View Full Version : Help Requested With Massive Malware Removal
Hello All.
My laptop is infected quite severly with various trojans and the like.
Kapersky returns this in the log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 11, 2007 8:28:19 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/10/2007
Kaspersky Anti-Virus database records: 431155
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 82068
Number of viruses found: 23
Number of infected objects: 19839
Number of suspicious objects: 2
Duration of the scan process: 01:07:56
I did not post the rest of the log due to the size.
I have run Spybot in regular and safe mode without making much progress.
Here is the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:11 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [dcsm] "C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOL Music Now] "C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe"
O4 - HKLM\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6426] command /c del "C:\Documents and Settings\Rob Lindberg\Start Menu\Programs\Startup\svchost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1186] cmd /c del "C:\Documents and Settings\Rob Lindberg\Start Menu\Programs\Startup\svchost.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Filter hijack: text/html - {030215A3-6E97-4e7c-ACBE-64BBB004FD62} - C:\Documents and Settings\Karen Lindberg\Application Data\iebar.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: fbfbcbafdeacd - C:\WINDOWS\system32\fbfbcbafdeacd.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 10487 bytes
Any help is greatly appreciated!
shelf life
2007-10-12, 11:30
hi ginus,
before using hjt please disable spybots tea timer so hjt can make some changes, like this:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
next:
scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.
O4 - HKLM\..\Run: [dcsm] "C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe"
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
O4 - HKUS\S-1-5-18\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe (User 'Default user')
O18 - Filter hijack: text/html - {030215A3-6E97-4e7c-ACBE-64BBB004FD62} - C:\Documents and Settings\Karen Lindberg\Application Data\iebar.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: fbfbcbafdeacd - C:\WINDOWS\system32\fbfbcbafdeacd.dll (file missing)
----------------------------------------
next:
Please download ComboFix (by sUBs) from one of the following links:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Save it to the Desktop.
Double-click combofix.exe and follow the prompts.
CAUTION: Do not mouse-click ComboFix's window while it is running.
It may cause it to stall.
When finished, it produces a log.
Please provide the contents of the ComboFix log in your reply.
---------------------
your avg anti virus is up to date?
post a new hjt log and the combofix log.
shelf life
Thank you, Shelf Life. I will try this tonight.
I am running the latest AVG app and definitions.
Here is the log from ComboFix:
ComboFix 07-10-12.4 - Rob Lindberg 2007-10-12 21:15:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.137 [GMT -4:00]
Running from: C:\Documents and Settings\Rob Lindberg\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\country.exe
C:\Documents and Settings\Karen Lindberg\Application Data\antivirus.exe
C:\Documents and Settings\Karen Lindberg\Application Data\DriveCleaner Free
C:\Documents and Settings\Karen Lindberg\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Karen Lindberg\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Karen Lindberg\Application Data\drvcleaner.exe
C:\Documents and Settings\Karen Lindberg\Application Data\errsafer.exe
C:\Documents and Settings\Karen Lindberg\Application Data\install.dat
C:\Documents and Settings\Karen Lindberg\Application Data\install.dat
C:\Documents and Settings\Karen Lindberg\Application Data\privprotect.exe
C:\Documents and Settings\Karen Lindberg\err.log
C:\Documents and Settings\Karen Lindberg\ResErrors.log
C:\Documents and Settings\Karen Lindberg\Start Menu\Programs\Startup\info.exe
C:\Documents and Settings\Karen Lindberg\Start Menu\Programs\Startup\info.exe
C:\Documents and Settings\Karen Lindberg\Start Menu\Programs\Startup\svchost.exe
C:\Documents and Settings\Karen Lindberg\Start Menu\Programs\Startup\system.exe
C:\Documents and Settings\Rob Lindberg\Application Data\install.dat
C:\Documents and Settings\Rob Lindberg\Application Data\install.dat
C:\kl1.exe
C:\ms1.exe
C:\Program Files\paytime.exe
C:\tool1.exe
C:\tool2.exe
C:\tool3.exe
C:\tool4.exe
C:\tool5.exe
C:\toolbar.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\hosts
C:\WINDOWS\system32\4_exception.nls
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\gln.dll
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\vtr.dll
C:\WINDOWS\system32\vtr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_POOF
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\runtime
((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.
2007-10-12 21:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 20:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-11 18:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-11 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-11 18:50 1,308,216 --a------ C:\HiJackThis_v2.exe
2007-10-11 18:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-11 18:21 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-11 00:57 140,288 --a------ C:\vcleaner.exe
2007-10-11 00:42 <DIR> d-------- C:\Documents and Settings\Rob Lindberg\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-10 22:20 <DIR> d-------- C:\VundoFix Backups
2007-10-10 21:54 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 17:56 195,602 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\mcrupdate.exe
2007-10-09 17:56 1,772 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\antivir.exe
2007-10-09 17:31 9,098 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\spoolsvc.dll
2007-10-08 16:28 41,984 --a------ C:\WINDOWS\xxsdsa.exe
2007-10-08 16:28 22,697 --a------ C:\WINDOWS\denvic.exe
2007-10-08 14:47 16,384 --a------ C:\WINDOWS\mraera.exe
2007-10-04 10:39 20,992 --a------ C:\WINDOWS\pdoakac.exe
2007-10-04 10:38 113,152 --a------ C:\WINDOWS\mteadea.exe
2007-10-04 10:38 12,288 --a------ C:\WINDOWS\mraerea.exe
2007-10-04 10:37 9,728 --a------ C:\WINDOWS\exploeee.exe
2007-09-29 10:43 138,264 --a------ C:\Documents and Settings\Karen Lindberg\Application Data\prprotect.exe
2007-09-19 17:07 1,565 --a------ C:\Documents and Settings\Karen Lindberg\xl10050.exe
2007-09-19 17:06 1,776 --a------ C:\Documents and Settings\Karen Lindberg\Application Data\antivir.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 22:52 --------- d-----w C:\Documents and Settings\Rob Lindberg\Application Data\Gtek
2007-10-11 22:11 --------- d-----w C:\Program Files\Common Files\Real
2007-10-11 22:10 --------- d-----w C:\Program Files\QuickTime
2007-10-11 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-13 23:57 --------- d-----w C:\Documents and Settings\Karen Lindberg\Application Data\ultra
2007-07-02 14:20 2 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\xxx.exe
2007-01-14 02:40 29,184 ----a-w C:\Documents and Settings\Rob Lindberg\uovouvwo.exe
2006-07-10 22:14 64,096 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\GDIPFONTCACHEV1.DAT
2006-04-18 00:49 0 ----a-w C:\Program Files\secure32.html
2005-01-06 09:17 95,696 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\sysdoctor.exe
2004-11-12 14:28 44,032 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\iebar.dll
2006-01-19 01:07:43 56 --sh--r C:\WINDOWS\system32\E655BAE80E.sys
2006-01-19 01:07:43 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SmcService"="C:\PROGRA~1\Sygate\SPF\Smc.exe" [2003-01-21 15:55]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 16:02]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 10:38]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 16:02]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" []
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"AOL Music Now"="C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe" []
"findfast"="C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-11 00:41]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"findfast"="C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll, xlibgfl254.dll, append.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AOL ACS"=2 (0x2)
*Newly Created Service* - SHAREDACCESS
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 21:24:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-12 21:26:22 - machine was rebooted
.
--- E O F ---
Here is the log from Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:47 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOL Music Now] "C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe"
O4 - HKLM\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 9313 bytes
Thanks in advance.
shelf life
2007-10-13, 15:38
hi ginus,
ok good thanks for the info. one more download to get and use:
Download SmitfraudFix (by S!Ri) to your Desktop:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named: c:\rapport.txt
stop and post a new HijackThis log along with the contents of the c:\rapport.txt.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
shelf life
Thanks for the reply.
Here is the SmitfraudFix log:
SmitFraudFix v2.240
Scan done at 14:28:21.43, Sat 10/13/2007
Run from C:\Documents and Settings\Rob Lindberg\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\exploeee.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\gopa.exe FOUND !
C:\WINDOWS\system32\hadjajr.ini FOUND !
C:\WINDOWS\system32\oleext.dll FOUND !
C:\WINDOWS\system32\vtr???.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rob Lindberg
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rob Lindberg\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ROBLIN~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\secure32.html FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 24.92.226.9
DNS Server Search Order: 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Here is the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:07 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOL Music Now] "C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe"
O4 - HKLM\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192246852328
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9623 bytes
Thanks!
shelf life
2007-10-13, 23:41
hi ginus,
ok good. time to run the second part of the smitfraudfix.
best to do it in safe mode:
copy/paste this part into notepad and save it somewhere so you can find it in safe mode:
to reach safe mode you would tap the f8 key during a computer restart, chose the first option form the list:safe mode, log in to your usual account.
--------------------------------------------------
in safe mode:
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
-------------------------------------
after the above please run combofix once more and post:
the smitfraudfix log
the new combofix log
shelf life
Done.
Here is the SmitFraud log. The host section makes it ridiculously long. I'll post it in sections if you feel it is necessary:
SmitFraudFix v2.240
Scan done at 19:12:30.17, Sat 10/13/2007
Run from C:\Documents and Settings\Rob Lindberg\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
----lots of lines----
127.0.0.1 www.zurrusco.com
127.0.0.1 zurrusco.com
127.0.0.1 zvimigdal.com
127.0.0.1 www.zxlinks.com
127.0.0.1 zxlinks.com
127.0.0.1 zyban-zocor-levitra.com
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\exploeee.exe Deleted
C:\WINDOWS\system32\gopa.exe Deleted
C:\WINDOWS\system32\oleext.dll Deleted
C:\WINDOWS\system32\vtr???.dll Deleted
C:\Program Files\secure32.html Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\hadjajr.ini Please, Reboot and Run SmitfraudFix option 2 once again.
»»»»»»»»»»»»»»»»»»»»»»»» End
And the ComboFix log:
+ 2004-09-15 17:27:54 122,880 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmlaunch.exe
+ 2007-04-30 12:20:24 5,537,792 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-09-15 17:28:00 135,168 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-09-15 17:28:00 77,824 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-09-15 17:28:00 282,624 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-09-15 17:28:00 28,672 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpenc.exe
+ 2004-09-15 17:28:00 1,589,760 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpencen.dll
+ 2004-09-15 17:28:00 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-09-15 17:28:00 3,371,008 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-09-15 17:28:00 86,016 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2004-09-15 17:28:00 175,104 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpsrcwp.dll
+ 2006-09-16 05:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 05:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 23:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
I'll try again. Part 1 of the ComboFix log:
ComboFix 07-10-12.4 - Rob Lindberg 2007-10-13 19:21:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.175 [GMT -4:00]
Running from: C:\Documents and Settings\Rob Lindberg\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.
2007-10-13 19:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-13 19:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-13 19:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-13 19:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-13 19:12 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-13 14:28 4,554 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-12 23:09 389,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-12 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-12 23:06 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-12 23:06 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-12 23:06 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-12 23:04 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-12 22:59 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-10-12 22:06 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-12 22:05 <DIR> d-------- C:\Program Files\MSBuild
2007-10-12 22:01 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-10-12 22:00 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-10-12 21:59 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-10-12 21:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-10-12 21:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-12 21:54 2,129,920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2007-10-12 21:54 757,760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2007-10-12 21:54 86,016 --a------ C:\WINDOWS\system32\preflib.dll
2007-10-12 21:54 69,632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll
2007-10-12 21:54 33,664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
2007-10-12 21:46 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-10-12 21:46 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-10-12 21:46 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-10-12 21:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 20:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-11 18:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-11 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-11 18:50 1,308,216 --a------ C:\HiJackThis_v2.exe
2007-10-11 18:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-11 18:21 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-11 00:57 140,288 --a------ C:\vcleaner.exe
2007-10-11 00:42 <DIR> d-------- C:\Documents and Settings\Rob Lindberg\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-10 22:20 <DIR> d-------- C:\VundoFix Backups
2007-10-10 21:54 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 17:56 195,602 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\mcrupdate.exe
2007-10-09 17:56 1,772 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\antivir.exe
2007-10-09 17:31 9,098 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\spoolsvc.dll
2007-10-08 16:28 41,984 --a------ C:\WINDOWS\xxsdsa.exe
2007-10-08 16:28 22,697 --a------ C:\WINDOWS\denvic.exe
2007-10-08 14:47 16,384 --a------ C:\WINDOWS\mraera.exe
2007-10-04 10:39 20,992 --a------ C:\WINDOWS\pdoakac.exe
2007-10-04 10:38 113,152 --a------ C:\WINDOWS\mteadea.exe
2007-10-04 10:38 12,288 --a------ C:\WINDOWS\mraerea.exe
2007-09-29 10:43 138,264 --a------ C:\Documents and Settings\Karen Lindberg\Application Data\prprotect.exe
2007-09-19 17:07 1,565 --a------ C:\Documents and Settings\Karen Lindberg\xl10050.exe
2007-09-19 17:06 1,776 --a------ C:\Documents and Settings\Karen Lindberg\Application Data\antivir.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 23:10 5,348 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-13 03:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 03:46 --------- d-----w C:\Program Files\Dell
2007-10-13 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-10-11 22:11 --------- d-----w C:\Program Files\Common Files\Real
2007-10-11 22:10 --------- d-----w C:\Program Files\QuickTime
2007-10-11 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-13 23:57 --------- d-----w C:\Documents and Settings\Karen Lindberg\Application Data\ultra
2007-09-06 20:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 23:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-02 14:20 2 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\xxx.exe
2007-01-14 02:40 29,184 ----a-w C:\Documents and Settings\Rob Lindberg\uovouvwo.exe
2006-07-10 22:14 64,096 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\GDIPFONTCACHEV1.DAT
2005-01-06 09:17 95,696 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\sysdoctor.exe
2004-11-12 14:28 44,032 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\iebar.dll
2006-01-19 01:07:43 56 --sh--r C:\WINDOWS\system32\E655BAE80E.sys
2006-01-19 01:07:43 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2007-10-12_21.25.14.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-11 16:35:59 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2p.dll
+ 2006-10-11 16:35:59 104,960 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pgasvc.dll
+ 2006-10-11 16:35:59 313,344 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pgraph.dll
+ 2006-10-11 16:35:59 115,712 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pnetsh.dll
+ 2006-10-11 16:35:59 553,984 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2psvc.dll
+ 2006-10-11 16:35:59 58,880 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\pnrpnsp.dll
+ 2006-09-26 08:51:38 212,480 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920342\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920342\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920342\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920342\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920342\update\updspapi.dll
+ 2006-10-04 10:40:05 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2006-10-04 10:40:06 53,760 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 10:40:06 215,552 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2006-10-04 14:05:57 35,840 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\umandlg.dll
+ 2006-10-04 10:40:06 50,176 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\updspapi.dll
+ 2006-11-13 06:02:15 116,736 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\lhmstsc.exe
+ 2006-11-13 06:02:15 1,866,240 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\lhmstscx.dll
+ 2006-11-13 06:02:15 288,768 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tscuinst.vbs
+ 2006-11-13 06:02:15 36,352 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tsgqec.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925876\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925876\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\spcustom.dll
+ 2006-11-13 06:02:58 38,400 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\tscupdatecustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\updspapi.dll
+ 2004-11-18 14:44:50 209,632 -c----w C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe
+ 2004-11-18 14:45:18 371,936 -c----w C:\WINDOWS\$NtUninstallKB891122$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 116,224 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2p.dll
+ 2004-08-04 10:00:00 86,016 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pgasvc.dll
+ 2004-08-04 10:00:00 312,320 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pgraph.dll
+ 2004-08-04 10:00:00 88,064 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pnetsh.dll
+ 2004-08-04 10:00:00 526,848 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2psvc.dll
+ 2004-08-04 10:00:00 48,640 -c----w C:\WINDOWS\$NtUninstallKB920342$\pnrpnsp.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB920342$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 72,704 -c----w C:\WINDOWS\$NtUninstallKB925720$\magnify.exe
+ 2004-08-04 10:00:00 53,760 -c----w C:\WINDOWS\$NtUninstallKB925720$\narrator.exe
+ 2004-08-04 10:00:00 215,552 -c----w C:\WINDOWS\$NtUninstallKB925720$\osk.exe
+ 2005-10-12 23:16:49 213,216 -c----w C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56 371,424 -c----w C:\WINDOWS\$NtUninstallKB925720$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 35,840 -c----w C:\WINDOWS\$NtUninstallKB925720$\umandlg.dll
+ 2004-08-04 10:00:00 50,176 -c----w C:\WINDOWS\$NtUninstallKB925720$\utilman.exe
+ 2004-08-04 10:00:00 407,552 -c----w C:\WINDOWS\$NtUninstallKB925876$\mstsc.exe
+ 2004-08-04 10:00:00 655,360 -c----w C:\WINDOWS\$NtUninstallKB925876$\mstscax.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB925876$\spuninst\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
+ 2006-10-19 01:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
+ 2006-10-19 01:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2006-11-01 22:31:34 315,904 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
+ 2006-09-25 21:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2006-09-25 21:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2006-10-16 20:10:58 221,488 -c----w C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe
+ 2006-10-16 20:10:58 379,184 -c----w C:\WINDOWS\$NtUninstallWIC$\spuninst\updspapi.dll
+ 2004-09-15 17:28:06 480,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\audiodev.dll
+ 2005-01-28 17:44:28 294,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2005-01-28 17:44:28 164,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2005-01-28 17:44:28 502,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2005-01-28 17:44:28 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2005-01-28 17:44:28 96,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2004-08-04 10:00:00 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2004-08-04 10:00:00 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2004-08-04 10:00:00 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2005-01-28 17:44:28 142,336 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2005-01-28 17:44:28 25,088 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2005-01-28 17:44:28 173,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2005-01-28 17:44:28 364,784 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2005-01-28 17:44:28 315,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2005-01-28 17:44:28 221,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-16 22:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2006-05-16 22:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2006-11-02 15:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2005-01-28 17:44:28 47,104 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
+ 2005-01-28 17:44:28 15,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
+ 2005-01-28 17:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2005-01-28 17:44:28 396,528 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2005-01-28 17:44:28 716,288 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2005-01-28 17:44:28 224,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
