PDA

View Full Version : Oh do I have problems



ccogswel
2008-05-07, 20:06
Hi, I need help in a big way!
First I'm working on a friends computer. It has XP Home on it. Her son and one of his friends had used the computer to surf for some porn. Well now it has malware on it. Alot of it! I down loaded spybotS&D and updated it. I scan the computer. The first time I got 72 adware and spyware stuff. Hit the fix button and it removed some. When I scaned it again I got 59. Done one more scan got 22. Did one more scan and got 16. I tried doing a few more scans using safemode and allowing it to reboot and scan again and things keep coming back. Now I'm back to 22 things on it. I had read what to do before I post about doing a hjt and the online scan but there is so much popups and warnings that it slows it down to a stand still. Where I live I only have Dial up and that makes it worse. The problems are now when I get on the internet and I try to get into the forums it takes over and does a auto search for similier websites. Even if I use google it will not load the page. I can get to the down load mirror page that is in the history folder but when I click the support or the forums links it say page not found. I even tried to make the forums a home page but still no luck. If you could give me a idea on how to by pass this auto search that would be great! I even tried down loading the hjt to another computer and putting it on a disc but when I put it in the computer it just freezes up cause it is so over whelmed with all the stuff that is on it. The task manager has been disabled from this stuff and I can't even get into the registry unless it's in safe mode. But I don't know what to do in there so I leave it alone. I can run spybot again and type everything here so you can see what I'm dealing with or I can do this as well. There is more listed in the recovery then this. But I'll type what I can remember that is still coming up from repeated scans.

180Solutions.searchassistant
2020search
Alexa Related
Zeno Search
Coolwwwsearch.leftovers
Microsoft.Windows.Security.InternetExplorer
Microsoft.WindowsSecurityCenter.Registerytools
Microsoft.WindowsSecuritryCenter.TaskManager
SecondThought.STCLoader
Smitfraud-C.
Smitfraud-C.CoreService
Virtumonde
Virtumonde.dll
Win32.Bancos.zm
Yazzle
Zango

If you want me to I can do another scan and type everything out or if you any other idea to help me get that computer to access your forum to where I can down load the hjt and post. I don't think I can do the online scan as the popups and things slows it down so much. I can't remember how many times I tried to download the spybotS&D Saturday but when I finally did get it download all the way thru it took me over 4 hours to get. At one point it was downloading at 658 bytes. I do apologize for not being more organized and for not posting all you need but I need help as to what to do as I had done all I knew what to do. If you could be of any help I would appriecate it. I may have to just reformat the hard drive from the partion and start her over.
Thanks
Chris

Blade81
2008-05-08, 17:07
Hi Chris

What we need to see is a hjt log from the system. Online scan can be done a bit later :)

Download and install TrendMicro HijackThis (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe)
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

ccogswel
2008-05-08, 18:48
Hi Blade81. I want to say Thank You for taking the time to help me.

Ok. I was able to go into the msconfig in safe mode and turn everything off in the start up menu. Doing this must have helped some as I could not get the cd drive on this computer to work or down load anything to it before from a cd. Other wise I didn't know what I was going to do. I cannot get that computer to access the forums here. I can go anywhere else with it but here. I'm having to use two computers to get this done. I got that hjt scan done. Here is the results. I don't know if you needed it but I figured it wouldn't hurt but I got the review log from spybotS&D as well.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:09 AM, on 5/7/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F} - C:\WINDOWS\System32\jkkJdBtQ.dll
O2 - BHO: (no name) - {2d74354e-f0aa-4c33-8773-902843a9d9c3} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {52E20DB2-8ED5-4574-9856-52CD1FA342EC} - C:\WINDOWS\System32\vtUopPgh.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {6156A32A-C512-4e23-AA9A-2315F4265681} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A4931708-B577-4E71-80F5-43DCDB1036E8} - C:\WINDOWS\System32\ssqRLBRh.dll (file missing)
O2 - BHO: (no name) - {af860538-75c2-1abb-22e3-7089b10eac32} - (no file)
O2 - BHO: (no name) - {BFFE34A0-A767-87C9-1192-A28F07537295} - C:\WINDOWS\System32\dhb.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {F404D09E-95E5-4831-86FD-CA04CABDEE84} - (no file)
O2 - BHO: (no name) - {F4121D80-4F96-4DCD-BD16-24EA20E75036} - C:\WINDOWS\System32\ddcYoOgG.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [FastAccess Help] C:\Program Files\BellSouth Application Management\content\..\Start.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8260] command /c del "C:\Documents and Settings\Administrator\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2558] cmd /c del "C:\Documents and Settings\Administrator\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7567] command /c del "C:\Documents and Settings\Administrator\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3015] cmd /c del "C:\Documents and Settings\Administrator\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA603] command /c del "C:\Documents and Settings\elzabeth\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9203] cmd /c del "C:\Documents and Settings\elzabeth\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA689] command /c del "C:\Documents and Settings\elzabeth\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3624] cmd /c del "C:\Documents and Settings\elzabeth\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7216] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8149] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1486] command /c del "C:\WINDOWS\system32\beqerunn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8871] cmd /c del "C:\WINDOWS\system32\beqerunn.dll_old"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.forums.spybot.info
O20 - Winlogon Notify: jkkJdBtQ - C:\WINDOWS\SYSTEM32\jkkJdBtQ.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7875 bytes


03.05.2008 01:04:44 - ##### check started #####
03.05.2008 01:04:44 - ### Version: 1.5.2
03.05.2008 01:04:44 - ### Date: 5/3/2008 1:04:44 AM
03.05.2008 01:04:45 - ##### checking bots #####
03.05.2008 01:04:45 - found: webHancer Program directory
03.05.2008 01:05:01 - found: Zango Browser helper object
03.05.2008 01:06:01 - found: 180Solutions.SearchAssistant Library
03.05.2008 01:06:01 - found: 180Solutions.SearchAssistant Executable
03.05.2008 01:06:01 - found: 180Solutions.SearchAssistant Browser helper object
03.05.2008 01:06:01 - found: 2020Search Library
03.05.2008 01:06:01 - found: 2020Search Library
03.05.2008 01:06:01 - found: 2020Search Browser helper object
03.05.2008 01:06:58 - found: CoolWWWSearch.Leftovers Library
03.05.2008 01:13:00 - found: Clickspring.OuterInfo Program group
03.05.2008 01:13:00 - found: Clickspring.OuterInfo Link
03.05.2008 01:13:00 - found: Clickspring.OuterInfo Link
03.05.2008 01:13:01 - found: Clickspring.OuterInfo Text file
03.05.2008 01:13:01 - found: Clickspring.OuterInfo Program directory
03.05.2008 01:13:01 - found: Clickspring.OuterInfo Data
03.05.2008 01:13:01 - found: Clickspring.OuterInfo Program directory
03.05.2008 01:13:01 - found: Clickspring.OuterInfo Installer
03.05.2008 01:13:04 - found: Command Service Executable
03.05.2008 01:13:04 - found: Command Service Library
03.05.2008 01:13:04 - found: Command Service Library
03.05.2008 01:14:14 - found: Fraud.XPAntivirus Program directory
03.05.2008 01:14:15 - found: Fraud.XPAntivirus Program directory
03.05.2008 01:14:15 - found: Fraud.XPAntivirus Link
03.05.2008 01:14:15 - found: Fraud.XPAntivirus Link
03.05.2008 01:14:15 - found: Fraud.XPAntivirus Link
03.05.2008 01:14:15 - found: Fraud.XPAntivirus Link
03.05.2008 01:14:15 - found: Fraud.XPAntivirus Program directory
03.05.2008 01:20:29 - found: ZenoSearch Text file
03.05.2008 01:20:29 - found: ZenoSearch Text file
03.05.2008 01:22:52 - found: Smitfraud-C. Executable
03.05.2008 01:23:11 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:58 - found: Smitfraud-C. Settings
03.05.2008 01:29:46 - found: Network Monitor Data
03.05.2008 01:29:46 - found: Network Monitor Program directory
03.05.2008 01:29:46 - found: Network Monitor Program directory
03.05.2008 01:30:21 - found: Yazzle Executable
03.05.2008 01:30:21 - found: Yazzle Executable
03.05.2008 01:32:20 - found: Microsoft.Windows.Security.InternetExplorer Settings
03.05.2008 01:32:21 - found: Microsoft.Windows.Security.InternetExplorer Settings
03.05.2008 01:32:21 - found: Microsoft.Windows.Security.InternetExplorer Settings
03.05.2008 01:32:21 - found: Microsoft.WindowsSecurityCenter.TaskManager Settings
03.05.2008 01:32:22 - found: Microsoft.WindowsSecurityCenter.RegistryTools Settings
03.05.2008 01:32:22 - found: Microsoft.WindowsSecurityCenter.TaskManager Settings
03.05.2008 01:32:29 - found: Alexa Related Link
03.05.2008 01:39:51 - found: SecondThought.STCLoader Executable
03.05.2008 01:41:57 - found: webHancer Program directory
03.05.2008 01:41:57 - found: webHancer Library
03.05.2008 01:41:58 - found: webHancer Text file
03.05.2008 01:41:58 - found: webHancer Interface
03.05.2008 01:41:58 - found: webHancer Type library
03.05.2008 01:41:58 - found: webHancer Global settings
03.05.2008 01:48:30 - found: Virtumonde User settings
03.05.2008 01:48:30 - found: Virtumonde Settings
03.05.2008 01:48:46 - found: Virtumonde Executable
03.05.2008 01:49:22 - found: Smitfraud-C.CoreService Data
03.05.2008 01:52:17 - found: Win32.Bancos.zm Text file
03.05.2008 01:53:49 - found: Win32.Small.azl Executable
03.05.2008 01:58:37 - found: Virtumonde.dll Library
03.05.2008 01:58:37 - found: Virtumonde.dll Library
03.05.2008 01:58:37 - found: Virtumonde.dll Library
03.05.2008 01:58:37 - found: Virtumonde.dll Library
03.05.2008 01:59:46 - found: Virtumonde.dll Browser helper object
03.05.2008 01:59:46 - found: Virtumonde.dll Class ID
03.05.2008 01:59:46 - found: Virtumonde.dll Browser helper object
03.05.2008 01:59:46 - found: Virtumonde.dll Class ID
03.05.2008 02:02:13 - ##### check finished #####

Blade81
2008-05-08, 19:05
Hi

First of all enable all msconfig entries you disabled. We'll get the bad ones off :)

After that disable Spybot's TeaTimer
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer


Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

Run ComboFix using these instructions:

1. Ensure that combofix.exe is on your desktop.
2. Make sure you save and close ALL open windows and programs that you are running in the taskbar as combofix will attempt to end all non-windows processes for a faster and more successful cleaning.

Click start > run > copy and paste:

%userprofile%\desktop\combofix.exe /killall

When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

ccogswel
2008-05-09, 04:20
Hi Blade81

I had been trying all day to download combofix. I had gotten it on the computer 3 times. But when I click combofix it does nothing. One time after I restarted the computer after it froze on me I had a new icon that said msdos combofix. It was a shortcut. Any way I'm at a loss. I can't get that computer to log onto any internet other then what it will allow. I have had trouble using the cd drive to download that combofix onto it. It keep coming up saying cyclic redundancy check then it would quit. I also noticed when I right click on the combofix icon and check properties on the infected computer it say's size 1.76mb(1,850,821) then size on disk is (1,851,392). When I check the uninfected computer I used to download the combofix with it say's size(1,850,821) and used (1,867,776). If this is the case I don't know what to do as I cannot get that computer to download nothing. Is there anything else you can think of. If I could get it to download from one of those links for that combofix I would have it made. I'll keep trying but to be honest with you I don't think I'll get anywhere. Hope you have some idea's. Right now I can think of one. Where's my sledge hammer. LOL

Blade81
2008-05-09, 07:45
Hi

It's normal that size on disk may have different values on different system. Anyway, let's clean something off first.



Download ATF (Atribune Temp File) CleanerŠ by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop. Then please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop as well. And I think it's best to get a fresh copy of ComboFix as well (thru one of those 3 links I posted above).


Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.


After that please try running ComboFix in safe mode. Post its report and a fresh hjt log.

ccogswel
2008-05-09, 22:04
Hi Blake81

Finally! Ihad worked all night. Found out that the cd drive was bad. Anyway I was able to get all that on this computer. In fact I'm using it right now to post. I know I'm not done yet but Thank You so much for the help so far. I ran that malware 4 times. I'll post each log for your to see. I had only one that it couldn't get rid of. You'll see it below. I also have this here that keeps coming up evertime the computer starts. (C:\WINDOWS\System32\qcpvlabq.dll It is also in the msconfig startup. I can take the check mark out but I want to see what you say first. Also with that first scan I done with malware I had forgot to turn everything that I had turned off and I the teatimer as well. The second log was done with fixes and the teatimer off and other startup's turned back on. Well here it goes.


Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 71594
Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 49
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 99

Memory Processes Infected:
c:\WINDOWS\winself.exe (Trojan.DNSChanger) -> Unloaded process successfully.
c:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\sockins32.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\system32\hgGyxXpN.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\jkkJdBtQ.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b534962-dd37-401a-b295-2de3c9bdc1d0} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1b534962-dd37-401a-b295-2de3c9bdc1d0} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bffe34a0-a767-87c9-1192-a28f07537295} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bffe34a0-a767-87c9-1192-a28f07537295} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkjdbtq (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebProxy (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMc39c56d2 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingA7216 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingC8149 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\wmsdkns.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyxxpn -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyxxpn -> Delete on reboot.

Folders Infected:
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\b1 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnVes06 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\n3 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wTMP (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\elzabeth\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\winself.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sockins32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\hgGyxXpN.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\NpXxyGgh.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\NpXxyGgh.ini2 (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\lfn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhb.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjwnw64m.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnVes06\pnVes061083.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\b1\cbwa3ui.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\n3\predircom3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wTMP\idevdpll.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\Program Files\ISM\ism.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive\qdrloader.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\QdrPack15.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP85\A0013128.old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013143.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013144.EXE (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013145.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013146.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013147.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013148.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013153.DLL (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013154.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013155.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP87\A0014825.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP89\A0015026.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP90\A0018298.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029093.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029102.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029114.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029124.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029128.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029144.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0030204.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0030205.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0030206.exe (Adware.Rotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0030209.exe (Adware.Rotator) -> Quarantined and deleted successfully.
C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\QdrModule15.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\kwdy.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\dicy.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\dicts.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\trgts.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Documents and Settings\elzabeth\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\elzabeth\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\clbdll.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\gkuruonf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\000070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\stcloader.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJdBtQ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.
C:\Documents and Settings\elzabeth\Start Menu\Programs\Startup\Deewoo.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\elzabeth\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.

Second Log

Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 72165
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.

Third Log


Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 72201
Time elapsed: 7 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.

Combo Fix Log

ComboFix 08-05-07.1 - amy 2008-05-09 12:22:01.1 - FAT32x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.170 [GMT -6:00]
Running from: C:\Documents and Settings\amy\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\usb80233.sys
C:\WINDOWS\system32\gatxytep.ini
C:\WINDOWS\system32\GgOoYcdd.ini
C:\WINDOWS\system32\GgOoYcdd.ini2
C:\WINDOWS\system32\hgPpoUtv.ini
C:\WINDOWS\system32\hgPpoUtv.ini2
C:\WINDOWS\system32\hRBLRqss.ini
C:\WINDOWS\system32\hRBLRqss.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mTCeOqru.ini
C:\WINDOWS\system32\mTCeOqru.ini2
C:\WINDOWS\system32\qbalvpcq.ini
C:\WINDOWS\system32\svnigukc.dll
C:\WINDOWS\wintst32.tmp
C:\WINDOWS\wnsxs~1
C:\WINDOWS\wnsxs~1\??rss.exe

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
hxxp://dna65.fastaccess.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Legacy_SZKG5
-------\Legacy_USB80233
-------\Service_usb80233


((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-09 12:02 . 2008-05-09 12:02 <DIR> d-------- C:\Documents and Settings\amy\Application Data\Malwarebytes
2008-05-09 11:42 . 2008-05-09 11:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-09 11:42 . 2008-05-09 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-09 11:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-09 11:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-07 16:56 . 2008-05-07 16:56 167,545 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-05-07 15:19 . 2008-05-07 15:19 2,112 --a------ C:\WINDOWS\system32\sqrddpbs.exe
2008-05-06 22:31 . 2008-05-06 22:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-06 09:06 . 2008-05-06 09:06 2,112 --a------ C:\WINDOWS\system32\tupnxxeg.exe
2008-05-05 07:49 . 2008-05-05 07:49 294 ---hs---- C:\WINDOWS\system32\bgpeikoh.ini
2008-05-03 19:06 . 2008-05-03 19:06 <DIR> d--hs---- C:\FOUND.003
2008-05-03 02:02 . 2008-05-07 16:52 2,302 --a------ C:\WINDOWS\wininit.ini
2008-05-03 01:03 . 2008-05-03 01:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 01:03 . 2008-05-03 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-02 11:03 . 2008-05-02 11:03 0 --a------ C:\WINDOWS\BMc39c56d2.xml
2008-05-02 09:18 . 2008-05-02 09:18 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-29 15:34 . 2008-04-29 15:34 <DIR> d--hs---- C:\FOUND.002
2008-04-29 10:48 . 2008-04-29 10:48 2 --a------ C:\WINDOWS\msoffice.ini
2008-04-29 10:14 . 2008-04-29 10:14 <DIR> d--hs---- C:\FOUND.001
2008-04-28 20:16 . 2008-04-28 20:16 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll.szcpf
2008-04-28 20:15 . 2008-04-28 20:16 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll.szcpf
2008-04-27 05:56 . 2002-09-24 04:07 183,488 --a------ C:\WINDOWS\system32\drivers\kgpfr2.cfg
2008-04-27 05:52 . 2008-04-27 05:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-27 05:50 . 2008-04-27 05:50 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-04-27 05:50 . 2008-04-27 05:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-27 05:24 . 2008-04-27 05:24 <DIR> d-------- C:\Program Files\Registry Defender Platinum
2008-04-27 04:56 . 2008-04-27 04:56 <DIR> d--hs---- C:\FOUND.000
2008-04-27 04:42 . 2008-04-27 04:42 57,546 --a------ C:\WINDOWS\promogif3.gif
2008-04-27 04:42 . 2008-04-27 04:42 24,351 --a------ C:\WINDOWS\promogif1.gif
2008-04-27 04:42 . 2008-04-27 04:42 24,066 --a------ C:\WINDOWS\promogif2.gif
2008-04-27 04:41 . 2008-04-27 04:41 578 --a------ C:\WINDOWS\index.html
2008-04-27 04:36 . 2008-04-27 04:36 400,945 --a------ C:\WINDOWS\system32\g37.exe
2008-04-27 04:36 . 2008-05-09 12:36 1,910 --a------ C:\WINDOWS\system32\default.htm
2008-04-27 04:30 . 2008-04-27 04:30 <DIR> d-------- C:\Temp\kvebs14
2008-04-27 04:28 . 2008-04-27 04:28 <DIR> d-------- C:\WINDOWS\YW15
2008-04-27 04:28 . 2008-04-27 04:28 298,317 --a------ C:\WINDOWS\system32\gside.exe
2008-04-27 04:28 . 2008-05-02 10:54 862 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-27 04:26 . 2008-04-27 04:26 <DIR> d-------- C:\Temp\zvebs14
2008-04-27 04:26 . 2008-04-27 04:26 <DIR> d-------- C:\Temp
2008-04-27 04:26 . 2001-08-18 12:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-27 04:25 . 2008-04-27 04:25 <DIR> d-------- C:\WINDOWS\ŕppPatch
2008-04-25 23:35 . 2008-04-25 23:35 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\AT&T
2008-04-25 06:13 . 2008-04-25 06:13 <DIR> d-------- C:\Documents and Settings\elzabeth\Application Data\AT&T
2008-04-25 04:48 . 2008-04-25 04:48 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-04-25 04:43 . 2008-04-25 04:43 <DIR> d-------- C:\WINDOWS\Motive
2008-04-25 04:43 . 2008-04-25 04:43 <DIR> d-------- C:\Program Files\BellSouth Application Management
2008-04-25 04:43 . 2008-04-25 04:43 <DIR> d-------- C:\Program Files\BellSouth
2008-04-25 04:38 . 2008-04-25 04:38 <DIR> d-------- C:\Program Files\AT&T
2008-04-25 04:38 . 2008-04-25 04:38 <DIR> d-------- C:\Documents and Settings\amy\Application Data\AT&T
2008-04-25 04:38 . 2008-04-25 04:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2008-04-25 04:17 . 2008-04-25 04:17 <DIR> d-------- C:\Program Files\att-nap
2008-04-25 04:17 . 2008-04-25 04:17 <DIR> d-------- C:\Documents and Settings\amy\Application Data\Motive
2008-04-25 04:16 . 2008-04-25 04:16 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-04-24 06:27 . 2008-04-24 06:27 10 -r------- C:\WINDOWS\PSTUDIO.SN
2008-04-24 05:45 . 2008-04-24 05:45 <DIR> d-------- C:\Program Files\FotoBee
2008-04-24 05:35 . 2008-04-24 05:35 10 -r------- C:\WINDOWS\Fantasy2.SN
2008-04-23 04:44 . 2008-04-23 04:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-04-22 03:27 . 2008-04-22 03:27 <DIR> d-------- C:\Documents and Settings\elzabeth\WINDOWS
2008-04-22 03:27 . 1996-07-01 00:00 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2008-04-22 03:27 . 2008-04-24 06:26 865 --a------ C:\WINDOWS\maxlink.ini
2008-04-22 03:27 . 2008-04-24 06:36 744 --a------ C:\WINDOWS\fantasy2.ini
2008-04-22 03:27 . 2008-04-24 06:29 425 --a------ C:\WINDOWS\pstudio.ini
2008-04-22 03:27 . 2008-04-24 06:26 293 --a------ C:\WINDOWS\photoprn.ini
2008-04-22 03:27 . 1998-07-21 20:29 21 --a------ C:\WINDOWS\PS_SUITE.INI
2008-04-20 05:18 . 2008-04-20 05:18 <DIR> d-------- C:\Program Files\Real
2008-04-20 05:18 . 2008-04-20 05:18 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-20 05:18 . 2008-04-20 05:18 <DIR> d-------- C:\My Music
2008-04-20 05:18 . 2001-08-18 12:00 1,338,880 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-04-20 05:18 . 2000-12-07 16:51 51,200 --ah----- C:\WINDOWS\system32\PackethSvc.exe
2008-04-20 05:18 . 1998-10-07 02:21 29,184 --a------ C:\WINDOWS\system32\popup.ocx
2008-04-20 05:18 . 2008-04-20 05:18 24,576 --a------ C:\WINDOWS\system32\prefscpl.cpl
2008-04-20 05:18 . 2000-12-03 10:35 22,640 --a------ C:\WINDOWS\system32\drivers\wandrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 23:47 756,387 ----a-w C:\Program Files\INSTALL.LOG
2008-04-27 10:25 89,088 --sh--r C:\WINDOWS\AppPatch\wuaclt.exe
2008-02-27 10:05 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2005-07-29 22:24 472 --sha-r C:\WINDOWS\YW15\sqYc.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52E20DB2-8ED5-4574-9856-52CD1FA342EC}]
C:\WINDOWS\System32\vtUopPgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F78781-4B2D-4DB0-A369-4A312E3A1FE5}]
C:\WINDOWS\System32\urqOeCTm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4931708-B577-4E71-80F5-43DCDB1036E8}]
C:\WINDOWS\System32\ssqRLBRh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4121D80-4F96-4DCD-BD16-24EA20E75036}]
C:\WINDOWS\System32\ddcYoOgG.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14 1077277]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{F6-65-5E-E1-DW}"="C:\windows\system32\rwwnw64d.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-20 05:18 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-24 20:17 98304]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 13:12 2061816]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 11:55 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 11:51 118784]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-28 19:02 198184]
"FastAccess Help"="C:\Program Files\BellSouth Application Management\content\..\Start.exe" [2007-10-03 08:19 108421]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"c0af654e"="C:\WINDOWS\System32\qcpvlabq.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iZone Monitor.lnk - C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe [2007-11-01 17:01:14 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJdBtQ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-01-28 14:56]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\System32\Drivers\Ca536av.sys [2004-06-29 21:21]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\System32\DRIVERS\mr97310v.sys [2004-03-30 11:29]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 11:53]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 11:53]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\System32\Drivers\Bulk536.sys [2003-05-14 23:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-01 23:46:40 C:\WINDOWS\Tasks\System Restore.job"
- C:\WINDOWS\system32\Restore\rstrui.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 12:20:35
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\drivers\clbdriver.sys 16384 bytes
C:\WINDOWS\system32\clb.dll 16384 bytes
C:\WINDOWS\system32\clbcatq.dll 475136 bytes
C:\WINDOWS\system32\clbcatex.dll 114688 bytes
C:\WINDOWS\system32\clbinit.dll 16384 bytes
C:\WINDOWS\system32\clbcfg.dat 16384 bytes

scan completed successfully
hidden files: 6

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver]
"imagepath"="\??\globalroot\systemroot\system32\drivers\clbdriver.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
.
**************************************************************************
.
Completion time: 2008-05-09 12:21:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-09 18:21:12

Pre-Run: 20,506,066,944 bytes free
Post-Run: 20,545,470,464 bytes free

206

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:29 PM, on 5/9/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {52E20DB2-8ED5-4574-9856-52CD1FA342EC} - C:\WINDOWS\System32\vtUopPgh.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {90F78781-4B2D-4DB0-A369-4A312E3A1FE5} - C:\WINDOWS\System32\urqOeCTm.dll (file missing)
O2 - BHO: (no name) - {A4931708-B577-4E71-80F5-43DCDB1036E8} - C:\WINDOWS\System32\ssqRLBRh.dll (file missing)
O2 - BHO: (no name) - {F4121D80-4F96-4DCD-BD16-24EA20E75036} - C:\WINDOWS\System32\ddcYoOgG.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [{F6-65-5E-E1-DW}] C:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [FastAccess Help] C:\Program Files\BellSouth Application Management\content\..\Start.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [c0af654e] rundll32.exe "C:\WINDOWS\System32\qcpvlabq.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.forums.spybot.info
O20 - Winlogon Notify: jkkJdBtQ - C:\WINDOWS\
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4735 bytes

Blade81
2008-05-09, 23:59
Hi

Upload following files to http://virusscan.jotti.org and post back the results:
C:\WINDOWS\system32\msvcr71.dll.szcpf
C:\WINDOWS\system32\mfc71u.dll.szcpf
C:\WINDOWS\system32\drivers\kgpfr2.cfg



Start hjt, do a system scan, check:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Close browsers and other windows. Click fix checked.


Open notepad and copy/paste the text in the quotebox below into it:



KILLALL::

Driver::
clbdriver

File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\sqrddpbs.exe
C:\WINDOWS\system32\tupnxxeg.exe
C:\WINDOWS\system32\bgpeikoh.ini
C:\WINDOWS\BMc39c56d2.xml
C:\WINDOWS\promogif3.gif
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\index.html
C:\WINDOWS\system32\g37.exe
C:\WINDOWS\system32\default.htm
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\clbcfg.dat

Rootkit::
C:\WINDOWS\system32\drivers\clbdriver.sys

Folder::
C:\Temp\kvebs14
C:\WINDOWS\YW15
C:\Temp\zvebs14

DirLook::
C:\WINDOWS\ŕppPatch

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52E20DB2-8ED5-4574-9856-52CD1FA342EC}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F78781-4B2D-4DB0-A369-4A312E3A1FE5}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4931708-B577-4E71-80F5-43DCDB1036E8}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4121D80-4F96-4DCD-BD16-24EA20E75036}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{F6-65-5E-E1-DW}"=-
"c0af654e"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJdBtQ]



Save this as
CFScript


http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.



Run Malwarebytes' Anti-malware again and post back its report & a fresh hjt log (without forgetting above meantioned ComboFix resultant log).

ccogswel
2008-05-10, 10:00
Blade81- Your the Man!

Hope I done this scan right.
For the first 2 files
C:\WINDOWS\system32\msvcr71.dll.szcpf
C:\WINDOWS\system32\mfc71u.dll.szcpf
SAID /OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

For C:\WINDOWS\system32\drivers\kgpfr2.cfg
It just said OK

Under that it said Scanner Results. All found nothing on all 3 files.

