART Board Tools.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Cu...ataManager.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: SMART Web Server - Unknown owner - C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Thread: Pick up a virus

Thread Tools

Display

ComboFix Log Part 1

ComboFix Log Part 2

ComboFix Log Part 3

Combo Fix Log Part 4

ComboFix Log part 5 (final)

HiJackThis Log

Looking good

Posting Permissions