+ 2005-01-28 17:44:28 28,160 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2005-01-28 17:44:28 33,792 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2005-01-28 17:44:28 335,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2005-01-28 17:44:28 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2005-01-28 17:44:28 150,016 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2005-01-28 17:44:28 1,027,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2005-01-28 17:44:28 774,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2005-01-28 17:44:28 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2005-01-28 19:44:28 819,200 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe
+ 2005-01-28 17:44:28 413,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2005-01-28 17:44:28 940,544 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2005-01-28 17:44:28 1,218,808 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2005-01-28 17:44:28 1,512,448 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
+ 2005-01-28 17:44:28 2,370,296 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
+ 2005-01-28 17:44:28 895,736 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2005-01-28 17:44:28 1,003,008 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2005-01-28 17:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2005-01-28 17:44:28 61,952 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
+ 2005-01-28 17:44:28 114,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2005-01-28 17:44:28 66,560 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2005-01-28 17:44:28 331,264 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
+ 2005-01-28 17:44:28 18,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
+ 2004-09-15 17:28:06 8,192 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
+ 2004-09-15 17:27:52 344,064 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
Part 2:
+ 2004-09-23 00:46:04 819,200 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
+ 2006-05-16 22:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2006-05-16 22:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2004-09-15 17:27:54 192,512 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
+ 2004-09-15 17:27:54 189,440 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
+ 2004-09-15 17:27:54 122,880 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmlaunch.exe
+ 2007-04-30 12:20:24 5,537,792 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-09-15 17:28:00 135,168 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-09-15 17:28:00 77,824 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-09-15 17:28:00 282,624 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-09-15 17:28:00 28,672 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpenc.exe
+ 2004-09-15 17:28:00 1,589,760 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpencen.dll
+ 2004-09-15 17:28:00 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-09-15 17:28:00 3,371,008 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-09-15 17:28:00 86,016 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2004-09-15 17:28:00 175,104 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpsrcwp.dll
+ 2006-09-16 05:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 05:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 23:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2007-10-13 02:00:38 151,552 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-10-13 02:01:18 3,915,776 ----a-w C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2007-10-13 02:01:22 344,064 ----a-w C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2007-10-13 02:00:38 352,256 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2007-10-13 02:01:18 593,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2007-10-13 02:01:18 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2007-10-13 02:01:21 184,320 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2007-10-13 02:01:21 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2007-10-13 02:01:21 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2007-10-13 02:01:21 151,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2007-10-13 02:01:20 4,972,544 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2007-10-13 02:01:20 897,024 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2007-10-13 02:01:22 528,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2007-10-13 02:00:39 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2007-10-13 02:00:39 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2007-10-13 02:00:39 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2007-10-13 02:00:40 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2007-10-13 02:00:40 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2007-10-13 02:00:43 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2007-10-13 02:00:43 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2007-10-13 02:00:41 5,623,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2007-10-13 02:01:22 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2007-10-13 02:05:09 1,108,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2007-10-13 02:05:10 1,641,272 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2007-10-13 02:05:09 588,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2007-10-13 02:01:21 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2007-10-13 02:01:21 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2007-10-13 02:01:20 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2007-10-13 02:01:20 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2007-10-13 02:01:18 1,167,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2007-10-13 02:01:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2007-10-13 03:52:21 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\ea42d7294d0496c4b81b5698383835e2\ComSvcConfig.ni.exe
+ 2007-10-13 03:52:28 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6402f5a81a68017188ba9b24a73cf7c3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2007-10-13 03:52:26 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\d1087bdb136a10b01ff884f927ae82ba\Microsoft.Transactions.Bridge.ni.dll
+ 2007-10-13 02:02:03 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\9243aa36665a75662f1d59d403faecb1\Microsoft.VisualC.ni.dll
+ 2007-10-13 03:53:19 1,568,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e93b6376afd494a9fc81eed875ea29e0\PresentationBuildTasks.ni.dll
+ 2007-10-13 02:03:04 40,448 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b4cfc6ddaee930535792b2a7c4c8cc92\PresentationCFFRasterizer.ni.dll
+ 2007-10-13 02:03:03 11,984,896 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\e464f99432204c8bbf67b44459f4fa18\PresentationCore.ni.dll
+ 2007-10-13 02:04:56 48,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4901e5dec936a79c18f0960796d05c9c\PresentationFontCache.ni.exe
+ 2007-10-13 02:04:55 393,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\06b6deda7d175c895e062f0ea5c68ad1\PresentationFramework.Aero.ni.dll
+ 2007-10-13 02:04:50 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0e3292d46d353e0423018160d0ba53fc\PresentationFramework.Classic.ni.dll
+ 2007-10-13 02:04:30 14,680,064 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43d2f60da1dd03f05b8bbf13e791e1f9\PresentationFramework.ni.dll
+ 2007-10-13 02:04:52 270,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c1c4d02ff8e228046456aae042b8d201\PresentationFramework.Royale.ni.dll
+ 2007-10-13 02:04:51 548,864 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e2ae6990fad677869a6b9db4ce74df41\PresentationFramework.Luna.ni.dll
+ 2007-10-13 02:04:36 1,982,464 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\789186c85e2c9a47d9ccb3e6efad1bfc\PresentationUI.ni.dll
+ 2007-10-13 02:04:46 2,396,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\50d61959bfc570016a93b8c72cdae7f1\ReachFramework.ni.dll
+ 2007-10-13 03:52:29 135,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\8135fba136671154323d108c20545a25\ServiceModelReg.ni.exe
+ 2007-10-13 03:52:30 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\d785a43e2e848909583c135793478ad7\SMDiagnostics.ni.dll
+ 2007-10-13 03:52:32 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4a4f4b6222fdd6efff9c517375884e6e\SMSvcHost.ni.exe
+ 2007-10-13 03:53:24 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\37109f785b4735a89ea5d55e9f710d35\sysglobl.ni.dll
+ 2007-10-13 02:02:11 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\0618c7d0205e2ffc29142e7ca3019522\System.Configuration.Install.ni.dll
+ 2007-10-13 02:02:09 1,179,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\192321a3510e79d9b822f0e02e061f40\System.Data.OracleClient.ni.dll
+ 2007-10-13 02:02:03 2,695,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\10bf204296279d932ff5af300b5d33ec\System.Data.SqlXml.ni.dll
+ 2007-10-13 03:33:50 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\c5ab82efcedf18ea4fa43dd411fa408f\System.IdentityModel.Selectors.ni.dll
+ 2007-10-13 03:33:48 987,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\88113e5f9522652ba9749d31f8b92775\System.IdentityModel.ni.dll
+ 2007-10-13 03:33:54 421,888 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6921c5b940056a701641d6f41336479c\System.IO.Log.ni.dll
+ 2007-10-13 02:05:34 655,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\e0a84a4c3f66d1c83dc0e491918464e3\System.Messaging.ni.dll
+ 2007-10-13 02:04:48 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\6f334b11dda437ce05536f65e94f9381\System.Printing.ni.dll
+ 2007-10-13 02:02:05 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2b3cf3e3905e4a95198511adf00f482e\System.Runtime.Remoting.ni.dll
+ 2007-10-13 02:02:06 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\5cbee81017e149a1a25d192e16206375\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2007-10-13 03:34:05 2,363,392 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\cc72c1894cd4a5c9f79c848c7fe17493\System.Runtime.Serialization.ni.dll
+ 2007-10-13 03:34:49 17,534,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\48bc039b18f4560cde9a0c1a10d9945f\System.ServiceModel.ni.dll
+ 2007-10-13 02:02:11 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\badccba6db750943a4a539d64f43064d\System.ServiceProcess.ni.dll
+ 2007-10-13 03:53:23 2,031,616 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\bc09ca99a455f0dcda92ce63a556ecec\System.Speech.ni.dll
+ 2007-10-13 02:05:20 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\304e2df5da628c36f2c0b8551721bb88\System.Workflow.Activities.ni.dll
+ 2007-10-13 02:05:28 4,587,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\eae0db1852c570c280db8e50709454a6\System.Workflow.ComponentModel.ni.dll
+ 2007-10-13 02:05:32 2,101,248 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\7103b8586c4b21c219fc2016366363cb\System.Workflow.Runtime.ni.dll
+ 2007-10-13 03:53:25 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\f49961851ab12e73bb4eb3ff335edc1f\UIAutomationClient.ni.dll
+ 2007-10-13 03:53:27 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\49d3f2e5a75dc5636709a823b227ddde\UIAutomationClientsideProviders.ni.dll
+ 2007-10-13 02:03:03 50,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\6389bbe9806b9de2e97658dc88af018a\UIAutomationProvider.ni.dll
+ 2007-10-13 02:03:04 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\ae6a32e233c32faabdd75ff724ccf1a2\UIAutomationTypes.ni.dll
+ 2007-10-13 02:01:57 3,272,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\490d87660e0cd4cf68ede4a64ec4ea35\WindowsBase.ni.dll
+ 2007-10-13 03:53:30 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\c2e0748fc01067435523e9d2239dd3f5\WindowsFormsIntegration.ni.dll
+ 2007-10-13 03:52:33 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ba16276ca93b4fd1f6c77639eddaf68\WsatConfig.ni.exe
- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
Part 3:
+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2006-07-06 12:50:37 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2007-10-13 04:00:03 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2006-07-06 12:50:37 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2007-10-13 04:00:03 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2006-07-06 12:50:37 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-10-13 04:00:03 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2006-07-06 12:50:37 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2007-10-13 04:00:03 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-07-06 12:50:37 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-10-13 04:00:03 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-07-06 12:50:37 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2007-10-13 04:00:03 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-07-06 12:50:37 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-10-13 04:00:03 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-07-06 12:50:37 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-10-13 04:00:03 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-07-06 12:50:37 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-10-13 04:00:03 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-07-06 12:50:37 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2007-10-13 04:00:02 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-07-06 12:50:37 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-10-13 04:00:02 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-11-07 08:06:47 16,832 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
+ 2006-10-30 08:06:24 74,012 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat
+ 2006-10-30 07:25:56 99,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe
+ 2006-10-30 03:15:06 220,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll
+ 2006-10-30 03:17:56 1,054,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll
+ 2006-10-30 03:14:26 163,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll
+ 2006-10-30 07:25:54 194,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe
+ 2006-10-30 07:25:56 167,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe
+ 2006-10-30 07:25:56 365,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
+ 2006-10-30 07:17:12 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll
+ 2006-10-30 07:17:30 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll
+ 2006-10-30 07:17:36 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll
+ 2006-10-30 07:17:44 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll
+ 2006-10-30 07:17:50 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll
+ 2006-10-30 07:17:56 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll
+ 2006-10-30 07:18:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll
+ 2006-10-30 07:18:16 91,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll
+ 2006-10-30 07:18:22 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll
+ 2006-10-30 07:18:30 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll
+ 2006-10-30 07:18:36 88,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll
+ 2006-10-30 07:18:42 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll
+ 2006-10-30 07:18:48 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll
+ 2006-10-30 07:18:56 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll
+ 2006-10-30 07:19:02 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll
+ 2006-10-30 07:19:08 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll
+ 2006-10-30 07:19:14 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll
+ 2006-10-30 07:19:28 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll
+ 2006-10-30 07:19:34 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll
+ 2006-10-30 07:19:42 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll
+ 2006-10-30 07:17:24 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll
+ 2006-10-30 07:19:22 90,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll
+ 2006-10-30 07:18:02 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll
+ 2006-10-30 03:15:20 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll
+ 2006-10-30 03:15:22 1,621,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll
+ 2006-10-30 03:16:52 1,139,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll
+ 2006-10-30 03:18:26 590,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll
+ 2006-10-30 03:20:20 541,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll
+ 2006-10-30 03:18:12 816,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll
+ 2006-10-30 07:17:14 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll
+ 2006-10-30 07:17:30 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll
+ 2006-10-30 07:17:38 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll
+ 2006-10-30 07:17:44 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll
+ 2006-10-30 07:17:50 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll
+ 2006-10-30 07:17:58 104,448 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll
+ 2006-10-30 07:18:10 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll
+ 2006-10-30 07:18:16 103,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll
+ 2006-10-30 07:18:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll
+ 2006-10-30 07:18:30 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll
+ 2006-10-30 07:18:36 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll
+ 2006-10-30 07:18:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll
+ 2006-10-30 07:18:50 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll
+ 2006-10-30 07:18:56 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll
+ 2006-10-30 07:19:02 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll
+ 2006-10-30 07:19:08 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll
+ 2006-10-30 07:19:16 99,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll
+ 2006-10-30 07:19:28 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll
+ 2006-10-30 07:19:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll
+ 2006-10-30 07:19:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll
+ 2006-10-30 07:17:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll
+ 2006-10-30 07:19:22 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll
+ 2006-10-30 07:18:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll
+ 2006-10-30 03:18:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll
+ 2006-10-30 03:19:30 1,103,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll
+ 2006-10-30 07:34:02 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2006-10-30 07:33:58 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2007-10-13 02:00:32 626,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe
+ 2007-10-13 02:00:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll
+ 2006-10-30 07:34:00 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2006-10-30 07:34:00 151,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2006-10-30 07:34:02 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2006-10-30 07:34:02 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2006-10-30 07:34:00 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2006-10-30 07:34:02 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2006-10-30 07:34:02 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2006-10-30 07:34:02 5,623,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2006-10-30 07:34:00 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2006-10-30 07:34:00 16,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2006-10-30 07:34:02 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2006-07-26 01:32:00 14,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2006-10-20 20:08:52 797,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2006-10-20 20:09:02 4,874,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2006-10-20 18:03:40 2,628,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2006-10-21 01:29:46 72,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2006-10-21 01:21:24 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2006-10-21 01:21:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2006-10-21 01:29:52 106,272 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2006-10-21 01:21:26 897,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2006-10-21 01:21:26 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
- 2004-09-23 00:45:38 161,792 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2005-01-28 17:44:28 164,864 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
- 2004-09-23 00:45:54 25,088 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2005-01-28 17:44:28 25,088 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
- 2004-09-23 00:45:54 169,472 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2005-01-28 17:44:28 173,568 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
- 2004-09-23 00:45:56 360,176 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2005-01-28 17:44:28 364,784 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
- 2004-09-23 00:45:56 311,296 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2005-01-28 17:44:28 315,904 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
- 2004-09-23 00:46:12 30,208 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2005-01-28 17:44:28 28,160 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
- 2004-09-23 00:46:12 34,304 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2005-01-28 17:44:28 33,792 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
- 2004-09-23 00:46:10 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2005-01-28 17:44:28 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
- 2004-09-23 00:46:10 15,872 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2005-01-28 17:44:28 15,872 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
- 2004-09-23 00:46:10 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2005-01-28 17:44:28 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
- 2004-09-23 00:46:38 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2005-01-28 17:44:28 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
- 2004-09-23 00:46:36 61,952 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2005-01-28 17:44:28 61,952 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
- 2004-09-23 00:46:36 114,176 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2005-01-28 17:44:28 114,176 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
- 2004-09-23 00:46:36 331,776 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2005-01-28 17:44:28 331,776 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
- 2004-09-23 00:46:36 66,560 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2005-01-28 17:44:28 66,560 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
- 2004-09-23 00:46:36 327,680 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2005-01-28 17:44:28 331,264 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
- 2004-09-23 00:46:38 10,752 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2005-01-28 17:44:28 10,752 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
- 2004-09-23 00:46:38 18,944 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2005-01-28 17:44:28 18,944 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
- 2004-09-23 00:46:10 380,144 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2005-01-28 17:44:28 396,528 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
- 2004-09-23 00:46:26 773,368 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2005-01-28 17:44:28 774,904 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
- 2004-09-23 00:46:30 531,192 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2005-01-28 17:44:28 413,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
- 2004-09-23 00:46:32 1,181,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2005-01-28 17:44:28 1,218,808 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
- 2004-09-23 00:46:34 871,160 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2005-01-28 17:44:28 895,736 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
- 2004-09-23 00:45:44 6,656 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2005-01-28 17:44:28 6,656 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
- 2004-09-23 00:45:44 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