Like I said, I hope I done this right.
Is there anything else I should down load?
Also I hate to ask as you have been such a big help,
but I have one startup item that opens a folder everytime I start.
I have it unchecked in the startup but I was wondering what I could
do to stop and remove it from the list or?????
It deals with a BellSouth Application Management.
Maybe you can see it in one of the list's.
Well anyway here is all the log's.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:45 AM, on 5/10/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {52E20DB2-8ED5-4574-9856-52CD1FA342EC} - C:\WINDOWS\System32\vtUopPgh.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {90F78781-4B2D-4DB0-A369-4A312E3A1FE5} - C:\WINDOWS\System32\urqOeCTm.dll (file missing)
O2 - BHO: (no name) - {A4931708-B577-4E71-80F5-43DCDB1036E8} - C:\WINDOWS\System32\ssqRLBRh.dll (file missing)
O2 - BHO: (no name) - {F4121D80-4F96-4DCD-BD16-24EA20E75036} - C:\WINDOWS\System32\ddcYoOgG.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [{F6-65-5E-E1-DW}] C:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [FastAccess Help] C:\Program Files\BellSouth Application Management\content\..\Start.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [c0af654e] rundll32.exe "C:\WINDOWS\System32\qcpvlabq.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.forums.spybot.info
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3B48A7-1C39-43AD-9D30-353181A238A5}: NameServer = 207.69.188.187 207.69.188.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C3B48A7-1C39-43AD-9D30-353181A238A5}: NameServer = 207.69.188.187 207.69.188.186
O20 - Winlogon Notify: jkkJdBtQ - C:\WINDOWS\
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4629 bytes



ComboFix 08-05-07.1 - amy 2008-05-10 1:09:49.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.109 [GMT -6:00]
Running from: C:\Documents and Settings\amy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\amy\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BMc39c56d2.xml
C:\WINDOWS\index.html
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\promogif3.gif
C:\WINDOWS\system32\bgpeikoh.ini
C:\WINDOWS\system32\clbcfg.dat
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\default.htm
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\g37.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\sqrddpbs.exe
C:\WINDOWS\system32\tupnxxeg.exe
C:\WINDOWS\system32\winpfz33.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\kvebs14
C:\Temp\kvebs14\zvKarru.log
C:\Temp\zvebs14
C:\WINDOWS\BMc39c56d2.xml
C:\WINDOWS\index.html
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\promogif3.gif
C:\WINDOWS\system32\bgpeikoh.ini
C:\WINDOWS\system32\default.htm
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\g37.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\sqrddpbs.exe
C:\WINDOWS\system32\tupnxxeg.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\YW15
C:\WINDOWS\YW15\sqYc.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER


((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-09 12:02 . 2008-05-09 12:02 <DIR> d-------- C:\Documents and Settings\amy\Application Data\Malwarebytes
2008-05-09 11:42 . 2008-05-09 11:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-09 11:42 . 2008-05-09 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-09 11:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-09 11:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-06 22:31 . 2008-05-06 22:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-03 19:06 . 2008-05-03 19:06 <DIR> d--hs---- C:\FOUND.003
2008-05-03 02:02 . 2008-05-07 16:52 2,302 --a------ C:\WINDOWS\wininit.ini
2008-05-03 01:03 . 2008-05-03 01:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 01:03 . 2008-05-03 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-02 09:18 . 2008-05-02 09:18 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-29 15:34 . 2008-04-29 15:34 <DIR> d--hs---- C:\FOUND.002
2008-04-29 10:48 . 2008-04-29 10:48 2 --a------ C:\WINDOWS\msoffice.ini
2008-04-29 10:14 . 2008-04-29 10:14 <DIR> d--hs---- C:\FOUND.001
2008-04-28 20:16 . 2008-04-28 20:16 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll.szcpf
2008-04-28 20:15 . 2008-04-28 20:16 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll.szcpf
2008-04-27 05:56 . 2002-09-24 04:07 183,488 --a------ C:\WINDOWS\system32\drivers\kgpfr2.cfg
2008-04-27 05:52 . 2008-04-27 05:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-27 05:50 . 2008-04-27 05:50 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-04-27 05:50 . 2008-04-27 05:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-27 05:24 . 2008-04-27 05:24 <DIR> d-------- C:\Program Files\Registry Defender Platinum
2008-04-27 04:56 . 2008-04-27 04:56 <DIR> d--hs---- C:\FOUND.000
2008-04-27 04:26 . 2008-04-27 04:26 <DIR> d-------- C:\Temp
2008-04-27 04:26 . 2001-08-18 12:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-27 04:25 . 2008-04-27 04:25 <DIR> d-------- C:\WINDOWS\ŕppPatch
2008-04-25 23:35 . 2008-04-25 23:35 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\AT&T
2008-04-25 06:13 . 2008-04-25 06:13 <DIR> d-------- C:\Documents and Settings\elzabeth\Application Data\AT&T
2008-04-25 04:48 . 2008-04-25 04:48 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-04-25 04:43 . 2008-04-25 04:43 <DIR> d-------- C:\WINDOWS\Motive
2008-04-25 04:43 . 2008-04-25 04:43 <DIR> d-------- C:\Program Files\BellSouth Application Management
2008-04-25 04:43 . 2008-04-25 04:43 <DIR> d-------- C:\Program Files\BellSouth
2008-04-25 04:38 . 2008-04-25 04:38 <DIR> d-------- C:\Program Files\AT&T
2008-04-25 04:38 . 2008-04-25 04:38 <DIR> d-------- C:\Documents and Settings\amy\Application Data\AT&T
2008-04-25 04:38 . 2008-04-25 04:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2008-04-25 04:17 . 2008-04-25 04:17 <DIR> d-------- C:\Program Files\att-nap
2008-04-25 04:17 . 2008-04-25 04:17 <DIR> d-------- C:\Documents and Settings\amy\Application Data\Motive
2008-04-25 04:16 . 2008-04-25 04:16 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-04-24 06:27 . 2008-04-24 06:27 10 -r------- C:\WINDOWS\PSTUDIO.SN
2008-04-24 05:45 . 2008-04-24 05:45 <DIR> d-------- C:\Program Files\FotoBee
2008-04-24 05:35 . 2008-04-24 05:35 10 -r------- C:\WINDOWS\Fantasy2.SN
2008-04-23 04:44 . 2008-04-23 04:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-04-22 03:27 . 2008-04-22 03:27 <DIR> d-------- C:\Documents and Settings\elzabeth\WINDOWS
2008-04-22 03:27 . 1996-07-01 00:00 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2008-04-22 03:27 . 2008-04-24 06:26 865 --a------ C:\WINDOWS\maxlink.ini
2008-04-22 03:27 . 2008-04-24 06:36 744 --a------ C:\WINDOWS\fantasy2.ini
2008-04-22 03:27 . 2008-04-24 06:29 425 --a------ C:\WINDOWS\pstudio.ini
2008-04-22 03:27 . 2008-04-24 06:26 293 --a------ C:\WINDOWS\photoprn.ini
2008-04-22 03:27 . 1998-07-21 20:29 21 --a------ C:\WINDOWS\PS_SUITE.INI
2008-04-20 05:18 . 2008-04-20 05:18 <DIR> d-------- C:\Program Files\Real
2008-04-20 05:18 . 2008-04-20 05:18 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-20 05:18 . 2008-04-20 05:18 <DIR> d-------- C:\My Music
2008-04-20 05:18 . 2001-08-18 12:00 1,338,880 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-04-20 05:18 . 2000-12-07 16:51 51,200 --ah----- C:\WINDOWS\system32\PackethSvc.exe
2008-04-20 05:18 . 1998-10-07 02:21 29,184 --a------ C:\WINDOWS\system32\popup.ocx
2008-04-20 05:18 . 2008-04-20 05:18 24,576 --a------ C:\WINDOWS\system32\prefscpl.cpl
2008-04-20 05:18 . 2000-12-03 10:35 22,640 --a------ C:\WINDOWS\system32\drivers\wandrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 23:47 756,387 ----a-w C:\Program Files\INSTALL.LOG
2008-04-27 10:25 89,088 --sh--r C:\WINDOWS\AppPatch\wuaclt.exe
2008-02-27 10:05 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\ŕppPatch ----

2008-04-27 04:25 89088 -r-hs---- C:\WINDOWS\ŕppPatch\wuaclt.exe
2008-04-27 04:25 0 d-------- C:\WINDOWS\ŕppPatch\?ppPatch\
2001-08-18 12:00 8104 --a------ C:\WINDOWS\ŕppPatch\drvmain.sdb
2001-08-18 12:00 45568 --a------ C:\WINDOWS\ŕppPatch\AcLua.dll
2001-08-18 12:00 370688 --a------ C:\WINDOWS\ŕppPatch\AcLayers.dll
2001-08-18 12:00 204288 --a------ C:\WINDOWS\ŕppPatch\AcSpecfc.dll
2001-08-18 12:00 190010 --a------ C:\WINDOWS\ŕppPatch\apphelp.sdb
2001-08-18 12:00 148480 --a------ C:\WINDOWS\ŕppPatch\AcVerfyr.dll
2001-08-18 12:00 134164 --a------ C:\WINDOWS\ŕppPatch\msimain.sdb
2001-08-18 12:00 1229312 --a------ C:\WINDOWS\ŕppPatch\AcGenral.dll
2001-08-18 12:00 105472 --a------ C:\WINDOWS\ŕppPatch\AcXtrnal.dll
2001-08-18 12:00 1026828 --a------ C:\WINDOWS\ŕppPatch\sysmain.sdb


((((((((((((((((((((((((((((( snapshot@2008-05-09_12.20.58.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-09 18:20:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 07:11:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14 1077277]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-20 05:18 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-24 20:17 98304]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 13:12 2061816]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 11:55 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 11:51 118784]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-28 19:02 198184]
"FastAccess Help"="C:\Program Files\BellSouth Application Management\content\..\Start.exe" [2007-10-03 08:19 108421]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iZone Monitor.lnk - C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe [2007-11-01 17:01:14 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-01-28 14:56]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\System32\Drivers\Ca536av.sys [2004-06-29 21:21]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\System32\DRIVERS\mr97310v.sys [2004-03-30 11:29]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 11:53]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 11:53]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\System32\Drivers\Bulk536.sys [2003-05-14 23:28]

*Newly Created Service* - CLBDRIVER
.
Contents of the 'Scheduled Tasks' folder
"2008-05-01 23:46:40 C:\WINDOWS\Tasks\System Restore.job"
- C:\WINDOWS\system32\Restore\rstrui.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 01:11:45
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\drivers\clbdriver.sys 16384 bytes
C:\WINDOWS\system32\clb.dll 16384 bytes
C:\WINDOWS\system32\clbcatq.dll 475136 bytes
C:\WINDOWS\system32\clbcatex.dll 114688 bytes
C:\WINDOWS\system32\clbinit.dll 16384 bytes
C:\WINDOWS\system32\clbcfg.dat 16384 bytes

scan completed successfully
hidden files: 6

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver]
"imagepath"="\??\globalroot\systemroot\system32\drivers\clbdriver.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
.
**************************************************************************
.
Completion time: 2008-05-10 1:12:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 07:12:24
ComboFix2.txt 2008-05-09 18:21:18

Pre-Run: 20,497,006,592 bytes free
Post-Run: 20,490,633,216 bytes free

204




Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 71843
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Blade81
2008-05-10, 14:00
Hi

Before we go on I want you to install service pack 1a. You can get it here (http://www.microsoft.com/windowsxp/downloads/updates/sp1/express.mspx). Post a fresh hjt log after you've installed it.

ccogswel
2008-05-10, 21:06
Hi Blade81,

Took me 4 hours to download. Anyway I got it done and here is the hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:06 PM, on 5/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.forums.spybot.info
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 3693 bytes

Blade81
2008-05-10, 23:42
Hi


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Upload following files to http://virusscan.jotti.org and post back the detailed results:
C:\WINDOWS\system32\clb.dll
C:\WINDOWS\system32\clbcatq.dll
C:\WINDOWS\system32\clbcatex.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\clbcfg.dat

ccogswel
2008-05-11, 04:36
Hi Blade81,

I followed what you said but I didn't find anything. I even searched the files and folders. No luck at all. Is that good? Or Bad?

Blade81
2008-05-11, 13:59
Hi

Open device manager (click start, run & write devmgmt.msc)> view> show hidden devices.
Expand "non plug and play drivers"
Locate "clbdriver" and double click it.
Tell it to "not use this device", apply & Ok.
Reboot when prompted.

Remove old ComboFix.exe. Then download latest copy of combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Run ComboFix and post its log & a fresh hjt log.

ccogswel
2008-05-12, 01:12
Hi Blade81,
Combo Fix said it couldn't find a file. But when I went to write it down it changed. Maybe it is in the report. Also the forum said my post was to long so I'll have a few post's.

ComboFix 08-05-11.1 - amy 2008-05-10 13:16:31.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.93 [GMT -6:00]
Running from: C:\Documents and Settings\amy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\drivers\clbdriver.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Service_clbdriver