- 2004-09-23 00:46:02 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2005-01-28 17:44:28 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
- 2004-09-23 00:46:10 712,704 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2005-01-28 17:44:28 716,288 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
Part 4:
- 2004-09-23 00:46:12 229,376 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2005-01-28 17:44:28 224,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
- 2004-09-23 00:46:12 344,064 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2005-01-28 17:44:28 335,872 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
- 2004-09-23 00:46:14 290,816 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2005-01-28 17:44:28 290,816 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
- 2004-09-23 00:46:14 150,016 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2005-01-28 17:44:28 150,016 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
- 2004-09-23 00:46:16 1,027,072 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2005-01-28 17:44:28 1,027,072 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
- 2004-09-23 00:46:26 1,116,160 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2005-01-28 17:44:28 1,119,744 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
- 2004-09-23 00:46:30 936,960 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2005-01-28 17:44:28 940,544 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
- 2004-09-23 00:46:32 1,509,376 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2005-01-28 17:44:28 1,512,448 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
- 2004-09-23 00:46:32 2,362,104 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2005-01-28 17:44:28 2,370,296 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
- 2004-09-23 00:46:34 999,424 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2005-01-28 17:44:28 1,003,008 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
- 2004-09-23 00:45:38 233,472 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2005-01-28 17:44:28 294,912 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
- 2004-09-23 00:45:42 253,688 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2005-01-28 17:44:28 258,296 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
- 2004-09-23 00:45:42 95,232 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
- 2004-09-23 00:45:42 527,360 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2005-01-28 17:44:28 502,272 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
- 2004-09-23 00:45:52 141,312 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2005-01-28 17:44:28 142,336 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2006-10-04 08:48:36 72,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\magnify.exe
+ 2006-10-04 08:48:36 53,760 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\narrator.exe
+ 2006-10-04 08:48:37 215,552 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\osk.exe
+ 2006-10-04 13:33:38 35,840 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\umandlg.dll
+ 2006-10-04 08:48:37 50,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\utilman.exe
+ 2006-10-04 10:40:05 72,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\magnify.exe
+ 2006-10-04 10:40:06 53,760 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\narrator.exe
+ 2006-10-04 10:40:06 215,552 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\osk.exe
+ 2006-10-04 14:05:57 35,840 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\umandlg.dll
+ 2006-10-04 10:40:06 50,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\utilman.exe
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\updspapi.dll
+ 2007-03-23 00:54:06 35,840 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\filterpipelineprintproc.dll
+ 2007-03-23 00:53:16 746,496 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\mxdwdrv.dll
+ 2007-03-23 00:59:24 2,932,224 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\xpssvcs.dll
+ 2007-03-23 00:24:58 28,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\filterpipelineprintproc.dll
+ 2007-03-23 00:24:58 28,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\filterpipelineprintproc.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\mxdwdrv.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\xpssvcs.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\mxdwdrv.dll
+ 2007-03-23 00:24:34 131,584 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\mxdwdui.dll
+ 2007-03-23 00:25:42 677,376 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\printfilterpipelinesvc.exe
+ 2007-03-23 00:25:02 124,928 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\prntvpt.dll
+ 2006-06-29 17:07:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spmsg2.dll
+ 2006-06-29 17:07:36 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spuninst.exe
+ 2006-06-29 17:07:36 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spupdsvc.exe
+ 2007-03-23 00:24:06 376,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unidrv.dll
+ 2007-03-23 01:03:54 749,568 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unidrvui.dll
+ 2007-03-23 01:03:58 761,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unires.dll
+ 2006-06-29 17:07:36 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\spcustom.dll
+ 2006-06-29 17:07:36 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\update.exe
+ 2006-06-29 17:07:36 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\updspapi.dll
+ 2007-03-23 10:07:54 583,504 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\xpsshhdr.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\xpssvcs.dll
+ 2006-10-14 21:13:02 34,304 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\filterpipelineprintproc.dll
+ 2006-10-14 21:12:14 737,792 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\mxdwdrv.dll
+ 2006-10-15 00:09:04 2,946,304 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\xpssvcs.dll
+ 2006-10-14 20:43:18 27,648 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\filterpipelineprintproc.dll
+ 2006-10-14 20:43:18 27,648 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\filterpipelineprintproc.dll
+ 2006-10-14 20:43:18 751,104 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\mxdwdrv.dll
+ 2006-10-15 00:22:00 1,698,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\xpssvcs.dll
+ 2006-10-14 20:43:18 751,104 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\mxdwdrv.dll
+ 2006-10-14 20:42:40 131,584 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\mxdwdui.dll
+ 2006-10-14 20:44:44 671,744 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\printfilterpipelinesvc.exe
+ 2006-10-14 20:43:38 124,416 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\prntvpt.dll
+ 2006-06-29 17:07:36 14,048 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spmsg2.dll
+ 2006-06-29 17:07:36 213,216 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spuninst.exe
+ 2006-06-29 17:07:36 22,752 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spupdsvc.exe
+ 2006-10-14 20:42:18 376,320 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unidrv.dll
+ 2006-10-14 20:42:28 510,464 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unidrvui.dll
+ 2006-10-14 20:40:36 619,008 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unires.dll
+ 2006-06-29 17:07:36 22,752 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\spcustom.dll
+ 2006-06-29 17:07:36 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\update.exe
+ 2006-06-29 17:07:36 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\updspapi.dll
+ 2006-10-15 00:21:58 580,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\xpsshhdr.dll
+ 2006-10-15 00:22:00 1,698,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\xpssvcs.dll
+ 2005-06-28 14:20:24 13,536 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spmsg.dll
+ 2005-06-28 14:23:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spuninst.exe
+ 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spupdsvc.exe
+ 2005-06-28 14:24:52 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\update.exe
+ 2005-06-28 14:23:54 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\updspapi.dll
+ 2007-06-12 03:51:12 10,834,944 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\wmp.dll
+ 2006-11-13 06:02:58 116,736 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\lhmstsc.exe
+ 2006-11-13 06:02:58 1,866,240 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\lhmstscx.dll
+ 2006-11-13 06:02:58 288,768 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tscuinst.vbs
+ 2006-11-13 06:02:58 36,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tsgqec.dll
+ 2006-11-13 06:02:15 116,736 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\lhmstsc.exe
+ 2006-11-13 06:02:15 1,866,240 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\lhmstscx.dll
Part 5:
+ 2006-11-13 06:02:15 288,768 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tscuinst.vbs
+ 2006-11-13 06:02:15 36,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tsgqec.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\spcustom.dll
+ 2006-11-13 06:02:58 38,400 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\tscupdatecustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\updspapi.dll
+ 2006-10-11 16:24:45 153,088 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2p.dll
+ 2006-10-11 16:24:45 104,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pgasvc.dll
+ 2006-10-11 16:24:45 313,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pgraph.dll
+ 2006-10-11 16:24:45 116,224 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pnetsh.dll
+ 2006-10-11 16:24:45 553,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2psvc.dll
+ 2006-10-11 16:24:45 58,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\pnrpnsp.dll
+ 2006-10-11 16:35:59 153,088 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2p.dll
+ 2006-10-11 16:35:59 104,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pgasvc.dll
+ 2006-10-11 16:35:59 313,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pgraph.dll
+ 2006-10-11 16:35:59 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pnetsh.dll
+ 2006-10-11 16:35:59 553,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2psvc.dll
+ 2006-10-11 16:35:59 58,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\pnrpnsp.dll
+ 2006-09-26 08:51:38 212,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\updspapi.dll
+ 2006-10-24 16:30:20 412,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\photometadatahandler.dll
+ 2006-10-16 20:10:58 14,640 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spmsg.dll
+ 2006-10-16 20:10:58 221,488 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spuninst.exe
+ 2006-10-16 20:10:58 23,856 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spupdsvc.exe
+ 2006-10-16 20:10:56 23,856 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\spcustom.dll
+ 2006-10-16 20:10:58 742,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\update.exe
+ 2006-10-16 20:10:58 379,184 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\updspapi.dll
+ 2006-10-24 16:30:06 716,288 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\windowscodecs.dll
+ 2006-10-24 16:29:50 352,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\windowscodecsext.dll
+ 2006-10-24 16:30:00 276,992 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\wmphoto.dll
+ 2005-06-28 14:20:24 13,536 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
+ 2005-06-28 14:23:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\unregmp2.exe
+ 2005-06-28 14:24:52 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\update.exe
+ 2005-06-28 14:23:54 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\updspapi.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\msscp.dll
+ 2005-06-28 14:20:24 13,536 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spmsg.dll
+ 2005-06-28 14:23:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spuninst.exe
+ 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spupdsvc.exe
+ 2005-06-28 14:24:52 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\update.exe
+ 2005-06-28 14:23:54 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\updspapi.dll
+ 2005-01-24 19:52:06 40,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\fsdkreboot.exe
+ 2004-11-18 14:41:18 13,536 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\spmsg.dll
+ 2004-11-18 14:44:50 209,632 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\spuninst.exe
+ 2004-11-18 14:42:52 22,752 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\spupdsvc.exe
+ 2004-11-18 14:46:32 717,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\update\update.exe
+ 2004-11-18 14:45:18 371,936 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\update\updspapi.dll
+ 2005-01-28 18:13:56 5,732,096 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\wmfdist95.exe
- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 01:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2005-03-15 20:33:52 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
+ 2006-11-02 00:48:02 89,088 ----a-w C:\WINDOWS\system32\ATL71.DLL
- 2004-09-15 17:28:06 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-19 01:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2004-12-07 01:45:12 172,032 ------w C:\WINDOWS\system32\BCMLogon.dll
+ 2006-11-02 00:48:02 770,048 ----a-w C:\WINDOWS\system32\BCMLogon.dll
- 2004-12-07 01:45:12 872,556 ------w C:\WINDOWS\system32\BCMWLTRY.EXE
+ 2006-11-02 00:48:10 1,253,376 ----a-w C:\WINDOWS\system32\BCMWLTRY.EXE
- 2004-12-07 01:45:12 204,800 ------w C:\WINDOWS\system32\BCMWLU00.EXE
+ 2006-11-02 00:48:10 253,952 ----a-w C:\WINDOWS\system32\bcmwlu00.exe
- 2004-09-23 00:45:38 233,472 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 01:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-09-23 00:45:38 161,792 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 01:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-09-23 00:45:38 233,472 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 01:47:10 542,720 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2004-09-23 00:45:38 161,792 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-09-23 00:45:42 253,688 ----a-w C:\WINDOWS\system32\dllcache\drmclien.dll
+ 2005-01-28 17:44:28 258,296 ----a-w C:\WINDOWS\system32\dllcache\drmclien.dll
- 2004-09-23 00:45:42 95,232 ----a-w C:\WINDOWS\system32\dllcache\drmstor.dll
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\system32\dllcache\drmstor.dll
- 2004-09-23 00:45:42 527,360 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2007-03-23 00:24:58 28,160 ------w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
- 2004-09-23 00:45:44 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 01:47:14 11,264 ----a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-09-23 00:45:44 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 00:03:58 100,864 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-04 08:48:36 72,704 ------w C:\WINDOWS\system32\dllcache\magnify.exe
- 2004-09-15 17:27:52 344,064 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 01:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-09-23 00:45:52 141,312 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-09-23 00:45:54 25,088 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 01:47:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-09-23 00:45:54 169,472 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 01:47:16 175,616 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2004-09-23 00:45:56 360,176 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2004-09-23 00:45:56 311,296 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 01:47:16 321,536 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-04 08:48:36 53,760 ------w C:\WINDOWS\system32\dllcache\narrator.exe
+ 2006-10-04 08:48:37 215,552 ------w C:\WINDOWS\system32\dllcache\osk.exe
+ 2006-10-11 16:24:45 153,088 ------w C:\WINDOWS\system32\dllcache\p2p.dll
+ 2006-10-11 16:24:45 104,960 ------w C:\WINDOWS\system32\dllcache\p2pgasvc.dll
+ 2006-10-11 16:24:45 313,344 ------w C:\WINDOWS\system32\dllcache\p2pgraph.dll
+ 2006-10-11 16:24:45 116,224 ------w C:\WINDOWS\system32\dllcache\p2pnetsh.dll
+ 2006-10-11 16:24:45 553,984 ------w C:\WINDOWS\system32\dllcache\p2psvc.dll
+ 2006-10-11 16:24:45 58,880 ------w C:\WINDOWS\system32\dllcache\pnrpnsp.dll
+ 2007-03-23 00:25:42 677,376 ------w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
- 2004-09-23 00:46:02 221,184 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 01:47:18 211,456 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-09-23 00:46:04 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-01 22:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-10-04 13:33:38 35,840 ------w C:\WINDOWS\system32\dllcache\umandlg.dll
- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2006-10-04 08:48:37 50,176 ------w C:\WINDOWS\system32\dllcache\utilman.exe
- 2004-09-23 00:46:10 380,144 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 ----a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-09-23 00:46:10 712,704 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 ----a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2004-09-23 00:46:12 229,376 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-19 01:47:18 222,208 ----a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2004-09-23 00:46:12 30,208 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 01:47:18 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-09-23 00:46:12 34,304 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 01:47:18 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 01:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2004-09-23 00:46:14 150,016 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 01:47:20 157,184 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-09-23 00:46:16 1,027,072 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 01:47:20 937,984 ----a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-09-15 17:28:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 01:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-09-15 17:28:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 01:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-09-23 00:46:26 773,368 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-09-23 00:46:26 1,116,160 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-09-23 00:46:30 531,192 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-09-23 00:46:30 936,960 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 01:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-09-23 00:46:34 871,160 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-09-23 00:46:34 999,424 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
+ 2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\dllcache\XpsSvcs.dll
- 2004-12-07 02:09:58 369,024 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS
+ 2006-10-13 03:28:42 604,928 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS
- 2004-06-18 01:55:38 685,056 ----a-w C:\WINDOWS\system32\drivers\HSF_CNXT.sys
+ 2005-05-03 19:08:44 705,408 ----a-w C:\WINDOWS\system32\drivers\HSF_CNXT.sys
+ 2005-05-03 19:09:28 1,033,728 ----a-w C:\WINDOWS\system32\drivers\HSF_DPV.SYS
- 2004-06-18 01:57:02 200,064 ----a-w C:\WINDOWS\system32\drivers\HSFHWICH.sys
+ 2005-05-03 19:08:50 208,384 ----a-w C:\WINDOWS\system32\drivers\HSFHWICH.sys
- 2005-02-15 20:02:58 804,317 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
+ 2005-10-14 19:15:18 1,302,812 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
+ 2007-07-19 19:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2004-03-17 23:04:14 13,059 ----a-w C:\WINDOWS\system32\drivers\mdmxsdk.sys
+ 2004-03-17 16:04:14 13,059 ----a-w C:\WINDOWS\system32\drivers\mdmxsdk.sys
+ 2006-10-19 01:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2004-09-23 00:46:38 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 00:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 22:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 23:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
- 2004-09-23 00:45:42 253,688 ----a-w C:\WINDOWS\system32\drmclien.dll
+ 2005-01-28 17:44:28 258,296 ----a-w C:\WINDOWS\system32\drmclien.dll
- 2004-09-23 00:45:42 95,232 ----a-w C:\WINDOWS\system32\drmstor.dll
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\system32\drmstor.dll
+ 2006-10-19 00:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-09-23 00:45:42 527,360 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-21 01:29:46 69,408 ----a-w C:\WINDOWS\system32\dxva2.dll
+ 2006-10-21 01:30:00 478,496 ----a-w C:\WINDOWS\system32\evr.dll
- 1999-10-18 01:01:42 1,129,232 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2003-09-25 16:07:00 1,139,472 ----a-w C:\WINDOWS\system32\FM20.DLL
- 1999-10-18 01:01:16 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2003-08-18 18:26:32 25,872 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2007-07-28 02:58:54 254,272 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-10-13 02:08:24 257,456 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2005-02-15 20:02:56 118,784 ----a-w C:\WINDOWS\system32\hccutils.dll
+ 2005-10-14 18:45:22 73,728 ----a-w C:\WINDOWS\system32\hccutils.dll
- 2005-02-15 20:02:56 126,976 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2005-10-14 18:46:34 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2005-02-23 19:02:10 42,858 ----a-w C:\WINDOWS\system32\hsfci014.dll
+ 2005-10-14 19:06:54 61,440 ----a-w C:\WINDOWS\system32\iAlmCoIn_v4410.dll
- 2005-02-15 20:02:58 878,651 ----a-w C:\WINDOWS\system32\ialmdd5.dll
+ 2005-10-14 19:14:16 901,242 ----a-w C:\WINDOWS\system32\ialmdd5.dll
- 2005-02-15 20:02:58 178,779 ----a-w C:\WINDOWS\system32\ialmdev5.dll
+ 2005-10-14 19:06:40 213,274 ----a-w C:\WINDOWS\system32\ialmdev5.dll
- 2005-02-15 20:02:58 108,092 ----a-w C:\WINDOWS\system32\ialmdnt5.dll
Part 6:
+ 2005-10-14 19:06:52 118,395 ----a-w C:\WINDOWS\system32\ialmdnt5.dll
- 2005-02-15 20:02:58 49,152 ----a-w C:\WINDOWS\system32\ialmrem.dll
+ 2005-10-14 19:06:54 49,152 ----a-w C:\WINDOWS\system32\ialmrem.dll
- 2005-02-15 20:02:58 37,951 ----a-w C:\WINDOWS\system32\ialmrnt5.dll
+ 2005-10-14 19:06:58 36,990 ----a-w C:\WINDOWS\system32\ialmrnt5.dll
+ 2005-10-14 18:51:06 40,960 ----a-w C:\WINDOWS\system32\ialmuARA.dll
+ 2005-10-14 18:51:06 40,960 ----a-w C:\WINDOWS\system32\ialmuARB.dll
+ 2005-10-14 18:51:06 40,960 ----a-w C:\WINDOWS\system32\ialmuCHS.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuCHT.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuCSY.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuDAN.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuDEU.dll
+ 2005-10-14 18:51:06 114,688 ----a-w C:\WINDOWS\system32\ialmudlg.exe
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuELL.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuENG.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuESP.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuFIN.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuFRA.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuFRC.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuHEB.dll
+ 2005-10-14 18:51:14 40,960 ----a-w C:\WINDOWS\system32\ialmuHUN.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuITA.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuJPN.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuKOR.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuNLD.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuNOR.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuPLK.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuPTB.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuPTG.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuRUS.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuSVE.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuTHA.dll
+ 2005-10-14 18:51:14 40,960 ----a-w C:\WINDOWS\system32\ialmuTRK.dll
+ 2006-10-30 07:33:58 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe
+ 2006-10-30 07:33:58 9,480 ----a-w C:\WINDOWS\system32\icardres.dll
- 2005-02-15 20:02:58 503,808 ----a-w C:\WINDOWS\system32\igfxcfg.exe