((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-10 13:07 . 2008-05-10 13:07 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-10 10:23 . 2002-08-29 04:41 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2008-05-10 10:22 . 2002-08-29 04:41 218,112 --------- C:\WINDOWS\system32\sbe.dll
2008-05-10 10:22 . 2002-08-29 04:41 200,192 -ra------ C:\WINDOWS\system32\termsrv.dll
2008-05-10 10:22 . 2002-08-29 04:41 71,168 --a------ C:\WINDOWS\system32\telnet.exe
2008-05-10 10:21 . 2002-08-29 04:41 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2008-05-10 10:21 . 2002-08-29 04:41 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2008-05-10 10:21 . 2002-08-29 04:41 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2008-05-10 10:20 . 2002-08-29 04:41 172,032 --------- C:\WINDOWS\system32\mssap.dll
2008-05-10 10:20 . 2002-08-29 02:28 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2008-05-10 10:19 . 2002-08-29 04:39 205,312 --a------ C:\WINDOWS\system32\sysmon.ocx
2008-05-10 10:19 . 2002-08-29 02:11 162,304 --------- C:\WINDOWS\system32\msctfime.ime
2008-05-10 10:18 . 2002-08-29 04:41 674,816 --a------ C:\WINDOWS\system32\sxs.dll
2008-05-10 10:18 . 2002-08-29 04:41 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2008-05-10 10:18 . 2002-08-29 04:41 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2008-05-10 10:18 . 2002-08-29 04:40 155,648 --------- C:\WINDOWS\system32\encdec.dll
2008-05-10 10:18 . 2002-08-29 04:41 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2008-05-10 10:18 . 2002-08-29 04:41 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2008-05-10 10:18 . 2002-08-29 04:41 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2008-05-10 10:18 . 2002-08-29 04:41 61,952 --a------ C:\WINDOWS\system32\sti.dll
2008-05-10 10:18 . 2002-08-29 04:41 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2008-05-10 10:18 . 2002-08-29 02:32 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2008-05-10 10:17 . 2002-04-19 19:20 66,082 --------- C:\WINDOWS\system32\c_28603.nls
2008-05-10 10:17 . 2002-08-29 00:16 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2008-05-10 10:17 . 2002-08-29 00:16 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2008-05-10 10:17 . 2002-08-29 00:16 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2008-05-10 10:17 . 2002-08-29 04:41 31,263 --------- C:\WINDOWS\system32\ativmvxx.ax
2008-05-10 10:17 . 2002-08-29 00:16 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2008-05-10 10:17 . 2002-08-29 00:16 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2008-05-10 10:17 . 2002-08-29 00:16 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2008-05-10 10:17 . 2002-08-29 04:41 12,831 --------- C:\WINDOWS\system32\ativdaxx.ax
2008-05-10 10:17 . 2002-08-29 02:14 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2008-05-10 10:16 . 2002-08-29 04:40 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2008-05-10 10:16 . 2002-08-29 04:41 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2008-05-10 10:16 . 2002-08-29 00:16 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2008-05-10 10:16 . 2002-08-29 00:16 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2008-05-10 10:16 . 2002-08-29 04:41 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2008-05-10 10:16 . 2002-08-29 00:16 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2008-05-10 10:16 . 2002-08-29 00:16 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2008-05-10 10:15 . 2002-08-29 04:41 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2008-05-10 10:15 . 2002-08-29 04:41 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2008-05-10 10:15 . 2002-08-29 04:41 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2008-05-10 10:14 . 2002-08-29 04:40 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-05-10 10:14 . 2002-08-29 04:41 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2008-05-10 10:14 . 2002-08-29 04:41 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2008-05-10 10:14 . 2002-08-29 04:41 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2008-05-10 10:14 . 2002-08-29 04:41 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2008-05-10 10:12 . 2002-08-29 00:16 450,176 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-10 10:12 . 2002-08-29 04:41 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2008-05-10 10:11 . 2002-08-29 00:16 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-05-10 10:11 . 2002-08-29 04:41 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
2008-05-10 10:11 . 2002-08-29 04:41 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2008-05-10 10:09 . 2002-08-29 04:41 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2008-05-10 10:09 . 2002-08-29 04:41 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2008-05-10 10:09 . 2002-08-29 04:41 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2008-05-10 10:09 . 2002-08-29 04:41 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2008-05-10 10:08 . 2002-04-15 22:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-05-10 10:07 . 2002-08-29 04:41 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2008-05-10 10:07 . 2002-08-29 04:48 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2008-05-10 10:06 . 2002-08-29 04:41 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2008-05-10 10:06 . 2002-08-29 04:41 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2008-05-10 10:06 . 2002-08-29 04:41 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2008-05-10 10:06 . 2002-08-29 04:41 154,112 --a------ C:\WINDOWS\system32\netman.dll
2008-05-10 10:06 . 2002-08-29 04:41 105,984 --a------ C:\WINDOWS\system32\netdde.exe
2008-05-10 10:05 . 2002-08-29 04:41 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2008-05-10 10:05 . 2002-08-29 04:41 115,200 --a------ C:\WINDOWS\system32\net1.exe
2008-05-10 10:05 . 2002-08-29 04:41 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2008-05-10 10:05 . 2002-08-29 04:41 39,424 --a------ C:\WINDOWS\system32\net.exe
2008-05-10 10:05 . 2002-08-29 04:41 16,384 --a------ C:\WINDOWS\system32\nddenb32.dll
2008-05-10 10:04 . 2002-08-29 04:41 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2008-05-10 10:03 . 2002-08-29 04:41 344,095 --a------ C:\WINDOWS\system32\msxbde40.dll
2008-05-10 10:00 . 2002-08-29 02:40 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2008-05-10 10:00 . 2002-08-29 04:41 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2008-05-10 10:00 . 2002-08-29 02:40 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2008-05-10 10:00 . 2002-08-29 04:41 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2008-05-10 10:00 . 2002-08-29 04:41 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2008-05-10 10:00 . 2002-08-29 04:41 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2008-05-10 10:00 . 2002-08-29 04:41 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2008-05-10 10:00 . 2002-08-29 04:41 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2008-05-10 09:59 . 2002-08-29 04:41 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
2008-05-10 09:59 . 2002-08-29 04:41 253,983 --a------ C:\WINDOWS\system32\mstext40.dll
2008-05-10 09:59 . 2002-08-29 04:41 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2008-05-10 09:59 . 2002-08-29 04:41 245,760 --a------ C:\WINDOWS\system32\msscp.dll
2008-05-10 09:59 . 2002-08-29 04:39 106,547 --a------ C:\WINDOWS\system32\msscript.ocx
2008-05-10 09:59 . 2002-08-29 04:41 69,632 --a------ C:\WINDOWS\system32\msscds32.ax
2008-05-10 09:59 . 2002-08-29 04:41 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2008-05-10 09:54 . 2002-08-29 04:41 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2008-05-10 09:54 . 2002-08-29 04:41 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2008-05-10 09:54 . 2002-08-29 04:41 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2008-05-10 09:54 . 2002-08-29 04:41 36,352 --a------ C:\WINDOWS\system32\sens.dll
2008-05-10 09:54 . 2002-08-29 04:41 20,992 --a------ C:\WINDOWS\system32\setup.exe
2008-05-10 09:54 . 2002-08-29 04:41 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2008-05-10 09:54 . 2002-08-29 04:41 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2008-05-10 09:53 . 2002-08-29 04:41 548,864 --a------ C:\WINDOWS\system32\rtcdll.dll
2008-05-10 09:53 . 2002-08-29 04:41 530,432 --a------ C:\WINDOWS\system32\rpcrt4.dll
2008-05-10 09:53 . 2002-08-29 04:41 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2008-05-10 09:53 . 2002-08-29 04:41 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2008-05-10 09:53 . 2002-08-29 04:41 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2008-05-10 09:53 . 2002-08-29 04:41 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2008-05-10 09:53 . 2002-08-28 23:27 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2008-05-10 09:53 . 2002-08-28 23:27 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2008-05-10 09:53 . 2002-08-29 04:41 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2008-05-10 09:53 . 2002-08-29 04:41 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2008-05-10 09:51 . 2002-08-29 04:41 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2008-05-10 09:51 . 2002-08-29 04:41 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2008-05-10 09:51 . 2002-07-16 19:55 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2008-05-10 09:51 . 2002-08-29 04:41 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2008-05-10 09:51 . 2002-08-29 04:41 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2008-05-10 09:51 . 2002-08-29 04:41 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2008-05-10 09:51 . 2002-08-29 04:41 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2008-05-10 09:50 . 2002-08-29 04:41 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-05-10 09:50 . 2002-08-29 04:41 258,048 --a------ C:\WINDOWS\system32\wmvds32.ax
2008-05-10 09:50 . 2002-08-29 04:41 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2008-05-10 09:50 . 2002-08-29 04:41 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2008-05-10 09:50 . 2002-08-29 04:41 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2008-05-10 09:50 . 2002-08-29 04:41 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2008-05-10 09:47 . 2002-08-29 04:39 1,998,848 --a------ C:\WINDOWS\system32\wmploc.dll
2008-05-10 09:47 . 2002-08-29 04:41 1,404,928 --a------ C:\WINDOWS\system32\wmpui.dll
2008-05-10 09:47 . 2002-08-29 04:41 1,298,432 --a------ C:\WINDOWS\system32\wmpcore.dll
2008-05-10 09:47 . 2002-08-29 04:41 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-10 09:47 . 2002-08-29 04:41 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2008-05-10 09:47 . 2002-08-29 04:41 278,559 --a------ C:\WINDOWS\system32\wmv8ds32.ax
2008-05-10 09:47 . 2002-08-29 04:41 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2008-05-10 09:47 . 2002-08-29 04:41 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2008-05-10 09:47 . 2002-08-29 04:41 77,824 --a------ C:\WINDOWS\system32\wmpshell.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 23:47 756,387 ----a-w C:\Program Files\INSTALL.LOG
2008-04-27 10:25 89,088 --sh--r C:\WINDOWS\AppPatch\wuaclt.exe
2008-02-27 10:05 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-09_12.20.58.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-18 18:00:00 1,229,312 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
+ 2002-08-29 10:40:48 1,818,624 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2001-08-18 18:00:00 370,688 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2002-08-29 10:40:48 406,528 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2001-08-18 18:00:00 45,568 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
+ 2002-08-29 10:40:48 125,440 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2001-08-18 18:00:00 204,288 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2002-08-29 10:40:48 219,136 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2001-08-18 18:00:00 148,480 ----a-w C:\WINDOWS\AppPatch\AcVerfyr.dll
+ 2002-08-29 10:40:48 255,488 ----a-w C:\WINDOWS\AppPatch\acverfyr.dll
- 2001-08-18 18:00:00 105,472 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2002-08-29 10:40:48 107,520 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
- 2008-05-09 18:20:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-11 19:16:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2002-08-29 10:41:26 13,312 ------w C:\WINDOWS\ehome\medctrro.exe
+ 2002-08-29 10:41:28 4,608 ------w C:\WINDOWS\ehome\snchk.exe
- 2001-08-18 18:00:00 1,000,960 ----a-w C:\WINDOWS\explorer.exe
+ 2002-08-29 10:41:24 1,004,032 ----a-w C:\WINDOWS\explorer.exe
- 2001-08-18 18:00:00 26,647 ----a-w C:\WINDOWS\hh.exe
+ 2002-08-29 10:41:24 10,752 ----a-w C:\WINDOWS\hh.exe
- 2001-08-18 18:00:00 238,592 ----a-w C:\WINDOWS\ime\mscandui.dll
+ 2002-08-29 10:41:02 203,776 ----a-w C:\WINDOWS\ime\mscandui.dll
- 2001-08-18 18:00:00 160,768 ----a-w C:\WINDOWS\ime\SOFTKBD.DLL
+ 2002-08-29 10:41:14 121,344 ----a-w C:\WINDOWS\ime\softkbd.dll
+ 2002-08-29 08:11:52 62,464 ------w C:\WINDOWS\ime\spgrmr.dll
- 2001-08-18 18:00:00 256,000 ----a-w C:\WINDOWS\ime\SPTIP.dll
+ 2002-08-29 10:41:18 235,520 ----a-w C:\WINDOWS\ime\sptip.dll
- 2001-08-18 18:00:00 229,376 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2002-08-29 10:41:28 249,856 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2001-08-18 10:00:00 692,224 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
+ 2002-08-29 10:41:24 742,400 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
- 2001-08-18 10:00:00 694,272 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpSvc.exe
+ 2002-08-29 10:41:24 703,488 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
+ 2002-08-29 10:41:24 8,704 ------w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\hscupd.exe
- 2001-08-18 10:00:00 145,408 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
+ 2002-08-29 10:41:26 145,408 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
- 2001-08-18 10:00:00 97,792 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchshell.dll
+ 2002-08-29 10:41:10 97,792 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchshell.dll
- 2001-08-18 10:00:00 29,184 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
+ 2002-08-29 10:41:10 29,696 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
- 2007-01-30 19:52:40 2,884 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
+ 2008-05-10 15:56:54 3,182 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
- 2001-08-18 18:00:00 134,144 ----a-w C:\WINDOWS\regedit.exe
+ 2002-08-29 10:41:28 134,144 ----a-w C:\WINDOWS\regedit.exe
+ 2002-08-29 08:33:20 50,560 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2002-08-29 08:33:22 46,080 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2002-08-29 10:40:48 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2002-08-29 06:00:48 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2002-08-29 06:00:56 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2002-08-29 10:40:48 1,818,624 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2002-08-29 10:40:48 406,528 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2002-08-29 10:40:48 125,440 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2002-08-29 08:09:06 179,328 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2002-08-29 10:40:48 219,136 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2002-08-29 10:40:48 255,488 ------w C:\WINDOWS\ServicePackFiles\i386\acverfyr.dll
+ 2002-08-29 10:40:48 107,520 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2002-08-29 10:40:48 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2002-08-29 10:41:20 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2002-08-29 06:00:48 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2002-08-29 10:40:48 162,816 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2002-08-29 10:40:48 139,776 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2002-08-29 10:40:48 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2002-08-29 10:40:48 239,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2002-08-29 10:40:48 558,080 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2002-08-29 10:40:48 91,136 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2002-08-29 06:16:38 142,208 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2002-08-29 09:01:14 131,968 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2002-08-29 10:41:20 91,648 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2002-08-29 10:41:20 41,984 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2002-08-29 08:05:06 32,000 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2002-08-29 08:05:08 32,512 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2002-08-29 05:59:12 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2002-08-29 10:40:48 115,712 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2002-08-29 08:33:30 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2002-08-29 10:40:06 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\asferror.dll
+ 2002-08-29 10:40:48 14,366 ------w C:\WINDOWS\ServicePackFiles\i386\asfsipc.dll
+ 2002-08-29 10:41:20 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2002-08-29 08:27:50 86,912 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2002-08-29 10:40:48 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2002-08-29 10:40:48 202,496 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2002-08-29 06:16:18 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2002-08-29 06:16:16 450,176 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2002-08-29 10:40:48 844,675 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2002-08-29 10:40:50 921,475 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2002-08-29 06:16:24 56,591 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2002-08-29 06:16:24 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2002-08-29 06:16:26 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2002-08-29 06:16:26 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2002-08-29 06:16:26 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2002-08-29 06:16:28 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2002-08-29 06:16:28 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2002-08-29 06:16:28 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2002-08-29 06:16:30 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2002-08-29 06:16:30 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2002-08-29 10:40:50 74,810 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2002-08-29 08:33:36 53,888 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2002-08-29 10:40:50 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2002-08-29 10:40:50 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2002-08-29 10:41:20 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2002-08-29 10:41:20 565,760 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2002-08-29 10:41:20 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2002-08-29 07:37:20 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\auupdate.exe
+ 2002-08-29 08:33:22 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2002-08-29 10:40:50 76,288 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2002-08-29 10:40:50 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2002-08-29 10:40:50 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2002-08-29 08:34:42 68,864 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2002-08-29 10:40:10 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2002-08-29 10:40:50 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2002-08-29 10:40:50 1,021,952 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2002-08-29 10:40:50 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2002-08-29 10:40:50 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2002-08-29 10:40:50 360,448 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2002-08-29 10:40:50 582,656 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2002-08-29 08:33:24 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
+ 2002-08-29 08:58:52 59,648 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
+ 2002-08-29 10:40:50 14,848 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
+ 2002-08-29 08:27:56 47,488 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
+ 2002-08-29 10:40:50 186,880 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
+ 2002-08-29 10:40:50 179,712 ------w C:\WINDOWS\ServicePackFiles\i386\cewmdm.dll
+ 2002-08-29 10:40:50 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
+ 2002-08-29 10:41:20 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
+ 2002-08-29 10:40:50 1,267,712 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
+ 2002-08-29 10:40:50 64,512 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
+ 2002-08-29 09:08:44 46,336 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
+ 2002-08-29 10:41:20 98,816 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
+ 2002-08-29 10:40:50 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll
+ 2002-08-29 08:09:06 13,184 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys
+ 2002-08-29 10:40:50 324,608 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2002-08-29 10:41:22 41,472 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
+ 2002-08-29 10:40:50 186,880 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll
+ 2002-08-29 10:40:50 557,056 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
+ 2002-08-29 10:40:50 258,048 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
+ 2002-08-29 10:40:50 238,592 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll
+ 2002-08-29 10:40:50 1,172,992 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll
+ 2002-08-29 10:41:22 995,328 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
+ 2002-08-29 10:41:22 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
+ 2002-08-29 07:37:22 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\copymar.exe
+ 2002-08-29 10:40:50 158,720 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2002-08-29 08:05:08 31,488 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys
+ 2002-08-29 10:40:50 557,568 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll
+ 2002-08-29 10:40:50 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll
+ 2002-08-29 10:40:50 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
+ 2002-08-29 10:40:50 471,040 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll
+ 2002-08-29 10:40:50 307,712 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll
+ 2002-08-29 10:40:50 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll
+ 2002-08-29 10:41:22 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
+ 2002-08-29 07:37:22 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\custdial.dll
+ 2002-08-29 10:40:50 1,180,672 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll
+ 2002-08-29 10:40:50 986,112 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll
+ 2002-08-29 10:40:50 489,984 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll
+ 2002-08-29 10:40:50 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsadsn.dll
+ 2002-08-29 07:36:06 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll
+ 2002-08-29 07:36:06 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsvinn.dll
+ 2002-08-29 10:40:00 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll
+ 2002-08-29 07:34:36 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll
+ 2002-08-29 10:57:58 1,740 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2002-08-29 10:40:50 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll
+ 2002-08-29 10:40:50 253,440 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
+ 2002-08-29 10:41:22 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
+ 2002-08-29 10:40:50 263,168 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll
+ 2002-08-29 10:41:22 76,288 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
+ 2002-08-29 10:41:22 99,328 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
+ 2002-08-29 10:40:50 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgsnap.dll
+ 2002-08-29 10:40:50 113,152 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgui.dll
+ 2002-08-29 10:40:50 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\dfsshlex.dll
+ 2002-08-29 10:40:50 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\dgnet.dll
+ 2002-08-29 10:40:50 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll
+ 2002-08-29 10:40:50 55,296 ------w C:\WINDOWS\ServicePackFiles\i386\digest.dll
+ 2002-08-29 10:40:50 151,552 ------w C:\WINDOWS\ServicePackFiles\i386\dinput.dll
+ 2002-08-29 10:40:50 168,960 ------w C:\WINDOWS\ServicePackFiles\i386\dinput8.dll
+ 2002-08-29 08:27:58 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\disk.sys
+ 2002-08-29 08:27:56 13,184 ------w C:\WINDOWS\ServicePackFiles\i386\diskdump.sys
+ 2002-08-29 10:41:22 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\dlimport.exe
+ 2002-08-29 10:40:50 26,112 ------w C:\WINDOWS\ServicePackFiles\i386\dmband.dll
+ 2002-08-29 10:40:50 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\dmcompos.dll
+ 2002-08-29 10:40:50 172,544 ------w C:\WINDOWS\ServicePackFiles\i386\dmime.dll
+ 2002-08-29 10:40:50 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\dmloader.dll
+ 2002-08-29 10:40:50 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\dmscript.dll
+ 2002-08-29 10:40:50 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\dmstyle.dll
+ 2002-08-29 10:40:50 94,720 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.dll
+ 2002-08-29 10:40:50 139,264 ------w C:\WINDOWS\ServicePackFiles\i386\dnsapi.dll
+ 2002-08-29 10:40:50 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\docprop2.dll
+ 2002-08-29 09:20:28 115,200 ------w C:\WINDOWS\ServicePackFiles\i386\dpcdll.dll
+ 2002-08-29 10:40:50 156,672 ------w C:\WINDOWS\ServicePackFiles\i386\dpnet.dll
+ 2002-08-29 10:40:50 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhpast.dll
+ 2002-08-29 10:40:50 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhupnp.dll
+ 2002-08-29 10:40:50 206,336 ------w C:\WINDOWS\ServicePackFiles\i386\dpvoice.dll
+ 2002-08-29 10:41:22 58,368 ------w C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe
+ 2002-08-29 10:40:50 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\dpwsockx.dll
+ 2002-08-29 10:40:50 266,240 ------w C:\WINDOWS\ServicePackFiles\i386\drmclien.dll
+ 2002-08-29 08:32:34 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\drmk.sys
+ 2002-08-29 08:32:34 2,816 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2002-08-29 10:40:50 76,830 ------w C:\WINDOWS\ServicePackFiles\i386\drmstor.dll
+ 2002-08-29 10:40:50 602,112 ------w C:\WINDOWS\ServicePackFiles\i386\drmv2clt.dll
+ 2002-08-29 10:40:50 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ds32gt.dll
+ 2002-08-29 10:40:50 135,680 ------w C:\WINDOWS\ServicePackFiles\i386\dsprop.dll
+ 2002-08-29 08:14:26 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dsprpres.dll
+ 2002-08-29 10:40:52 227,840 ------w C:\WINDOWS\ServicePackFiles\i386\dsquery.dll
+ 2002-08-29 05:27:32 124,928 ------w C:\WINDOWS\ServicePackFiles\i386\dssenh.dll
+ 2002-08-29 10:41:22 9,216 ------w C:\WINDOWS\ServicePackFiles\i386\dumprep.exe
+ 2002-08-29 10:40:52 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\duser.dll
+ 2002-06-27 23:38:36 162,120 ------w C:\WINDOWS\ServicePackFiles\i386\dw.exe
+ 2002-08-29 10:41:22 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\dwwin.exe
+ 2002-08-29 10:41:22 786,432 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe
+ 2002-08-29 10:40:44 68,992 ------w C:\WINDOWS\ServicePackFiles\i386\dxg.sys
+ 2002-08-29 10:40:52 498,205 ------w C:\WINDOWS\ServicePackFiles\i386\dxmasf.dll
+ 2002-08-29 10:40:52 802,304 ------w C:\WINDOWS\ServicePackFiles\i386\dxmrtp.dll
+ 2002-08-29 10:40:52 337,920 ------w C:\WINDOWS\ServicePackFiles\i386\dxtmsft.dll
+ 2002-08-29 10:40:52 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\dxtrans.dll
+ 2002-08-29 10:40:52 165,376 ------w C:\WINDOWS\ServicePackFiles\i386\els.dll
+ 2002-08-29 10:40:52 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\encapi.dll
+ 2002-08-29 10:40:52 155,648 ------w C:\WINDOWS\ServicePackFiles\i386\encdec.dll
+ 2002-08-29 10:40:52 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\ersvc.dll
+ 2002-08-29 10:40:52 225,280 ------w C:\WINDOWS\ServicePackFiles\i386\es.dll
+ 2002-08-29 10:40:52 235,520 ------w C:\WINDOWS\ServicePackFiles\i386\esscli.dll
+ 2002-08-29 06:00:54 137,088 ------w C:\WINDOWS\ServicePackFiles\i386\essm2e.sys
+ 2002-08-29 10:41:24 178,688 ------w C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe
+ 2002-08-29 10:40:52 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
+ 2002-08-29 10:40:52 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\evntrprv.dll
+ 2002-08-29 10:41:24 1,004,032 ------w C:\WINDOWS\ServicePackFiles\i386\explorer.exe
+ 2002-08-29 10:40:54 380,445 ------w C:\WINDOWS\ServicePackFiles\i386\expsrv.dll
+ 2002-08-29 09:12:46 145,152 ------w C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
+ 2002-08-29 10:40:54 565,248 ------w C:\WINDOWS\ServicePackFiles\i386\fastprox.dll
+ 2002-08-29 10:40:54 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\faultrep.dll
+ 2002-08-29 10:41:24 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe
+ 2002-08-29 10:40:54 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\fldrclnr.dll
+ 2002-08-29 08:27:44 19,712 ------w C:\WINDOWS\ServicePackFiles\i386\flpydisk.sys
+ 2002-08-29 10:41:24 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\fontview.exe
+ 2002-08-29 10:40:54 32,828 ------w C:\WINDOWS\ServicePackFiles\i386\fp40ext.dll
+ 2002-08-29 10:40:54 184,435 ------w C:\WINDOWS\ServicePackFiles\i386\fp4amsft.dll
+ 2002-08-29 10:40:54 82,035 ------w C:\WINDOWS\ServicePackFiles\i386\fp4anscp.dll
+ 2002-08-29 10:40:54 147,513 ------w C:\WINDOWS\ServicePackFiles\i386\fp4apws.dll
+ 2002-08-29 10:40:54 127,034 ------w C:\WINDOWS\ServicePackFiles\i386\fp4areg.dll
+ 2002-08-29 10:40:54 102,509 ------w C:\WINDOWS\ServicePackFiles\i386\fp4atxt.dll
+ 2002-08-29 10:40:54 618,605 ------w C:\WINDOWS\ServicePackFiles\i386\fp4autl.dll
+ 2002-08-29 10:40:54 41,020 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avnb.dll
+ 2002-08-29 10:40:54 32,826 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avss.dll
+ 2002-08-29 10:40:54 49,212 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awebs.dll
+ 2002-08-29 10:40:56 872,557 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awel.dll
+ 2002-08-29 10:41:24 15,120 ------w C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe
+ 2002-08-29 10:41:24 109,840 ------w C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe
+ 2002-08-29 10:41:24 24,632 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe
+ 2002-08-29 10:40:56 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmdll.dll
+ 2002-08-29 10:41:24 188,494 ------w C:\WINDOWS\ServicePackFiles\i386\fpcount.exe
+ 2002-08-29 10:40:56 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\fpencode.dll
+ 2002-08-29 10:40:56 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpexedll.dll
+ 2002-08-29 10:40:56 598,071 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmc.dll
+ 2002-05-15 01:16:22 208,896 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmcsat.dll
+ 2002-08-29 10:41:24 20,538 ------w C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe
+ 2002-08-29 10:41:24 28,728 ------w C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe
+ 2002-08-29 10:40:44 8,832 ------w C:\WINDOWS\ServicePackFiles\i386\framebuf.dll
+ 2002-08-29 10:41:24 40,448 ------w C:\WINDOWS\ServicePackFiles\i386\ftp.exe
+ 2002-08-29 10:40:56 443,392 ------w C:\WINDOWS\ServicePackFiles\i386\fxsapi.dll
+ 2002-08-29 10:41:24 130,048 ------w C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe
+ 2002-08-29 10:40:56 271,360 ------w C:\WINDOWS\ServicePackFiles\i386\fxscomex.dll
+ 2002-08-29 10:41:24 216,064 ------w C:\WINDOWS\ServicePackFiles\i386\fxscover.exe
+ 2002-08-29 10:40:56 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\fxsdrv.dll
+ 2002-08-29 10:40:56 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\fxsext32.dll
+ 2002-08-29 10:40:56 122,880 ------w C:\WINDOWS\ServicePackFiles\i386\fxsocm.dll
+ 2002-08-29 10:40:56 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\fxsperf.dll
+ 2002-08-29 10:39:56 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\fxsres.dll
+ 2002-08-29 10:40:56 559,616 ------w C:\WINDOWS\ServicePackFiles\i386\fxsst.dll
+ 2002-08-29 10:41:24 250,368 ------w C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe
+ 2002-08-29 10:40:56 236,032 ------w C:\WINDOWS\ServicePackFiles\i386\fxst30.dll
+ 2002-08-29 10:40:56 391,168 ------w C:\WINDOWS\ServicePackFiles\i386\fxstiff.dll
+ 2002-08-29 10:40:56 149,504 ------w C:\WINDOWS\ServicePackFiles\i386\fxsui.dll
+ 2002-08-29 10:40:56 185,856 ------w C:\WINDOWS\ServicePackFiles\i386\fxswzrd.dll
+ 2002-08-29 10:40:56 395,264 ------w C:\WINDOWS\ServicePackFiles\i386\fxsxp32.dll
+ 2002-08-29 08:32:44 9,856 ------w C:\WINDOWS\ServicePackFiles\i386\gameenum.sys
+ 2002-08-29 08:32:48 54,144 ------w C:\WINDOWS\ServicePackFiles\i386\gckernel.sys
+ 2002-08-29 10:40:56 250,368 ------w C:\WINDOWS\ServicePackFiles\i386\gdi32.dll
+ 2002-08-29 10:40:56 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\guitrn.dll
+ 2002-08-29 10:40:56 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\guitrn_a.dll
+ 2002-08-29 10:40:56 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\h323cc.dll
+ 2002-08-29 08:05:06 101,376 ------w C:\WINDOWS\ServicePackFiles\i386\hal.dll
+ 2002-08-29 08:05:04 127,872 ------w C:\WINDOWS\ServicePackFiles\i386\halaacpi.dll
+ 2002-08-29 08:05:04 77,440 ------w C:\WINDOWS\ServicePackFiles\i386\halacpi.dll
+ 2002-08-29 08:05:04 146,560 ------w C:\WINDOWS\ServicePackFiles\i386\halapic.dll
+ 2002-08-29 08:05:04 129,920 ------w C:\WINDOWS\ServicePackFiles\i386\halmacpi.dll
+ 2002-08-29 08:05:06 148,352 ------w C:\WINDOWS\ServicePackFiles\i386\halmps.dll
+ 2002-08-29 10:40:56 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\hccoin.dll
+ 2002-08-29 10:41:24 742,400 ------w C:\WINDOWS\ServicePackFiles\i386\helpctr.exe
+ 2002-08-29 10:41:24 703,488 ------w C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe
+ 2002-08-29 10:41:24 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\hh.exe
+ 2002-08-29 10:40:56 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\hhsetup.dll
+ 2002-08-29 08:32:42 34,560 ------w C:\WINDOWS\ServicePackFiles\i386\hidclass.sys
+ 2002-08-29 08:32:42 6,912 ------w C:\WINDOWS\ServicePackFiles\i386\hidir.sys
+ 2002-08-29 10:40:56 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\hidserv.dll
+ 2002-08-29 10:40:56 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\hmmapi.dll
+ 2002-08-29 10:40:56 240,640 ------w C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll
+ 2002-08-29 10:41:24 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\hscupd.exe
+ 2002-08-29 09:06:38 51,072 ------w C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
+ 2002-08-29 10:40:56 9,216 ------w C:\WINDOWS\ServicePackFiles\i386\icaapi.dll
+ 2002-08-29 10:40:56 236,032 ------w C:\WINDOWS\ServicePackFiles\i386\icm32.dll
+ 2002-08-29 10:41:24 208,896 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe
+ 2002-08-29 10:40:56 113,152 ------w C:\WINDOWS\ServicePackFiles\i386\idq.dll
+ 2002-08-29 10:41:24 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\ie4uinit.exe
+ 2002-08-29 10:40:56 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\ieakeng.dll
+ 2002-08-29 10:40:56 204,288 ------w C:\WINDOWS\ServicePackFiles\i386\ieaksie.dll
+ 2002-08-29 10:40:56 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\iedkcs32.dll
+ 2002-08-29 10:40:56 231,424 ------w C:\WINDOWS\ServicePackFiles\i386\iepeers.dll
+ 2002-08-29 10:40:56 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\iesetup.dll
+ 2002-08-29 10:41:26 91,136 ------w C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
+ 2002-08-29 10:40:56 468,480 ------w C:\WINDOWS\ServicePackFiles\i386\iis.dll
+ 2002-08-29 10:40:56 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\ils.dll
+ 2002-08-29 10:40:56 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\imagehlp.dll
+ 2002-08-29 10:41:26 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\imapi.exe
+ 2002-08-29 08:28:08 39,808 ------w C:\WINDOWS\ServicePackFiles\i386\imapi.sys
+ 2002-08-29 10:40:56 36,922 ------w C:\WINDOWS\ServicePackFiles\i386\imeshare.dll
+ 2002-08-29 10:40:56 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\imgutil.dll
+ 2002-08-29 10:40:56 103,936 ------w C:\WINDOWS\ServicePackFiles\i386\imm32.dll
+ 2002-08-29 10:40:56 587,776 ------w C:\WINDOWS\ServicePackFiles\i386\inetcomm.dll
+ 2002-08-29 10:40:58 114,176 ------w C:\WINDOWS\ServicePackFiles\i386\input.dll
+ 2002-08-29 10:40:58 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\inseng.dll
+ 2002-08-29 08:27:48 4,736 ------w C:\WINDOWS\ServicePackFiles\i386\intelide.sys
+ 2002-08-29 10:41:26 51,712 ------w C:\WINDOWS\ServicePackFiles\i386\ipconfig.exe
+ 2002-08-29 10:40:58 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\iphlpapi.dll
+ 2002-08-29 08:36:14 79,488 ------w C:\WINDOWS\ServicePackFiles\i386\ipnat.sys
+ 2002-08-29 10:40:58 435,200 ------w C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
+ 2002-08-29 10:40:58 318,464 ------w C:\WINDOWS\ServicePackFiles\i386\ippromon.dll
+ 2002-08-29 09:07:22 57,984 ------w C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
+ 2002-08-29 10:40:58 155,648 ------w C:\WINDOWS\ServicePackFiles\i386\ipsecsvc.dll
+ 2002-08-29 10:41:26 60,928 ------w C:\WINDOWS\ServicePackFiles\i386\ipv6.exe
+ 2002-08-29 10:40:58 134,144 ------w C:\WINDOWS\ServicePackFiles\i386\ipv6mon.dll
+ 2002-08-29 10:40:58 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\irmon.dll
+ 2002-08-29 10:40:58 143,872 ------w C:\WINDOWS\ServicePackFiles\i386\itircl.dll
+ 2002-08-29 10:40:58 122,368 ------w C:\WINDOWS\ServicePackFiles\i386\itss.dll
+ 2002-08-29 10:40:58 91,648 ------w C:\WINDOWS\ServicePackFiles\i386\iuctl.dll
+ 2002-08-29 10:40:58 166,912 ------w C:\WINDOWS\ServicePackFiles\i386\iuengine.dll
+ 2002-08-29 10:40:58 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\ixsso.dll
+ 2002-08-29 08:27:02 23,424 ------w C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
+ 2002-08-29 08:05:10 7,040 ------w C:\WINDOWS\ServicePackFiles\i386\kd1394.dll
+ 2002-08-29 10:41:00 272,896 ------w C:\WINDOWS\ServicePackFiles\i386\kerberos.dll
+ 2002-08-29 10:41:00 930,304 ------w C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
+ 2002-08-29 04:23:06 42,537 ------w C:\WINDOWS\ServicePackFiles\i386\keyboard.sys
+ 2002-08-29 08:32:30 159,360 ------w C:\WINDOWS\ServicePackFiles\i386\kmixer.sys
+ 2002-08-29 09:13:42 131,712 ------w C:\WINDOWS\ServicePackFiles\i386\ks.sys
+ 2002-08-29 04:39:42 97,792 ------w C:\WINDOWS\ServicePackFiles\i386\lang\chtmbx.dll
+ 2002-08-29 04:39:42 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\lang\chtskdic.dll
+ 2002-08-29 04:39:42 173,568 ------w C:\WINDOWS\ServicePackFiles\i386\lang\chtskf.dll
+ 2002-08-29 04:39:42 201,216 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cintime.dll
+ 2002-08-29 04:39:44 480,256 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cintsetp.exe
+ 2002-08-29 04:38:26 57,400 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cplexe.exe
+ 2002-08-29 08:12:30 99,328 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imekrcic.dll
+ 2002-06-13 02:14:46 827,438 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjp81k.dll
+ 2002-08-08 02:35:54 360,494 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpcic.dll
+ 2002-08-29 04:38:40 716,857 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpcus.dll
+ 2002-08-29 04:38:40 81,977 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.dll
+ 2002-08-29 04:38:40 307,258 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe
+ 2002-08-29 04:38:40 155,706 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdsvr.exe
+ 2002-08-29 04:38:42 196,666 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpinst.exe
+ 2002-08-29 04:38:42 208,953 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe
+ 2002-08-29 04:38:46 233,528 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjprw.exe
+ 2002-08-29 04:38:52 262,201 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe
+ 2002-08-29 04:38:54 274,490 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjputyc.dll
+ 2002-08-29 04:39:02 102,456 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imlang.dll
+ 2002-08-29 04:39:06 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imscinst.exe
+ 2002-08-29 04:39:46 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\lang\padrs404.dll
+ 2002-08-29 04:39:08 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\lang\padrs804.dll
+ 2002-08-29 04:39:08 175,104 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlcsa.dll
+ 2002-08-29 04:39:08 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlcsd.dll
+ 2002-08-29 04:39:06 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlphr.exe
+ 2002-08-29 04:39:08 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pmigrate.dll
+ 2002-08-29 04:39:50 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tintlphr.exe
+ 2002-08-29 04:39:50 455,168 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe
+ 2002-08-29 04:39:48 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tmigrate.dll
+ 2002-08-29 08:12:18 72,192 ------w C:\WINDOWS\ServicePackFiles\i386\lang\uniime.dll
+ 2002-08-29 04:39:06 426,042 ------w C:\WINDOWS\ServicePackFiles\i386\lang\voicepad.dll
+ 2002-08-29 04:39:08 86,074 ------w C:\WINDOWS\ServicePackFiles\i386\lang\voicesub.dll

ccogswel
2008-05-12, 01:14
+ 2002-08-29 10:41:00 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\laprxy.dll
+ 2002-08-29 09:41:00 367,616 ------w C:\WINDOWS\ServicePackFiles\i386\licdll.dll
+ 2002-08-29 10:41:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\licmgr10.dll
+ 2002-08-29 10:41:00 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\licwmi.dll
+ 2002-08-29 10:41:00 381,440 ------w C:\WINDOWS\ServicePackFiles\i386\lmrt.dll
+ 2002-08-29 10:41:00 295,936 ------w C:\WINDOWS\ServicePackFiles\i386\localspl.dll
+ 2002-08-29 10:41:00 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\localui.dll
+ 2002-08-29 10:41:00 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\log.dll
+ 2002-08-29 10:41:26 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\logagent.exe
+ 2002-08-29 10:41:28 219,648 ------w C:\WINDOWS\ServicePackFiles\i386\logon.scr
+ 2002-08-29 07:37:30 245,760 ------w C:\WINDOWS\ServicePackFiles\i386\logonmgr.dll
+ 2002-08-29 10:41:26 504,320 ------w C:\WINDOWS\ServicePackFiles\i386\logonui.exe
+ 2002-08-29 10:41:00 671,744 ------w C:\WINDOWS\ServicePackFiles\i386\lsasrv.dll
+ 2002-08-29 10:41:26 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\lsass.exe
+ 2002-08-29 06:34:36 607,360 ------w C:\WINDOWS\ServicePackFiles\i386\ltmdmnt.sys
+ 2002-08-29 06:34:38 420,992 ------w C:\WINDOWS\ServicePackFiles\i386\ltmdmntt.sys
+ 2002-08-29 08:28:02 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\ltotape.sys
+ 2002-08-29 06:16:22 20,864 ------w C:\WINDOWS\ServicePackFiles\i386\lwadihid.sys
+ 2002-08-29 10:41:26 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\medctrro.exe
+ 2002-08-29 08:28:32 24,448 ------w C:\WINDOWS\ServicePackFiles\i386\memstpci.sys
+ 2002-08-29 10:41:00 179,200 ------w C:\WINDOWS\ServicePackFiles\i386\migism.dll
+ 2002-08-29 10:41:00 170,496 ------w C:\WINDOWS\ServicePackFiles\i386\migism_a.dll
+ 2002-08-29 10:41:26 98,816 ------w C:\WINDOWS\ServicePackFiles\i386\migload.exe
+ 2002-08-29 10:41:26 230,400 ------w C:\WINDOWS\ServicePackFiles\i386\migwiz.exe
+ 2002-08-29 10:41:26 226,816 ------w C:\WINDOWS\ServicePackFiles\i386\migwiz_a.exe
+ 2002-08-29 10:41:00 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\mindex.dll
+ 2002-08-29 10:41:00 1,128,960 ------w C:\WINDOWS\ServicePackFiles\i386\mmcndmgr.dll
+ 2002-08-29 10:41:00 32,256 ------w C:\WINDOWS\ServicePackFiles\i386\mnmdd.dll
+ 2002-08-29 10:41:00 196,096 ------w C:\WINDOWS\ServicePackFiles\i386\mobsync.dll
+ 2002-08-29 10:41:26 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\mofcomp.exe
+ 2002-08-29 10:41:00 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\mofd.dll
+ 2002-08-29 10:39:42 210,944 ------w C:\WINDOWS\ServicePackFiles\i386\moricons.dll
+ 2002-08-29 08:27:02 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\mouclass.sys
+ 2002-08-29 10:41:26 806,969 ------w C:\WINDOWS\ServicePackFiles\i386\moviemk.exe
+ 2002-08-29 10:41:00 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\mpg4dmod.dll
+ 2002-08-29 10:41:26 116,736 ------w C:\WINDOWS\ServicePackFiles\i386\mplay32.exe
+ 2002-08-29 10:41:26 4,639 ------w C:\WINDOWS\ServicePackFiles\i386\mplayer2.exe
+ 2002-08-29 08:59:54 407,552 ------w C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
+ 2002-08-29 10:41:02 307,200 ------w C:\WINDOWS\ServicePackFiles\i386\msadce.dll
+ 2002-08-29 10:41:02 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msadcf.dll
+ 2002-08-29 10:41:02 131,072 ------w C:\WINDOWS\ServicePackFiles\i386\msadco.dll
+ 2002-08-29 10:41:02 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\msadcs.dll
+ 2002-08-29 10:41:02 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\msadds.dll
+ 2002-08-29 10:41:02 487,424 ------w C:\WINDOWS\ServicePackFiles\i386\msado15.dll
+ 2002-08-29 10:41:02 159,744 ------w C:\WINDOWS\ServicePackFiles\i386\msadomd.dll
+ 2002-08-29 10:41:02 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\msador15.dll
+ 2002-08-29 10:41:02 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\msadox.dll
+ 2002-08-29 10:41:02 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\msadrh15.dll
+ 2002-08-29 10:41:02 203,776 ------w C:\WINDOWS\ServicePackFiles\i386\mscandui.dll
+ 2002-08-29 10:41:02 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\mscms.dll
+ 2002-08-29 10:41:02 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\msconf.dll
+ 2002-08-29 10:41:26 145,408 ------w C:\WINDOWS\ServicePackFiles\i386\msconfig.exe
+ 2002-08-29 10:39:46 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\mscpx32r.dll
+ 2002-08-29 10:41:02 266,752 ------w C:\WINDOWS\ServicePackFiles\i386\msctf.dll
+ 2002-08-29 10:41:02 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\msctfp.dll
+ 2002-08-29 10:41:02 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdadc.dll
+ 2002-08-29 10:41:02 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdaenum.dll
+ 2002-08-29 10:41:02 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdaer.dll
+ 2002-08-29 10:41:02 532,480 ------w C:\WINDOWS\ServicePackFiles\i386\msdaipp.dll
+ 2002-08-29 10:41:02 221,184 ------w C:\WINDOWS\ServicePackFiles\i386\msdaora.dll
+ 2002-08-29 10:41:02 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\msdaosp.dll
+ 2002-08-29 10:41:02 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\msdaprst.dll
+ 2002-08-29 10:41:02 188,416 ------w C:\WINDOWS\ServicePackFiles\i386\msdaps.dll
+ 2002-08-29 10:41:02 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\msdarem.dll
+ 2002-08-29 10:41:02 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\msdart.dll
+ 2002-08-29 10:41:04 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdasc.dll
+ 2002-08-29 10:41:04 303,104 ------w C:\WINDOWS\ServicePackFiles\i386\msdasql.dll
+ 2002-08-29 10:41:04 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\msdatl3.dll
+ 2002-08-29 10:41:04 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msdatt.dll
+ 2002-08-29 10:41:04 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdaurl.dll
+ 2002-08-29 07:37:34 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\msdbx.dll
+ 2002-08-29 10:41:04 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\msdfmap.dll
+ 2002-08-29 10:41:04 359,936 ------w C:\WINDOWS\ServicePackFiles\i386\msdtcprx.dll
+ 2002-08-29 10:39:46 4,126 ------w C:\WINDOWS\ServicePackFiles\i386\msdxmlc.dll
+ 2002-08-29 10:41:04 512,031 ------w C:\WINDOWS\ServicePackFiles\i386\msexch40.dll
+ 2002-08-29 10:41:04 319,519 ------w C:\WINDOWS\ServicePackFiles\i386\msexcl40.dll
+ 2002-08-29 10:41:04 504,832 ------w C:\WINDOWS\ServicePackFiles\i386\msftedit.dll
+ 2002-08-29 10:41:04 968,192 ------w C:\WINDOWS\ServicePackFiles\i386\msgina.dll
+ 2002-08-29 10:41:04 57,374 ------w C:\WINDOWS\ServicePackFiles\i386\msgrocm.dll
+ 2002-08-21 03:29:46 109,152 ------w C:\WINDOWS\ServicePackFiles\i386\msgsc.dll
+ 2002-08-29 07:36:24 221,215 ------w C:\WINDOWS\ServicePackFiles\i386\msgslang.dll
+ 2002-08-29 10:41:32 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\msh261.drv
+ 2002-08-29 10:41:32 286,720 ------w C:\WINDOWS\ServicePackFiles\i386\msh263.drv
+ 2002-08-29 10:41:04 2,833,920 ------w C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
+ 2002-08-29 10:41:04 440,320 ------w C:\WINDOWS\ServicePackFiles\i386\mshtmled.dll
+ 2002-08-29 10:39:46 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\mshtmler.dll
+ 2002-08-29 10:41:04 2,086,400 ------w C:\WINDOWS\ServicePackFiles\i386\msi.dll
+ 2002-08-29 10:41:04 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\msieftp.dll
+ 2002-08-29 10:41:26 64,512 ------w C:\WINDOWS\ServicePackFiles\i386\msiexec.exe
+ 2002-08-29 10:41:04 305,664 ------w C:\WINDOWS\ServicePackFiles\i386\msihnd.dll
+ 2002-08-29 10:41:04 4,608 ------w C:\WINDOWS\ServicePackFiles\i386\msimg32.dll
+ 2002-08-29 10:41:26 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
+ 2002-08-29 10:41:04 143,872 ------w C:\WINDOWS\ServicePackFiles\i386\msimtf.dll
+ 2002-08-29 10:41:04 368,710 ------w C:\WINDOWS\ServicePackFiles\i386\msisam11.dll
+ 2002-08-29 10:41:06 1,503,262 ------w C:\WINDOWS\ServicePackFiles\i386\msjet40.dll
+ 2002-08-29 10:41:06 348,195 ------w C:\WINDOWS\ServicePackFiles\i386\msjetol1.dll
+ 2002-08-29 10:41:06 90,112 ------w C:\WINDOWS\ServicePackFiles\i386\msjro.dll
+ 2002-08-29 10:41:06 241,695 ------w C:\WINDOWS\ServicePackFiles\i386\msjtes40.dll
+ 2002-08-29 08:27:12 7,040 ------w C:\WINDOWS\ServicePackFiles\i386\mskssrv.sys
+ 2002-08-29 10:41:06 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\mslbui.dll
+ 2002-08-29 10:41:06 213,023 ------w C:\WINDOWS\ServicePackFiles\i386\msltus40.dll
+ 2002-06-27 23:38:38 360,448 ------w C:\WINDOWS\ServicePackFiles\i386\msmom.dll
+ 2002-08-29 10:41:26 1,511,453 ------w C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
+ 2002-08-29 10:41:26 69,663 ------w C:\WINDOWS\ServicePackFiles\i386\msmsgsin.exe
+ 2002-06-27 23:38:40 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\msn6.exe
+ 2002-08-29 10:41:06 174,592 ------w C:\WINDOWS\ServicePackFiles\i386\msnetobj.dll
+ 2002-06-27 23:38:42 978,944 ------w C:\WINDOWS\ServicePackFiles\i386\msnmetal.dll
+ 2002-08-29 07:37:42 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msnmigr.dll
+ 2002-06-27 23:38:46 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\msnmtllc.dll
+ 2002-08-29 07:37:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\msnntmig.dll
+ 2002-08-29 07:37:44 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\msnspell.dll
+ 2002-08-29 10:41:06 319,760 ------w C:\WINDOWS\ServicePackFiles\i386\msnsspc.dll
+ 2002-08-29 07:37:46 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\msnunin.exe
+ 2002-08-29 10:41:06 112,128 ------w C:\WINDOWS\ServicePackFiles\i386\msobcomm.dll
+ 2002-08-29 10:41:06 536,576 ------w C:\WINDOWS\ServicePackFiles\i386\msobmain.dll
+ 2002-08-29 10:41:06 1,174,016 ------w C:\WINDOWS\ServicePackFiles\i386\msoe.dll
+ 2002-08-29 10:41:06 228,864 ------w C:\WINDOWS\ServicePackFiles\i386\msoeacct.dll
+ 2002-08-29 10:41:06 81,408 ------w C:\WINDOWS\ServicePackFiles\i386\msoert2.dll
+ 2002-08-29 10:41:06 131,072 ------w C:\WINDOWS\ServicePackFiles\i386\msorcl32.dll
+ 2002-08-29 10:41:26 339,968 ------w C:\WINDOWS\ServicePackFiles\i386\mspaint.exe
+ 2002-08-29 10:41:06 348,191 ------w C:\WINDOWS\ServicePackFiles\i386\mspbde40.dll
+ 2002-08-29 10:41:06 175,104 ------w C:\WINDOWS\ServicePackFiles\i386\mspmsp.dll
+ 2002-08-29 10:41:06 132,096 ------w C:\WINDOWS\ServicePackFiles\i386\msrating.dll
+ 2002-08-29 10:41:06 421,919 ------w C:\WINDOWS\ServicePackFiles\i386\msrd2x40.dll
+ 2002-08-29 10:41:08 552,991 ------w C:\WINDOWS\ServicePackFiles\i386\msrepl40.dll
+ 2002-08-29 10:41:08 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\msrle32.dll
+ 2002-08-29 10:41:08 172,032 ------w C:\WINDOWS\ServicePackFiles\i386\mssap.dll
+ 2002-08-29 10:41:08 245,760 ------w C:\WINDOWS\ServicePackFiles\i386\msscp.dll
+ 2002-08-29 10:41:08 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\mst120.dll
+ 2002-08-29 10:41:08 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\mst123.dll
+ 2002-08-29 10:41:08 250,368 ------w C:\WINDOWS\ServicePackFiles\i386\mstask.dll
+ 2002-08-29 08:27:12 4,992 ------w C:\WINDOWS\ServicePackFiles\i386\mstee.sys
+ 2002-08-29 10:41:08 253,983 ------w C:\WINDOWS\ServicePackFiles\i386\mstext40.dll
+ 2002-08-29 10:41:08 496,128 ------w C:\WINDOWS\ServicePackFiles\i386\mstime.dll
+ 2002-08-29 10:41:26 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\mstinit.exe
+ 2002-08-29 08:40:46 388,608 ------w C:\WINDOWS\ServicePackFiles\i386\mstsc.exe
+ 2002-08-29 08:40:52 598,016 ------w C:\WINDOWS\ServicePackFiles\i386\mstscax.dll
+ 2002-08-29 10:41:08 241,725 ------w C:\WINDOWS\ServicePackFiles\i386\msuni11.dll
+ 2002-08-29 10:41:08 182,784 ------w C:\WINDOWS\ServicePackFiles\i386\msutb.dll
+ 2002-08-29 10:41:08 108,544 ------w C:\WINDOWS\ServicePackFiles\i386\msv1_0.dll
+ 2002-08-29 10:41:08 401,462 ------w C:\WINDOWS\ServicePackFiles\i386\msvcp60.dll
+ 2002-08-29 10:41:08 323,072 ------w C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
+ 2002-08-29 10:41:08 113,664 ------w C:\WINDOWS\ServicePackFiles\i386\msvfw32.dll
+ 2002-08-29 10:41:08 1,220,608 ------w C:\WINDOWS\ServicePackFiles\i386\msvidctl.dll
+ 2002-08-29 10:41:08 192,512 ------w C:\WINDOWS\ServicePackFiles\i386\mswebdvd.dll
+ 2002-08-29 10:41:08 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\msxactps.dll
+ 2002-08-29 10:41:08 344,095 ------w C:\WINDOWS\ServicePackFiles\i386\msxbde40.dll
+ 2002-08-29 10:41:08 699,392 ------w C:\WINDOWS\ServicePackFiles\i386\msxml2.dll
+ 2002-08-29 10:41:08 1,122,304 ------w C:\WINDOWS\ServicePackFiles\i386\msxml3.dll
+ 2002-08-29 10:41:26 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\muisetup.exe
+ 2002-08-29 09:12:54 104,064 ------w C:\WINDOWS\ServicePackFiles\i386\mup.sys
+ 2002-08-29 08:28:36 11,904 ------w C:\WINDOWS\ServicePackFiles\i386\mutohpen.sys
+ 2002-08-29 10:41:08 208,896 ------w C:\WINDOWS\ServicePackFiles\i386\nac.dll
+ 2002-08-29 10:41:08 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\ncobjapi.dll
+ 2002-08-29 10:41:08 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\ncprov.dll
+ 2002-08-29 10:41:08 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\nddenb32.dll
+ 2002-08-29 09:09:26 167,552 ------w C:\WINDOWS\ServicePackFiles\i386\ndis.sys
+ 2002-08-29 10:41:08 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\ndisnpp.dll
+ 2002-08-29 08:35:42 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\ndisuio.sys
+ 2002-08-29 08:58:40 87,552 ------w C:\WINDOWS\ServicePackFiles\i386\ndiswan.sys
+ 2002-08-29 10:41:26 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\net.exe
+ 2002-08-29 10:41:28 115,200 ------w C:\WINDOWS\ServicePackFiles\i386\net1.exe
+ 2002-08-29 10:41:08 309,248 ------w C:\WINDOWS\ServicePackFiles\i386\netapi32.dll
+ 2002-08-29 08:35:46 33,152 ------w C:\WINDOWS\ServicePackFiles\i386\netbios.sys
+ 2002-08-29 09:01:58 157,056 ------w C:\WINDOWS\ServicePackFiles\i386\netbt.sys
+ 2002-08-29 10:41:08 584,192 ------w C:\WINDOWS\ServicePackFiles\i386\netcfgx.dll
+ 2002-08-29 10:41:28 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\netdde.exe
+ 2002-08-29 10:41:08 399,360 ------w C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
+ 2002-08-29 10:41:08 154,112 ------w C:\WINDOWS\ServicePackFiles\i386\netman.dll
+ 2002-08-29 10:41:08 71,168 ------w C:\WINDOWS\ServicePackFiles\i386\netoc.dll
+ 2002-08-29 10:41:08 857,600 ------w C:\WINDOWS\ServicePackFiles\i386\netplwiz.dll
+ 2002-08-29 10:48:26 326,656 ------w C:\WINDOWS\ServicePackFiles\i386\netsetup.exe
+ 2002-08-29 10:41:08 1,622,528 ------w C:\WINDOWS\ServicePackFiles\i386\netshell.dll
+ 2002-08-29 05:59:32 132,695 ------w C:\WINDOWS\ServicePackFiles\i386\netwlan5.sys
+ 2002-08-29 10:41:08 238,080 ------w C:\WINDOWS\ServicePackFiles\i386\newdev.dll
+ 2002-08-29 08:33:32 57,984 ------w C:\WINDOWS\ServicePackFiles\i386\nic1394.sys
+ 2002-08-29 10:41:08 95,744 ------w C:\WINDOWS\ServicePackFiles\i386\nlhtml.dll
+ 2002-08-29 10:41:08 217,088 ------w C:\WINDOWS\ServicePackFiles\i386\nmas.dll
+ 2002-08-29 10:41:08 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\nmasnt.dll
+ 2002-08-29 10:41:08 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\nmchat.dll
+ 2002-08-29 10:41:08 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\nmcom.dll
+ 2002-08-29 10:41:08 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\nmft.dll
+ 2002-08-29 10:41:08 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\nmmkcert.dll
+ 2002-08-29 08:34:34 38,272 ------w C:\WINDOWS\ServicePackFiles\i386\nmnt.sys
+ 2002-08-29 10:41:08 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\nmoldwb.dll
+ 2002-08-29 10:41:08 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\nmwb.dll
+ 2002-08-29 10:41:08 157,696 ------w C:\WINDOWS\ServicePackFiles\i386\npdrmv2.dll
+ 2002-08-29 10:41:08 364,544 ------w C:\WINDOWS\ServicePackFiles\i386\npdsplay.dll
+ 2002-08-29 10:41:28 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\nppagent.exe
+ 2002-08-29 10:41:08 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\npptools.dll
+ 2002-08-29 10:41:08 8,223 ------w C:\WINDOWS\ServicePackFiles\i386\npwmsdrm.dll
+ 2002-08-29 04:08:54 47,580 ------w C:\WINDOWS\ServicePackFiles\i386\ntdetect.com
+ 2002-08-29 10:40:42 668,672 ------w C:\WINDOWS\ServicePackFiles\i386\ntdll.dll
+ 2002-08-29 09:13:40 561,920 ------w C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
+ 2002-08-29 04:22:26 33,808 ------w C:\WINDOWS\ServicePackFiles\i386\ntio.sys
+ 2002-08-29 08:04:56 1,891,840 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrnlmp.exe
+ 2002-08-29 08:04:56 1,947,904 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
+ 2002-08-29 08:04:56 1,920,512 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrpamp.exe
+ 2002-08-29 10:41:08 38,400 ------w C:\WINDOWS\ServicePackFiles\i386\ntlanman.dll
+ 2002-08-29 10:41:08 112,128 ------w C:\WINDOWS\ServicePackFiles\i386\ntmarta.dll
+ 2002-08-29 10:41:08 38,400 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsapi.dll
+ 2002-08-29 10:41:08 165,888 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsdba.dll
+ 2002-08-29 10:41:08 392,704 ------w C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
+ 2002-08-29 09:03:30 2,042,240 ------w C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
+ 2002-08-29 10:41:08 80,896 ------w C:\WINDOWS\ServicePackFiles\i386\ntprint.dll
+ 2002-08-29 10:41:08 137,216 ------w C:\WINDOWS\ServicePackFiles\i386\ntshrui.dll
+ 2002-08-29 10:41:28 395,776 ------w C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe
+ 2002-08-29 10:41:10 3,494,303 ------w C:\WINDOWS\ServicePackFiles\i386\nv4_disp.dll
+ 2002-08-29 06:16:30 891,711 ------w C:\WINDOWS\ServicePackFiles\i386\nv4_mini.sys
+ 2002-08-29 10:41:10 133,632 ------w C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
+ 2002-08-29 10:41:10 328,704 ------w C:\WINDOWS\ServicePackFiles\i386\oakley.dll
+ 2002-08-29 10:41:10 12,800 ------w C:\WINDOWS\ServicePackFiles\i386\ocgen.dll
+ 2002-08-29 10:39:36 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\ocmsn.dll
+ 2002-08-29 10:41:10 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\odbc32.dll
+ 2002-08-29 10:41:10 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\odbc32gt.dll
+ 2002-08-29 10:41:28 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\odbcad32.exe
+ 2002-08-29 10:41:10 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\odbcbcp.dll
+ 2002-08-29 10:41:10 122,880 ------w C:\WINDOWS\ServicePackFiles\i386\odbcconf.dll
+ 2002-08-29 10:41:28 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\odbcconf.exe
+ 2002-08-29 10:41:10 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\odbccp32.dll
+ 2002-08-29 10:41:10 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\odbccr32.dll
+ 2002-08-29 10:41:10 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\odbccu32.dll
+ 2002-08-29 10:39:36 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\odbcp32r.dll
+ 2002-08-29 10:41:10 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\odbctrac.dll
+ 2002-08-29 10:41:10 109,568 ------w C:\WINDOWS\ServicePackFiles\i386\offfilt.dll
+ 2002-08-29 08:33:20 55,680 ------w C:\WINDOWS\ServicePackFiles\i386\ohci1394.sys
+ 2002-08-29 10:41:10 1,169,920 ------w C:\WINDOWS\ServicePackFiles\i386\ole32.dll
+ 2002-08-29 10:41:10 569,344 ------w C:\WINDOWS\ServicePackFiles\i386\oleaut32.dll
+ 2002-08-29 10:41:10 413,696 ------w C:\WINDOWS\ServicePackFiles\i386\oledb32.dll
+ 2002-08-29 10:41:10 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\oleprn.dll
+ 2002-08-29 10:41:28 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\oobebaln.exe
+ 2002-08-29 10:41:10 686,080 ------w C:\WINDOWS\ServicePackFiles\i386\opengl32.dll
+ 2002-08-29 08:06:18 157,696 ------w C:\WINDOWS\ServicePackFiles\i386\oschoice.exe
+ 2002-08-29 10:41:28 212,480 ------w C:\WINDOWS\ServicePackFiles\i386\osk.exe
+ 2002-08-29 08:05:20 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\osloader.exe
+ 2002-08-29 08:05:06 37,504 ------w C:\WINDOWS\ServicePackFiles\i386\p3.sys
+ 2002-08-29 10:41:28 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\packager.exe
+ 2002-08-29 08:27:32 76,032 ------w C:\WINDOWS\ServicePackFiles\i386\parport.sys
+ 2002-08-29 10:41:10 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\pautoenr.dll
+ 2002-08-29 10:41:10 97,792 ------w C:\WINDOWS\ServicePackFiles\i386\pchshell.dll
+ 2002-08-29 10:41:10 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\pchsvc.dll
+ 2002-08-29 08:09:12 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\pci.sys
+ 2002-08-29 08:27:48 23,680 ------w C:\WINDOWS\ServicePackFiles\i386\pciidex.sys
+ 2002-08-29 08:09:12 115,712 ------w C:\WINDOWS\ServicePackFiles\i386\pcmcia.sys
+ 2002-08-29 05:59:16 169,984 ------w C:\WINDOWS\ServicePackFiles\i386\pcx500.sys
+ 2002-08-29 10:41:10 254,976 ------w C:\WINDOWS\ServicePackFiles\i386\pdh.dll
+ 2002-08-29 08:31:58 26,752 ------w C:\WINDOWS\ServicePackFiles\i386\perm2.sys
+ 2002-08-29 10:40:44 210,304 ------w C:\WINDOWS\ServicePackFiles\i386\perm2dll.dll
+ 2002-08-29 08:31:58 27,008 ------w C:\WINDOWS\ServicePackFiles\i386\perm3.sys
+ 2002-08-29 10:40:44 252,672 ------w C:\WINDOWS\ServicePackFiles\i386\perm3dd.dll
+ 2002-08-29 09:41:00 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\pid.dll
+ 2002-08-29 08:08:22 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\pidgen.dll
+ 2002-08-29 10:41:28 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ping.exe
+ 2002-08-29 10:41:10 34,304 ------w C:\WINDOWS\ServicePackFiles\i386\pngfilt.dll
+ 2002-08-29 07:37:46 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\popc.dll
+ 2002-08-29 09:01:00 134,272 ------w C:\WINDOWS\ServicePackFiles\i386\portcls.sys
+ 2002-08-29 08:28:06 16,640 ------w C:\WINDOWS\ServicePackFiles\i386\ppa3.sys
+ 2002-08-29 10:41:10 522,240 ------w C:\WINDOWS\ServicePackFiles\i386\printui.dll
+ 2002-08-29 08:05:06 30,592 ------w C:\WINDOWS\ServicePackFiles\i386\processr.sys
+ 2002-08-29 10:41:10 130,048 ------w C:\WINDOWS\ServicePackFiles\i386\ps5ui.dll
+ 2002-08-29 10:41:10 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\psapi.dll
+ 2002-08-29 10:41:10 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\psbase.dll
+ 2002-08-29 08:35:56 66,048 ------w C:\WINDOWS\ServicePackFiles\i386\psched.sys
+ 2002-08-29 10:41:10 455,168 ------w C:\WINDOWS\ServicePackFiles\i386\pscript5.dll
+ 2002-08-29 10:41:10 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\ptpusd.dll
+ 2002-08-29 10:41:10 184,832 ------w C:\WINDOWS\ServicePackFiles\i386\qcap.dll
+ 2002-08-29 10:41:10 357,376 ------w C:\WINDOWS\ServicePackFiles\i386\qdvd.dll
+ 2002-08-29 10:41:10 511,488 ------w C:\WINDOWS\ServicePackFiles\i386\qedit.dll
+ 2002-08-29 10:41:10 221,696 ------w C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
+ 2002-08-29 10:41:10 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\qmgrprxy.dll
+ 2002-08-29 10:41:10 1,142,784 ------w C:\WINDOWS\ServicePackFiles\i386\quartz.dll
+ 2002-08-29 10:41:10 1,349,120 ------w C:\WINDOWS\ServicePackFiles\i386\query.dll
+ 2002-08-29 08:28:34 19,712 ------w C:\WINDOWS\ServicePackFiles\i386\ramdisk.sys
+ 2002-08-29 10:41:10 217,088 ------w C:\WINDOWS\ServicePackFiles\i386\rasapi32.dll
+ 2002-08-29 10:41:10 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\raschap.dll
+ 2002-08-29 10:41:10 631,808 ------w C:\WINDOWS\ServicePackFiles\i386\rasdlg.dll
+ 2002-08-29 09:06:38 48,384 ------w C:\WINDOWS\ServicePackFiles\i386\rasl2tp.sys
+ 2002-08-29 10:41:10 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\rasman.dll
+ 2002-08-29 10:41:10 158,720 ------w C:\WINDOWS\ServicePackFiles\i386\rasmans.dll
+ 2002-08-29 10:41:10 193,536 ------w C:\WINDOWS\ServicePackFiles\i386\rasppp.dll
+ 2002-08-29 09:12:48 46,336 ------w C:\WINDOWS\ServicePackFiles\i386\raspptp.sys
+ 2002-08-29 10:41:10 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\rassapi.dll
+ 2002-08-29 10:41:10 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\rastapi.dll
+ 2002-08-29 10:41:10 91,136 ------w C:\WINDOWS\ServicePackFiles\i386\rastls.dll
+ 2002-08-29 10:41:28 34,304 ------w C:\WINDOWS\ServicePackFiles\i386\rcimlby.exe
+ 2002-08-29 08:58:50 163,328 ------w C:\WINDOWS\ServicePackFiles\i386\rdbss.sys
+ 2002-08-29 10:41:10 135,680 ------w C:\WINDOWS\ServicePackFiles\i386\rdchost.dll
+ 2002-08-29 10:41:28 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\rdpclip.exe
+ 2002-08-29 10:46:44 87,304 ------w C:\WINDOWS\ServicePackFiles\i386\rdpdd.dll
+ 2002-08-29 08:06:36 182,400 ------w C:\WINDOWS\ServicePackFiles\i386\rdpdr.sys
+ 2002-08-29 10:41:10 14,848 ------w C:\WINDOWS\ServicePackFiles\i386\rdpsnd.dll
+ 2002-08-29 10:46:44 115,976 ------w C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys
+ 2002-08-29 10:46:44 75,912 ------w C:\WINDOWS\ServicePackFiles\i386\rdpwsx.dll
+ 2002-08-29 10:41:28 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\rdsaddin.exe
+ 2002-08-29 08:27:46 56,576 ------w C:\WINDOWS\ServicePackFiles\i386\redbook.sys
+ 2002-08-29 04:24:16 3,338 ------w C:\WINDOWS\ServicePackFiles\i386\redir.exe
+ 2002-08-29 10:41:28 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\reg.exe
+ 2002-08-29 10:41:10 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\regapi.dll
+ 2002-08-29 10:41:28 134,144 ------w C:\WINDOWS\ServicePackFiles\i386\regedit.exe
+ 2002-08-29 10:41:10 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\remotepg.dll
+ 2002-08-29 10:41:10 138,240 ------w C:\WINDOWS\ServicePackFiles\i386\repdrvfs.dll
+ 2002-08-29 10:41:10 423,424 ------w C:\WINDOWS\ServicePackFiles\i386\riched20.dll
+ 2002-08-29 10:41:10 530,432 ------w C:\WINDOWS\ServicePackFiles\i386\rpcrt4.dll
+ 2002-08-29 10:41:10 260,608 ------w C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
+ 2002-08-29 10:41:10 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\rrcm.dll
+ 2002-08-29 05:27:32 133,632 ------w C:\WINDOWS\ServicePackFiles\i386\rsaenh.dll
+ 2002-08-29 10:41:10 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\rshx32.dll
+ 2002-08-29 10:41:28 370,688 ------w C:\WINDOWS\ServicePackFiles\i386\rstrui.exe
+ 2002-08-29 10:41:10 548,864 ------w C:\WINDOWS\ServicePackFiles\i386\rtcdll.dll
+ 2002-08-21 03:30:08 203,112 ------w C:\WINDOWS\ServicePackFiles\i386\rtcimsp.dll
+ 2002-08-29 10:41:28 74,240 ------w C:\WINDOWS\ServicePackFiles\i386\rtcshare.exe
+ 2002-08-29 10:41:28 12,800 ------w C:\WINDOWS\ServicePackFiles\i386\runonce.exe
+ 2002-08-29 10:41:12 54,784 ------w C:\WINDOWS\ServicePackFiles\i386\samlib.dll
+ 2002-08-29 10:41:12 696,320 ------w C:\WINDOWS\ServicePackFiles\i386\sapi.dll
+ 2002-08-29 10:41:28 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\savedump.exe
+ 2002-08-29 10:41:12 218,112 ------w C:\WINDOWS\ServicePackFiles\i386\sbe.dll
+ 2002-08-29 10:41:12 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\sbeio.dll
+ 2002-08-29 08:27:58 38,528 ------w C:\WINDOWS\ServicePackFiles\i386\sbp2port.sys
+ 2002-08-29 05:27:34 169,984 ------w C:\WINDOWS\ServicePackFiles\i386\sccbase.dll
+ 2002-08-29 10:41:12 171,008 ------w C:\WINDOWS\ServicePackFiles\i386\sccsccp.dll
+ 2002-08-29 10:41:12 174,592 ------w C:\WINDOWS\ServicePackFiles\i386\scecli.dll
+ 2002-08-29 10:41:12 297,984 ------w C:\WINDOWS\ServicePackFiles\i386\scesrv.dll
+ 2002-08-29 10:41:12 136,704 ------w C:\WINDOWS\ServicePackFiles\i386\schannel.dll
+ 2002-08-29 10:41:12 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
+ 2002-08-29 10:41:12 173,056 ------w C:\WINDOWS\ServicePackFiles\i386\script.dll
+ 2002-08-29 10:41:12 158,720 ------w C:\WINDOWS\ServicePackFiles\i386\script_a.dll
+ 2002-08-29 10:41:30 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\scrnsave.scr
+ 2002-08-29 08:27:50 90,240 ------w C:\WINDOWS\ServicePackFiles\i386\scsiport.sys
+ 2002-08-29 10:41:28 71,168 ------w C:\WINDOWS\ServicePackFiles\i386\sdbinst.exe
+ 2001-08-18 18:00:00 27,440 ------w C:\WINDOWS\ServicePackFiles\i386\secdrv.sys
+ 2002-04-11 00:18:00 4,573 ------w C:\WINDOWS\ServicePackFiles\i386\secupd.dat
+ 2002-08-29 10:41:12 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\secur32.dll
+ 2002-08-29 10:41:12 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\sens.dll
+ 2002-08-29 10:41:12 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\sensapi.dll
+ 2002-08-29 09:08:28 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\serial.sys
+ 2002-08-29 10:41:28 129,024 ------w C:\WINDOWS\ServicePackFiles\i386\sessmgr.exe
+ 2002-08-29 10:41:28 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\setup.exe
+ 2002-08-29 10:41:28 221,184 ------w C:\WINDOWS\ServicePackFiles\i386\setup_wm.exe
+ 2002-08-29 10:41:28 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\setup50.exe
+ 2002-08-29 10:41:12 932,864 ------w C:\WINDOWS\ServicePackFiles\i386\setupapi.dll
+ 2002-08-29 10:41:12 99,328 ------w C:\WINDOWS\ServicePackFiles\i386\setupqry.dll
+ 2002-08-29 10:41:12 133,120 ------w C:\WINDOWS\ServicePackFiles\i386\sfc_os.dll
+ 2002-08-29 10:41:12 1,157,632 ------w C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
+ 2002-08-29 08:27:58 10,496 ------w C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
+ 2002-08-29 10:41:12 1,341,440 ------w C:\WINDOWS\ServicePackFiles\i386\shdocvw.dll
+ 2002-08-29 10:41:12 8,336,384 ------w C:\WINDOWS\ServicePackFiles\i386\shell32.dll
+ 2002-08-29 10:41:12 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\shfolder.dll
+ 2002-08-29 10:41:12 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\shgina.dll
+ 2002-08-29 10:41:12 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\shimeng.dll
+ 2002-08-29 10:41:12 420,864 ------w C:\WINDOWS\ServicePackFiles\i386\shimgvw.dll
+ 2002-08-29 10:41:12 401,920 ------w C:\WINDOWS\ServicePackFiles\i386\shlwapi.dll
+ 2002-08-29 10:41:28 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\shmgrate.exe
+ 2002-08-29 10:41:12 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
+ 2002-08-29 10:41:12 20,536 ------w C:\WINDOWS\ServicePackFiles\i386\shtml.dll
+ 2002-08-29 10:41:28 16,437 ------w C:\WINDOWS\ServicePackFiles\i386\shtml.exe
+ 2002-08-29 10:41:12 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\sigtab.dll
+ 2002-08-29 10:41:28 66,048 ------w C:\WINDOWS\ServicePackFiles\i386\sigverif.exe
+ 2002-08-29 10:41:28 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\skeys.exe
+ 2002-08-29 05:59:32 63,547 ------w C:\WINDOWS\ServicePackFiles\i386\sla30nd5.sys
+ 2002-08-29 10:41:12 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\slayerxp.dll
+ 2002-08-29 08:09:04 5,504 ------w C:\WINDOWS\ServicePackFiles\i386\smbali.sys
+ 2002-08-29 08:09:02 14,976 ------w C:\WINDOWS\ServicePackFiles\i386\smbbatt.sys
+ 2002-08-29 08:09:04 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\smbclass.sys
+ 2002-08-29 10:41:28 226,304 ------w C:\WINDOWS\ServicePackFiles\i386\smi2smir.exe
+ 2002-08-29 10:41:12 334,848 ------w C:\WINDOWS\ServicePackFiles\i386\smlogcfg.dll
+ 2002-08-29 10:41:28 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\smlogsvc.exe
+ 2002-08-29 10:41:28 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\smss.exe
+ 2002-08-29 10:41:14 431,616 ------w C:\WINDOWS\ServicePackFiles\i386\smtpsvc.dll
+ 2002-08-29 10:41:28 4,608 ------w C:\WINDOWS\ServicePackFiles\i386\snchk.exe
+ 2002-08-29 10:41:28 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\snmp.exe
+ 2002-08-29 10:41:14 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\snmpapi.dll
+ 2002-08-29 10:41:14 246,784 ------w C:\WINDOWS\ServicePackFiles\i386\snmpcl.dll
+ 2002-08-29 10:41:14 345,600 ------w C:\WINDOWS\ServicePackFiles\i386\snmpincl.dll
+ 2002-08-29 10:41:14 182,784 ------w C:\WINDOWS\ServicePackFiles\i386\snmpsmir.dll
+ 2002-08-29 10:41:14 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\snmpthrd.dll
+ 2002-08-29 10:41:14 121,344 ------w C:\WINDOWS\ServicePackFiles\i386\softkbd.dll
+ 2002-08-29 08:33:16 24,448 ------w C:\WINDOWS\ServicePackFiles\i386\sonydcam.sys
+ 2002-08-29 08:11:52 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\spgrmr.dll
+ 2002-08-29 10:41:28 534,016 ------w C:\WINDOWS\ServicePackFiles\i386\spider.exe
+ 2002-08-29 08:32:28 5,888 ------w C:\WINDOWS\ServicePackFiles\i386\splitter.sys
+ 2002-08-29 10:41:14 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\spoolss.dll
+ 2002-08-29 10:41:18 235,520 ------w C:\WINDOWS\ServicePackFiles\i386\sptip.dll
+ 2002-07-12 03:47:56 471,040 ------w C:\WINDOWS\ServicePackFiles\i386\sqloledb.dll
+ 2002-08-08 01:25:02 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\sqlsrv32.dll
+ 2002-08-29 10:41:18 196,608 ------w C:\WINDOWS\ServicePackFiles\i386\sqlxmlx.dll
+ 2002-08-29 08:17:58 69,248 ------w C:\WINDOWS\ServicePackFiles\i386\sr.sys
+ 2002-08-29 10:41:18 798,782 ------w C:\WINDOWS\ServicePackFiles\i386\srchui.dll
+ 2002-08-29 10:41:18 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\srclient.dll
+ 2002-08-29 10:41:18 226,304 ------w C:\WINDOWS\ServicePackFiles\i386\srrstr.dll
+ 2002-08-29 10:41:18 158,720 ------w C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
+ 2002-08-29 10:41:30 667,648 ------w C:\WINDOWS\ServicePackFiles\i386\ss3dfo.scr
+ 2002-08-29 10:41:30 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\ssbezier.scr
+ 2002-08-29 10:41:18 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ssdpapi.dll
+ 2002-08-29 10:41:18 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll
+ 2002-08-29 10:41:30 364,544 ------w C:\WINDOWS\ServicePackFiles\i386\ssflwbox.scr
+ 2002-08-29 10:41:30 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\ssmarque.scr
+ 2002-08-29 10:41:30 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\ssmyst.scr
+ 2002-08-29 10:41:32 569,344 ------w C:\WINDOWS\ServicePackFiles\i386\sspipes.scr
+ 2002-08-29 10:41:32 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\ssstars.scr
+ 2002-08-29 10:41:32 638,976 ------w C:\WINDOWS\ServicePackFiles\i386\sstext3d.scr
+ 2002-08-29 10:41:18 80,896 ------w C:\WINDOWS\ServicePackFiles\i386\stdprov.dll
+ 2002-08-29 10:41:18 61,952 ------w C:\WINDOWS\ServicePackFiles\i386\sti.dll
+ 2002-08-29 10:41:18 130,560 ------w C:\WINDOWS\ServicePackFiles\i386\sti_ci.dll
+ 2002-08-29 10:41:18 117,760 ------w C:\WINDOWS\ServicePackFiles\i386\stobject.dll
+ 2002-08-29 10:41:18 71,168 ------w C:\WINDOWS\ServicePackFiles\i386\storprop.dll
+ 2002-08-29 08:32:34 44,416 ------w C:\WINDOWS\ServicePackFiles\i386\stream.sys
+ 2002-08-29 10:41:18 251,904 ------w C:\WINDOWS\ServicePackFiles\i386\strmdll.dll
+ 2002-08-29 10:41:28 16,449 ------w C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvadm.exe
+ 2002-08-29 10:41:28 65,601 ------w C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvwin.exe
+ 2002-08-29 10:41:18 674,816 ------w C:\WINDOWS\ServicePackFiles\i386\sxs.dll
+ 2002-08-29 09:01:18 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\sysaudio.sys
+ 2002-08-29 10:41:18 141,312 ------w C:\WINDOWS\ServicePackFiles\i386\sysmod.dll
+ 2002-08-29 10:41:18 130,048 ------w C:\WINDOWS\ServicePackFiles\i386\sysmod_a.dll
+ 2002-08-29 10:41:18 938,496 ------w C:\WINDOWS\ServicePackFiles\i386\syssetup.dll
+ 2002-08-29 08:28:00 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\tape.sys
+ 2002-08-29 10:41:18 165,376 ------w C:\WINDOWS\ServicePackFiles\i386\tapi32.dll
+ 2002-08-29 10:41:18 233,984 ------w C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll
+ 2002-08-29 10:41:28 128,512 ------w C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe
+ 2002-08-29 08:58:12 332,928 ------w C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
+ 2002-08-29 08:37:54 196,288 ------w C:\WINDOWS\ServicePackFiles\i386\tcpip6.sys
+ 2002-08-29 10:41:28 32,827 ------w C:\WINDOWS\ServicePackFiles\i386\tcptest.exe
+ 2002-05-15 01:16:22 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\tcptsat.dll
+ 2002-08-29 10:41:28 71,168 ------w C:\WINDOWS\ServicePackFiles\i386\telnet.exe
+ 2002-08-29 10:46:42 38,024 ------w C:\WINDOWS\ServicePackFiles\i386\termdd.sys
+ 2002-08-29 10:41:18 200,192 ------w C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
+ 2002-08-29 08:28:00 143,104 ------w C:\WINDOWS\ServicePackFiles\i386\tffsport.sys
+ 2002-08-29 10:41:18 384,000 ------w C:\WINDOWS\ServicePackFiles\i386\themeui.dll
+ 2002-08-29 10:41:28 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\tracert.exe
+ 2002-08-29 10:41:18 146,432 ------w C:\WINDOWS\ServicePackFiles\i386\triedit.dll
+ 2002-08-29 10:41:18 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\trkwks.dll
+ 2002-08-29 10:41:18 88,064 ------w C:\WINDOWS\ServicePackFiles\i386\tscfgwmi.dll
+ 2002-08-29 08:40:46 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\tscupgrd.exe
+ 2002-08-29 10:41:18 113,664 ------w C:\WINDOWS\ServicePackFiles\i386\tsoc.dll
+ 2002-08-29 08:35:44 9,856 ------w C:\WINDOWS\ServicePackFiles\i386\tunmp.sys
+ 2002-08-29 08:06:20 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\udfs.sys
+ 2002-08-29 10:41:18 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\udhisapi.dll
+ 2002-08-29 10:41:18 32,256 ------w C:\WINDOWS\ServicePackFiles\i386\umandlg.dll
+ 2002-08-29 10:41:18 107,008 ------w C:\WINDOWS\ServicePackFiles\i386\umpnpmgr.dll
+ 2002-08-29 10:41:18 252,416 ------w C:\WINDOWS\ServicePackFiles\i386\unidrv.dll
+ 2002-08-29 10:41:18 197,120 ------w C:\WINDOWS\ServicePackFiles\i386\unidrvui.dll
+ 2002-08-29 10:41:28 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\unregmp2.exe
+ 2002-08-29 10:41:18 302,080 ------w C:\WINDOWS\ServicePackFiles\i386\untfs.dll
+ 2002-08-29 10:41:18 120,320 ------w C:\WINDOWS\ServicePackFiles\i386\upnp.dll
+ 2002-08-29 10:41:18 164,864 ------w C:\WINDOWS\ServicePackFiles\i386\upnphost.dll
+ 2002-08-29 10:41:18 231,424 ------w C:\WINDOWS\ServicePackFiles\i386\upnpui.dll
+ 2002-08-29 10:41:28 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ups.exe
+ 2002-08-29 10:41:18 106,496 ------w C:\WINDOWS\ServicePackFiles\i386\url.dll
+ 2002-08-29 10:41:18 455,680 ------w C:\WINDOWS\ServicePackFiles\i386\urlmon.dll
+ 2002-08-29 05:59:22 32,384 ------w C:\WINDOWS\ServicePackFiles\i386\usb101et.sys
+ 2002-08-29 08:32:32 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\usbaudio.sys
+ 2002-08-29 08:32:54 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\usbccgp.sys
+ 2002-08-29 08:32:50 19,328 ------w C:\WINDOWS\ServicePackFiles\i386\usbehci.sys
+ 2002-08-29 08:32:50 51,968 ------w C:\WINDOWS\ServicePackFiles\i386\usbhub.sys
+ 2002-08-29 08:32:56 15,232 ------w C:\WINDOWS\ServicePackFiles\i386\usbintel.sys
+ 2002-08-29 08:32:50 15,744 ------w C:\WINDOWS\ServicePackFiles\i386\usbohci.sys
+ 2002-08-29 08:32:52 135,552 ------w C:\WINDOWS\ServicePackFiles\i386\usbport.sys
+ 2002-08-29 08:50:02 24,960 ------w C:\WINDOWS\ServicePackFiles\i386\usbprint.sys
+ 2002-08-29 08:48:52 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\usbscan.sys
+ 2002-08-29 08:32:52 21,760 ------w C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
+ 2002-08-29 08:32:50 19,328 ------w C:\WINDOWS\ServicePackFiles\i386\usbuhci.sys
+ 2002-08-29 10:41:18 560,128 ------w C:\WINDOWS\ServicePackFiles\i386\user32.dll
+ 2002-08-29 10:41:18 667,136 ------w C:\WINDOWS\ServicePackFiles\i386\userenv.dll
+ 2002-08-29 10:41:28 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\userinit.exe
+ 2002-08-29 10:41:18 339,456 ------w C:\WINDOWS\ServicePackFiles\i386\usp10.dll
+ 2002-08-29 10:41:28 47,616 ------w C:\WINDOWS\ServicePackFiles\i386\utilman.exe
+ 2002-08-29 10:41:18 203,264 ------w C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
+ 2002-08-29 10:41:18 479,261 ------w C:\WINDOWS\ServicePackFiles\i386\vbscript.dll
+ 2002-08-29 10:41:18 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\vdmredir.dll
+ 2002-08-29 10:41:18 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\vfwwdm32.dll
+ 2002-08-29 08:32:04 19,712 ------w C:\WINDOWS\ServicePackFiles\i386\vga.sys
+ 2002-08-29 10:41:18 802,304 ------w C:\WINDOWS\ServicePackFiles\i386\vgx.dll
+ 2002-08-29 08:27:50 4,864 ------w C:\WINDOWS\ServicePackFiles\i386\viaide.sys
+ 2002-08-29 08:32:06 70,912 ------w C:\WINDOWS\ServicePackFiles\i386\videoprt.sys
+ 2002-08-29 10:41:18 409,088 ------w C:\WINDOWS\ServicePackFiles\i386\vssapi.dll
+ 2002-08-29 10:41:18 165,376 ------w C:\WINDOWS\ServicePackFiles\i386\w32time.dll
+ 2002-08-29 10:41:18 444,928 ------w C:\WINDOWS\ServicePackFiles\i386\w95upgnt.dll
+ 2002-08-29 10:41:18 459,776 ------w C:\WINDOWS\ServicePackFiles\i386\wab32.dll
+ 2002-08-29 10:39:24 249,344 ------w C:\WINDOWS\ServicePackFiles\i386\wab32res.dll
+ 2002-08-29 08:28:36 13,056 ------w C:\WINDOWS\ServicePackFiles\i386\wacompen.sys
+ 2002-08-29 08:32:22 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\watchdog.sys
+ 2002-08-29 10:41:18 215,040 ------w C:\WINDOWS\ServicePackFiles\i386\wbemcomn.dll
+ 2002-08-29 10:41:18 480,256 ------w C:\WINDOWS\ServicePackFiles\i386\wbemcore.dll
+ 2002-08-29 10:41:18 259,072 ------w C:\WINDOWS\ServicePackFiles\i386\wbemess.dll
+ 2002-08-29 10:41:18 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\wbemprox.dll
+ 2002-08-29 10:41:18 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\wbemupgd.dll
+ 2002-08-29 09:00:48 77,440 ------w C:\WINDOWS\ServicePackFiles\i386\wdmaud.sys
+ 2002-08-29 10:41:18 258,048 ------w C:\WINDOWS\ServicePackFiles\i386\webcheck.dll
+ 2002-08-29 10:41:18 61,952 ------w C:\WINDOWS\ServicePackFiles\i386\webclnt.dll
+ 2002-08-29 10:41:18 124,928 ------w C:\WINDOWS\ServicePackFiles\i386\webvw.dll
+ 2002-08-29 10:41:28 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\wextract.exe
+ 2002-08-29 10:41:18 119,808 ------w C:\WINDOWS\ServicePackFiles\i386\wiadss.dll
+ 2002-08-29 10:41:18 316,416 ------w C:\WINDOWS\ServicePackFiles\i386\wiaservc.dll
+ 2002-08-29 09:14:20 1,813,632 ------w C:\WINDOWS\ServicePackFiles\i386\win32k.sys
+ 2002-08-29 10:41:18 99,328 ------w C:\WINDOWS\ServicePackFiles\i386\win32spl.dll
+ 2002-08-29 08:09:00 403,456 ------w C:\WINDOWS\ServicePackFiles\i386\winbrand.dll
+ 2002-08-29 10:41:28 266,752 ------w C:\WINDOWS\ServicePackFiles\i386\winhlp32.exe
+ 2002-08-29 10:41:18 310,272 ------w C:\WINDOWS\ServicePackFiles\i386\winhttp.dll
+ 2002-08-29 10:41:18 599,040 ------w C:\WINDOWS\ServicePackFiles\i386\wininet.dll
+ 2002-08-29 10:41:28 516,608 ------w C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
+ 2002-08-29 10:41:18 171,520 ------w C:\WINDOWS\ServicePackFiles\i386\winmm.dll
+ 2002-08-29 10:41:32 132,096 ------w C:\WINDOWS\ServicePackFiles\i386\winspool.drv
+ 2002-08-29 10:41:18 276,480 ------w C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
+ 2002-08-29 10:41:18 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\winsta.dll
+ 2002-08-29 10:41:18 168,448 ------w