+ 2005-10-14 18:49:08 446,464 ----a-w C:\WINDOWS\system32\igfxcfg.exe
- 2005-02-15 20:02:58 139,264 ----a-w C:\WINDOWS\system32\igfxdev.dll
+ 2005-10-14 18:45:38 135,168 ----a-w C:\WINDOWS\system32\igfxdev.dll
- 2005-02-15 20:02:58 86,016 ----a-w C:\WINDOWS\system32\igfxdo.dll
+ 2005-10-14 18:46:38 86,016 ----a-w C:\WINDOWS\system32\igfxdo.dll
- 2005-02-15 20:02:58 36,864 ----a-w C:\WINDOWS\system32\igfxexps.dll
+ 2005-10-14 18:50:24 40,960 ----a-w C:\WINDOWS\system32\igfxexps.dll
- 2005-02-15 20:02:58 106,496 ----a-w C:\WINDOWS\system32\igfxext.exe
+ 2005-10-14 18:50:22 94,208 ----a-w C:\WINDOWS\system32\igfxext.exe
+ 2005-10-14 18:50:30 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
- 2005-02-15 20:02:58 225,280 ----a-w C:\WINDOWS\system32\igfxpph.dll
+ 2005-10-14 18:49:30 147,456 ----a-w C:\WINDOWS\system32\igfxpph.dll
- 2005-02-15 20:02:58 1,245,184 ----a-w C:\WINDOWS\system32\igfxress.dll
+ 2005-10-14 18:49:36 1,503,232 ----a-w C:\WINDOWS\system32\igfxress.dll
- 2005-02-15 20:02:58 348,160 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
+ 2005-10-14 18:46:28 57,344 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
+ 2005-10-14 18:46:24 159,744 ----a-w C:\WINDOWS\system32\igfxsrvc.exe
- 2005-02-15 20:02:58 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
+ 2005-10-14 18:49:46 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
- 2005-02-15 20:02:58 114,688 ----a-w C:\WINDOWS\system32\igfxzoom.exe
+ 2005-10-14 18:50:16 114,688 ----a-w C:\WINDOWS\system32\igfxzoom.exe
+ 2005-10-14 18:59:00 524,288 ----a-w C:\WINDOWS\system32\igldev32.dll
+ 2005-10-14 18:57:06 2,310,144 ----a-w C:\WINDOWS\system32\iglicd32.dll
+ 2006-10-30 07:33:58 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll
- 2004-09-23 00:45:44 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 01:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
+ 2007-09-06 20:13:58 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2004-09-23 00:45:44 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 00:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
- 2004-08-04 10:00:00 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
+ 2006-10-04 08:48:36 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
- 2004-09-01 16:56:46 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2006-11-02 00:48:12 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.DLL
+ 2006-10-19 01:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-21 01:30:06 1,980,704 ----a-w C:\WINDOWS\system32\milcore.dll
+ 2006-10-19 01:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 10:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 01:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 10:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 01:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 10:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 19:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2004-09-23 00:45:52 141,312 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-09-23 00:45:54 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 01:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-09-23 00:45:54 169,472 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 01:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2004-09-23 00:45:56 360,176 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-08-04 10:00:00 407,552 ----a-w C:\WINDOWS\system32\mstsc.exe
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\system32\mstsc.exe
- 2004-08-04 10:00:00 655,360 ----a-w C:\WINDOWS\system32\mstscax.dll
+ 2006-11-13 06:02:58 1,866,240 ----a-w C:\WINDOWS\system32\mstscax.dll
- 2004-09-23 00:45:56 311,296 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-19 01:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2007-05-15 19:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2006-10-19 17:33:20 86,728 ----a-w C:\WINDOWS\system32\msxml6r.dll
- 2004-08-04 10:00:00 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2006-10-04 08:48:36 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
- 2005-02-15 20:02:58 69,632 ----a-w C:\WINDOWS\system32\oemdspif.dll
+ 2005-10-14 18:50:34 53,248 ----a-w C:\WINDOWS\system32\oemdspif.dll
- 2004-08-04 10:00:00 215,552 ----a-w C:\WINDOWS\system32\osk.exe
+ 2006-10-04 08:48:37 215,552 ----a-w C:\WINDOWS\system32\osk.exe
- 2004-08-04 10:00:00 116,224 ----a-w C:\WINDOWS\system32\p2p.dll
+ 2006-10-11 16:24:45 153,088 ----a-w C:\WINDOWS\system32\p2p.dll
- 2004-08-04 10:00:00 86,016 ----a-w C:\WINDOWS\system32\p2pgasvc.dll
+ 2006-10-11 16:24:45 104,960 ----a-w C:\WINDOWS\system32\p2pgasvc.dll
- 2004-08-04 10:00:00 312,320 ----a-w C:\WINDOWS\system32\p2pgraph.dll
+ 2006-10-11 16:24:45 313,344 ----a-w C:\WINDOWS\system32\p2pgraph.dll
- 2004-08-04 10:00:00 88,064 ----a-w C:\WINDOWS\system32\p2pnetsh.dll
+ 2006-10-11 16:24:45 116,224 ----a-w C:\WINDOWS\system32\p2pnetsh.dll
- 2004-08-04 10:00:00 526,848 ----a-w C:\WINDOWS\system32\p2psvc.dll
+ 2006-10-11 16:24:45 553,984 ----a-w C:\WINDOWS\system32\p2psvc.dll
- 2007-10-11 22:23:19 63,418 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-13 02:05:37 71,198 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-11 22:23:20 402,974 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-13 02:05:37 438,270 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-24 16:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll
- 2004-08-04 10:00:00 48,640 ----a-w C:\WINDOWS\system32\pnrpnsp.dll
+ 2006-10-11 16:24:45 58,880 ----a-w C:\WINDOWS\system32\pnrpnsp.dll
+ 2006-10-19 01:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 01:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 01:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 01:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 01:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
+ 2006-10-21 01:29:52 104,224 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-21 01:29:58 344,352 ----a-w C:\WINDOWS\system32\PresentationHost.exe
+ 2006-10-21 01:29:46 20,768 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
+ 2006-10-21 01:30:02 769,312 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
+ 2007-03-23 00:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
- 2004-09-23 00:46:02 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-19 01:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2004-06-18 01:55:38 685,056 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSF_CNXT.sys
+ 2004-06-18 01:55:04 1,041,536 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSF_DP.sys
+ 2004-06-17 01:23:00 33,818 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSFCI010.dll
+ 2004-06-18 01:57:02 200,064 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSFHWICH.sys
+ 2004-03-13 03:20:44 536,576 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HXFSetup.exe
+ 2004-03-17 23:00:32 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\mdmxsdk.dll
+ 2004-03-17 23:04:14 13,059 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\mdmxsdk.sys
+ 2005-02-15 20:02:56 118,784 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\hccutils.dll
+ 2005-02-15 20:02:56 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\hkcmd.exe
+ 2005-02-15 20:02:56 61,440 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\iAlmCoIn.dll
+ 2005-02-15 20:02:58 878,651 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmdd5.dll
+ 2005-02-15 20:02:58 178,779 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmdev5.dll
+ 2005-02-15 20:02:58 108,092 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmdnt5.dll
+ 2005-02-15 20:02:58 516,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmgdev.dll
+ 2005-02-15 20:02:58 2,289,664 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmgicd.dll
+ 2005-02-15 20:02:58 804,317 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmnt5.sys
+ 2005-02-15 20:02:58 49,152 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmrem.dll
+ 2005-02-15 20:02:58 37,951 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmrnt5.dll
+ 2005-02-15 20:02:58 503,808 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxcfg.exe
+ 2005-02-15 20:02:58 139,264 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdev.dll
+ 2005-02-15 20:02:58 45,056 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdgps.dll
+ 2005-02-15 20:02:58 151,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdiag.exe
+ 2005-02-15 20:02:58 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdo.dll
+ 2005-02-15 20:02:58 225,280 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxeud.dll
+ 2005-02-15 20:02:58 36,864 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxexps.dll
+ 2005-02-15 20:02:58 106,496 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxext.exe
+ 2005-02-15 20:02:58 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxhk.dll
+ 2005-02-15 20:02:58 225,280 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxpph.dll
+ 2005-02-15 20:02:58 1,245,184 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxress.dll
+ 2005-02-15 20:02:58 348,160 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxsrvc.dll
+ 2005-02-15 20:02:58 155,648 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxtray.exe
+ 2005-02-15 20:02:58 114,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxzoom.exe
+ 2005-02-15 20:02:58 69,632 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\oemdspif.dll
+ 2005-02-15 20:02:56 118,784 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\hccutils.dll
+ 2005-02-15 20:02:56 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\hkcmd.exe
+ 2005-02-15 20:02:56 61,440 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iAlmCoIn.dll
+ 2005-02-15 20:02:58 878,651 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmdd5.dll
+ 2005-02-15 20:02:58 178,779 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmdev5.dll
+ 2005-02-15 20:02:58 108,092 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmdnt5.dll
+ 2005-02-15 20:02:58 516,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmgdev.dll
+ 2005-02-15 20:02:58 2,289,664 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmgicd.dll
+ 2005-10-14 19:15:18 1,302,812 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmnt5.sys
+ 2005-10-14 19:06:54 49,152 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmrem.dll
+ 2005-02-15 20:02:58 37,951 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmrnt5.dll
+ 2005-10-14 18:49:08 446,464 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxcfg.exe
+ 2005-02-15 20:02:58 139,264 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxdev.dll
+ 2005-10-14 18:46:38 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxdo.dll
+ 2005-10-14 18:50:24 40,960 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxexps.dll
+ 2005-10-14 18:50:22 94,208 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxext.exe
+ 2005-02-15 20:02:58 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxhk.dll
+ 2005-10-14 18:49:30 147,456 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxpph.dll
+ 2005-02-15 20:02:58 1,245,184 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxress.dll
+ 2005-02-15 20:02:58 348,160 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxsrvc.dll
+ 2005-10-14 18:49:46 94,208 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxtray.exe
+ 2005-10-14 18:50:16 114,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxzoom.exe
Part 7:
+ 2005-10-14 18:50:34 53,248 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\oemdspif.dll
+ 2004-12-07 02:09:58 369,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\BCMWL5.SYS
+ 2006-08-24 20:15:06 150,808 ----a-w C:\WINDOWS\system32\rgb9rast_2.dll
- 2006-12-10 18:10:02 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-16 20:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2007-03-23 00:24:34 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
- 2004-08-04 05:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2007-03-23 00:24:06 376,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
- 2004-08-04 05:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2007-03-23 01:03:54 749,568 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
- 2004-08-04 05:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2007-03-23 01:03:58 761,344 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2006-10-14 20:43:18 27,648 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2007-03-23 00:25:42 677,376 ------w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2006-10-14 21:13:02 34,304 ----a-w C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2007-03-23 00:53:16 746,496 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2007-03-23 00:59:24 2,932,224 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2007-03-23 00:53:16 746,496 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2007-03-23 00:59:24 2,932,224 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-16 20:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2006-11-29 21:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2007-10-13 18:27:17 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 09:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2007-10-13 18:27:17 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-10-21 01:29:54 159,008 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
- 2004-08-04 10:00:00 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
+ 2006-10-04 13:33:38 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
- 2004-08-04 10:00:00 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2006-10-04 08:48:37 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
- 2004-09-23 00:46:10 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 01:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2007-09-06 20:14:04 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-09-06 20:14:28 395,080 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-09-06 20:14:04 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-09-06 20:14:04 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-09-06 20:14:04 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-09-06 20:14:04 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-09-06 20:14:06 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-09-06 20:14:06 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2007-09-06 20:14:06 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2004-09-23 00:46:10 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 01:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2004-09-23 00:46:10 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 01:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-24 16:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll
+ 2006-10-24 16:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll
- 2004-12-07 01:45:14 696,425 ------w C:\WINDOWS\system32\WLTRAY.EXE
+ 2006-11-02 00:48:12 1,392,640 ----a-w C:\WINDOWS\system32\WLTRAY.EXE
- 2004-12-07 01:45:14 81,920 ------w C:\WINDOWS\system32\wltrynt.dll
+ 2006-11-02 00:48:12 44,032 ----a-w C:\WINDOWS\system32\wltrynt.dll
- 2004-12-07 01:45:14 65,536 ------w C:\WINDOWS\system32\WLTRYSVC.EXE
+ 2006-11-02 00:48:12 20,480 ----a-w C:\WINDOWS\system32\WLTRYSVC.EXE
- 2004-09-23 00:46:10 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-09-23 00:46:10 712,704 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2004-09-23 00:46:12 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-19 01:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
- 2004-09-23 00:46:12 30,208 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 01:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-09-23 00:46:12 34,304 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 01:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2004-09-23 00:46:12 344,064 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 01:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2004-09-23 00:46:14 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 01:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 01:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 01:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-09-23 00:46:14 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 01:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-09-23 00:46:16 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 01:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 12:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 03:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2004-09-15 17:28:00 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 01:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-24 16:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll
- 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 01:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 01:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 01:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-09-15 17:28:00 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 01:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-09-23 00:46:26 773,368 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-09-23 00:46:26 1,116,160 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-09-23 00:46:30 531,192 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-09-23 00:46:30 936,960 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2004-09-23 00:46:32 1,181,944 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2004-09-23 00:46:32 1,509,376 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 01:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 01:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-09-23 00:46:34 871,160 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-09-23 00:46:34 999,424 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 01:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 01:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 01:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2004-09-23 00:46:38 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 01:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2004-09-23 00:46:36 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 01:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2004-09-23 00:46:36 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 01:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2004-09-23 00:46:36 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
+ 2005-01-28 17:44:28 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
- 2004-09-23 00:46:36 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 00:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 01:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 01:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2004-09-23 00:46:36 327,680 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 01:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
- 2004-09-23 00:46:38 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
+ 2005-01-28 17:44:28 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
+ 2006-09-29 00:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 22:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 22:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 22:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 22:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
+ 2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
+ 2006-10-21 01:29:54 304,928 ----a-w C:\WINDOWS\system32\XPSViewer\XPSViewer.exe
+ 2007-09-06 20:14:06 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-09-06 20:14:08 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2007-09-06 20:13:56 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-31 04:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 18:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 04:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 04:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 04:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 04:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-07-19 19:10:32 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
+ 2007-07-19 19:10:32 186,128 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
+ 2007-05-31 04:03:48 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
+ 2007-07-19 19:10:28 127,768 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
+ 2007-05-31 04:03:50 45,056 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
+ 2006-09-20 03:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-08-24 23:31:48 274,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 22:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
Part 8:
+ 2007-05-31 04:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 04:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 04:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 04:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-08-24 23:31:48 135,168 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 22:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-09-06 20:13:56 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 16:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2007-09-06 20:13:58 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-09-06 20:13:58 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-09-06 20:13:58 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-09-06 20:14:30 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2007-09-06 20:14:30 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2007-09-06 20:14:30 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-09-06 20:14:32 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-09-06 20:14:32 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-09-06 20:15:50 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-09-06 20:15:52 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-08-15 19:45:42 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-08-15 19:45:44 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-09-06 20:14:00 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-01-11 15:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-08-15 19:45:44 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-06-11 16:44:10 50,416 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-09-06 20:14:02 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-09-06 20:15:52 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-09-06 20:15:54 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-05 00:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-08-01 10:30:04 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-09-06 20:14:18 149,032 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 21:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-09-06 20:14:04 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-09-06 20:14:04 79,336 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-09-06 20:14:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-09-06 20:14:04 2,024,936 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2007-09-06 20:14:06 1,345,000 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-09-06 20:14:06 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-01-11 15:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2007-09-06 20:14:08 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-09-06 20:14:08 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-09-06 20:14:08 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-09-06 20:14:08 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SmcService"="C:\PROGRA~1\Sygate\SPF\Smc.exe" [2003-01-21 15:55]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 10:38]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" []
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"AOL Music Now"="C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe" []
"findfast"="C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-11 00:41]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 20:48]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"findfast"="C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll, xlibgfl254.dll, append.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AOL ACS"=2 (0x2)
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 19:26:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-13 19:28:49
C:\ComboFix2.txt ... 2007-10-12 21:26
.