ccogswel
2008-05-12, 01:15
C:\WINDOWS\ServicePackFiles\i386\wldap32.dll
+ 2002-08-29 05:59:26 154,624 ------w C:\WINDOWS\ServicePackFiles\i386\wlluc48.sys
+ 2002-08-29 10:41:18 86,528 ------w C:\WINDOWS\ServicePackFiles\i386\wlnotify.dll
+ 2002-08-29 10:41:18 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\wmadmod.dll
+ 2002-08-29 10:41:18 442,398 ------w C:\WINDOWS\ServicePackFiles\i386\wmadmoe.dll
+ 2002-08-29 10:41:18 274,432 ------w C:\WINDOWS\ServicePackFiles\i386\wmasf.dll
+ 2002-08-29 10:39:24 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\wmerrenu.dll
+ 2002-08-29 10:41:18 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\wmicookr.dll
+ 2002-08-29 10:41:18 138,752 ------w C:\WINDOWS\ServicePackFiles\i386\wmidcprv.dll
+ 2002-08-29 10:41:18 149,504 ------w C:\WINDOWS\ServicePackFiles\i386\wmipcima.dll
+ 2002-08-29 10:41:18 122,368 ------w C:\WINDOWS\ServicePackFiles\i386\wmiprov.dll
+ 2002-08-29 10:41:18 408,576 ------w C:\WINDOWS\ServicePackFiles\i386\wmiprvsd.dll
+ 2002-08-29 10:41:28 203,776 ------w C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe
+ 2002-08-29 10:41:18 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\wmipsess.dll
+ 2002-08-29 10:41:18 101,376 ------w C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
+ 2002-08-29 10:41:18 96,256 ------w C:\WINDOWS\ServicePackFiles\i386\wmiutils.dll
+ 2002-08-29 10:41:18 110,648 ------w C:\WINDOWS\ServicePackFiles\i386\wmmfilt.dll
+ 2002-08-29 10:39:24 319,542 ------w C:\WINDOWS\ServicePackFiles\i386\wmmres.dll
+ 2002-08-29 10:41:18 163,897 ------w C:\WINDOWS\ServicePackFiles\i386\wmmutil.dll
+ 2002-08-29 10:41:18 253,952 ------w C:\WINDOWS\ServicePackFiles\i386\wmnetmgr.dll
+ 2002-08-29 10:41:18 253,952 ------w C:\WINDOWS\ServicePackFiles\i386\wmpcd.dll
+ 2002-08-29 10:41:18 1,298,432 ------w C:\WINDOWS\ServicePackFiles\i386\wmpcore.dll
+ 2002-08-29 10:41:28 520,192 ------w C:\WINDOWS\ServicePackFiles\i386\wmplayer.exe
+ 2002-08-29 10:39:24 1,998,848 ------w C:\WINDOWS\ServicePackFiles\i386\wmploc.dll
+ 2002-08-29 10:41:18 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\wmpshell.dll
+ 2002-08-29 10:41:28 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\wmpstub.exe
+ 2002-08-29 10:41:18 1,404,928 ------w C:\WINDOWS\ServicePackFiles\i386\wmpui.dll
+ 2002-08-29 10:41:18 520,192 ------w C:\WINDOWS\ServicePackFiles\i386\wmpvis.dll
+ 2002-08-29 10:41:18 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\wmsdmod.dll
+ 2002-08-29 10:41:18 118,784 ------w C:\WINDOWS\ServicePackFiles\i386\wmsdmoe.dll
+ 2002-08-29 10:41:18 296,448 ------w C:\WINDOWS\ServicePackFiles\i386\wmstream.dll
+ 2002-08-29 10:41:18 311,327 ------w C:\WINDOWS\ServicePackFiles\i386\wmv8dmod.dll
+ 2002-08-29 10:41:20 1,220,608 ------w C:\WINDOWS\ServicePackFiles\i386\wmvcore.dll
+ 2002-08-29 10:41:20 1,677,312 ------w C:\WINDOWS\ServicePackFiles\i386\wmvcore2.dll
+ 2002-08-29 10:41:20 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\wmvdmod.dll
+ 2002-08-29 10:41:20 446,464 ------w C:\WINDOWS\ServicePackFiles\i386\wmvdmoe.dll
+ 2002-08-29 10:41:28 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\wordpad.exe
+ 2002-08-29 10:41:20 247,808 ------w C:\WINDOWS\ServicePackFiles\i386\wow32.dll
+ 2002-08-29 10:41:20 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\wship6.dll
+ 2002-08-29 10:41:20 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\wsnmp32.dll
+ 2002-08-29 10:41:20 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\wtsapi32.dll
+ 2002-08-29 10:41:28 139,776 ------w C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
+ 2002-08-29 10:41:20 189,440 ------w C:\WINDOWS\ServicePackFiles\i386\wuaueng.dll
+ 2002-08-29 10:41:20 9,216 ------w C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
+ 2002-08-29 10:41:20 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\wzcdlg.dll
+ 2002-08-29 10:41:20 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\wzcsapi.dll
+ 2002-08-29 10:41:20 264,704 ------w C:\WINDOWS\ServicePackFiles\i386\wzcsvc.dll
+ 2002-08-29 10:41:20 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\xactsrv.dll
+ 2002-07-17 01:55:02 172,664 ------w C:\WINDOWS\ServicePackFiles\i386\xenroll.dll
+ 2002-08-29 08:03:28 187,904 ------w C:\WINDOWS\ServicePackFiles\i386\xpsp1res.dll
+ 2002-08-29 10:41:20 316,416 ------w C:\WINDOWS\ServicePackFiles\i386\zipfldr.dll
- 2001-08-18 10:00:00 794,686 ----a-w C:\WINDOWS\srchasst\srchui.dll
+ 2002-08-29 10:41:18 798,782 ----a-w C:\WINDOWS\srchasst\srchui.dll
- 2001-08-18 18:00:00 131,584 ----a-w C:\WINDOWS\system\WINSPOOL.DRV
+ 2002-08-29 10:41:32 132,096 ----a-w C:\WINDOWS\system\winspool.drv
- 2001-08-18 18:00:00 35,840 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2002-08-29 10:40:48 59,392 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2001-08-18 18:00:00 160,768 ----a-w C:\WINDOWS\system32\adsldp.dll
+ 2002-08-29 10:40:48 162,816 ----a-w C:\WINDOWS\system32\adsldp.dll
- 2001-08-18 18:00:00 139,264 ----a-w C:\WINDOWS\system32\adsldpc.dll
+ 2002-08-29 10:40:48 139,776 ----a-w C:\WINDOWS\system32\adsldpc.dll
- 2001-08-18 18:00:00 62,464 ----a-w C:\WINDOWS\system32\adsmsext.dll
+ 2002-08-29 10:40:48 62,464 ----a-w C:\WINDOWS\system32\adsmsext.dll
- 2001-08-18 18:00:00 239,616 ----a-w C:\WINDOWS\system32\adsnt.dll
+ 2002-08-29 10:40:48 239,616 ----a-w C:\WINDOWS\system32\adsnt.dll
- 2001-08-18 18:00:00 549,888 ----a-w C:\WINDOWS\system32\advapi32.dll
+ 2002-08-29 10:40:48 558,080 ----a-w C:\WINDOWS\system32\advapi32.dll
- 2001-08-18 18:00:00 91,136 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2002-08-29 10:40:48 91,136 ----a-w C:\WINDOWS\system32\advpack.dll
- 2001-08-18 18:00:00 84,992 ----a-w C:\WINDOWS\system32\ahui.exe
+ 2002-08-29 10:41:20 91,648 ----a-w C:\WINDOWS\system32\ahui.exe
- 2001-08-18 18:00:00 40,960 ----a-w C:\WINDOWS\system32\alg.exe
+ 2002-08-29 10:41:20 41,984 ----a-w C:\WINDOWS\system32\alg.exe
- 2001-08-18 18:00:00 104,448 ----a-w C:\WINDOWS\system32\apphelp.dll
+ 2002-08-29 10:40:48 115,712 ----a-w C:\WINDOWS\system32\apphelp.dll
- 2001-08-18 18:00:00 5,120 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2002-08-29 10:40:06 5,120 ----a-w C:\WINDOWS\system32\asferror.dll
- 2001-08-18 18:00:00 14,366 ----a-w C:\WINDOWS\system32\asfsipc.dll
+ 2002-08-29 10:40:48 14,366 ----a-w C:\WINDOWS\system32\asfsipc.dll
- 2001-08-18 18:00:00 22,528 ----a-w C:\WINDOWS\system32\at.exe
+ 2002-08-29 10:41:20 22,528 ----a-w C:\WINDOWS\system32\at.exe
+ 2002-08-29 10:40:48 377,984 ------w C:\WINDOWS\system32\ati2dvaa.dll
+ 2002-08-29 10:40:48 202,496 ------w C:\WINDOWS\system32\ati2dvag.dll
- 2001-08-18 18:00:00 74,802 ----a-w C:\WINDOWS\system32\atl.dll
+ 2002-08-29 10:40:50 74,810 ----a-w C:\WINDOWS\system32\atl.dll
- 2001-08-18 18:00:00 37,888 ----a-w C:\WINDOWS\system32\audiosrv.dll
+ 2002-08-29 10:40:50 38,912 ----a-w C:\WINDOWS\system32\audiosrv.dll
- 2001-08-18 18:00:00 565,760 ----a-w C:\WINDOWS\system32\autochk.exe
+ 2002-08-29 10:41:20 565,760 ----a-w C:\WINDOWS\system32\autochk.exe
- 2001-08-18 18:00:00 8,192 ----a-w C:\WINDOWS\system32\autolfn.exe
+ 2002-08-29 10:41:20 8,192 ----a-w C:\WINDOWS\system32\autolfn.exe
- 2001-08-18 18:00:00 76,288 ----a-w C:\WINDOWS\system32\avifil32.dll
+ 2002-08-29 10:40:50 76,288 ----a-w C:\WINDOWS\system32\avifil32.dll
- 2001-08-18 18:00:00 45,056 ----a-w C:\WINDOWS\system32\basesrv.dll
+ 2002-08-29 10:40:50 44,032 ----a-w C:\WINDOWS\system32\basesrv.dll
- 2001-08-18 18:00:00 6,656 ----a-w C:\WINDOWS\system32\batt.dll
+ 2002-08-29 10:40:50 6,656 ----a-w C:\WINDOWS\system32\batt.dll
- 2001-08-18 18:00:00 62,976 ----a-w C:\WINDOWS\system32\browselc.dll
+ 2002-08-29 10:40:10 62,976 ----a-w C:\WINDOWS\system32\browselc.dll
- 2001-08-18 18:00:00 49,152 ----a-w C:\WINDOWS\system32\browser.dll
+ 2002-08-29 10:40:50 49,152 ----a-w C:\WINDOWS\system32\browser.dll
- 2001-08-18 18:00:00 1,020,416 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2002-08-29 10:40:50 1,021,952 ----a-w C:\WINDOWS\system32\browseui.dll
- 2001-08-18 18:00:00 71,680 ----a-w C:\WINDOWS\system32\browsewm.dll
+ 2002-08-29 10:40:50 71,680 ----a-w C:\WINDOWS\system32\browsewm.dll
- 2001-08-18 18:00:00 58,880 ----a-w C:\WINDOWS\system32\cabinet.dll
+ 2002-08-29 10:40:50 59,904 ----a-w C:\WINDOWS\system32\cabinet.dll
- 2001-08-18 10:00:00 583,168 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2002-08-29 10:40:50 582,656 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2001-08-18 18:00:00 184,320 ----a-w C:\WINDOWS\system32\certcli.dll
+ 2002-08-29 10:40:50 186,880 ----a-w C:\WINDOWS\system32\certcli.dll
- 2001-08-18 18:00:00 179,712 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2002-08-29 10:40:50 179,712 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2001-08-18 10:00:00 32,768 ----a-w C:\WINDOWS\system32\cfgbkend.dll
+ 2002-08-29 10:40:50 32,768 ----a-w C:\WINDOWS\system32\cfgbkend.dll
- 2001-08-18 18:00:00 62,976 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2002-08-29 10:40:50 64,512 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2001-08-18 18:00:00 10,752 ----a-w C:\WINDOWS\system32\clb.dll
+ 2001-08-18 10:00:00 100,864 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2001-08-18 10:00:00 468,480 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2008-05-02 15:55:24 1,695 ----a-w C:\WINDOWS\system32\clbcfg.dat
- 2001-08-18 10:00:00 98,816 ----a-w C:\WINDOWS\system32\clipbrd.exe
+ 2002-08-29 10:41:20 98,816 ----a-w C:\WINDOWS\system32\clipbrd.exe
- 2001-08-18 18:00:00 53,248 ----a-w C:\WINDOWS\system32\clusapi.dll
+ 2002-08-29 10:40:50 54,272 ----a-w C:\WINDOWS\system32\clusapi.dll
- 2001-08-18 18:00:00 314,880 ----a-w C:\WINDOWS\system32\cmdial32.dll
+ 2002-08-29 10:40:50 324,608 ----a-w C:\WINDOWS\system32\cmdial32.dll
- 2001-08-18 18:00:00 41,472 ----a-w C:\WINDOWS\system32\cmdl32.exe
+ 2002-08-29 10:41:22 41,472 ----a-w C:\WINDOWS\system32\cmdl32.exe
- 2001-08-18 10:00:00 186,880 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2002-08-29 10:40:50 186,880 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2001-08-18 18:00:00 557,568 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2002-08-29 10:40:50 557,056 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2001-08-18 18:00:00 258,048 ----a-w C:\WINDOWS\system32\comdlg32.dll
+ 2002-08-29 10:40:50 258,048 ----a-w C:\WINDOWS\system32\comdlg32.dll
- 2001-08-18 18:00:00 238,592 ----a-w C:\WINDOWS\system32\compatUI.dll
+ 2002-08-29 10:40:50 238,592 ----a-w C:\WINDOWS\system32\compatui.dll
- 2001-08-18 10:00:00 1,139,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2002-08-29 10:40:50 1,172,992 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2008-05-09 18:01:34 16,384 ------w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-10 15:56:52 16,384 ------w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-09 18:01:34 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-10 15:56:52 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-09 18:21:58 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
+ 2008-05-10 19:16:26 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
- 2001-08-18 18:00:00 24,576 ----a-w C:\WINDOWS\system32\conime.exe
+ 2002-08-29 10:41:22 24,576 ----a-w C:\WINDOWS\system32\conime.exe
- 2001-08-18 18:00:00 161,792 ----a-w C:\WINDOWS\system32\credui.dll
+ 2002-08-29 10:40:50 158,720 ----a-w C:\WINDOWS\system32\credui.dll
- 2001-08-18 18:00:00 554,496 ----a-w C:\WINDOWS\system32\crypt32.dll
+ 2002-08-29 10:40:50 557,568 ----a-w C:\WINDOWS\system32\crypt32.dll
- 2001-08-18 18:00:00 70,144 ----a-w C:\WINDOWS\system32\cryptdlg.dll
+ 2002-08-29 10:40:50 70,144 ----a-w C:\WINDOWS\system32\cryptdlg.dll
- 2001-08-18 18:00:00 51,200 ----a-w C:\WINDOWS\system32\cryptsvc.dll
+ 2002-08-29 10:40:50 53,248 ----a-w C:\WINDOWS\system32\cryptsvc.dll
- 2001-08-18 18:00:00 470,016 ----a-w C:\WINDOWS\system32\cryptui.dll
+ 2002-08-29 10:40:50 471,040 ----a-w C:\WINDOWS\system32\cryptui.dll
- 2001-08-18 18:00:00 305,664 ----a-w C:\WINDOWS\system32\cscui.dll
+ 2002-08-29 10:40:50 307,712 ----a-w C:\WINDOWS\system32\cscui.dll
- 2001-08-18 18:00:00 29,184 ----a-w C:\WINDOWS\system32\csrsrv.dll
+ 2002-08-29 10:40:50 29,184 ----a-w C:\WINDOWS\system32\csrsrv.dll
- 2001-08-18 18:00:00 13,312 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2002-08-29 10:41:22 13,312 ----a-w C:\WINDOWS\system32\ctfmon.exe
- 2001-08-18 18:00:00 986,112 ----a-w C:\WINDOWS\system32\danim.dll
+ 2002-08-29 10:40:50 986,112 ----a-w C:\WINDOWS\system32\danim.dll
- 2001-08-18 18:00:00 486,400 ----a-w C:\WINDOWS\system32\dbghelp.dll
+ 2002-08-29 10:40:50 489,984 ----a-w C:\WINDOWS\system32\dbghelp.dll
- 2001-08-18 18:00:00 20,480 ----a-w C:\WINDOWS\system32\dbmsadsn.dll
+ 2002-08-29 10:40:50 20,480 ----a-w C:\WINDOWS\system32\dbmsadsn.dll
- 2001-08-18 18:00:00 24,576 ----a-w C:\WINDOWS\system32\dbmsrpcn.dll
+ 2002-08-29 07:36:06 24,576 ----a-w C:\WINDOWS\system32\dbmsrpcn.dll
- 2001-08-18 18:00:00 24,576 ----a-w C:\WINDOWS\system32\dbmsvinn.dLL
+ 2002-08-29 07:36:06 24,576 ----a-w C:\WINDOWS\system32\dbmsvinn.dll
- 2001-08-18 18:00:00 65,536 ----a-w C:\WINDOWS\system32\dbnetlib.dll
+ 2002-08-29 10:40:00 61,440 ----a-w C:\WINDOWS\system32\dbnetlib.dll
- 2001-08-18 18:00:00 28,672 ----a-w C:\WINDOWS\system32\dbnmpntw.dll
+ 2002-08-29 07:34:36 28,672 ----a-w C:\WINDOWS\system32\dbnmpntw.dll
+ 2002-08-29 10:57:58 1,740 ----a-w C:\WINDOWS\system32\dcache.bin
- 2001-08-18 18:00:00 109,568 ----a-w C:\WINDOWS\system32\defrag.exe
+ 2002-08-29 10:41:22 70,656 ----a-w C:\WINDOWS\system32\defrag.exe
- 2001-08-18 18:00:00 263,680 ----a-w C:\WINDOWS\system32\devmgr.dll
+ 2002-08-29 10:40:50 263,168 ----a-w C:\WINDOWS\system32\devmgr.dll
- 2001-08-18 18:00:00 73,216 ----a-w C:\WINDOWS\system32\dfrgfat.exe
+ 2002-08-29 10:41:22 76,288 ----a-w C:\WINDOWS\system32\dfrgfat.exe
- 2001-08-18 18:00:00 85,504 ----a-w C:\WINDOWS\system32\dfrgntfs.exe
+ 2002-08-29 10:41:22 99,328 ----a-w C:\WINDOWS\system32\dfrgntfs.exe
- 2001-08-18 18:00:00 41,984 ----a-w C:\WINDOWS\system32\dfrgsnap.dll
+ 2002-08-29 10:40:50 35,328 ----a-w C:\WINDOWS\system32\dfrgsnap.dll
- 2001-08-18 18:00:00 124,928 ----a-w C:\WINDOWS\system32\dfrgui.dll
+ 2002-08-29 10:40:50 113,152 ----a-w C:\WINDOWS\system32\dfrgui.dll
- 2001-08-18 18:00:00 25,088 ----a-w C:\WINDOWS\system32\dfsshlex.dll
+ 2002-08-29 10:40:50 25,600 ----a-w C:\WINDOWS\system32\dfsshlex.dll
- 2001-08-18 18:00:00 103,424 ----a-w C:\WINDOWS\system32\dgnet.dll
+ 2002-08-29 10:40:50 103,424 ----a-w C:\WINDOWS\system32\dgnet.dll
- 2001-08-18 18:00:00 98,816 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2002-08-29 10:40:50 99,840 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
- 2001-08-18 18:00:00 55,808 ----a-w C:\WINDOWS\system32\digest.dll
+ 2002-08-29 10:40:50 55,296 ----a-w C:\WINDOWS\system32\digest.dll
- 2002-08-29 09:40:00 648,704 ----a-w C:\WINDOWS\system32\dinput.dll
+ 2002-08-29 10:40:50 151,552 ----a-w C:\WINDOWS\system32\dinput.dll
- 2002-08-29 09:40:00 667,648 ----a-w C:\WINDOWS\system32\dinput8.dll
+ 2002-08-29 10:40:50 168,960 ----a-w C:\WINDOWS\system32\dinput8.dll
+ 2001-08-18 18:00:00 10,752 ----a-w C:\WINDOWS\system32\dllcache\clb.dll
+ 2001-08-18 10:00:00 100,864 ----a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2001-08-18 10:00:00 468,480 ----a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
- 2001-08-18 18:00:00 139,264 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2002-08-29 10:40:50 139,264 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2001-08-18 18:00:00 45,056 ----a-w C:\WINDOWS\system32\docprop2.dll
+ 2002-08-29 10:40:50 45,568 ----a-w C:\WINDOWS\system32\docprop2.dll
- 2001-08-18 18:00:00 116,736 ----a-w C:\WINDOWS\system32\dpcdll.dll
+ 2002-08-29 09:20:28 115,200 ----a-w C:\WINDOWS\system32\dpcdll.dll
- 2001-08-18 18:00:00 179,200 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
+ 2002-08-29 08:09:06 179,328 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
- 2001-07-23 23:25:14 122,472 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2002-08-29 06:16:38 142,208 ----a-w C:\WINDOWS\system32\drivers\aec.sys
- 2001-08-18 18:00:00 130,688 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2002-08-29 09:01:14 131,968 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2001-08-18 18:00:00 32,000 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
+ 2002-08-29 08:05:06 32,000 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
+ 2002-08-29 08:05:08 32,512 ------w C:\WINDOWS\system32\drivers\amdk7.sys
- 2001-08-18 18:00:00 54,016 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
+ 2002-08-29 08:33:30 57,344 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
- 2001-08-17 19:51:56 86,656 ----a-w C:\WINDOWS\system32\drivers\atapi.sys
+ 2002-08-29 08:27:50 86,912 ----a-w C:\WINDOWS\system32\drivers\atapi.sys
- 2001-08-18 18:00:00 53,888 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
+ 2002-08-29 08:33:36 53,888 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
- 2001-08-18 18:00:00 53,376 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
+ 2002-08-29 08:34:42 68,864 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
- 2001-08-18 18:00:00 62,208 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
+ 2002-08-29 08:58:52 59,648 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
- 2001-08-18 18:00:00 47,488 ----a-w C:\WINDOWS\system32\drivers\cdrom.sys
+ 2002-08-29 08:27:56 47,488 ----a-w C:\WINDOWS\system32\drivers\cdrom.sys
- 2001-08-18 18:00:00 44,928 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
+ 2002-08-29 09:08:44 46,336 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
- 2001-08-18 18:00:00 31,360 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
+ 2002-08-29 08:05:08 31,488 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
- 2001-08-18 18:00:00 33,664 ----a-w C:\WINDOWS\system32\drivers\disk.sys
+ 2002-08-29 08:27:58 33,792 ----a-w C:\WINDOWS\system32\drivers\disk.sys
- 2001-08-18 18:00:00 13,184 ----a-w C:\WINDOWS\system32\drivers\diskdump.sys
+ 2002-08-29 08:27:56 13,184 ----a-w C:\WINDOWS\system32\drivers\diskdump.sys
- 2001-08-17 20:01:20 57,344 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2002-08-29 08:32:34 57,856 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2001-08-17 20:01:16 2,816 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2002-08-29 08:32:34 2,816 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2001-08-18 18:00:00 68,224 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
+ 2002-08-29 10:40:44 68,992 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
- 2001-08-18 18:00:00 144,768 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
+ 2002-08-29 09:12:46 145,152 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
- 2001-08-18 18:00:00 19,712 ----a-w C:\WINDOWS\system32\drivers\flpydisk.sys
+ 2002-08-29 08:27:44 19,712 ----a-w C:\WINDOWS\system32\drivers\flpydisk.sys
- 2001-08-18 18:00:00 33,152 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
+ 2002-08-29 08:32:42 34,560 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
- 2001-08-18 18:00:00 50,944 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
+ 2002-08-29 09:06:38 51,072 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
- 2001-08-18 18:00:00 39,296 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
+ 2002-08-29 08:28:08 39,808 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
- 2001-08-18 18:00:00 76,288 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2002-08-29 08:36:14 79,488 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
- 2001-08-18 18:00:00 56,064 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
+ 2002-08-29 09:07:22 57,984 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
- 2001-08-18 18:00:00 23,424 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2002-08-29 08:27:02 23,424 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
- 2001-08-17 20:00:54 159,232 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2002-08-29 08:32:30 159,360 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
- 2001-08-18 18:00:00 22,016 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
+ 2002-08-29 08:27:02 22,016 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
- 2001-08-18 18:00:00 407,680 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2002-08-29 08:59:54 407,552 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2001-08-18 18:00:00 103,936 ----a-w C:\WINDOWS\system32\drivers\mup.sys
+ 2002-08-29 09:12:54 104,064 ----a-w C:\WINDOWS\system32\drivers\mup.sys
- 2001-08-18 18:00:00 161,536 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
+ 2002-08-29 09:09:26 167,552 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
- 2001-08-18 18:00:00 12,160 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
+ 2002-08-29 08:35:42 12,288 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
- 2001-08-18 18:00:00 88,320 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
+ 2002-08-29 08:58:40 87,552 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
- 2001-08-18 18:00:00 33,152 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
+ 2002-08-29 08:35:46 33,152 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
- 2001-08-18 18:00:00 150,272 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
+ 2002-08-29 09:01:58 157,056 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
- 2001-08-18 18:00:00 56,960 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
+ 2002-08-29 08:33:32 57,984 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
- 2001-08-18 18:00:00 37,760 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
+ 2002-08-29 08:34:34 38,272 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
- 2001-08-18 18:00:00 516,480 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2002-08-29 09:13:40 561,920 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2002-08-29 06:16:30 891,711 ------w C:\WINDOWS\system32\drivers\nv4_mini.sys
- 2001-08-18 18:00:00 34,816 ----a-w C:\WINDOWS\system32\drivers\p3.sys
+ 2002-08-29 08:05:06 37,504 ----a-w C:\WINDOWS\system32\drivers\p3.sys
- 2001-08-18 18:00:00 76,160 ----a-w C:\WINDOWS\system32\drivers\parport.sys
+ 2002-08-29 08:27:32 76,032 ----a-w C:\WINDOWS\system32\drivers\parport.sys
- 2001-08-17 19:58:06 62,464 ----a-w C:\WINDOWS\system32\drivers\pci.sys
+ 2002-08-29 08:09:12 62,976 ----a-w C:\WINDOWS\system32\drivers\pci.sys
- 2001-08-17 19:51:50 23,680 ----a-w C:\WINDOWS\system32\drivers\pciidex.sys
+ 2002-08-29 08:27:48 23,680 ----a-w C:\WINDOWS\system32\drivers\pciidex.sys
- 2001-08-18 18:00:00 116,352 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
+ 2002-08-29 08:09:12 115,712 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
- 2001-08-18 04:24:38 135,040 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2002-08-29 09:01:00 134,272 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
- 2001-08-18 18:00:00 30,592 ----a-w C:\WINDOWS\system32\drivers\processr.sys
+ 2002-08-29 08:05:06 30,592 ----a-w C:\WINDOWS\system32\drivers\processr.sys
- 2001-08-18 18:00:00 65,920 ----a-w C:\WINDOWS\system32\drivers\psched.sys
+ 2002-08-29 08:35:56 66,048 ----a-w C:\WINDOWS\system32\drivers\psched.sys
- 2001-08-18 18:00:00 48,640 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
+ 2002-08-29 09:06:38 48,384 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
- 2001-08-18 18:00:00 46,464 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
+ 2002-08-29 09:12:48 46,336 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
- 2001-08-18 18:00:00 163,840 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2002-08-29 08:58:50 163,328 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2001-08-17 19:50:48 181,632 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
+ 2002-08-29 08:06:36 182,400 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
- 2001-08-18 10:00:00 107,912 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2002-08-29 10:46:44 115,976 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
- 2001-08-17 19:51:42 55,808 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
+ 2002-08-29 08:27:46 56,576 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
- 2001-08-18 18:00:00 89,984 ----a-w C:\WINDOWS\system32\drivers\scsiport.sys
+ 2002-08-29 08:27:50 90,240 ----a-w C:\WINDOWS\system32\drivers\scsiport.sys
- 2001-08-18 18:00:00 62,464 ----a-w C:\WINDOWS\system32\drivers\serial.sys
+ 2002-08-29 09:08:28 62,464 ----a-w C:\WINDOWS\system32\drivers\serial.sys
- 2001-08-18 18:00:00 10,496 ----a-w C:\WINDOWS\system32\drivers\sfloppy.sys
+ 2002-08-29 08:27:58 10,496 ----a-w C:\WINDOWS\system32\drivers\sfloppy.sys
+ 2002-08-29 08:09:04 5,504 ------w C:\WINDOWS\system32\drivers\smbali.sys
- 2001-08-18 18:00:00 24,064 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
+ 2002-08-29 08:33:16 24,448 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
- 2001-08-17 20:00:46 5,632 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2002-08-29 08:32:28 5,888 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
- 2001-08-18 10:00:00 70,400 ----a-w C:\WINDOWS\system32\drivers\sr.sys
+ 2002-08-29 08:17:58 69,248 ----a-w C:\WINDOWS\system32\drivers\sr.sys
- 2001-08-18 04:24:44 57,472 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
+ 2002-08-29 09:01:18 56,832 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
- 2001-08-18 18:00:00 13,696 ----a-w C:\WINDOWS\system32\drivers\tape.sys
+ 2002-08-29 08:28:00 13,824 ----a-w

ccogswel
2008-05-12, 01:17
C:\WINDOWS\system32\drivers\tape.sys
- 2001-08-18 18:00:00 327,168 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2002-08-29 08:58:12 332,928 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2001-08-18 18:00:00 180,032 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2002-08-29 08:37:54 196,288 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2001-08-18 04:38:00 37,896 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
+ 2002-08-29 10:46:42 38,024 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
+ 2002-08-29 08:35:44 9,856 ------w C:\WINDOWS\system32\drivers\tunmp.sys
- 2001-08-18 18:00:00 63,872 ----a-w C:\WINDOWS\system32\drivers\udfs.sys
+ 2002-08-29 08:06:20 64,000 ----a-w C:\WINDOWS\system32\drivers\udfs.sys
- 2001-08-17 20:03:32 24,960 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
+ 2002-08-29 08:32:54 28,160 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
- 2001-08-17 20:03:16 50,688 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
+ 2002-08-29 08:32:50 51,968 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
- 2001-08-18 18:00:00 15,104 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
+ 2002-08-29 08:32:56 15,232 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
- 2001-08-17 20:03:18 123,264 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
+ 2002-08-29 08:32:52 135,552 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
- 2001-08-17 20:00:30 24,832 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
+ 2002-08-29 08:50:02 24,960 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
- 2001-08-17 19:53:30 13,824 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys
+ 2002-08-29 08:48:52 14,208 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys
- 2001-08-17 20:03:22 21,760 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS
+ 2002-08-29 08:32:52 21,760 ----a-w C:\WINDOWS\system32\drivers\usbstor.sys
- 2001-08-17 20:03:08 18,944 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
+ 2002-08-29 08:32:50 19,328 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
- 2001-08-18 18:00:00 19,584 ----a-w C:\WINDOWS\system32\drivers\vga.sys
+ 2002-08-29 08:32:04 19,712 ----a-w C:\WINDOWS\system32\drivers\vga.sys
- 2001-08-18 18:00:00 65,024 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
+ 2002-08-29 08:32:06 70,912 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
+ 2002-08-29 08:28:36 13,056 ------w C:\WINDOWS\system32\drivers\wacompen.sys
- 2001-08-18 04:24:46 79,616 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2002-08-29 09:00:48 77,440 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
- 2001-08-18 18:00:00 16,384 ----a-w C:\WINDOWS\system32\ds32gt.dll
+ 2002-08-29 10:40:50 16,384 ----a-w C:\WINDOWS\system32\ds32gt.dll
- 2001-08-18 18:00:00 131,072 ----a-w C:\WINDOWS\system32\dsprop.dll
+ 2002-08-29 10:40:50 135,680 ----a-w C:\WINDOWS\system32\dsprop.dll
- 2001-08-18 18:00:00 227,840 ----a-w C:\WINDOWS\system32\dsquery.dll
+ 2002-08-29 10:40:52 227,840 ----a-w C:\WINDOWS\system32\dsquery.dll
- 2001-08-18 18:00:00 122,880 ----a-w C:\WINDOWS\system32\dssenh.dll
+ 2002-08-29 05:27:32 124,928 ----a-w C:\WINDOWS\system32\dssenh.dll
- 2001-08-18 18:00:00 30,208 ----a-w C:\WINDOWS\system32\dumprep.exe
+ 2002-08-29 10:41:22 9,216 ----a-w C:\WINDOWS\system32\dumprep.exe
- 2001-08-18 18:00:00 261,120 ----a-w C:\WINDOWS\system32\duser.dll
+ 2002-08-29 10:40:52 263,680 ----a-w C:\WINDOWS\system32\duser.dll
- 2001-08-18 18:00:00 162,128 ----a-w C:\WINDOWS\system32\dwwin.exe
+ 2002-08-29 10:41:22 180,224 ----a-w C:\WINDOWS\system32\dwwin.exe
- 2001-08-18 18:00:00 498,205 ----a-w C:\WINDOWS\system32\dxmasf.dll
+ 2002-08-29 10:40:52 498,205 ----a-w C:\WINDOWS\system32\dxmasf.dll
- 2001-08-18 18:00:00 802,816 ----a-w C:\WINDOWS\system32\dxmrtp.dll
+ 2002-08-29 10:40:52 802,304 ----a-w C:\WINDOWS\system32\dxmrtp.dll
- 2001-08-18 18:00:00 337,920 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2002-08-29 10:40:52 337,920 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2001-08-18 18:00:00 194,560 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2002-08-29 10:40:52 194,560 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2001-08-18 18:00:00 173,568 ----a-w C:\WINDOWS\system32\els.dll
+ 2002-08-29 10:40:52 165,376 ----a-w C:\WINDOWS\system32\els.dll
- 2001-08-18 18:00:00 17,408 ----a-w C:\WINDOWS\system32\ersvc.dll
+ 2002-08-29 10:40:52 19,456 ----a-w C:\WINDOWS\system32\ersvc.dll
- 2001-08-18 18:00:00 224,768 ----a-w C:\WINDOWS\system32\es.dll
+ 2002-08-29 10:40:52 225,280 ----a-w C:\WINDOWS\system32\es.dll
- 2001-08-18 18:00:00 178,688 ----a-w C:\WINDOWS\system32\eudcedit.exe
+ 2002-08-29 10:41:24 178,688 ----a-w C:\WINDOWS\system32\eudcedit.exe
- 2001-08-18 18:00:00 47,616 ----a-w C:\WINDOWS\system32\eventlog.dll
+ 2002-08-29 10:40:52 49,152 ----a-w C:\WINDOWS\system32\eventlog.dll
- 2001-08-18 18:00:00 379,152 ----a-w C:\WINDOWS\system32\expsrv.dll
+ 2002-08-29 10:40:54 380,445 ----a-w C:\WINDOWS\system32\expsrv.dll
- 2001-08-18 18:00:00 61,952 ----a-w C:\WINDOWS\system32\faultrep.dll
+ 2002-08-29 10:40:54 66,560 ----a-w C:\WINDOWS\system32\faultrep.dll
- 2001-08-18 18:00:00 84,992 ----a-w C:\WINDOWS\system32\fldrclnr.dll
+ 2002-08-29 10:40:54 82,432 ----a-w C:\WINDOWS\system32\fldrclnr.dll
- 2007-11-17 18:07:10 265,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-10 15:58:12 265,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2001-08-18 18:00:00 18,944 ----a-w C:\WINDOWS\system32\fontview.exe
+ 2002-08-29 10:41:24 19,456 ----a-w C:\WINDOWS\system32\fontview.exe
- 2001-08-18 18:00:00 8,832 ----a-w C:\WINDOWS\system32\framebuf.dll
+ 2002-08-29 10:40:44 8,832 ----a-w C:\WINDOWS\system32\framebuf.dll
- 2001-08-18 18:00:00 40,448 ----a-w C:\WINDOWS\system32\ftp.exe
+ 2002-08-29 10:41:24 40,448 ----a-w C:\WINDOWS\system32\ftp.exe
- 2001-08-18 18:00:00 250,880 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2002-08-29 10:40:56 250,368 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2001-08-18 18:00:00 128,768 ----a-w C:\WINDOWS\system32\hal.dll
+ 2002-08-29 08:05:04 127,872 ----a-w C:\WINDOWS\system32\HAL.DLL
- 2001-08-18 18:00:00 67,612 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2002-08-29 10:40:56 37,888 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2001-08-18 18:00:00 240,640 ----a-w C:\WINDOWS\system32\hnetcfg.dll
+ 2002-08-29 10:40:56 240,640 ----a-w C:\WINDOWS\system32\hnetcfg.dll
- 2001-08-18 10:00:00 8,704 ----a-w C:\WINDOWS\system32\icaapi.dll
+ 2002-08-29 10:40:56 9,216 ----a-w C:\WINDOWS\system32\icaapi.dll
- 2001-08-18 18:00:00 236,032 ----a-w C:\WINDOWS\system32\icm32.dll
+ 2002-08-29 10:40:56 236,032 ----a-w C:\WINDOWS\system32\icm32.dll
- 2001-08-18 18:00:00 110,592 ----a-w C:\WINDOWS\system32\idq.dll
+ 2002-08-29 10:40:56 113,152 ----a-w C:\WINDOWS\system32\idq.dll
- 2001-08-18 18:00:00 28,160 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2002-08-29 10:41:24 28,672 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2001-08-18 18:00:00 126,976 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2002-08-29 10:40:56 126,976 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2001-08-18 18:00:00 203,776 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2002-08-29 10:40:56 204,288 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2001-08-18 18:00:00 294,912 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2002-08-29 10:40:56 294,912 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2001-08-18 18:00:00 230,400 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2002-08-29 10:40:56 231,424 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2001-08-18 18:00:00 59,392 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2002-08-29 10:40:56 59,392 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2001-08-18 10:00:00 73,728 ----a-w C:\WINDOWS\system32\ils.dll
+ 2002-08-29 10:40:56 73,728 ----a-w C:\WINDOWS\system32\ils.dll
- 2001-08-18 18:00:00 126,976 ----a-w C:\WINDOWS\system32\imagehlp.dll
+ 2002-08-29 10:40:56 126,976 ----a-w C:\WINDOWS\system32\imagehlp.dll
- 2001-08-18 18:00:00 118,784 ----a-w C:\WINDOWS\system32\imapi.exe
+ 2002-08-29 10:41:26 123,904 ----a-w C:\WINDOWS\system32\imapi.exe
- 2001-08-18 18:00:00 36,921 ----a-w C:\WINDOWS\system32\imeshare.dll
+ 2002-08-29 10:40:56 36,922 ----a-w C:\WINDOWS\system32\imeshare.dll
- 2001-08-18 18:00:00 30,208 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2002-08-29 10:40:56 30,208 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2001-08-18 18:00:00 96,768 ----a-w C:\WINDOWS\system32\imm32.dll
+ 2002-08-29 10:40:56 103,936 ----a-w C:\WINDOWS\system32\imm32.dll
- 2001-08-18 10:00:00 593,920 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2002-08-29 10:40:56 587,776 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2001-08-18 18:00:00 104,448 ----a-w C:\WINDOWS\system32\input.dll
+ 2002-08-29 10:40:58 114,176 ----a-w C:\WINDOWS\system32\input.dll
- 2001-08-18 18:00:00 69,632 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2002-08-29 10:40:58 69,632 ----a-w C:\WINDOWS\system32\inseng.dll
- 2001-08-18 18:00:00 49,664 ----a-w C:\WINDOWS\system32\ipconfig.exe
+ 2002-08-29 10:41:26 51,712 ----a-w C:\WINDOWS\system32\ipconfig.exe
- 2001-08-18 18:00:00 77,312 ----a-w C:\WINDOWS\system32\iphlpapi.dll
+ 2002-08-29 10:40:58 82,944 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2001-08-18 18:00:00 453,632 ----a-w C:\WINDOWS\system32\ipnathlp.dll
+ 2002-08-29 10:40:58 435,200 ----a-w C:\WINDOWS\system32\ipnathlp.dll
- 2001-08-18 18:00:00 318,976 ----a-w C:\WINDOWS\system32\ippromon.dll
+ 2002-08-29 10:40:58 318,464 ----a-w C:\WINDOWS\system32\ippromon.dll
- 2001-08-18 18:00:00 152,576 ----a-w C:\WINDOWS\system32\ipsecsvc.dll
+ 2002-08-29 10:40:58 155,648 ----a-w C:\WINDOWS\system32\ipsecsvc.dll
- 2001-08-18 18:00:00 58,368 ----a-w C:\WINDOWS\system32\ipv6.exe
+ 2002-08-29 10:41:26 60,928 ----a-w C:\WINDOWS\system32\ipv6.exe
- 2001-08-18 18:00:00 121,344 ----a-w C:\WINDOWS\system32\ipv6mon.dll
+ 2002-08-29 10:40:58 134,144 ----a-w C:\WINDOWS\system32\ipv6mon.dll
- 2001-08-18 18:00:00 155,552 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2002-08-29 10:40:58 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
- 2001-08-18 18:00:00 138,048 ----a-w C:\WINDOWS\system32\itss.dll
+ 2002-08-29 10:40:58 122,368 ----a-w C:\WINDOWS\system32\itss.dll
- 2001-08-18 18:00:00 60,928 ----a-w C:\WINDOWS\system32\iuctl.dll
+ 2002-08-29 10:40:58 91,648 ----a-w C:\WINDOWS\system32\iuctl.dll
- 2001-08-18 18:00:00 49,152 ----a-w C:\WINDOWS\system32\ixsso.dll
+ 2002-08-29 10:40:58 49,664 ----a-w C:\WINDOWS\system32\ixsso.dll
- 2001-08-18 18:00:00 44,160 ----a-w C:\WINDOWS\system32\kd1394.dll
+ 2002-08-29 08:05:10 7,040 ----a-w C:\WINDOWS\system32\kd1394.dll
- 2001-08-18 18:00:00 265,216 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2002-08-29 10:41:00 272,896 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2001-08-18 18:00:00 926,720 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2002-08-29 10:41:00 930,304 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2001-08-18 18:00:00 42,537 ----a-w C:\WINDOWS\system32\keyboard.sys
+ 2002-08-29 04:23:06 42,537 ----a-w C:\WINDOWS\system32\keyboard.sys
- 2001-08-18 18:00:00 308,736 ----a-w C:\WINDOWS\system32\licdll.dll
+ 2002-08-29 09:41:00 367,616 ----a-w C:\WINDOWS\system32\licdll.dll
- 2001-08-18 18:00:00 19,456 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2002-08-29 10:41:00 19,456 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2001-08-18 10:00:00 57,344 ----a-w C:\WINDOWS\system32\licwmi.dll
+ 2002-08-29 10:41:00 57,856 ----a-w C:\WINDOWS\system32\licwmi.dll
- 2001-08-18 18:00:00 381,440 ----a-w C:\WINDOWS\system32\lmrt.dll
+ 2002-08-29 10:41:00 381,440 ----a-w C:\WINDOWS\system32\lmrt.dll
- 2001-08-18 18:00:00 292,352 ----a-w C:\WINDOWS\system32\localspl.dll
+ 2002-08-29 10:41:00 295,936 ----a-w C:\WINDOWS\system32\localspl.dll
- 2001-08-18 18:00:00 10,240 ----a-w C:\WINDOWS\system32\localui.dll
+ 2002-08-29 10:41:00 10,240 ----a-w C:\WINDOWS\system32\localui.dll
- 2001-08-18 18:00:00 321,536 ----a-w C:\WINDOWS\system32\logon.scr
+ 2002-08-29 10:41:28 219,648 ----a-w C:\WINDOWS\system32\logon.scr
- 2001-08-18 18:00:00 504,320 ----a-w C:\WINDOWS\system32\logonui.exe
+ 2002-08-29 10:41:26 504,320 ----a-w C:\WINDOWS\system32\logonui.exe
- 2001-08-18 18:00:00 669,696 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2002-08-29 10:41:00 671,744 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2001-08-18 18:00:00 11,776 ----a-w C:\WINDOWS\system32\lsass.exe
+ 2002-08-29 10:41:26 11,776 ----a-w C:\WINDOWS\system32\lsass.exe
- 2001-08-18 18:00:00 163,840 ----a-w C:\WINDOWS\system32\mindex.dll
+ 2002-08-29 10:41:00 163,840 ----a-w C:\WINDOWS\system32\mindex.dll
- 2001-08-18 18:00:00 1,136,128 ----a-w C:\WINDOWS\system32\mmcndmgr.dll
+ 2002-08-29 10:41:00 1,128,960 ----a-w C:\WINDOWS\system32\mmcndmgr.dll
- 2001-08-18 10:00:00 32,384 ----a-w C:\WINDOWS\system32\mnmdd.dll
+ 2002-08-29 10:41:00 32,256 ----a-w C:\WINDOWS\system32\mnmdd.dll
- 2001-08-18 18:00:00 196,096 ----a-w C:\WINDOWS\system32\mobsync.dll
+ 2002-08-29 10:41:00 196,096 ----a-w C:\WINDOWS\system32\mobsync.dll
- 2001-08-18 18:00:00 185,344 ----a-w C:\WINDOWS\system32\moricons.dll
+ 2002-08-29 10:39:42 210,944 ----a-w C:\WINDOWS\system32\moricons.dll
- 2001-08-18 10:00:00 116,736 ----a-w C:\WINDOWS\system32\mplay32.exe
+ 2002-08-29 10:41:26 116,736 ----a-w C:\WINDOWS\system32\mplay32.exe
- 2001-08-18 18:00:00 68,096 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2002-08-29 10:41:02 68,096 ----a-w C:\WINDOWS\system32\mscms.dll
- 2001-08-18 10:00:00 65,536 ----a-w C:\WINDOWS\system32\msconf.dll
+ 2002-08-29 10:41:02 65,536 ----a-w C:\WINDOWS\system32\msconf.dll
- 2001-08-18 18:00:00 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dLL
+ 2002-08-29 10:39:46 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
- 2001-08-18 18:00:00 293,888 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2002-08-29 10:41:02 266,752 ----a-w C:\WINDOWS\system32\msctf.dll
- 2001-08-18 18:00:00 65,536 ----a-w C:\WINDOWS\system32\MSCTFP.dll
+ 2002-08-29 10:41:02 67,584 ----a-w C:\WINDOWS\system32\msctfp.dll
- 2001-08-18 18:00:00 126,976 ----a-w C:\WINDOWS\system32\msdart.dll
+ 2002-08-29 10:41:02 126,976 ----a-w C:\WINDOWS\system32\msdart.dll
- 2001-08-18 10:00:00 360,960 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2002-08-29 10:41:04 359,936 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2001-08-18 18:00:00 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
+ 2002-08-29 10:39:46 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
- 2001-08-18 18:00:00 512,074 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2002-08-29 10:41:04 512,031 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2001-08-18 18:00:00 319,562 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2002-08-29 10:41:04 319,519 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2002-08-29 10:41:04 504,832 ------w C:\WINDOWS\system32\msftedit.dll
- 2001-08-18 18:00:00 967,680 ----a-w C:\WINDOWS\system32\msgina.dll
+ 2002-08-29 10:41:04 968,192 ----a-w C:\WINDOWS\system32\msgina.dll
- 2001-08-18 10:00:00 184,320 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2002-08-29 10:41:32 184,320 ----a-w C:\WINDOWS\system32\msh261.drv
- 2001-08-18 04:37:04 286,720 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2002-08-29 10:41:32 286,720 ----a-w C:\WINDOWS\system32\msh263.drv
- 2001-08-18 18:00:00 2,793,984 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2002-08-29 10:41:04 2,833,920 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2001-08-18 18:00:00 438,272 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2002-08-29 10:41:04 440,320 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2001-08-18 18:00:00 56,320 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2002-08-29 10:39:46 56,320 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2001-08-18 18:00:00 2,044,928 ----a-w C:\WINDOWS\system32\msi.dll
+ 2002-08-29 10:41:04 2,086,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2001-08-18 18:00:00 232,448 ----a-w C:\WINDOWS\system32\msieftp.dll
+ 2002-08-29 10:41:04 229,888 ----a-w C:\WINDOWS\system32\msieftp.dll
- 2001-08-18 18:00:00 63,488 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2002-08-29 10:41:26 64,512 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2001-08-18 18:00:00 304,640 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2002-08-29 10:41:04 305,664 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2001-08-18 18:00:00 4,608 ----a-w C:\WINDOWS\system32\msimg32.dll
+ 2002-08-29 10:41:04 4,608 ----a-w C:\WINDOWS\system32\msimg32.dll
- 2001-08-18 18:00:00 156,672 ----a-w C:\WINDOWS\system32\MSIMTF.dll
+ 2002-08-29 10:41:04 143,872 ----a-w C:\WINDOWS\system32\msimtf.dll
- 2001-08-18 18:00:00 368,710 ----a-w C:\WINDOWS\system32\msisam11.dll
+ 2002-08-29 10:41:04 368,710 ----a-w C:\WINDOWS\system32\msisam11.dll
- 2001-08-18 18:00:00 1,503,260 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2002-08-29 10:41:06 1,503,262 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2001-08-18 18:00:00 348,238 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2002-08-29 10:41:06 348,195 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2001-08-18 18:00:00 241,695 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2002-08-29 10:41:06 241,695 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2001-08-18 18:00:00 46,080 ----a-w C:\WINDOWS\system32\mslbui.dll
+ 2002-08-29 10:41:06 22,528 ----a-w C:\WINDOWS\system32\mslbui.dll
- 2001-08-18 18:00:00 213,066 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2002-08-29 10:41:06 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2001-08-18 18:00:00 116,272 ----a-w C:\WINDOWS\system32\msnsspc.dll
+ 2002-08-29 10:41:06 319,760 ----a-w C:\WINDOWS\system32\msnsspc.dll
- 2001-08-18 10:00:00 228,864 ----a-w C:\WINDOWS\system32\msoeacct.dll
+ 2002-08-29 10:41:06 228,864 ----a-w C:\WINDOWS\system32\msoeacct.dll
- 2001-08-18 10:00:00 90,624 ----a-w C:\WINDOWS\system32\msoert2.dll
+ 2002-08-29 10:41:06 81,408 ----a-w C:\WINDOWS\system32\msoert2.dll
- 2001-08-18 18:00:00 131,072 ----a-w C:\WINDOWS\system32\msorcl32.dll
+ 2002-08-29 10:41:06 131,072 ----a-w C:\WINDOWS\system32\msorcl32.dll
- 2001-08-18 10:00:00 339,968 ----a-w C:\WINDOWS\system32\mspaint.exe
+ 2002-08-29 10:41:26 339,968 ----a-w C:\WINDOWS\system32\mspaint.exe
- 2001-08-18 18:00:00 348,234 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2002-08-29 10:41:06 348,191 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2001-08-18 18:00:00 175,104 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2002-08-29 10:41:06 175,104 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2001-08-18 18:00:00 132,096 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2002-08-29 10:41:06 132,096 ----a-w C:\WINDOWS\system32\msrating.dll
- 2001-08-18 18:00:00 421,962 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2002-08-29 10:41:06 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2001-08-18 18:00:00 497,152 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2002-08-29 10:41:08 496,128 ----a-w C:\WINDOWS\system32\mstime.dll
- 2001-08-18 18:00:00 108,032 ----a-w C:\WINDOWS\system32\msv1_0.dll
+ 2002-08-29 10:41:08 108,544 ----a-w C:\WINDOWS\system32\msv1_0.dll
- 2001-08-18 18:00:00 309,760 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2002-08-29 10:41:08 309,248 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2001-08-18 18:00:00 238,080 ----a-w C:\WINDOWS\system32\newdev.dll
+ 2002-08-29 10:41:08 238,080 ----a-w C:\WINDOWS\system32\newdev.dll
- 2001-08-18 18:00:00 91,136 ----a-w C:\WINDOWS\system32\nlhtml.dll
+ 2002-08-29 10:41:08 95,744 ----a-w C:\WINDOWS\system32\nlhtml.dll
- 2001-08-18 10:00:00 24,576 ----a-w C:\WINDOWS\system32\nmmkcert.dll
+ 2002-08-29 10:41:08 24,576 ----a-w C:\WINDOWS\system32\nmmkcert.dll
- 2001-08-18 18:00:00 55,808 ----a-w C:\WINDOWS\system32\npp\ndisnpp.dll
+ 2002-08-29 10:41:08 54,272 ----a-w C:\WINDOWS\system32\npp\ndisnpp.dll
- 2001-08-18 18:00:00 13,824 ----a-w C:\WINDOWS\system32\npp\nppagent.exe
+ 2002-08-29 10:41:28 13,824 ----a-w C:\WINDOWS\system32\npp\nppagent.exe
- 2001-08-18 18:00:00 49,152 ----a-w C:\WINDOWS\system32\npptools.dll
+ 2002-08-29 10:41:08 49,152 ----a-w C:\WINDOWS\system32\npptools.dll
- 2001-08-18 18:00:00 674,304 ----a-w C:\WINDOWS\system32\ntdll.dll
+ 2002-08-29 10:40:42 668,672 ----a-w C:\WINDOWS\system32\ntdll.dll
- 2001-08-18 18:00:00 33,808 ----a-w C:\WINDOWS\system32\ntio.sys
+ 2002-08-29 04:22:26 33,808 ----a-w C:\WINDOWS\system32\ntio.sys
- 2001-08-18 18:00:00 1,897,856 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2002-08-29 08:04:56 1,947,904 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2001-08-18 18:00:00 38,400 ----a-w C:\WINDOWS\system32\ntlanman.dll
+ 2002-08-29 10:41:08 38,400 ----a-w C:\WINDOWS\system32\ntlanman.dll
- 2001-08-18 18:00:00 110,080 ----a-w C:\WINDOWS\system32\ntmarta.dll
+ 2002-08-29 10:41:08 112,128 ----a-w C:\WINDOWS\system32\ntmarta.dll
- 2001-08-18 18:00:00 37,376 ----a-w C:\WINDOWS\system32\ntmsapi.dll
+ 2002-08-29 10:41:08 38,400 ----a-w C:\WINDOWS\system32\ntmsapi.dll
- 2001-08-18 18:00:00 165,888 ----a-w C:\WINDOWS\system32\ntmsdba.dll
+ 2002-08-29 10:41:08 165,888 ----a-w C:\WINDOWS\system32\ntmsdba.dll
- 2001-08-18 18:00:00 392,192 ----a-w C:\WINDOWS\system32\ntmssvc.dll
+ 2002-08-29 10:41:08 392,704 ----a-w C:\WINDOWS\system32\ntmssvc.dll
- 2001-08-18 18:00:00 1,875,584 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2002-08-29 09:03:30 2,042,240 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2001-08-18 18:00:00 80,896 ----a-w C:\WINDOWS\system32\ntprint.dll
+ 2002-08-29 10:41:08 80,896 ----a-w C:\WINDOWS\system32\ntprint.dll
- 2001-08-18 18:00:00 137,216 ----a-w C:\WINDOWS\system32\ntshrui.dll
+ 2002-08-29 10:41:08 137,216 ----a-w C:\WINDOWS\system32\ntshrui.dll
- 2001-08-18 18:00:00 395,776 ----a-w C:\WINDOWS\system32\ntvdm.exe
+ 2002-08-29 10:41:28 395,776 ----a-w C:\WINDOWS\system32\ntvdm.exe
+ 2002-08-29 10:41:10 3,494,303 ------w C:\WINDOWS\system32\nv4_disp.dll
- 2001-08-18 18:00:00 133,632 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2002-08-29 10:41:10 133,632 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2001-08-18 18:00:00 210,432 ----a-w C:\WINDOWS\system32\oakley.dll
+ 2002-08-29 10:41:10 328,704 ----a-w C:\WINDOWS\system32\oakley.dll
- 2001-08-18 18:00:00 200,704 ----a-w C:\WINDOWS\system32\odbc32.dll
+ 2002-08-29 10:41:10 200,704 ----a-w C:\WINDOWS\system32\odbc32.dll
- 2001-08-18 18:00:00 16,384 ----a-w C:\WINDOWS\system32\odbc32gt.dll
+ 2002-08-29 10:41:10 16,384 ----a-w C:\WINDOWS\system32\odbc32gt.dll
- 2001-08-18 18:00:00 32,768 ----a-w C:\WINDOWS\system32\odbcad32.exe
+ 2002-08-29 10:41:28 32,768 ----a-w C:\WINDOWS\system32\odbcad32.exe
- 2001-08-18 18:00:00 24,576 ----a-w C:\WINDOWS\system32\odbcbcp.dll
+ 2002-08-29 10:41:10 24,576 ----a-w C:\WINDOWS\system32\odbcbcp.dll
- 2001-08-18 18:00:00 122,880 ----a-w C:\WINDOWS\system32\odbcconf.dll
+ 2002-08-29 10:41:10 122,880 ----a-w C:\WINDOWS\system32\odbcconf.dll
- 2001-08-18 18:00:00 53,248 ----a-w C:\WINDOWS\system32\odbcconf.exe
+ 2002-08-29 10:41:28 53,248 ----a-w C:\WINDOWS\system32\odbcconf.exe
- 2001-08-18 18:00:00 94,208 ----a-w C:\WINDOWS\system32\odbccp32.dll
+ 2002-08-29 10:41:10 94,208 ----a-w C:\WINDOWS\system32\odbccp32.dll
- 2001-08-18 18:00:00 61,440 ----a-w C:\WINDOWS\system32\odbccr32.dll
+ 2002-08-29 10:41:10 61,440 ----a-w C:\WINDOWS\system32\odbccr32.dll
- 2001-08-18 18:00:00 61,440 ----a-w C:\WINDOWS\system32\odbccu32.dll
+ 2002-08-29 10:41:10 61,440 ----a-w C:\WINDOWS\system32\odbccu32.dll
- 2001-08-18 18:00:00 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
+ 2002-08-29 10:39:36 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
- 2001-08-18 18:00:00 147,456 ----a-w C:\WINDOWS\system32\odbctrac.dll
+ 2002-08-29 10:41:10 147,456 ----a-w C:\WINDOWS\system32\odbctrac.dll
- 2001-08-18 18:00:00 102,400 ----a-w C:\WINDOWS\system32\offfilt.dll