--- E O F ---
shelf life
2007-10-14, 04:01
hi ginus,
ok good. you use a custom host file?
please run the second part of smitfraud once more in safe mode. post the log, leave out the host file section like before to keep it short.
----------------
after running smitfraud:
Copy the contents of the code box below and paste it into windows notepad, (start>programs>accessories>notepad)
save it to your desktop as;
Filename: CFScript.txt
Save As Type: All Files (*.*)
File::
C:\WINDOWS\exploeee.exe
C:\WINDOWS\mraerea.exe
C:\WINDOWS\mteadea.exe
C:\WINDOWS\pdoakac.exe
C:\WINDOWS\mraera.exe
C:\WINDOWS\denvic.exe
C:\WINDOWS\xxsdsa.exe
C:\Documents and Settings\Karen Lindberg\Application Data\prprotect.exe
C:\Documents and Settings\Karen Lindberg\Application Data\sysdoctor.exe
C:\Documents and Settings\Karen Lindberg\Application Data\antivir.exe
-----------------
now locate on your destop--both the combofix icon and the text file you just saved.
holding the left mouse button down, click on and drag the CFScript.txt right on top of the combofix icon and release. combo fix will run. please post the log it saves and the smitfraud log also.
shelf life
I don't know what it means to use a custom host file, so I don't think so. Could one of these infections have caused that? How do I move away from using the custom host file?
Here is the SmitFraud log:
SmitFraudFix v2.240
Scan done at 22:46:34.87, Sat 10/13/2007
Run from C:\Documents and Settings\Rob Lindberg\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 007guard.com
---stuff---
127.0.0.1 zxlinks.com
127.0.0.1 zyban-zocor-levitra.com
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\Delete_Me_Dummy_hadjajr.ini Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 24.92.226.9
DNS Server Search Order: 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
ComboFix Part 1:
ComboFix 07-10-12.4 - Rob Lindberg 2007-10-13 22:51:46.3 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.304 [GMT -4:00]
Running from: C:\Documents and Settings\Rob Lindberg\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rob Lindberg\Desktop\CFScript.txt
FILE::
C:\Documents and Settings\Karen Lindberg\Application Data\antivir.exe
C:\Documents and Settings\Karen Lindberg\Application Data\prprotect.exe
C:\Documents and Settings\Karen Lindberg\Application Data\sysdoctor.exe
C:\WINDOWS\denvic.exe
C:\WINDOWS\exploeee.exe
C:\WINDOWS\mraera.exe
C:\WINDOWS\mraerea.exe
C:\WINDOWS\mteadea.exe
C:\WINDOWS\pdoakac.exe
C:\WINDOWS\xxsdsa.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Karen Lindberg\Application Data\antivir.exe
C:\Documents and Settings\Karen Lindberg\Application Data\prprotect.exe
C:\Documents and Settings\Karen Lindberg\Application Data\sysdoctor.exe
C:\WINDOWS\denvic.exe
C:\WINDOWS\mraera.exe
C:\WINDOWS\mraerea.exe
C:\WINDOWS\mteadea.exe
C:\WINDOWS\pdoakac.exe
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\xxsdsa.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.
2007-10-13 19:30 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-10-13 19:30 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-13 19:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-13 19:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-13 19:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-13 19:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-13 19:12 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-13 14:28 4,554 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-12 23:09 438,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-12 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-12 23:06 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-12 23:06 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-12 23:06 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-12 23:04 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-12 22:59 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-10-12 22:06 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-12 22:05 <DIR> d-------- C:\Program Files\MSBuild
2007-10-12 22:01 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-10-12 22:00 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-10-12 21:59 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-10-12 21:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-10-12 21:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-12 21:54 2,129,920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2007-10-12 21:54 757,760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2007-10-12 21:54 86,016 --a------ C:\WINDOWS\system32\preflib.dll
2007-10-12 21:54 69,632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll
2007-10-12 21:54 33,664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
2007-10-12 21:46 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-10-12 21:46 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-10-12 21:46 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-10-12 21:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 20:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-11 18:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-11 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-11 18:50 1,308,216 --a------ C:\HiJackThis_v2.exe
2007-10-11 18:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-11 18:21 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-11 00:57 140,288 --a------ C:\vcleaner.exe
2007-10-11 00:42 <DIR> d-------- C:\Documents and Settings\Rob Lindberg\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-10 22:20 <DIR> d-------- C:\VundoFix Backups
2007-10-10 21:54 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 17:56 195,602 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\mcrupdate.exe
2007-10-09 17:56 1,772 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\antivir.exe
2007-10-09 17:31 9,098 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\spoolsvc.dll
2007-09-19 17:07 1,565 --a------ C:\Documents and Settings\Karen Lindberg\xl10050.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 02:41 6,212 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-13 03:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 03:46 --------- d-----w C:\Program Files\Dell
2007-10-13 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-10-11 22:11 --------- d-----w C:\Program Files\Common Files\Real
2007-10-11 22:10 --------- d-----w C:\Program Files\QuickTime
2007-10-11 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-13 23:57 --------- d-----w C:\Documents and Settings\Karen Lindberg\Application Data\ultra
2007-09-06 20:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 23:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-02 14:20 2 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\xxx.exe
2007-01-14 02:40 29,184 ----a-w C:\Documents and Settings\Rob Lindberg\uovouvwo.exe
2006-07-10 22:14 64,096 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\GDIPFONTCACHEV1.DAT
2004-11-12 14:28 44,032 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\iebar.dll
2006-01-19 01:07:43 56 --sh--r C:\WINDOWS\system32\E655BAE80E.sys
2006-01-19 01:07:43 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2007-10-12_21.25.14.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-11 16:35:59 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2p.dll
+ 2006-10-11 16:35:59 104,960 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pgasvc.dll
+ 2006-10-11 16:35:59 313,344 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pgraph.dll
+ 2006-10-11 16:35:59 115,712 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pnetsh.dll
+ 2006-10-11 16:35:59 553,984 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2psvc.dll
+ 2006-10-11 16:35:59 58,880 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\pnrpnsp.dll
+ 2006-09-26 08:51:38 212,480 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920342\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920342\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920342\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920342\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920342\update\updspapi.dll
+ 2006-10-04 10:40:05 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2006-10-04 10:40:06 53,760 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 10:40:06 215,552 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2006-10-04 14:05:57 35,840 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\umandlg.dll
+ 2006-10-04 10:40:06 50,176 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\updspapi.dll
+ 2006-11-13 06:02:15 116,736 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\lhmstsc.exe
+ 2006-11-13 06:02:15 1,866,240 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\lhmstscx.dll
+ 2006-11-13 06:02:15 288,768 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tscuinst.vbs
+ 2006-11-13 06:02:15 36,352 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tsgqec.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925876\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925876\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\spcustom.dll
+ 2006-11-13 06:02:58 38,400 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\tscupdatecustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\updspapi.dll
+ 2004-11-18 14:44:50 209,632 -c----w C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe
+ 2004-11-18 14:45:18 371,936 -c----w C:\WINDOWS\$NtUninstallKB891122$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 116,224 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2p.dll
+ 2004-08-04 10:00:00 86,016 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pgasvc.dll
+ 2004-08-04 10:00:00 312,320 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pgraph.dll
+ 2004-08-04 10:00:00 88,064 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pnetsh.dll
+ 2004-08-04 10:00:00 526,848 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2psvc.dll
+ 2004-08-04 10:00:00 48,640 -c----w C:\WINDOWS\$NtUninstallKB920342$\pnrpnsp.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB920342$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 72,704 -c----w C:\WINDOWS\$NtUninstallKB925720$\magnify.exe
+ 2004-08-04 10:00:00 53,760 -c----w C:\WINDOWS\$NtUninstallKB925720$\narrator.exe
+ 2004-08-04 10:00:00 215,552 -c----w C:\WINDOWS\$NtUninstallKB925720$\osk.exe
+ 2005-10-12 23:16:49 213,216 -c----w C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56 371,424 -c----w C:\WINDOWS\$NtUninstallKB925720$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 35,840 -c----w C:\WINDOWS\$NtUninstallKB925720$\umandlg.dll
+ 2004-08-04 10:00:00 50,176 -c----w C:\WINDOWS\$NtUninstallKB925720$\utilman.exe
+ 2004-08-04 10:00:00 407,552 -c----w C:\WINDOWS\$NtUninstallKB925876$\mstsc.exe
+ 2004-08-04 10:00:00 655,360 -c----w C:\WINDOWS\$NtUninstallKB925876$\mstscax.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB925876$\spuninst\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
+ 2006-10-19 01:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
+ 2006-10-19 01:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2006-11-01 22:31:34 315,904 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
+ 2006-09-25 21:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2006-09-25 21:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2006-10-16 20:10:58 221,488 -c----w C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe
+ 2006-10-16 20:10:58 379,184 -c----w C:\WINDOWS\$NtUninstallWIC$\spuninst\updspapi.dll
+ 2004-09-15 17:28:06 480,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\audiodev.dll
+ 2005-01-28 17:44:28 294,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2005-01-28 17:44:28 164,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2005-01-28 17:44:28 502,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2005-01-28 17:44:28 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2005-01-28 17:44:28 96,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2004-08-04 10:00:00 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2004-08-04 10:00:00 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2004-08-04 10:00:00 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2005-01-28 17:44:28 142,336 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2005-01-28 17:44:28 25,088 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2005-01-28 17:44:28 173,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2005-01-28 17:44:28 364,784 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2005-01-28 17:44:28 315,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2005-01-28 17:44:28 221,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-16 22:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2006-05-16 22:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2006-11-02 15:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2005-01-28 17:44:28 47,104 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
+ 2005-01-28 17:44:28 15,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
+ 2005-01-28 17:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2005-01-28 17:44:28 396,528 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2005-01-28 17:44:28 716,288 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2005-01-28 17:44:28 224,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
+ 2005-01-28 17:44:28 28,160 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2005-01-28 17:44:28 33,792 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2005-01-28 17:44:28 335,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2005-01-28 17:44:28 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2005-01-28 17:44:28 150,016 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2005-01-28 17:44:28 1,027,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2005-01-28 17:44:28 774,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2005-01-28 17:44:28 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2005-01-28 19:44:28 819,200 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe
Part 2:
+ 2005-01-28 17:44:28 413,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2005-01-28 17:44:28 940,544 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2005-01-28 17:44:28 1,218,808 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2005-01-28 17:44:28 1,512,448 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
+ 2005-01-28 17:44:28 2,370,296 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
+ 2005-01-28 17:44:28 895,736 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2005-01-28 17:44:28 1,003,008 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2005-01-28 17:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2005-01-28 17:44:28 61,952 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
+ 2005-01-28 17:44:28 114,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2005-01-28 17:44:28 66,560 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2005-01-28 17:44:28 331,264 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
+ 2005-01-28 17:44:28 18,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
+ 2004-09-15 17:28:06 8,192 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
+ 2004-09-15 17:27:52 344,064 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
+ 2004-09-23 00:46:04 819,200 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
+ 2006-05-16 22:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2006-05-16 22:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2004-09-15 17:27:54 192,512 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
+ 2004-09-15 17:27:54 189,440 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
+ 2004-09-15 17:27:54 122,880 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmlaunch.exe
+ 2007-04-30 12:20:24 5,537,792 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-09-15 17:28:00 135,168 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-09-15 17:28:00 77,824 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-09-15 17:28:00 282,624 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-09-15 17:28:00 28,672 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpenc.exe
+ 2004-09-15 17:28:00 1,589,760 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpencen.dll
+ 2004-09-15 17:28:00 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-09-15 17:28:00 3,371,008 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-09-15 17:28:00 86,016 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2004-09-15 17:28:00 175,104 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpsrcwp.dll
+ 2006-09-16 05:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 05:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 23:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2007-10-13 02:00:38 151,552 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-10-13 02:01:18 3,915,776 ----a-w C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2007-10-13 02:01:22 344,064 ----a-w C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2007-10-13 02:00:38 352,256 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2007-10-13 02:01:18 593,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2007-10-13 02:01:18 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2007-10-13 02:01:21 184,320 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2007-10-13 02:01:21 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2007-10-13 02:01:21 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2007-10-13 02:01:21 151,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2007-10-13 02:01:20 4,972,544 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2007-10-13 02:01:20 897,024 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2007-10-13 02:01:22 528,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2007-10-13 02:00:39 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2007-10-13 02:00:39 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2007-10-13 02:00:39 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2007-10-13 02:00:40 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2007-10-13 02:00:40 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2007-10-13 02:00:43 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2007-10-13 02:00:43 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2007-10-13 02:00:41 5,623,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2007-10-13 02:01:22 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2007-10-13 02:05:09 1,108,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2007-10-13 02:05:10 1,641,272 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2007-10-13 02:05:09 588,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2007-10-13 02:01:21 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2007-10-13 02:01:21 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2007-10-13 02:01:20 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2007-10-13 02:01:20 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2007-10-13 02:01:18 1,167,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2007-10-13 02:01:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2007-10-13 03:52:21 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\ea42d7294d0496c4b81b5698383835e2\ComSvcConfig.ni.exe
+ 2007-10-13 03:52:28 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6402f5a81a68017188ba9b24a73cf7c3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2007-10-13 03:52:26 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\d1087bdb136a10b01ff884f927ae82ba\Microsoft.Transactions.Bridge.ni.dll
+ 2007-10-13 02:02:03 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\9243aa36665a75662f1d59d403faecb1\Microsoft.VisualC.ni.dll
+ 2007-10-13 03:53:19 1,568,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e93b6376afd494a9fc81eed875ea29e0\PresentationBuildTasks.ni.dll
+ 2007-10-13 02:03:04 40,448 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b4cfc6ddaee930535792b2a7c4c8cc92\PresentationCFFRasterizer.ni.dll
+ 2007-10-13 02:03:03 11,984,896 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\e464f99432204c8bbf67b44459f4fa18\PresentationCore.ni.dll
+ 2007-10-13 02:04:56 48,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4901e5dec936a79c18f0960796d05c9c\PresentationFontCache.ni.exe
+ 2007-10-13 02:04:55 393,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\06b6deda7d175c895e062f0ea5c68ad1\PresentationFramework.Aero.ni.dll
+ 2007-10-13 02:04:50 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0e3292d46d353e0423018160d0ba53fc\PresentationFramework.Classic.ni.dll
+ 2007-10-13 02:04:30 14,680,064 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43d2f60da1dd03f05b8bbf13e791e1f9\PresentationFramework.ni.dll
+ 2007-10-13 02:04:52 270,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c1c4d02ff8e228046456aae042b8d201\PresentationFramework.Royale.ni.dll
+ 2007-10-13 02:04:51 548,864 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e2ae6990fad677869a6b9db4ce74df41\PresentationFramework.Luna.ni.dll
+ 2007-10-13 02:04:36 1,982,464 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\789186c85e2c9a47d9ccb3e6efad1bfc\PresentationUI.ni.dll
+ 2007-10-13 02:04:46 2,396,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\50d61959bfc570016a93b8c72cdae7f1\ReachFramework.ni.dll
+ 2007-10-13 03:52:29 135,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\8135fba136671154323d108c20545a25\ServiceModelReg.ni.exe
+ 2007-10-13 03:52:30 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\d785a43e2e848909583c135793478ad7\SMDiagnostics.ni.dll
+ 2007-10-13 03:52:32 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4a4f4b6222fdd6efff9c517375884e6e\SMSvcHost.ni.exe
+ 2007-10-13 03:53:24 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\37109f785b4735a89ea5d55e9f710d35\sysglobl.ni.dll
+ 2007-10-13 02:02:11 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\0618c7d0205e2ffc29142e7ca3019522\System.Configuration.Install.ni.dll
+ 2007-10-13 02:02:09 1,179,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\192321a3510e79d9b822f0e02e061f40\System.Data.OracleClient.ni.dll
+ 2007-10-13 02:02:03 2,695,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\10bf204296279d932ff5af300b5d33ec\System.Data.SqlXml.ni.dll
+ 2007-10-13 03:33:50 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\c5ab82efcedf18ea4fa43dd411fa408f\System.IdentityModel.Selectors.ni.dll
+ 2007-10-13 03:33:48 987,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\88113e5f9522652ba9749d31f8b92775\System.IdentityModel.ni.dll
+ 2007-10-13 03:33:54 421,888 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6921c5b940056a701641d6f41336479c\System.IO.Log.ni.dll
+ 2007-10-13 02:05:34 655,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\e0a84a4c3f66d1c83dc0e491918464e3\System.Messaging.ni.dll
+ 2007-10-13 02:04:48 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\6f334b11dda437ce05536f65e94f9381\System.Printing.ni.dll
+ 2007-10-13 02:02:05 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2b3cf3e3905e4a95198511adf00f482e\System.Runtime.Remoting.ni.dll
+ 2007-10-13 02:02:06 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\5cbee81017e149a1a25d192e16206375\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2007-10-13 03:34:05 2,363,392 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\cc72c1894cd4a5c9f79c848c7fe17493\System.Runtime.Serialization.ni.dll
+ 2007-10-13 03:34:49 17,534,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\48bc039b18f4560cde9a0c1a10d9945f\System.ServiceModel.ni.dll
+ 2007-10-13 02:02:11 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\badccba6db750943a4a539d64f43064d\System.ServiceProcess.ni.dll
+ 2007-10-13 03:53:23 2,031,616 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\bc09ca99a455f0dcda92ce63a556ecec\System.Speech.ni.dll
+ 2007-10-13 02:05:20 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\304e2df5da628c36f2c0b8551721bb88\System.Workflow.Activities.ni.dll
+ 2007-10-13 02:05:28 4,587,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\eae0db1852c570c280db8e50709454a6\System.Workflow.ComponentModel.ni.dll