+ 2002-08-29 10:41:10 109,568 ----a-w C:\WINDOWS\system32\offfilt.dll
- 2001-08-18 18:00:00 1,141,248 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2002-08-29 10:41:10 1,169,920 ----a-w C:\WINDOWS\system32\ole32.dll
- 2001-08-18 18:00:00 569,344 ------w C:\WINDOWS\system32\oleaut32.dll
+ 2002-08-29 10:41:10 569,344 ------w C:\WINDOWS\system32\oleaut32.dll
- 2001-08-18 18:00:00 98,304 ----a-w C:\WINDOWS\system32\oleprn.dll
+ 2002-08-29 10:41:10 98,304 ----a-w C:\WINDOWS\system32\oleprn.dll
- 2001-08-18 10:00:00 107,008 ----a-w C:\WINDOWS\system32\oobe\msobcomm.dll
+ 2002-08-29 10:41:06 112,128 ----a-w C:\WINDOWS\system32\oobe\msobcomm.dll
- 2001-08-18 10:00:00 532,480 ----a-w C:\WINDOWS\system32\oobe\msobmain.dll
+ 2002-08-29 10:41:06 536,576 ----a-w C:\WINDOWS\system32\oobe\msobmain.dll
- 2001-08-18 10:00:00 49,664 ----a-w C:\WINDOWS\system32\oobe\oobebaln.exe
+ 2002-08-29 10:41:28 49,664 ----a-w C:\WINDOWS\system32\oobe\oobebaln.exe
- 2001-08-18 18:00:00 685,568 ----a-w C:\WINDOWS\system32\opengl32.dll
+ 2002-08-29 10:41:10 686,080 ----a-w C:\WINDOWS\system32\opengl32.dll
- 2001-08-18 18:00:00 212,480 ----a-w C:\WINDOWS\system32\osk.exe
+ 2002-08-29 10:41:28 212,480 ----a-w C:\WINDOWS\system32\osk.exe
- 2001-08-18 18:00:00 52,224 ----a-w C:\WINDOWS\system32\packager.exe
+ 2002-08-29 10:41:28 53,248 ----a-w C:\WINDOWS\system32\packager.exe
- 2001-08-18 18:00:00 58,368 ----a-w C:\WINDOWS\system32\pautoenr.dll
+ 2002-08-29 10:41:10 58,880 ----a-w C:\WINDOWS\system32\pautoenr.dll
- 2001-08-18 18:00:00 250,880 ----a-w C:\WINDOWS\system32\pdh.dll
+ 2002-08-29 10:41:10 254,976 ----a-w C:\WINDOWS\system32\pdh.dll
- 2008-05-02 15:45:28 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-10 15:59:36 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-02 15:45:28 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-10 15:59:36 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2001-08-18 18:00:00 27,136 ----a-w C:\WINDOWS\system32\pidgen.dll
+ 2002-08-29 08:08:22 27,648 ----a-w C:\WINDOWS\system32\pidgen.dll
- 2001-08-18 18:00:00 14,848 ----a-w C:\WINDOWS\system32\ping.exe
+ 2002-08-29 10:41:28 16,384 ----a-w C:\WINDOWS\system32\ping.exe
- 2001-08-18 18:00:00 30,208 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2002-08-29 10:41:10 34,304 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2001-08-18 18:00:00 522,240 ----a-w C:\WINDOWS\system32\printui.dll
+ 2002-08-29 10:41:10 522,240 ----a-w C:\WINDOWS\system32\printui.dll
- 2001-08-18 18:00:00 17,408 ----a-w C:\WINDOWS\system32\psapi.dll
+ 2002-08-29 10:41:10 17,408 ----a-w C:\WINDOWS\system32\psapi.dll
- 2001-08-18 18:00:00 82,944 ----a-w C:\WINDOWS\system32\psbase.dll
+ 2002-08-29 10:41:10 82,944 ----a-w C:\WINDOWS\system32\psbase.dll
- 2001-08-18 18:00:00 214,528 ----a-w C:\WINDOWS\system32\rasapi32.dll
+ 2002-08-29 10:41:10 217,088 ----a-w C:\WINDOWS\system32\rasapi32.dll
- 2001-08-18 18:00:00 34,304 ----a-w C:\WINDOWS\system32\raschap.dll
+ 2002-08-29 10:41:10 57,856 ----a-w C:\WINDOWS\system32\raschap.dll
- 2001-08-18 18:00:00 630,784 ----a-w C:\WINDOWS\system32\rasdlg.dll
+ 2002-08-29 10:41:10 631,808 ----a-w C:\WINDOWS\system32\rasdlg.dll
- 2001-08-18 18:00:00 55,808 ----a-w C:\WINDOWS\system32\rasman.dll
+ 2002-08-29 10:41:10 55,808 ----a-w C:\WINDOWS\system32\rasman.dll
- 2001-08-18 18:00:00 159,744 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2002-08-29 10:41:10 158,720 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2001-08-18 18:00:00 193,536 ----a-w C:\WINDOWS\system32\rasppp.dll
+ 2002-08-29 10:41:10 193,536 ----a-w C:\WINDOWS\system32\rasppp.dll
- 2001-08-18 18:00:00 13,824 ----a-w C:\WINDOWS\system32\rassapi.dll
+ 2002-08-29 10:41:10 13,824 ----a-w C:\WINDOWS\system32\rassapi.dll
- 2001-08-18 18:00:00 53,760 ----a-w C:\WINDOWS\system32\rastapi.dll
+ 2002-08-29 10:41:10 54,272 ----a-w C:\WINDOWS\system32\rastapi.dll
- 2001-08-18 18:00:00 52,224 ----a-w C:\WINDOWS\system32\rastls.dll
+ 2002-08-29 10:41:10 91,136 ----a-w C:\WINDOWS\system32\rastls.dll
- 2001-08-18 18:00:00 34,304 ----a-w C:\WINDOWS\system32\rcimlby.exe
+ 2002-08-29 10:41:28 34,304 ----a-w C:\WINDOWS\system32\rcimlby.exe
- 2001-08-18 10:00:00 134,656 ----a-w C:\WINDOWS\system32\rdchost.dll
+ 2002-08-29 10:41:10 135,680 ----a-w C:\WINDOWS\system32\rdchost.dll
- 2001-08-18 10:00:00 41,984 ----a-w C:\WINDOWS\system32\rdpclip.exe
+ 2002-08-29 10:41:28 44,032 ----a-w C:\WINDOWS\system32\rdpclip.exe
- 2001-08-18 18:00:00 87,048 ----a-w C:\WINDOWS\system32\rdpdd.dll
+ 2002-08-29 10:46:44 87,304 ----a-w C:\WINDOWS\system32\rdpdd.dll
- 2001-08-18 10:00:00 14,848 ----a-w C:\WINDOWS\system32\rdpsnd.dll
+ 2002-08-29 10:41:10 14,848 ----a-w C:\WINDOWS\system32\rdpsnd.dll
- 2001-08-18 10:00:00 73,864 ----a-w C:\WINDOWS\system32\rdpwsx.dll
+ 2002-08-29 10:46:44 75,912 ----a-w C:\WINDOWS\system32\rdpwsx.dll
- 2001-08-18 10:00:00 12,288 ----a-w C:\WINDOWS\system32\rdsaddin.exe
+ 2002-08-29 10:41:28 12,288 ----a-w C:\WINDOWS\system32\rdsaddin.exe
- 2001-08-18 18:00:00 3,338 ----a-w C:\WINDOWS\system32\redir.exe
+ 2002-08-29 04:24:16 3,338 ----a-w C:\WINDOWS\system32\redir.exe
- 2001-08-18 18:00:00 48,128 ----a-w C:\WINDOWS\system32\reg.exe
+ 2002-08-29 10:41:28 48,128 ----a-w C:\WINDOWS\system32\reg.exe
- 2001-08-18 18:00:00 44,032 ----a-w C:\WINDOWS\system32\regapi.dll
+ 2002-08-29 10:41:10 44,032 ----a-w C:\WINDOWS\system32\regapi.dll
- 2001-08-18 10:00:00 56,320 ----a-w C:\WINDOWS\system32\remotepg.dll
+ 2002-08-29 10:41:10 56,320 ----a-w C:\WINDOWS\system32\remotepg.dll
- 2001-08-18 10:00:00 366,080 ----a-w C:\WINDOWS\system32\Restore\rstrui.exe
+ 2002-08-29 10:41:28 370,688 ----a-w C:\WINDOWS\system32\Restore\rstrui.exe
- 2001-08-18 18:00:00 426,496 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2002-08-29 10:41:10 423,424 ----a-w C:\WINDOWS\system32\riched20.dll
- 2001-08-18 18:00:00 35,840 ----a-w C:\WINDOWS\system32\rshx32.dll
+ 2002-08-29 10:41:10 36,352 ----a-w C:\WINDOWS\system32\rshx32.dll
- 2001-08-18 18:00:00 54,784 ----a-w C:\WINDOWS\system32\samlib.dll
+ 2002-08-29 10:41:12 54,784 ----a-w C:\WINDOWS\system32\samlib.dll
- 2001-08-18 18:00:00 19,456 ----a-w C:\WINDOWS\system32\savedump.exe
+ 2002-08-29 10:41:28 19,456 ----a-w C:\WINDOWS\system32\savedump.exe
- 2001-08-18 18:00:00 133,632 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2002-08-29 10:41:12 136,704 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2002-04-11 00:18:00 4,573 ------w C:\WINDOWS\system32\secupd.dat
- 2001-08-18 10:00:00 130,048 ----a-w C:\WINDOWS\system32\sessmgr.exe
+ 2002-08-29 10:41:28 129,024 ----a-w C:\WINDOWS\system32\sessmgr.exe
- 2001-08-18 18:00:00 32,828 ----a-w C:\WINDOWS\system32\Setup\fp40ext.dll
+ 2002-08-29 10:40:54 32,828 ----a-w C:\WINDOWS\system32\Setup\fp40ext.dll
- 2001-08-18 18:00:00 122,368 ----a-w C:\WINDOWS\system32\Setup\fxsocm.dll
+ 2002-08-29 10:40:56 122,880 ----a-w C:\WINDOWS\system32\Setup\fxsocm.dll
- 2001-08-18 18:00:00 468,480 ------w C:\WINDOWS\system32\Setup\iis.dll
+ 2002-08-29 10:40:56 468,480 ------w C:\WINDOWS\system32\Setup\iis.dll
- 2001-08-18 18:00:00 24,606 ----a-w C:\WINDOWS\system32\Setup\msgrocm.dll
+ 2002-08-29 10:41:04 57,374 ----a-w C:\WINDOWS\system32\Setup\msgrocm.dll
- 2001-08-18 18:00:00 71,168 ----a-w C:\WINDOWS\system32\Setup\netoc.dll
+ 2002-08-29 10:41:08 71,168 ----a-w C:\WINDOWS\system32\Setup\netoc.dll
- 2001-08-18 18:00:00 11,776 ----a-w C:\WINDOWS\system32\Setup\ocgen.dll
+ 2002-08-29 10:41:10 12,800 ----a-w C:\WINDOWS\system32\Setup\ocgen.dll
- 2001-08-18 18:00:00 36,864 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll
+ 2002-08-29 10:39:36 40,960 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll
- 2001-08-18 18:00:00 96,768 ----a-w C:\WINDOWS\system32\Setup\setupqry.dll
+ 2002-08-29 10:41:12 99,328 ----a-w C:\WINDOWS\system32\Setup\setupqry.dll
- 2001-08-18 18:00:00 99,840 ----a-w C:\WINDOWS\system32\Setup\tsoc.dll
+ 2002-08-29 10:41:18 113,664 ----a-w C:\WINDOWS\system32\Setup\tsoc.dll
- 2001-08-18 18:00:00 922,624 ----a-w C:\WINDOWS\system32\setupapi.dll
+ 2002-08-29 10:41:12 932,864 ----a-w C:\WINDOWS\system32\setupapi.dll
- 2001-08-18 18:00:00 132,608 ----a-w C:\WINDOWS\system32\sfc_os.dll
+ 2002-08-29 10:41:12 133,120 ----a-w C:\WINDOWS\system32\sfc_os.dll
- 2001-08-18 18:00:00 1,562,112 ----a-w C:\WINDOWS\system32\sfcfiles.dll
+ 2002-08-29 10:41:12 1,157,632 ----a-w C:\WINDOWS\system32\sfcfiles.dll
- 2001-08-18 18:00:00 1,338,880 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2002-08-29 10:41:12 1,341,440 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2001-08-18 18:00:00 8,222,208 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2002-08-29 10:41:12 8,336,384 ----a-w C:\WINDOWS\system32\shell32.dll
- 2001-08-18 18:00:00 397,824 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2002-08-29 10:41:12 401,920 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2001-08-18 18:00:00 21,504 ----a-w C:\WINDOWS\system32\shmgrate.exe
+ 2002-08-29 10:41:28 33,280 ----a-w C:\WINDOWS\system32\shmgrate.exe
- 2001-08-18 18:00:00 114,688 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2002-08-29 10:41:12 116,224 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2001-08-18 18:00:00 11,776 ----a-w C:\WINDOWS\system32\sigtab.dll
+ 2002-08-29 10:41:12 11,776 ----a-w C:\WINDOWS\system32\sigtab.dll
- 2001-08-18 18:00:00 66,048 ----a-w C:\WINDOWS\system32\sigverif.exe
+ 2002-08-29 10:41:28 66,048 ----a-w C:\WINDOWS\system32\sigverif.exe
- 2001-08-18 18:00:00 24,064 ----a-w C:\WINDOWS\system32\skeys.exe
+ 2002-08-29 10:41:28 24,064 ----a-w C:\WINDOWS\system32\skeys.exe
- 2001-08-18 18:00:00 22,016 ----a-w C:\WINDOWS\system32\slayerxp.dll
+ 2002-08-29 10:41:12 22,528 ----a-w C:\WINDOWS\system32\slayerxp.dll
- 2001-08-18 18:00:00 332,288 ----a-w C:\WINDOWS\system32\smlogcfg.dll
+ 2002-08-29 10:41:12 334,848 ----a-w C:\WINDOWS\system32\smlogcfg.dll
- 2001-08-18 18:00:00 86,016 ----a-w C:\WINDOWS\system32\smlogsvc.exe
+ 2002-08-29 10:41:28 82,944 ----a-w C:\WINDOWS\system32\smlogsvc.exe
- 2001-08-18 18:00:00 45,568 ----a-w C:\WINDOWS\system32\smss.exe
+ 2002-08-29 10:41:28 45,568 ----a-w C:\WINDOWS\system32\smss.exe
- 2001-08-18 18:00:00 16,896 ----a-w C:\WINDOWS\system32\snmpapi.dll
+ 2002-08-29 10:41:14 16,896 ----a-w C:\WINDOWS\system32\snmpapi.dll
- 2001-08-18 10:00:00 534,016 ----a-w C:\WINDOWS\system32\spider.exe
+ 2002-08-29 10:41:28 534,016 ----a-w C:\WINDOWS\system32\spider.exe
- 2001-08-18 18:00:00 66,560 ----a-w C:\WINDOWS\system32\spoolss.dll
+ 2002-08-29 10:41:14 66,560 ----a-w C:\WINDOWS\system32\spoolss.dll
- 2001-08-18 18:00:00 356,352 ----a-w C:\WINDOWS\system32\sqlsrv32.dll
+ 2002-08-08 01:25:02 385,024 ----a-w C:\WINDOWS\system32\sqlsrv32.dll
- 2001-08-18 18:00:00 927,232 ----a-w C:\WINDOWS\system32\syssetup.dll
+ 2002-08-29 10:41:18 938,496 ----a-w C:\WINDOWS\system32\syssetup.dll
- 2001-08-18 18:00:00 383,488 ----a-w C:\WINDOWS\system32\themeui.dll
+ 2002-08-29 10:41:18 384,000 ----a-w C:\WINDOWS\system32\themeui.dll
- 2001-08-18 18:00:00 9,728 ----a-w C:\WINDOWS\system32\tracert.exe
+ 2002-08-29 10:41:28 10,752 ----a-w C:\WINDOWS\system32\tracert.exe
- 2001-08-18 18:00:00 80,384 ----a-w C:\WINDOWS\system32\trkwks.dll
+ 2002-08-29 10:41:18 81,920 ----a-w C:\WINDOWS\system32\trkwks.dll
- 2001-08-18 10:00:00 88,576 ----a-w C:\WINDOWS\system32\tscfgwmi.dll
+ 2002-08-29 10:41:18 88,064 ----a-w C:\WINDOWS\system32\tscfgwmi.dll
- 2001-08-18 10:00:00 40,448 ----a-w C:\WINDOWS\system32\tscupgrd.exe
+ 2002-08-29 08:40:46 40,960 ----a-w C:\WINDOWS\system32\tscupgrd.exe
- 2001-08-18 18:00:00 21,504 ----a-w C:\WINDOWS\system32\udhisapi.dll
+ 2002-08-29 10:41:18 22,016 ----a-w C:\WINDOWS\system32\udhisapi.dll
- 2001-08-18 18:00:00 31,744 ----a-w C:\WINDOWS\system32\umandlg.dll
+ 2002-08-29 10:41:18 32,256 ----a-w C:\WINDOWS\system32\umandlg.dll
- 2001-08-18 18:00:00 105,472 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2002-08-29 10:41:18 107,008 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2001-08-18 18:00:00 302,080 ----a-w C:\WINDOWS\system32\untfs.dll
+ 2002-08-29 10:41:18 302,080 ----a-w C:\WINDOWS\system32\untfs.dll
- 2001-08-18 18:00:00 119,808 ----a-w C:\WINDOWS\system32\upnp.dll
+ 2002-08-29 10:41:18 120,320 ----a-w C:\WINDOWS\system32\upnp.dll
- 2001-08-18 18:00:00 162,816 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2002-08-29 10:41:18 164,864 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2001-08-18 18:00:00 231,424 ----a-w C:\WINDOWS\system32\upnpui.dll
+ 2002-08-29 10:41:18 231,424 ----a-w C:\WINDOWS\system32\upnpui.dll
- 2001-08-18 18:00:00 16,384 ----a-w C:\WINDOWS\system32\ups.exe
+ 2002-08-29 10:41:28 16,384 ----a-w C:\WINDOWS\system32\ups.exe
- 2001-08-18 18:00:00 109,568 ----a-w C:\WINDOWS\system32\url.dll
+ 2002-08-29 10:41:18 106,496 ----a-w C:\WINDOWS\system32\url.dll
- 2001-08-18 18:00:00 452,096 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2002-08-29 10:41:18 455,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2001-08-18 18:00:00 561,152 ----a-w C:\WINDOWS\system32\user32.dll
+ 2002-08-29 10:41:18 560,128 ----a-w C:\WINDOWS\system32\user32.dll
- 2001-08-18 18:00:00 656,896 ----a-w C:\WINDOWS\system32\userenv.dll
+ 2002-08-29 10:41:18 667,136 ----a-w C:\WINDOWS\system32\userenv.dll
- 2001-08-18 18:00:00 21,504 ----a-w C:\WINDOWS\system32\userinit.exe
+ 2002-08-29 10:41:28 22,016 ----a-w C:\WINDOWS\system32\userinit.exe
- 2001-08-18 18:00:00 113,664 ----a-w C:\WINDOWS\system32\usmt\guitrn.dll
+ 2002-08-29 10:40:56 114,688 ----a-w C:\WINDOWS\system32\usmt\guitrn.dll
- 2001-08-18 18:00:00 100,864 ----a-w C:\WINDOWS\system32\usmt\guitrn_a.dll
+ 2002-08-29 10:40:56 100,352 ----a-w C:\WINDOWS\system32\usmt\guitrn_a.dll
- 2001-08-18 18:00:00 16,896 ----a-w C:\WINDOWS\system32\usmt\log.dll
+ 2002-08-29 10:41:00 17,408 ----a-w C:\WINDOWS\system32\usmt\log.dll
- 2001-08-18 18:00:00 185,344 ----a-w C:\WINDOWS\system32\usmt\migism.dll
+ 2002-08-29 10:41:00 179,200 ----a-w C:\WINDOWS\system32\usmt\migism.dll
- 2001-08-18 18:00:00 179,200 ----a-w C:\WINDOWS\system32\usmt\migism_a.dll
+ 2002-08-29 10:41:00 170,496 ----a-w C:\WINDOWS\system32\usmt\migism_a.dll
- 2001-08-18 18:00:00 98,816 ----a-w C:\WINDOWS\system32\usmt\migload.exe
+ 2002-08-29 10:41:26 98,816 ----a-w C:\WINDOWS\system32\usmt\migload.exe
- 2001-08-18 18:00:00 230,400 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2002-08-29 10:41:26 230,400 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
- 2001-08-18 18:00:00 226,816 ----a-w C:\WINDOWS\system32\usmt\migwiz_a.exe
+ 2002-08-29 10:41:26 226,816 ----a-w C:\WINDOWS\system32\usmt\migwiz_a.exe
- 2001-08-18 18:00:00 186,368 ----a-w C:\WINDOWS\system32\usmt\script.dll
+ 2002-08-29 10:41:12 173,056 ----a-w C:\WINDOWS\system32\usmt\script.dll
- 2001-08-18 18:00:00 167,424 ----a-w C:\WINDOWS\system32\usmt\script_a.dll
+ 2002-08-29 10:41:12 158,720 ----a-w C:\WINDOWS\system32\usmt\script_a.dll
- 2001-08-18 18:00:00 141,312 ----a-w C:\WINDOWS\system32\usmt\sysmod.dll
+ 2002-08-29 10:41:18 141,312 ----a-w C:\WINDOWS\system32\usmt\sysmod.dll
- 2001-08-18 18:00:00 130,560 ----a-w C:\WINDOWS\system32\usmt\sysmod_a.dll
+ 2002-08-29 10:41:18 130,048 ----a-w C:\WINDOWS\system32\usmt\sysmod_a.dll
- 2001-08-18 18:00:00 339,456 ----a-w C:\WINDOWS\system32\usp10.dll
+ 2002-08-29 10:41:18 339,456 ----a-w C:\WINDOWS\system32\usp10.dll
- 2001-08-18 18:00:00 46,592 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2002-08-29 10:41:28 47,616 ----a-w C:\WINDOWS\system32\utilman.exe
- 2001-08-18 18:00:00 202,752 ----a-w C:\WINDOWS\system32\uxtheme.dll
+ 2002-08-29 10:41:18 203,264 ----a-w C:\WINDOWS\system32\uxtheme.dll
- 2001-08-18 18:00:00 479,261 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2002-08-29 10:41:18 479,261 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2001-08-18 18:00:00 48,640 ----a-w C:\WINDOWS\system32\vdmredir.dll
+ 2002-08-29 10:41:18 48,640 ----a-w C:\WINDOWS\system32\vdmredir.dll
- 2001-08-18 04:36:34 49,664 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
+ 2002-08-29 10:41:18 49,664 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
- 2001-08-18 18:00:00 409,088 ----a-w C:\WINDOWS\system32\vssapi.dll
+ 2002-08-29 10:41:18 409,088 ----a-w C:\WINDOWS\system32\vssapi.dll
- 2001-08-18 18:00:00 165,376 ----a-w C:\WINDOWS\system32\w32time.dll
+ 2002-08-29 10:41:18 165,376 ----a-w C:\WINDOWS\system32\w32time.dll
- 2001-08-18 18:00:00 14,592 ----a-w C:\WINDOWS\system32\watchdog.sys
+ 2002-08-29 08:32:22 16,384 ----a-w C:\WINDOWS\system32\watchdog.sys
- 2001-08-18 10:00:00 1,266,688 ----a-w C:\WINDOWS\system32\wbem\cimwin32.dll
+ 2002-08-29 10:40:50 1,267,712 ----a-w C:\WINDOWS\system32\wbem\cimwin32.dll
- 2001-08-18 10:00:00 235,520 ----a-w C:\WINDOWS\system32\wbem\esscli.dll
+ 2002-08-29 10:40:52 235,520 ----a-w C:\WINDOWS\system32\wbem\esscli.dll
- 2001-08-18 18:00:00 19,456 ----a-w C:\WINDOWS\system32\wbem\evntrprv.dll
+ 2002-08-29 10:40:52 19,456 ----a-w C:\WINDOWS\system32\wbem\evntrprv.dll
- 2001-08-18 10:00:00 585,216 ----a-w C:\WINDOWS\system32\wbem\fastprox.dll
+ 2002-08-29 10:40:54 565,248 ----a-w C:\WINDOWS\system32\wbem\fastprox.dll
- 2001-08-18 10:00:00 14,336 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe
+ 2002-08-29 10:41:26 15,360 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe
- 2001-08-18 10:00:00 104,960 ----a-w C:\WINDOWS\system32\wbem\mofd.dll
+ 2002-08-29 10:41:00 104,960 ----a-w C:\WINDOWS\system32\wbem\mofd.dll
- 2001-08-18 10:00:00 60,928 ----a-w C:\WINDOWS\system32\wbem\ncprov.dll
+ 2002-08-29 10:41:08 60,416 ----a-w C:\WINDOWS\system32\wbem\ncprov.dll
- 2001-08-18 10:00:00 137,216 ----a-w C:\WINDOWS\system32\wbem\repdrvfs.dll
+ 2002-08-29 10:41:10 138,240 ----a-w C:\WINDOWS\system32\wbem\repdrvfs.dll
- 2001-08-18 10:00:00 80,896 ----a-w C:\WINDOWS\system32\wbem\stdprov.dll
+ 2002-08-29 10:41:18 80,896 ----a-w C:\WINDOWS\system32\wbem\stdprov.dll
- 2001-08-18 10:00:00 214,528 ----a-w C:\WINDOWS\system32\wbem\wbemcomn.dll
+ 2002-08-29 10:41:18 215,040 ----a-w C:\WINDOWS\system32\wbem\wbemcomn.dll
- 2001-08-18 10:00:00 477,184 ----a-w C:\WINDOWS\system32\wbem\wbemcore.dll
+ 2002-08-29 10:41:18 480,256 ----a-w C:\WINDOWS\system32\wbem\wbemcore.dll
- 2001-08-18 10:00:00 259,072 ----a-w C:\WINDOWS\system32\wbem\wbemess.dll
+ 2002-08-29 10:41:18 259,072 ----a-w C:\WINDOWS\system32\wbem\wbemess.dll
- 2001-08-18 10:00:00 28,160 ----a-w C:\WINDOWS\system32\wbem\wbemprox.dll
+ 2002-08-29 10:41:18 28,160 ----a-w C:\WINDOWS\system32\wbem\wbemprox.dll
- 2001-08-18 10:00:00 106,496 ----a-w C:\WINDOWS\system32\wbem\wbemupgd.dll
+ 2002-08-29 10:41:18 111,104 ----a-w C:\WINDOWS\system32\wbem\wbemupgd.dll
- 2001-08-18 10:00:00 55,808 ----a-w C:\WINDOWS\system32\wbem\wmicookr.dll
+ 2002-08-29 10:41:18 55,808 ----a-w C:\WINDOWS\system32\wbem\wmicookr.dll
- 2001-08-18 10:00:00 138,752 ----a-w C:\WINDOWS\system32\wbem\wmidcprv.dll
+ 2002-08-29 10:41:18 138,752 ----a-w C:\WINDOWS\system32\wbem\wmidcprv.dll
- 2001-08-18 10:00:00 149,504 ----a-w C:\WINDOWS\system32\wbem\wmipcima.dll
+ 2002-08-29 10:41:18 149,504 ----a-w C:\WINDOWS\system32\wbem\wmipcima.dll
- 2001-08-18 10:00:00 122,368 ----a-w C:\WINDOWS\system32\wbem\wmiprov.dll
+ 2002-08-29 10:41:18 122,368 ----a-w C:\WINDOWS\system32\wbem\wmiprov.dll
- 2001-08-18 10:00:00 407,040 ----a-w C:\WINDOWS\system32\wbem\wmiprvsd.dll
+ 2002-08-29 10:41:18 408,576 ----a-w C:\WINDOWS\system32\wbem\wmiprvsd.dll
- 2001-08-18 10:00:00 203,264 ----a-w C:\WINDOWS\system32\wbem\wmiprvse.exe
+ 2002-08-29 10:41:28 203,776 ----a-w C:\WINDOWS\system32\wbem\wmiprvse.exe
- 2001-08-18 10:00:00 38,912 ----a-w C:\WINDOWS\system32\wbem\wmipsess.dll
+ 2002-08-29 10:41:18 38,912 ----a-w C:\WINDOWS\system32\wbem\wmipsess.dll
- 2001-08-18 10:00:00 100,864 ----a-w C:\WINDOWS\system32\wbem\wmisvc.dll
+ 2002-08-29 10:41:18 101,376 ----a-w C:\WINDOWS\system32\wbem\wmisvc.dll
- 2001-08-18 10:00:00 95,744 ----a-w C:\WINDOWS\system32\wbem\wmiutils.dll
+ 2002-08-29 10:41:18 96,256 ----a-w C:\WINDOWS\system32\wbem\wmiutils.dll
- 2001-08-18 18:00:00 258,560 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2002-08-29 10:41:18 258,048 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2001-08-18 18:00:00 61,440 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2002-08-29 10:41:18 61,952 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2001-08-18 18:00:00 124,928 ----a-w C:\WINDOWS\system32\webvw.dll
+ 2002-08-29 10:41:18 124,928 ----a-w C:\WINDOWS\system32\webvw.dll
- 2001-08-18 18:00:00 60,416 ----a-w C:\WINDOWS\system32\wextract.exe
+ 2002-08-29 10:41:28 60,416 ----a-w C:\WINDOWS\system32\wextract.exe
- 2001-08-18 18:00:00 118,272 ----a-w C:\WINDOWS\system32\wiadss.dll
+ 2002-08-29 10:41:18 119,808 ----a-w C:\WINDOWS\system32\wiadss.dll
- 2001-08-18 18:00:00 314,368 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2002-08-29 10:41:18 316,416 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2001-08-18 18:00:00 1,670,912 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2002-08-29 09:14:20 1,813,632 ----a-w C:\WINDOWS\system32\win32k.sys
- 2001-08-18 18:00:00 95,232 ----a-w C:\WINDOWS\system32\win32spl.dll
+ 2002-08-29 10:41:18 99,328 ----a-w C:\WINDOWS\system32\win32spl.dll
+ 2002-08-29 08:09:00 403,456 ------w C:\WINDOWS\system32\winbrand.dll
- 2001-08-18 18:00:00 593,920 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2002-08-29 10:41:18 599,040 ----a-w C:\WINDOWS\system32\wininet.dll
- 2001-08-18 18:00:00 429,056 ----a-w C:\WINDOWS\system32\winlogon.exe
+ 2002-08-29 10:41:28 516,608 ----a-w C:\WINDOWS\system32\winlogon.exe
- 2001-08-18 18:00:00 170,496 ----a-w C:\WINDOWS\system32\winmm.dll
+ 2002-08-29 10:41:18 171,520 ----a-w C:\WINDOWS\system32\winmm.dll
- 2001-08-18 18:00:00 131,584 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2002-08-29 10:41:32 132,096 ----a-w C:\WINDOWS\system32\winspool.drv
- 2001-08-18 18:00:00 275,968 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2002-08-29 10:41:18 276,480 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2001-08-18 18:00:00 47,104 ----a-w C:\WINDOWS\system32\winsta.dll
+ 2002-08-29 10:41:18 48,128 ----a-w C:\WINDOWS\system32\winsta.dll
- 2001-08-18 18:00:00 167,936 ----a-w C:\WINDOWS\system32\wldap32.dll
+ 2002-08-29 10:41:18 168,448 ----a-w C:\WINDOWS\system32\wldap32.dll
- 2001-08-18 18:00:00 86,016 ----a-w C:\WINDOWS\system32\wlnotify.dll
+ 2002-08-29 10:41:18 86,528 ----a-w C:\WINDOWS\system32\wlnotify.dll
- 2001-08-18 18:00:00 51,200 ----a-w C:\WINDOWS\system32\wmerrenu.dll
+ 2002-08-29 10:39:24 51,200 ----a-w C:\WINDOWS\system32\wmerrenu.dll
- 2001-08-18 18:00:00 253,952 ----a-w C:\WINDOWS\system32\wmpcd.dll
+ 2002-08-29 10:41:18 253,952 ----a-w C:\WINDOWS\system32\wmpcd.dll
+ 2002-08-29 10:41:20 1,677,312 ------w C:\WINDOWS\system32\wmvcore2.dll
+ 2002-08-29 08:03:28 187,904 ------w C:\WINDOWS\system32\xpsp1res.dll
- 2001-08-18 18:00:00 317,952 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2002-08-29 10:41:20 316,416 ----a-w C:\WINDOWS\system32\zipfldr.dll
- 2001-08-18 18:00:00 266,752 ----a-w C:\WINDOWS\winhlp32.exe
+ 2002-08-29 10:41:28 266,752 ----a-w C:\WINDOWS\winhlp32.exe
+ 2002-08-29 09:41:32 921,600 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
+ 2002-08-29 09:41:32 50,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcirt.dll
+ 2002-08-29 09:41:32 323,072 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll
+ 2002-08-29 09:41:32 1,703,936 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 04:41 1511453]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-20 05:18 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-24 20:17 98304]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 13:12 2061816]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 11:55 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 11:51 118784]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-28 19:02 198184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iZone Monitor.lnk - C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe [2007-11-01 17:01:14 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastAccess Help]
--a------ 2007-10-03 08:19 108421 C:\Program Files\BellSouth Application Management\content\..\Start.exe