+ 2007-10-13 02:05:32 2,101,248 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\7103b8586c4b21c219fc2016366363cb\System.Workflow.Runtime.ni.dll
+ 2007-10-13 03:53:25 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\f49961851ab12e73bb4eb3ff335edc1f\UIAutomationClient.ni.dll
+ 2007-10-13 03:53:27 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\49d3f2e5a75dc5636709a823b227ddde\UIAutomationClientsideProviders.ni.dll
+ 2007-10-13 02:03:03 50,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\6389bbe9806b9de2e97658dc88af018a\UIAutomationProvider.ni.dll
+ 2007-10-13 02:03:04 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\ae6a32e233c32faabdd75ff724ccf1a2\UIAutomationTypes.ni.dll
+ 2007-10-13 02:01:57 3,272,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\490d87660e0cd4cf68ede4a64ec4ea35\WindowsBase.ni.dll
+ 2007-10-13 03:53:30 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\c2e0748fc01067435523e9d2239dd3f5\WindowsFormsIntegration.ni.dll
+ 2007-10-13 03:52:33 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ba16276ca93b4fd1f6c77639eddaf68\WsatConfig.ni.exe
- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2006-07-06 12:50:37 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2007-10-14 00:00:40 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2006-07-06 12:50:37 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2007-10-14 00:00:40 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2006-07-06 12:50:37 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-10-14 00:00:40 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2006-07-06 12:50:37 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2007-10-14 00:00:40 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-07-06 12:50:37 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-10-14 00:00:41 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-07-06 12:50:37 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2007-10-14 00:00:41 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-07-06 12:50:37 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-10-14 00:00:40 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-07-06 12:50:37 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-10-14 00:00:40 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-07-06 12:50:37 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-10-14 00:00:41 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-07-06 12:50:37 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2007-10-14 00:00:40 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-07-06 12:50:37 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-10-14 00:00:40 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-11-07 08:06:47 16,832 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
+ 2006-10-30 08:06:24 74,012 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat
+ 2006-10-30 07:25:56 99,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe
+ 2006-10-30 03:15:06 220,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll
+ 2006-10-30 03:17:56 1,054,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll
+ 2006-10-30 03:14:26 163,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll
+ 2006-10-30 07:25:54 194,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe
+ 2006-10-30 07:25:56 167,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe
+ 2006-10-30 07:25:56 365,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
+ 2006-10-30 07:17:12 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll
+ 2006-10-30 07:17:30 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll
+ 2006-10-30 07:17:36 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll
+ 2006-10-30 07:17:44 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll
+ 2006-10-30 07:17:50 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll
Part 3:
+ 2006-10-30 07:17:56 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll
+ 2006-10-30 07:18:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll
+ 2006-10-30 07:18:16 91,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll
+ 2006-10-30 07:18:22 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll
+ 2006-10-30 07:18:30 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll
+ 2006-10-30 07:18:36 88,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll
+ 2006-10-30 07:18:42 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll
+ 2006-10-30 07:18:48 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll
+ 2006-10-30 07:18:56 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll
+ 2006-10-30 07:19:02 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll
+ 2006-10-30 07:19:08 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll
+ 2006-10-30 07:19:14 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll
+ 2006-10-30 07:19:28 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll
+ 2006-10-30 07:19:34 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll
+ 2006-10-30 07:19:42 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll
+ 2006-10-30 07:17:24 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll
+ 2006-10-30 07:19:22 90,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll
+ 2006-10-30 07:18:02 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll
+ 2006-10-30 03:15:20 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll
+ 2006-10-30 03:15:22 1,621,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll
+ 2006-10-30 03:16:52 1,139,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll
+ 2006-10-30 03:18:26 590,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll
+ 2006-10-30 03:20:20 541,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll
+ 2006-10-30 03:18:12 816,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll
+ 2006-10-30 07:17:14 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll
+ 2006-10-30 07:17:30 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll
+ 2006-10-30 07:17:38 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll
+ 2006-10-30 07:17:44 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll
+ 2006-10-30 07:17:50 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll
+ 2006-10-30 07:17:58 104,448 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll
+ 2006-10-30 07:18:10 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll
+ 2006-10-30 07:18:16 103,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll
+ 2006-10-30 07:18:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll
+ 2006-10-30 07:18:30 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll
+ 2006-10-30 07:18:36 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll
+ 2006-10-30 07:18:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll
+ 2006-10-30 07:18:50 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll
+ 2006-10-30 07:18:56 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll
+ 2006-10-30 07:19:02 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll
+ 2006-10-30 07:19:08 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll
+ 2006-10-30 07:19:16 99,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll
+ 2006-10-30 07:19:28 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll
+ 2006-10-30 07:19:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll
+ 2006-10-30 07:19:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll
+ 2006-10-30 07:17:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll
+ 2006-10-30 07:19:22 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll
+ 2006-10-30 07:18:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll
+ 2006-10-30 03:18:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll
+ 2006-10-30 03:19:30 1,103,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll
+ 2006-10-30 07:34:02 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2006-10-30 07:33:58 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2007-10-13 02:00:32 626,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe
+ 2007-10-13 02:00:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll
+ 2006-10-30 07:34:00 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2006-10-30 07:34:00 151,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2006-10-30 07:34:02 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2006-10-30 07:34:02 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2006-10-30 07:34:00 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2006-10-30 07:34:02 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2006-10-30 07:34:02 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2006-10-30 07:34:02 5,623,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2006-10-30 07:34:00 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2006-10-30 07:34:00 16,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2006-10-30 07:34:02 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2006-07-26 01:32:00 14,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2006-10-20 20:08:52 797,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2006-10-20 20:09:02 4,874,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2006-10-20 18:03:40 2,628,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2006-10-21 01:29:46 72,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2006-10-21 01:21:24 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2006-10-21 01:21:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2006-10-21 01:29:52 106,272 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2006-10-21 01:21:26 897,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2006-10-21 01:21:26 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
- 2004-09-23 00:45:38 161,792 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2005-01-28 17:44:28 164,864 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
- 2004-09-23 00:45:54 25,088 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2005-01-28 17:44:28 25,088 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
- 2004-09-23 00:45:54 169,472 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2005-01-28 17:44:28 173,568 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
- 2004-09-23 00:45:56 360,176 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2005-01-28 17:44:28 364,784 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
- 2004-09-23 00:45:56 311,296 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2005-01-28 17:44:28 315,904 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
- 2004-09-23 00:46:12 30,208 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2005-01-28 17:44:28 28,160 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
- 2004-09-23 00:46:12 34,304 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2005-01-28 17:44:28 33,792 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
- 2004-09-23 00:46:10 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2005-01-28 17:44:28 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
- 2004-09-23 00:46:10 15,872 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2005-01-28 17:44:28 15,872 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
- 2004-09-23 00:46:10 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2005-01-28 17:44:28 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
- 2004-09-23 00:46:38 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2005-01-28 17:44:28 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
- 2004-09-23 00:46:36 61,952 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2005-01-28 17:44:28 61,952 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
- 2004-09-23 00:46:36 114,176 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2005-01-28 17:44:28 114,176 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
- 2004-09-23 00:46:36 331,776 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2005-01-28 17:44:28 331,776 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
- 2004-09-23 00:46:36 66,560 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2005-01-28 17:44:28 66,560 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
- 2004-09-23 00:46:36 327,680 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2005-01-28 17:44:28 331,264 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
- 2004-09-23 00:46:38 10,752 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2005-01-28 17:44:28 10,752 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
- 2004-09-23 00:46:38 18,944 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2005-01-28 17:44:28 18,944 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
- 2004-09-23 00:46:10 380,144 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2005-01-28 17:44:28 396,528 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
- 2004-09-23 00:46:26 773,368 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2005-01-28 17:44:28 774,904 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
- 2004-09-23 00:46:30 531,192 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2005-01-28 17:44:28 413,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
- 2004-09-23 00:46:32 1,181,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2005-01-28 17:44:28 1,218,808 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
- 2004-09-23 00:46:34 871,160 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2005-01-28 17:44:28 895,736 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
- 2004-09-23 00:45:44 6,656 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2005-01-28 17:44:28 6,656 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
- 2004-09-23 00:45:44 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
- 2004-09-23 00:46:02 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2005-01-28 17:44:28 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
- 2004-09-23 00:46:10 712,704 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2005-01-28 17:44:28 716,288 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
- 2004-09-23 00:46:12 229,376 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2005-01-28 17:44:28 224,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
- 2004-09-23 00:46:12 344,064 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2005-01-28 17:44:28 335,872 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
- 2004-09-23 00:46:14 290,816 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2005-01-28 17:44:28 290,816 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
- 2004-09-23 00:46:14 150,016 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2005-01-28 17:44:28 150,016 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
- 2004-09-23 00:46:16 1,027,072 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2005-01-28 17:44:28 1,027,072 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
- 2004-09-23 00:46:26 1,116,160 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2005-01-28 17:44:28 1,119,744 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
- 2004-09-23 00:46:30 936,960 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2005-01-28 17:44:28 940,544 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
- 2004-09-23 00:46:32 1,509,376 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2005-01-28 17:44:28 1,512,448 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
- 2004-09-23 00:46:32 2,362,104 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2005-01-28 17:44:28 2,370,296 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
- 2004-09-23 00:46:34 999,424 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2005-01-28 17:44:28 1,003,008 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
- 2004-09-23 00:45:38 233,472 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2005-01-28 17:44:28 294,912 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
- 2004-09-23 00:45:42 253,688 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2005-01-28 17:44:28 258,296 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
- 2004-09-23 00:45:42 95,232 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
- 2004-09-23 00:45:42 527,360 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2005-01-28 17:44:28 502,272 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
- 2004-09-23 00:45:52 141,312 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2005-01-28 17:44:28 142,336 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2006-10-04 08:48:36 72,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\magnify.exe
+ 2006-10-04 08:48:36 53,760 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\narrator.exe
Part 4:
+ 2006-10-04 08:48:37 215,552 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\osk.exe
+ 2006-10-04 13:33:38 35,840 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\umandlg.dll
+ 2006-10-04 08:48:37 50,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\utilman.exe
+ 2006-10-04 10:40:05 72,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\magnify.exe
+ 2006-10-04 10:40:06 53,760 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\narrator.exe
+ 2006-10-04 10:40:06 215,552 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\osk.exe
+ 2006-10-04 14:05:57 35,840 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\umandlg.dll
+ 2006-10-04 10:40:06 50,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\utilman.exe
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\updspapi.dll
+ 2007-03-23 00:54:06 35,840 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\filterpipelineprintproc.dll
+ 2007-03-23 00:53:16 746,496 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\mxdwdrv.dll
+ 2007-03-23 00:59:24 2,932,224 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\xpssvcs.dll
+ 2007-03-23 00:24:58 28,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\filterpipelineprintproc.dll
+ 2007-03-23 00:24:58 28,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\filterpipelineprintproc.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\mxdwdrv.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\xpssvcs.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\mxdwdrv.dll
+ 2007-03-23 00:24:34 131,584 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\mxdwdui.dll
+ 2007-03-23 00:25:42 677,376 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\printfilterpipelinesvc.exe
+ 2007-03-23 00:25:02 124,928 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\prntvpt.dll
+ 2006-06-29 17:07:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spmsg2.dll
+ 2006-06-29 17:07:36 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spuninst.exe
+ 2006-06-29 17:07:36 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spupdsvc.exe
+ 2007-03-23 00:24:06 376,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unidrv.dll
+ 2007-03-23 01:03:54 749,568 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unidrvui.dll
+ 2007-03-23 01:03:58 761,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unires.dll
+ 2006-06-29 17:07:36 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\spcustom.dll
+ 2006-06-29 17:07:36 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\update.exe
+ 2006-06-29 17:07:36 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\updspapi.dll
+ 2007-03-23 10:07:54 583,504 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\xpsshhdr.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\xpssvcs.dll
+ 2006-10-14 21:13:02 34,304 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\filterpipelineprintproc.dll
+ 2006-10-14 21:12:14 737,792 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\mxdwdrv.dll
+ 2006-10-15 00:09:04 2,946,304 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\xpssvcs.dll
+ 2006-10-14 20:43:18 27,648 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\filterpipelineprintproc.dll
+ 2006-10-14 20:43:18 27,648 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\filterpipelineprintproc.dll
+ 2006-10-14 20:43:18 751,104 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\mxdwdrv.dll
+ 2006-10-15 00:22:00 1,698,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\xpssvcs.dll
+ 2006-10-14 20:43:18 751,104 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\mxdwdrv.dll
+ 2006-10-14 20:42:40 131,584 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\mxdwdui.dll
+ 2006-10-14 20:44:44 671,744 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\printfilterpipelinesvc.exe
+ 2006-10-14 20:43:38 124,416 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\prntvpt.dll
+ 2006-06-29 17:07:36 14,048 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spmsg2.dll
+ 2006-06-29 17:07:36 213,216 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spuninst.exe
+ 2006-06-29 17:07:36 22,752 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spupdsvc.exe
+ 2006-10-14 20:42:18 376,320 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unidrv.dll
+ 2006-10-14 20:42:28 510,464 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unidrvui.dll
+ 2006-10-14 20:40:36 619,008 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unires.dll
+ 2006-06-29 17:07:36 22,752 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\spcustom.dll
+ 2006-06-29 17:07:36 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\update.exe
+ 2006-06-29 17:07:36 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\updspapi.dll
+ 2006-10-15 00:21:58 580,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\xpsshhdr.dll
+ 2006-10-15 00:22:00 1,698,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\xpssvcs.dll
+ 2005-06-28 14:20:24 13,536 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spmsg.dll
+ 2005-06-28 14:23:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spuninst.exe
+ 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spupdsvc.exe
+ 2005-06-28 14:24:52 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\update.exe
+ 2005-06-28 14:23:54 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\updspapi.dll
+ 2007-06-12 03:51:12 10,834,944 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\wmp.dll
+ 2006-11-13 06:02:58 116,736 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\lhmstsc.exe
+ 2006-11-13 06:02:58 1,866,240 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\lhmstscx.dll
+ 2006-11-13 06:02:58 288,768 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tscuinst.vbs
+ 2006-11-13 06:02:58 36,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tsgqec.dll
+ 2006-11-13 06:02:15 116,736 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\lhmstsc.exe
+ 2006-11-13 06:02:15 1,866,240 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\lhmstscx.dll
+ 2006-11-13 06:02:15 288,768 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tscuinst.vbs
+ 2006-11-13 06:02:15 36,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tsgqec.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\spcustom.dll
+ 2006-11-13 06:02:58 38,400 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\tscupdatecustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\updspapi.dll
+ 2006-10-11 16:24:45 153,088 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2p.dll
+ 2006-10-11 16:24:45 104,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pgasvc.dll
+ 2006-10-11 16:24:45 313,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pgraph.dll
+ 2006-10-11 16:24:45 116,224 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pnetsh.dll
+ 2006-10-11 16:24:45 553,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2psvc.dll
+ 2006-10-11 16:24:45 58,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\pnrpnsp.dll
+ 2006-10-11 16:35:59 153,088 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2p.dll
+ 2006-10-11 16:35:59 104,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pgasvc.dll
+ 2006-10-11 16:35:59 313,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pgraph.dll
+ 2006-10-11 16:35:59 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pnetsh.dll
+ 2006-10-11 16:35:59 553,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2psvc.dll
+ 2006-10-11 16:35:59 58,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\pnrpnsp.dll
+ 2006-09-26 08:51:38 212,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\updspapi.dll
+ 2006-10-24 16:30:20 412,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\photometadatahandler.dll
+ 2006-10-16 20:10:58 14,640 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spmsg.dll
+ 2006-10-16 20:10:58 221,488 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spuninst.exe
+ 2006-10-16 20:10:58 23,856 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spupdsvc.exe
+ 2006-10-16 20:10:56 23,856 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\spcustom.dll
+ 2006-10-16 20:10:58 742,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\update.exe
+ 2006-10-16 20:10:58 379,184 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\updspapi.dll
+ 2006-10-24 16:30:06 716,288 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\windowscodecs.dll
+ 2006-10-24 16:29:50 352,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\windowscodecsext.dll
+ 2006-10-24 16:30:00 276,992 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\wmphoto.dll
+ 2005-06-28 14:20:24 13,536 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
+ 2005-06-28 14:23:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\unregmp2.exe
+ 2005-06-28 14:24:52 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\update.exe
+ 2005-06-28 14:23:54 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\updspapi.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\msscp.dll
+ 2005-06-28 14:20:24 13,536 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spmsg.dll
+ 2005-06-28 14:23:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spuninst.exe
+ 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spupdsvc.exe
+ 2005-06-28 14:24:52 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\update.exe
+ 2005-06-28 14:23:54 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\updspapi.dll
+ 2005-01-24 19:52:06 40,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\fsdkreboot.exe
+ 2004-11-18 14:41:18 13,536 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\spmsg.dll
+ 2004-11-18 14:44:50 209,632 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\spuninst.exe
+ 2004-11-18 14:42:52 22,752 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\spupdsvc.exe
+ 2004-11-18 14:46:32 717,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\update\update.exe
+ 2004-11-18 14:45:18 371,936 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\update\updspapi.dll
+ 2005-01-28 18:13:56 5,732,096 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\wmfdist95.exe
- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 01:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2001-01-22 09:25:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL
+ 2004-01-29 14:08:23 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL
- 2005-03-15 20:33:52 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
+ 2006-11-02 00:48:02 89,088 ----a-w C:\WINDOWS\system32\ATL71.DLL
- 2004-09-15 17:28:06 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-19 01:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2004-12-07 01:45:12 172,032 ------w C:\WINDOWS\system32\BCMLogon.dll
+ 2006-11-02 00:48:02 770,048 ----a-w C:\WINDOWS\system32\BCMLogon.dll
- 2004-12-07 01:45:12 872,556 ------w C:\WINDOWS\system32\BCMWLTRY.EXE
+ 2006-11-02 00:48:10 1,253,376 ----a-w C:\WINDOWS\system32\BCMWLTRY.EXE
- 2004-12-07 01:45:12 204,800 ------w C:\WINDOWS\system32\BCMWLU00.EXE
+ 2006-11-02 00:48:10 253,952 ----a-w C:\WINDOWS\system32\bcmwlu00.exe
- 2004-09-23 00:45:38 233,472 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 01:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-09-23 00:45:38 161,792 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 01:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-09-23 00:45:38 233,472 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 01:47:10 542,720 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2004-09-23 00:45:38 161,792 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-09-23 00:45:42 253,688 ----a-w C:\WINDOWS\system32\dllcache\drmclien.dll
+ 2005-01-28 17:44:28 258,296 ----a-w C:\WINDOWS\system32\dllcache\drmclien.dll
- 2004-09-23 00:45:42 95,232 ----a-w C:\WINDOWS\system32\dllcache\drmstor.dll
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\system32\dllcache\drmstor.dll
- 2004-09-23 00:45:42 527,360 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2007-03-23 00:24:58 28,160 ------w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
Part 5:
- 2004-09-23 00:45:44 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 01:47:14 11,264 ----a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-09-23 00:45:44 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 00:03:58 100,864 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-04 08:48:36 72,704 ------w C:\WINDOWS\system32\dllcache\magnify.exe
- 2004-09-15 17:27:52 344,064 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 01:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-09-23 00:45:52 141,312 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-09-23 00:45:54 25,088 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 01:47:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-09-23 00:45:54 169,472 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 01:47:16 175,616 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2004-09-23 00:45:56 360,176 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2004-09-23 00:45:56 311,296 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 01:47:16 321,536 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-04 08:48:36 53,760 ------w C:\WINDOWS\system32\dllcache\narrator.exe
+ 2006-10-04 08:48:37 215,552 ------w C:\WINDOWS\system32\dllcache\osk.exe
+ 2006-10-11 16:24:45 153,088 ------w C:\WINDOWS\system32\dllcache\p2p.dll
+ 2006-10-11 16:24:45 104,960 ------w C:\WINDOWS\system32\dllcache\p2pgasvc.dll
+ 2006-10-11 16:24:45 313,344 ------w C:\WINDOWS\system32\dllcache\p2pgraph.dll
+ 2006-10-11 16:24:45 116,224 ------w C:\WINDOWS\system32\dllcache\p2pnetsh.dll
+ 2006-10-11 16:24:45 553,984 ------w C:\WINDOWS\system32\dllcache\p2psvc.dll
+ 2006-10-11 16:24:45 58,880 ------w C:\WINDOWS\system32\dllcache\pnrpnsp.dll
+ 2007-03-23 00:25:42 677,376 ------w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
- 2004-09-23 00:46:02 221,184 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 01:47:18 211,456 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-09-23 00:46:04 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-01 22:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-10-04 13:33:38 35,840 ------w C:\WINDOWS\system32\dllcache\umandlg.dll
- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2006-10-04 08:48:37 50,176 ------w C:\WINDOWS\system32\dllcache\utilman.exe
- 2004-09-23 00:46:10 380,144 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 ----a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-09-23 00:46:10 712,704 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 ----a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2004-09-23 00:46:12 229,376 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-19 01:47:18 222,208 ----a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2004-09-23 00:46:12 30,208 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 01:47:18 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-09-23 00:46:12 34,304 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 01:47:18 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 01:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2004-09-23 00:46:14 150,016 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 01:47:20 157,184 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-09-23 00:46:16 1,027,072 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 01:47:20 937,984 ----a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-09-15 17:28:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 01:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-09-15 17:28:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 01:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-09-23 00:46:26 773,368 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-09-23 00:46:26 1,116,160 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-09-23 00:46:30 531,192 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-09-23 00:46:30 936,960 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 01:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-09-23 00:46:34 871,160 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-09-23 00:46:34 999,424 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
+ 2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\dllcache\XpsSvcs.dll
- 2004-12-07 02:09:58 369,024 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS
+ 2006-10-13 03:28:42 604,928 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS
- 2004-06-18 01:55:38 685,056 ----a-w C:\WINDOWS\system32\drivers\HSF_CNXT.sys
+ 2005-05-03 19:08:44 705,408 ----a-w C:\WINDOWS\system32\drivers\HSF_CNXT.sys
+ 2005-05-03 19:09:28 1,033,728 ----a-w C:\WINDOWS\system32\drivers\HSF_DPV.SYS
- 2004-06-18 01:57:02 200,064 ----a-w C:\WINDOWS\system32\drivers\HSFHWICH.sys
+ 2005-05-03 19:08:50 208,384 ----a-w C:\WINDOWS\system32\drivers\HSFHWICH.sys
- 2005-02-15 20:02:58 804,317 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
+ 2005-10-14 19:15:18 1,302,812 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
+ 2007-07-19 19:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2004-03-17 23:04:14 13,059 ----a-w C:\WINDOWS\system32\drivers\mdmxsdk.sys
+ 2004-03-17 16:04:14 13,059 ----a-w C:\WINDOWS\system32\drivers\mdmxsdk.sys
+ 2006-10-19 01:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2004-09-23 00:46:38 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 00:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 22:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 23:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
- 2004-09-23 00:45:42 253,688 ----a-w C:\WINDOWS\system32\drmclien.dll
+ 2005-01-28 17:44:28 258,296 ----a-w C:\WINDOWS\system32\drmclien.dll
- 2004-09-23 00:45:42 95,232 ----a-w C:\WINDOWS\system32\drmstor.dll
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\system32\drmstor.dll
+ 2006-10-19 00:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-09-23 00:45:42 527,360 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-21 01:29:46 69,408 ----a-w C:\WINDOWS\system32\dxva2.dll
+ 2006-10-21 01:30:00 478,496 ----a-w C:\WINDOWS\system32\evr.dll
- 1999-10-18 01:01:42 1,129,232 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2003-09-25 16:07:00 1,139,472 ----a-w C:\WINDOWS\system32\FM20.DLL
- 1999-10-18 01:01:16 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2003-08-18 18:26:32 25,872 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2007-07-28 02:58:54 254,272 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-10-13 02:08:24 257,456 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2005-02-15 20:02:56 118,784 ----a-w C:\WINDOWS\system32\hccutils.dll
+ 2005-10-14 18:45:22 73,728 ----a-w C:\WINDOWS\system32\hccutils.dll
- 2005-02-15 20:02:56 126,976 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2005-10-14 18:46:34 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2005-02-23 19:02:10 42,858 ----a-w C:\WINDOWS\system32\hsfci014.dll
+ 2005-10-14 19:06:54 61,440 ----a-w C:\WINDOWS\system32\iAlmCoIn_v4410.dll
- 2005-02-15 20:02:58 878,651 ----a-w C:\WINDOWS\system32\ialmdd5.dll
+ 2005-10-14 19:14:16 901,242 ----a-w C:\WINDOWS\system32\ialmdd5.dll
- 2005-02-15 20:02:58 178,779 ----a-w C:\WINDOWS\system32\ialmdev5.dll
+ 2005-10-14 19:06:40 213,274 ----a-w C:\WINDOWS\system32\ialmdev5.dll
- 2005-02-15 20:02:58 108,092 ----a-w C:\WINDOWS\system32\ialmdnt5.dll
+ 2005-10-14 19:06:52 118,395 ----a-w C:\WINDOWS\system32\ialmdnt5.dll
- 2005-02-15 20:02:58 49,152 ----a-w C:\WINDOWS\system32\ialmrem.dll
+ 2005-10-14 19:06:54 49,152 ----a-w C:\WINDOWS\system32\ialmrem.dll
- 2005-02-15 20:02:58 37,951 ----a-w C:\WINDOWS\system32\ialmrnt5.dll
+ 2005-10-14 19:06:58 36,990 ----a-w C:\WINDOWS\system32\ialmrnt5.dll
+ 2005-10-14 18:51:06 40,960 ----a-w C:\WINDOWS\system32\ialmuARA.dll
+ 2005-10-14 18:51:06 40,960 ----a-w C:\WINDOWS\system32\ialmuARB.dll
+ 2005-10-14 18:51:06 40,960 ----a-w C:\WINDOWS\system32\ialmuCHS.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuCHT.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuCSY.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuDAN.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuDEU.dll
+ 2005-10-14 18:51:06 114,688 ----a-w C:\WINDOWS\system32\ialmudlg.exe
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuELL.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuENG.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuESP.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuFIN.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuFRA.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuFRC.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuHEB.dll
+ 2005-10-14 18:51:14 40,960 ----a-w C:\WINDOWS\system32\ialmuHUN.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuITA.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuJPN.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuKOR.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuNLD.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuNOR.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuPLK.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuPTB.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuPTG.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuRUS.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuSVE.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuTHA.dll
+ 2005-10-14 18:51:14 40,960 ----a-w C:\WINDOWS\system32\ialmuTRK.dll
+ 2006-10-30 07:33:58 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe
+ 2006-10-30 07:33:58 9,480 ----a-w C:\WINDOWS\system32\icardres.dll
- 2005-02-15 20:02:58 503,808 ----a-w C:\WINDOWS\system32\igfxcfg.exe
+ 2005-10-14 18:49:08 446,464 ----a-w C:\WINDOWS\system32\igfxcfg.exe
- 2005-02-15 20:02:58 139,264 ----a-w C:\WINDOWS\system32\igfxdev.dll
+ 2005-10-14 18:45:38 135,168 ----a-w C:\WINDOWS\system32\igfxdev.dll
- 2005-02-15 20:02:58 86,016 ----a-w C:\WINDOWS\system32\igfxdo.dll
+ 2005-10-14 18:46:38 86,016 ----a-w C:\WINDOWS\system32\igfxdo.dll
- 2005-02-15 20:02:58 36,864 ----a-w C:\WINDOWS\system32\igfxexps.dll
+ 2005-10-14 18:50:24 40,960 ----a-w C:\WINDOWS\system32\igfxexps.dll
- 2005-02-15 20:02:58 106,496 ----a-w C:\WINDOWS\system32\igfxext.exe
+ 2005-10-14 18:50:22 94,208 ----a-w C:\WINDOWS\system32\igfxext.exe
+ 2005-10-14 18:50:30 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
- 2005-02-15 20:02:58 225,280 ----a-w C:\WINDOWS\system32\igfxpph.dll
+ 2005-10-14 18:49:30 147,456 ----a-w C:\WINDOWS\system32\igfxpph.dll
- 2005-02-15 20:02:58 1,245,184 ----a-w C:\WINDOWS\system32\igfxress.dll
+ 2005-10-14 18:49:36 1,503,232 ----a-w C:\WINDOWS\system32\igfxress.dll
- 2005-02-15 20:02:58 348,160 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
+ 2005-10-14 18:46:28 57,344 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
+ 2005-10-14 18:46:24 159,744 ----a-w C:\WINDOWS\system32\igfxsrvc.exe
- 2005-02-15 20:02:58 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
+ 2005-10-14 18:49:46 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
- 2005-02-15 20:02:58 114,688 ----a-w C:\WINDOWS\system32\igfxzoom.exe
+ 2005-10-14 18:50:16 114,688 ----a-w C:\WINDOWS\system32\igfxzoom.exe
+ 2005-10-14 18:59:00 524,288 ----a-w C:\WINDOWS\system32\igldev32.dll
+ 2005-10-14 18:57:06 2,310,144 ----a-w C:\WINDOWS\system32\iglicd32.dll
+ 2006-10-30 07:33:58 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll
- 2004-09-23 00:45:44 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 01:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
+ 2007-09-06 20:13:58 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2004-09-23 00:45:44 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 00:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
- 2004-08-04 10:00:00 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
+ 2006-10-04 08:48:36 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
- 2004-09-01 16:56:46 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2006-11-02 00:48:12 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.DLL
+ 2006-10-19 01:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-21 01:30:06 1,980,704 ----a-w C:\WINDOWS\system32\milcore.dll
+ 2006-10-19 01:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 10:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 01:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 10:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 01:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 10:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 19:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2004-09-23 00:45:52 141,312 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-09-23 00:45:54 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 01:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-09-23 00:45:54 169,472 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 01:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2004-09-23 00:45:56 360,176 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-08-04 10:00:00 407,552 ----a-w C:\WINDOWS\system32\mstsc.exe
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\system32\mstsc.exe
- 2004-08-04 10:00:00 655,360 ----a-w C:\WINDOWS\system32\mstscax.dll
+ 2006-11-13 06:02:58 1,866,240 ----a-w C:\WINDOWS\system32\mstscax.dll
- 2004-09-23 00:45:56 311,296 ----a-w C:\WINDOWS\system32\MSWMDM.dll
Part 6:
+ 2006-10-19 01:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2007-05-15 19:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2006-10-19 17:33:20 86,728 ----a-w C:\WINDOWS\system32\msxml6r.dll
- 2004-08-04 10:00:00 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2006-10-04 08:48:36 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
- 2005-02-15 20:02:58 69,632 ----a-w C:\WINDOWS\system32\oemdspif.dll
+ 2005-10-14 18:50:34 53,248 ----a-w C:\WINDOWS\system32\oemdspif.dll
- 2004-08-04 10:00:00 215,552 ----a-w C:\WINDOWS\system32\osk.exe
+ 2006-10-04 08:48:37 215,552 ----a-w C:\WINDOWS\system32\osk.exe
- 2004-08-04 10:00:00 116,224 ----a-w C:\WINDOWS\system32\p2p.dll
+ 2006-10-11 16:24:45 153,088 ----a-w C:\WINDOWS\system32\p2p.dll
- 2004-08-04 10:00:00 86,016 ----a-w C:\WINDOWS\system32\p2pgasvc.dll
+ 2006-10-11 16:24:45 104,960 ----a-w C:\WINDOWS\system32\p2pgasvc.dll
- 2004-08-04 10:00:00 312,320 ----a-w C:\WINDOWS\system32\p2pgraph.dll
+ 2006-10-11 16:24:45 313,344 ----a-w C:\WINDOWS\system32\p2pgraph.dll
- 2004-08-04 10:00:00 88,064 ----a-w C:\WINDOWS\system32\p2pnetsh.dll
+ 2006-10-11 16:24:45 116,224 ----a-w C:\WINDOWS\system32\p2pnetsh.dll
- 2004-08-04 10:00:00 526,848 ----a-w C:\WINDOWS\system32\p2psvc.dll
+ 2006-10-11 16:24:45 553,984 ----a-w C:\WINDOWS\system32\p2psvc.dll
- 2007-10-11 22:23:19 63,418 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-13 02:05:37 71,198 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-11 22:23:20 402,974 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-13 02:05:37 438,270 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-24 16:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll
- 2004-08-04 10:00:00 48,640 ----a-w C:\WINDOWS\system32\pnrpnsp.dll
+ 2006-10-11 16:24:45 58,880 ----a-w C:\WINDOWS\system32\pnrpnsp.dll
+ 2006-10-19 01:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 01:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 01:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 01:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 01:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
+ 2006-10-21 01:29:52 104,224 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-21 01:29:58 344,352 ----a-w C:\WINDOWS\system32\PresentationHost.exe
+ 2006-10-21 01:29:46 20,768 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
+ 2006-10-21 01:30:02 769,312 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
+ 2007-03-23 00:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
- 2004-09-23 00:46:02 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-19 01:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2004-06-18 01:55:38 685,056 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSF_CNXT.sys
+ 2004-06-18 01:55:04 1,041,536 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSF_DP.sys
+ 2004-06-17 01:23:00 33,818 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSFCI010.dll
+ 2004-06-18 01:57:02 200,064 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSFHWICH.sys
+ 2004-03-13 03:20:44 536,576 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HXFSetup.exe
+ 2004-03-17 23:00:32 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\mdmxsdk.dll
+ 2004-03-17 23:04:14 13,059 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\mdmxsdk.sys
+ 2005-02-15 20:02:56 118,784 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\hccutils.dll
+ 2005-02-15 20:02:56 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\hkcmd.exe
+ 2005-02-15 20:02:56 61,440 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\iAlmCoIn.dll
+ 2005-02-15 20:02:58 878,651 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmdd5.dll
+ 2005-02-15 20:02:58 178,779 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmdev5.dll
+ 2005-02-15 20:02:58 108,092 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmdnt5.dll
+ 2005-02-15 20:02:58 516,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmgdev.dll
+ 2005-02-15 20:02:58 2,289,664 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmgicd.dll
+ 2005-02-15 20:02:58 804,317 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmnt5.sys
+ 2005-02-15 20:02:58 49,152 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmrem.dll
+ 2005-02-15 20:02:58 37,951 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmrnt5.dll
+ 2005-02-15 20:02:58 503,808 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxcfg.exe
+ 2005-02-15 20:02:58 139,264 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdev.dll
+ 2005-02-15 20:02:58 45,056 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdgps.dll
+ 2005-02-15 20:02:58 151,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdiag.exe
+ 2005-02-15 20:02:58 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdo.dll
+ 2005-02-15 20:02:58 225,280 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxeud.dll
+ 2005-02-15 20:02:58 36,864 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxexps.dll
+ 2005-02-15 20:02:58 106,496 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxext.exe
+ 2005-02-15 20:02:58 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxhk.dll
+ 2005-02-15 20:02:58 225,280 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxpph.dll
+ 2005-02-15 20:02:58 1,245,184 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxress.dll
+ 2005-02-15 20:02:58 348,160 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxsrvc.dll
+ 2005-02-15 20:02:58 155,648 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxtray.exe
+ 2005-02-15 20:02:58 114,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxzoom.exe
+ 2005-02-15 20:02:58 69,632 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\oemdspif.dll
+ 2005-02-15 20:02:56 118,784 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\hccutils.dll
+ 2005-02-15 20:02:56 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\hkcmd.exe
+ 2005-02-15 20:02:56 61,440 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iAlmCoIn.dll
+ 2005-02-15 20:02:58 878,651 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmdd5.dll
+ 2005-02-15 20:02:58 178,779 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmdev5.dll
+ 2005-02-15 20:02:58 108,092 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmdnt5.dll
+ 2005-02-15 20:02:58 516,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmgdev.dll
+ 2005-02-15 20:02:58 2,289,664 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmgicd.dll
+ 2005-10-14 19:15:18 1,302,812 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmnt5.sys
+ 2005-10-14 19:06:54 49,152 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmrem.dll
+ 2005-02-15 20:02:58 37,951 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmrnt5.dll
+ 2005-10-14 18:49:08 446,464 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxcfg.exe
+ 2005-02-15 20:02:58 139,264 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxdev.dll
+ 2005-10-14 18:46:38 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxdo.dll
+ 2005-10-14 18:50:24 40,960 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxexps.dll
+ 2005-10-14 18:50:22 94,208 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxext.exe
+ 2005-02-15 20:02:58 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxhk.dll
+ 2005-10-14 18:49:30 147,456 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxpph.dll
+ 2005-02-15 20:02:58 1,245,184 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxress.dll
+ 2005-02-15 20:02:58 348,160 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxsrvc.dll
+ 2005-10-14 18:49:46 94,208 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxtray.exe
+ 2005-10-14 18:50:16 114,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxzoom.exe
+ 2005-10-14 18:50:34 53,248 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\oemdspif.dll
+ 2004-12-07 02:09:58 369,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\BCMWL5.SYS
+ 2006-08-24 20:15:06 150,808 ----a-w C:\WINDOWS\system32\rgb9rast_2.dll
- 2006-12-10 18:10:02 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-16 20:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2007-03-23 00:24:34 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
- 2004-08-04 05:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2007-03-23 00:24:06 376,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
- 2004-08-04 05:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2007-03-23 01:03:54 749,568 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
- 2004-08-04 05:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2007-03-23 01:03:58 761,344 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2006-10-14 20:43:18 27,648 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2007-03-23 00:25:42 677,376 ------w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2006-10-14 21:13:02 34,304 ----a-w C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2007-03-23 00:53:16 746,496 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2007-03-23 00:59:24 2,932,224 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2007-03-23 00:53:16 746,496 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2007-03-23 00:59:24 2,932,224 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-16 20:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2006-11-29 21:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2007-10-13 18:27:17 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 09:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2007-10-13 18:27:17 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-10-21 01:29:54 159,008 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
- 2004-08-04 10:00:00 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
+ 2006-10-04 13:33:38 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
- 2004-08-04 10:00:00 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2006-10-04 08:48:37 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
- 2004-09-23 00:46:10 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 01:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2007-09-06 20:14:04 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-09-06 20:14:28 395,080 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-09-06 20:14:04 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-09-06 20:14:04 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-09-06 20:14:04 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-09-06 20:14:04 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-09-06 20:14:06 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-09-06 20:14:06 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2007-09-06 20:14:06 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2004-09-23 00:46:10 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 01:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2004-09-23 00:46:10 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 01:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-24 16:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll
+ 2006-10-24 16:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll
- 2004-12-07 01:45:14 696,425 ------w C:\WINDOWS\system32\WLTRAY.EXE
+ 2006-11-02 00:48:12 1,392,640 ----a-w C:\WINDOWS\system32\WLTRAY.EXE
- 2004-12-07 01:45:14 81,920 ------w C:\WINDOWS\system32\wltrynt.dll
+ 2006-11-02 00:48:12 44,032 ----a-w C:\WINDOWS\system32\wltrynt.dll
- 2004-12-07 01:45:14 65,536 ------w C:\WINDOWS\system32\WLTRYSVC.EXE
+ 2006-11-02 00:48:12 20,480 ----a-w C:\WINDOWS\system32\WLTRYSVC.EXE
- 2004-09-23 00:46:10 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-09-23 00:46:10 712,704 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2004-09-23 00:46:12 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-19 01:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
- 2004-09-23 00:46:12 30,208 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 01:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-09-23 00:46:12 34,304 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 01:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2004-09-23 00:46:12 344,064 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 01:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2004-09-23 00:46:14 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 01:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 01:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 01:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-09-23 00:46:14 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 01:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-09-23 00:46:16 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 01:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 12:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 03:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2004-09-15 17:28:00 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 01:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-24 16:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll
- 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 01:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 01:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 01:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-09-15 17:28:00 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 01:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-09-23 00:46:26 773,368 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-09-23 00:46:26 1,116,160 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-09-23 00:46:30 531,192 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-09-23 00:46:30 936,960 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2004-09-23 00:46:32 1,181,944 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2004-09-23 00:46:32 1,509,376 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 01:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 01:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-09-23 00:46:34 871,160 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-09-23 00:46:34 999,424 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 01:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
Part 7:
+ 2006-10-19 01:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 01:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2004-09-23 00:46:38 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 01:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2004-09-23 00:46:36 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 01:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2004-09-23 00:46:36 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 01:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2004-09-23 00:46:36 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
+ 2005-01-28 17:44:28 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
- 2004-09-23 00:46:36 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 00:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 01:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 01:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2004-09-23 00:46:36 327,680 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 01:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
- 2004-09-23 00:46:38 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
+ 2005-01-28 17:44:28 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
+ 2006-09-29 00:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 22:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 22:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 22:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 22:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
+ 2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
+ 2006-10-21 01:29:54 304,928 ----a-w C:\WINDOWS\system32\XPSViewer\XPSViewer.exe
+ 2007-09-06 20:14:06 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-09-06 20:14:08 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2007-09-06 20:13:56 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-31 04:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 18:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 04:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 04:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 04:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 04:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-07-19 19:10:32 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
+ 2007-07-19 19:10:32 186,128 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
+ 2007-05-31 04:03:48 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
+ 2007-07-19 19:10:28 127,768 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
+ 2007-05-31 04:03:50 45,056 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
+ 2006-09-20 03:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-08-24 23:31:48 274,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 22:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-31 04:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 04:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 04:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 04:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-08-24 23:31:48 135,168 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 22:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-09-06 20:13:56 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 16:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2007-09-06 20:13:58 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-09-06 20:13:58 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-09-06 20:13:58 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-09-06 20:14:30 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2007-09-06 20:14:30 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2007-09-06 20:14:30 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-09-06 20:14:32 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-09-06 20:14:32 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-09-06 20:15:50 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-09-06 20:15:52 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-08-15 19:45:42 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-08-15 19:45:44 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-09-06 20:14:00 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-01-11 15:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-08-15 19:45:44 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-06-11 16:44:10 50,416 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-09-06 20:14:02 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-09-06 20:15:52 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-09-06 20:15:54 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-05 00:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-08-01 10:30:04 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-09-06 20:14:18 149,032 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 21:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-09-06 20:14:04 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-09-06 20:14:04 79,336 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-09-06 20:14:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-09-06 20:14:04 2,024,936 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2007-09-06 20:14:06 1,345,000 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-09-06 20:14:06 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-01-11 15:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2007-09-06 20:14:08 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-09-06 20:14:08 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-09-06 20:14:08 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-09-06 20:14:08 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SmcService"="C:\PROGRA~1\Sygate\SPF\Smc.exe" [2003-01-21 15:55]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 10:38]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" []
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"AOL Music Now"="C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe" []
"findfast"="C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-11 00:41]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 20:48]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"findfast"="C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll, xlibgfl254.dll, append.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AOL ACS"=2 (0x2)
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 22:53:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-13 22:54:16
C:\ComboFix2.txt ... 2007-10-13 19:28
C:\ComboFix3.txt ... 2007-10-12 21:26
.
--- E O F ---
shelf life
2007-10-14, 17:45
hi ginus,
ok good, thanks for the info. that host file must be part of spybot.(IE immunization) dont worry about it. it just prevents you from getting to malicious website.
smitfraud and combofix both deleted stuff this second time.
please post a new hjt log for a last look. do you use anything other than spybot as a antimalware scanner? dosnt hurt to use two.
shelf life
Thanks, shelflife.
I am only running Spybot as an antimalware scanner. Do you have a suggetion for an additional scanner I should be using? I thought they could sometimes interfere with eachother.
Here is the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:27 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOL Music Now] "C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe"
O4 - HKLM\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192246852328
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9543 bytes
I am getting the following error when going to the Windows Update site:
wupdmgr.exe - Bad Image
The application or DLL C:\Windows\System32\xlibgfl254.dll is not a valid Windows image. Please check this against your installation diskette.
Is this a remnant of one of the infections? I am able to get to the site and run updates.
ginus
shelf life
2007-10-14, 22:40
hi ginus,
I thought they could sometimes interfere with eachother.
two antimalware scanners is plenty. the problems that arise can be if both use real time protection, a component that runs in the background like spybots tea timer or Avg antispyware guard. having two running at the same time can cause conflicts. if both have a real time component you can disable the feature in one of the applications.
i like super antispyware:
http://www.superantispyware.com/
but there is also:
avg antispyware
http://free.grisoft.com/doc/avg-anti-spyware-free/lng/us/tpl/v5
lavasofts ad aware:
http://www.lavasoftusa.com/software/adaware
------------------------------------
ok the hjt log:
look in add/remove programs panel and uninstall anything like myway or my way search.
also you have two firewalls: sygate and zone alarm. only need one. you can uninstall one via the add/remove programs panel.
after the uninstall of the above please reboot computer once and post a new hjt log-
----------------------
for that .dll file we will use hjt to delete it:
Start Hijackthis, click the "open misc tools section" then the "delete a file on reboot..."
A new window will open. --Navigate to the file: C:\Windows\System32\xlibgfl254.dll and click on it once, and then click on the Open button.
You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button to reboot your computer
shelf life
Thanks, shelf life.
I installed the superantispyware.
Here is my latest HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:15 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOL Music Now] "C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe"
O4 - HKLM\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192246852328
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 9132 bytes
Thanks for the soon to come info on that dll.
shelf life
2007-10-15, 01:02
hi ginus,
your welcome, hows it all looking on that end now?
hjt log looks ok. we can make new restore points next if all is well.
shelf life
Hi shelf life.
The machine is acting fine now, but Superantispyware finds some trojans. It's not done running, but it has found 28 so far. Should I assume that these are relatively minor threats, let it do it's removal, and assume I'm good going forward?
Thanks again for your generous assistance.
shelf life
2007-10-15, 03:31
hi ginus,
ok good. lets see what it dug up: to post the log:
start superantispyware
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program
shelf life
Thanks, shelf life.
There were 28 threats and I pet the Superantispyware clean them. I hope that was ok. Here is the log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/14/2007 at 08:49 PM
Application Version : 3.9.1008
Core Rules Database Version : 3324
Trace Rules Database Version: 1325
Scan type : Quick Scan
Total Scan Time : 01:43:08
Memory items scanned : 401
Memory threats detected : 0
Registry items scanned : 893
Registry threats detected : 11
File items scanned : 56650
File threats detected : 17
Adware.Tracking Cookie
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@atdmt[1].txt
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@www.googleadservices[1].txt
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@msnportal.112.2o7[1].txt
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@data3.perf.overture[2].txt
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@tribalfusion[1].txt
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@revsci[2].txt
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@perf.overture[1].txt
Trojan.Anti-Virus Pro
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000\LogConf
C:\Program Files\Anti-Virus-Pro
Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\KAREN LINDBERG\APPLICATION DATA\ANTIVIRUS.EXE.VIR
Malware.DriveCleaner
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\KAREN LINDBERG\APPLICATION DATA\DRVCLEANER.EXE.VIR
Trojan.ErrorSafe
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\KAREN LINDBERG\APPLICATION DATA\ERRSAFER.EXE.VIR
Malware.SystemDoctor
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\KAREN LINDBERG\APPLICATION DATA\SYSDOCTOR.EXE.VIR
Trojan.Net-Explore/DND
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\KAREN LINDBERG\START MENU\PROGRAMS\STARTUP\INFO.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\EXPLORE.EXE.VIR
Trojan.Rootkit-SpamPoof
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KOOS.EXE.VIR
Trojan.Downloader-Gen/NoMultiTask
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VTR.DLL.VIR
Trojan.Downloader-XLIB
C:\WINDOWS\SYSTEM32\XLIBGFL254.DLL
I'm running an AVG virus scan, and it's found 9 threats so far. Sorry to keep this going on for so long when it seems that it is all taken care of.
Thanks for the help.
shelf life
2007-10-15, 11:56
hi ginus,
ok good. cookies arent really to much to be worried about and those items in C:\Qoobox are from the combofix quarantine folder. please run superantispyware once more and this time do a deep scan. there are two scan options a quick scan and another one, i think its called deep or complete scan, cant remember. chose the other this time, post the log and if it all looks ok i think we will be done.
shelf life
Thanks shelf life.
I'm running the scan right now. I assume it will take a while, so I'll post the results once it's done.
ginus
Hi shelf life.
Here are the scan results:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/15/2007 at 08:21 PM
Application Version : 3.9.1008
Core Rules Database Version : 3324
Trace Rules Database Version: 1325
Scan type : Complete Scan
Total Scan Time : 03:08:42
Memory items scanned : 387
Memory threats detected : 0
Registry items scanned : 6142
Registry threats detected : 7
File items scanned : 48318
File threats detected : 15
Trojan.Downloader-GLN
HKLM\Software\Classes\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}
HKCR\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}
HKCR\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}
HKCR\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}\InprocServer32
HKCR\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}\InprocServer32#ThreadingModel
HKCR\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}\ProgID
HKCR\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\GLN.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@msnportal.112.2o7[1].txt
Trojan.Net-AVP/AVT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP388\A0038291.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP388\A0038292.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP388\A0038293.EXE
Trojan.Downloader-Gen/NoMultiTask
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP388\A0038300.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP410\A0042393.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0043395.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP412\A0043429.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0051737.DLL
Malware.DriveCleaner
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP396\A0039339.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0051718.EXE
Trojan.ErrorSafe
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0051716.EXE
Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0051717.EXE
Malware.SystemDoctor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP428\A0053355.EXE
I let it remove what it found. Do you think I am good to go now?
shelf life
2007-10-16, 03:16
hi ginus,
ok good. yes i think you are good to go. all those in c:\system volume info are your restore points. we can delete all those and make new ones like this:
One of the features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is agood idea after malware is removed.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405
--------------------------------
see my link below for some prevention tips. happy safe surfing.
shelf life
Great.
I reset my restore point.
Thank you so much for all of your help and patience. I truly appreciate it!
ginus
shelf life
2007-10-18, 01:36
hi ginus,
glad to help. you can delete the combofix icon off the desktop and delete the the quarantine folder here:
C:\QOOBOX\QUARANTINE
otherwise any scanning will continue to detect whats in there as malware.
happy safe surfing out there.
shelf life