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-01-28 14:56]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\System32\Drivers\Ca536av.sys [2004-06-29 21:21]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\System32\DRIVERS\mr97310v.sys [2004-03-30 11:29]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 11:53]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 11:53]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\System32\Drivers\Bulk536.sys [2003-05-14 23:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-01 23:46:40 C:\WINDOWS\Tasks\System Restore.job"
- C:\WINDOWS\system32\Restore\rstrui.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 13:17:07
Windows 5.1.2600 Service Pack 1 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
.
**************************************************************************
.
Completion time: 2008-05-11 13:17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-11 19:17:48
ComboFix3.txt 2008-05-09 18:21:18
ComboFix2.txt 2008-05-10 07:12:28

Pre-Run: 19,842,777,088 bytes free
Post-Run: 19,841,908,736 bytes free

2078

ccogswel
2008-05-12, 01:19
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:53 PM, on 5/11/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.forums.spybot.info
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3B48A7-1C39-43AD-9D30-353181A238A5}: NameServer = 207.69.188.187 207.69.188.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C3B48A7-1C39-43AD-9D30-353181A238A5}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 3924 bytes

Blade81
2008-05-12, 08:19
Hi

Looking better :)


Open notepad and copy/paste the text in the quotebox below into it:



File::
C:\WINDOWS\system32\clbcfg.dat



Save this as
CFScript


http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings and select the following:
Scan using the following Anti-Virus database:
Extended (If available, otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK.
Under
select a target to scan
, select My Computer.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.Once the scan is complete:
Click on the Save as Text button.
Save the file to your desktop.
Copy and paste that information into your next post if the AV content will fit into one post only. Post a fresh hjt (and above meantioned ComboFix resultant log) too.
If the results of the anti virus scan itself will take more than one post to contain, you may upload it to http://rapidshare.com


Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.



After those please download the Registry Search tool by clicking on the
hard drive
icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for clbdriver.sys and click OK. Post the logfile from the tool here for me. Repeat search with this clbImageData string.

ccogswel
2008-05-13, 09:50
Hi Blade81, Sorry for taking so long. Took awhile to download Kaspersky. After I done that Combo Fix I was able to write that missing file. It's fdsv-cb.
Also on that Registry search tool it didn't find either file. Hope this is all right.

ComboFix 08-05-11.1 - amy 2008-05-11 13:25:23.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.100 [GMT -6:00]
Running from: C:\Documents and Settings\amy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\amy\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-10 13:07 . 2008-05-10 13:07 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-10 10:23 . 2002-08-29 04:41 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2008-05-10 10:22 . 2002-08-29 04:41 218,112 --------- C:\WINDOWS\system32\sbe.dll
2008-05-10 10:22 . 2002-08-29 04:41 200,192 -ra------ C:\WINDOWS\system32\termsrv.dll
2008-05-10 10:22 . 2002-08-29 04:41 71,168 --a------ C:\WINDOWS\system32\telnet.exe
2008-05-10 10:21 . 2002-08-29 04:41 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2008-05-10 10:21 . 2002-08-29 04:41 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2008-05-10 10:21 . 2002-08-29 04:41 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2008-05-10 10:20 . 2002-08-29 04:41 172,032 --------- C:\WINDOWS\system32\mssap.dll
2008-05-10 10:20 . 2002-08-29 02:28 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2008-05-10 10:19 . 2002-08-29 04:39 205,312 --a------ C:\WINDOWS\system32\sysmon.ocx
2008-05-10 10:19 . 2002-08-29 02:11 162,304 --------- C:\WINDOWS\system32\msctfime.ime
2008-05-10 10:18 . 2002-08-29 04:41 674,816 --a------ C:\WINDOWS\system32\sxs.dll
2008-05-10 10:18 . 2002-08-29 04:41 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2008-05-10 10:18 . 2002-08-29 04:41 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2008-05-10 10:18 . 2002-08-29 04:40 155,648 --------- C:\WINDOWS\system32\encdec.dll
2008-05-10 10:18 . 2002-08-29 04:41 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2008-05-10 10:18 . 2002-08-29 04:41 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2008-05-10 10:18 . 2002-08-29 04:41 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2008-05-10 10:18 . 2002-08-29 04:41 61,952 --a------ C:\WINDOWS\system32\sti.dll
2008-05-10 10:18 . 2002-08-29 04:41 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2008-05-10 10:18 . 2002-08-29 02:32 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2008-05-10 10:17 . 2002-04-19 19:20 66,082 --------- C:\WINDOWS\system32\c_28603.nls
2008-05-10 10:17 . 2002-08-29 00:16 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2008-05-10 10:17 . 2002-08-29 00:16 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2008-05-10 10:17 . 2002-08-29 00:16 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2008-05-10 10:17 . 2002-08-29 04:41 31,263 --------- C:\WINDOWS\system32\ativmvxx.ax
2008-05-10 10:17 . 2002-08-29 00:16 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2008-05-10 10:17 . 2002-08-29 00:16 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2008-05-10 10:17 . 2002-08-29 00:16 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2008-05-10 10:17 . 2002-08-29 04:41 12,831 --------- C:\WINDOWS\system32\ativdaxx.ax
2008-05-10 10:17 . 2002-08-29 02:14 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2008-05-10 10:16 . 2002-08-29 04:40 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2008-05-10 10:16 . 2002-08-29 04:41 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2008-05-10 10:16 . 2002-08-29 00:16 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2008-05-10 10:16 . 2002-08-29 00:16 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2008-05-10 10:16 . 2002-08-29 04:41 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2008-05-10 10:16 . 2002-08-29 00:16 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2008-05-10 10:16 . 2002-08-29 00:16 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2008-05-10 10:15 . 2002-08-29 04:41 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2008-05-10 10:15 . 2002-08-29 04:41 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2008-05-10 10:15 . 2002-08-29 04:41 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2008-05-10 10:14 . 2002-08-29 04:40 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-05-10 10:14 . 2002-08-29 04:41 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2008-05-10 10:14 . 2002-08-29 04:41 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2008-05-10 10:14 . 2002-08-29 04:41 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2008-05-10 10:14 . 2002-08-29 04:41 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2008-05-10 10:12 . 2002-08-29 00:16 450,176 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-10 10:12 . 2002-08-29 04:41 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2008-05-10 10:11 . 2002-08-29 00:16 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-05-10 10:11 . 2002-08-29 04:41 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
2008-05-10 10:11 . 2002-08-29 04:41 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2008-05-10 10:09 . 2002-08-29 04:41 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2008-05-10 10:09 . 2002-08-29 04:41 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2008-05-10 10:09 . 2002-08-29 04:41 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2008-05-10 10:09 . 2002-08-29 04:41 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2008-05-10 10:08 . 2002-04-15 22:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-05-10 10:07 . 2002-08-29 04:41 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2008-05-10 10:07 . 2002-08-29 04:48 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2008-05-10 10:06 . 2002-08-29 04:41 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2008-05-10 10:06 . 2002-08-29 04:41 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2008-05-10 10:06 . 2002-08-29 04:41 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2008-05-10 10:06 . 2002-08-29 04:41 154,112 --a------ C:\WINDOWS\system32\netman.dll
2008-05-10 10:06 . 2002-08-29 04:41 105,984 --a------ C:\WINDOWS\system32\netdde.exe
2008-05-10 10:05 . 2002-08-29 04:41 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2008-05-10 10:05 . 2002-08-29 04:41 115,200 --a------ C:\WINDOWS\system32\net1.exe
2008-05-10 10:05 . 2002-08-29 04:41 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2008-05-10 10:05 . 2002-08-29 04:41 39,424 --a------ C:\WINDOWS\system32\net.exe
2008-05-10 10:05 . 2002-08-29 04:41 16,384 --a------ C:\WINDOWS\system32\nddenb32.dll
2008-05-10 10:04 . 2002-08-29 04:41 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2008-05-10 10:03 . 2002-08-29 04:41 344,095 --a------ C:\WINDOWS\system32\msxbde40.dll
2008-05-10 10:00 . 2002-08-29 02:40 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2008-05-10 10:00 . 2002-08-29 04:41 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2008-05-10 10:00 . 2002-08-29 02:40 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2008-05-10 10:00 . 2002-08-29 04:41 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2008-05-10 10:00 . 2002-08-29 04:41 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2008-05-10 10:00 . 2002-08-29 04:41 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2008-05-10 10:00 . 2002-08-29 04:41 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2008-05-10 10:00 . 2002-08-29 04:41 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2008-05-10 09:59 . 2002-08-29 04:41 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
2008-05-10 09:59 . 2002-08-29 04:41 253,983 --a------ C:\WINDOWS\system32\mstext40.dll
2008-05-10 09:59 . 2002-08-29 04:41 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2008-05-10 09:59 . 2002-08-29 04:41 245,760 --a------ C:\WINDOWS\system32\msscp.dll
2008-05-10 09:59 . 2002-08-29 04:39 106,547 --a------ C:\WINDOWS\system32\msscript.ocx
2008-05-10 09:59 . 2002-08-29 04:41 69,632 --a------ C:\WINDOWS\system32\msscds32.ax
2008-05-10 09:59 . 2002-08-29 04:41 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2008-05-10 09:54 . 2002-08-29 04:41 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2008-05-10 09:54 . 2002-08-29 04:41 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2008-05-10 09:54 . 2002-08-29 04:41 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2008-05-10 09:54 . 2002-08-29 04:41 36,352 --a------ C:\WINDOWS\system32\sens.dll
2008-05-10 09:54 . 2002-08-29 04:41 20,992 --a------ C:\WINDOWS\system32\setup.exe
2008-05-10 09:54 . 2002-08-29 04:41 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2008-05-10 09:54 . 2002-08-29 04:41 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2008-05-10 09:53 . 2002-08-29 04:41 548,864 --a------ C:\WINDOWS\system32\rtcdll.dll
2008-05-10 09:53 . 2002-08-29 04:41 530,432 --a------ C:\WINDOWS\system32\rpcrt4.dll
2008-05-10 09:53 . 2002-08-29 04:41 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2008-05-10 09:53 . 2002-08-29 04:41 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2008-05-10 09:53 . 2002-08-29 04:41 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2008-05-10 09:53 . 2002-08-29 04:41 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2008-05-10 09:53 . 2002-08-28 23:27 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2008-05-10 09:53 . 2002-08-28 23:27 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2008-05-10 09:53 . 2002-08-29 04:41 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2008-05-10 09:53 . 2002-08-29 04:41 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2008-05-10 09:51 . 2002-08-29 04:41 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2008-05-10 09:51 . 2002-08-29 04:41 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2008-05-10 09:51 . 2002-07-16 19:55 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2008-05-10 09:51 . 2002-08-29 04:41 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2008-05-10 09:51 . 2002-08-29 04:41 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2008-05-10 09:51 . 2002-08-29 04:41 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2008-05-10 09:51 . 2002-08-29 04:41 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2008-05-10 09:50 . 2002-08-29 04:41 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-05-10 09:50 . 2002-08-29 04:41 258,048 --a------ C:\WINDOWS\system32\wmvds32.ax
2008-05-10 09:50 . 2002-08-29 04:41 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2008-05-10 09:50 . 2002-08-29 04:41 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2008-05-10 09:50 . 2002-08-29 04:41 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2008-05-10 09:50 . 2002-08-29 04:41 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2008-05-10 09:47 . 2002-08-29 04:39 1,998,848 --a------ C:\WINDOWS\system32\wmploc.dll
2008-05-10 09:47 . 2002-08-29 04:41 1,404,928 --a------ C:\WINDOWS\system32\wmpui.dll
2008-05-10 09:47 . 2002-08-29 04:41 1,298,432 --a------ C:\WINDOWS\system32\wmpcore.dll
2008-05-10 09:47 . 2002-08-29 04:41 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-10 09:47 . 2002-08-29 04:41 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2008-05-10 09:47 . 2002-08-29 04:41 278,559 --a------ C:\WINDOWS\system32\wmv8ds32.ax
2008-05-10 09:47 . 2002-08-29 04:41 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2008-05-10 09:47 . 2002-08-29 04:41 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2008-05-10 09:47 . 2002-08-29 04:41 77,824 --a------ C:\WINDOWS\system32\wmpshell.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 23:47 756,387 ----a-w C:\Program Files\INSTALL.LOG
2008-04-27 10:25 89,088 --sh--r C:\WINDOWS\AppPatch\wuaclt.exe
2008-02-27 10:05 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 04:41 1511453]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-20 05:18 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-24 20:17 98304]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 13:12 2061816]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 11:55 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 11:51 118784]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-28 19:02 198184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iZone Monitor.lnk - C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe [2007-11-01 17:01:14 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastAccess Help]
--a------ 2007-10-03 08:19 108421 C:\Program Files\BellSouth Application Management\content\..\Start.exe

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-01-28 14:56]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\System32\Drivers\Ca536av.sys [2004-06-29 21:21]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\System32\DRIVERS\mr97310v.sys [2004-03-30 11:29]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 11:53]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 11:53]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\System32\Drivers\Bulk536.sys [2003-05-14 23:28]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-01 23:46:40 C:\WINDOWS\Tasks\System Restore.job"
- C:\WINDOWS\system32\Restore\rstrui.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 13:26:31
Windows 5.1.2600 Service Pack 1 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-11 13:26:56
ComboFix-quarantined-files.txt 2008-05-11 19:26:56
ComboFix4.txt 2008-05-09 18:21:18
ComboFix3.txt 2008-05-10 07:12:28
ComboFix2.txt 2008-05-11 19:17:52

Pre-Run: 19,790,200,832 bytes free
Post-Run: 19,793,215,488 bytes free

204

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 13, 2008 1:18:14 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/05/2008
Kaspersky Anti-Virus database records: 765113
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 39835
Number of viruses found: 18
Number of infected objects: 31
Number of suspicious objects: 10
Duration of the scan process: 00:45:02

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\AppPatch\wuaclt.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\ModemLog_HSP56 Micromodem.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader3.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader4.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader9.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader9.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader11.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader11.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader13.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader13.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\amy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\amy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\amy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\amy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\amy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\amy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\amy\Local Settings\Application Data\SupportSoft\HelpCenter4.1\amy\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\amy\Local Settings\temp\abm3.tmp Object is locked skipped
C:\Documents and Settings\amy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\amy\Application Data\AT&T\Internet Security Wizard\client_gateway.log Object is locked skipped
C:\Documents and Settings\amy\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.98866 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0024020.old Infected: Trojan-Downloader.Win32.Agent.nua skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029120.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.da skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029125.exe Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029126.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029126.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029129.DLL Infected: Trojan.Win32.Monder.cy skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029130.DLL Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029131.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0030207.dll Infected: not-a-virus:AdWare.Win32.Agent.bob skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0030237.dll Infected: Trojan.Win32.Monder.dc skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0030239.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qvb skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0030240.dll Infected: Trojan.Win32.Monder.dd skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0031424.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0031426.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0031427.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0031428.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0040867.exe Infected: Trojan.Win32.Agent.lke skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP92\A0041108.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.bob skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP92\A0041108.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.bob skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP92\A0041108.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP94\A0044227.sys Infected: Rootkit.Win32.Agent.aii skipped
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP97\change.log Object is locked skipped
C:\PeoplePC98XP\Utilities\ppal3ppc.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.ac skipped
C:\PeoplePC98XP\Utilities\ppal3ppc.exe NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\WNSXS~1\сѕrss.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\clbdriver.sys.vir Infected: Rootkit.Win32.Agent.aii skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\g37.exe.vir/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.bob skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\g37.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Agent.bob skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\g37.exe.vir NSIS: infected - 2 skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:57 AM, on 5/13/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.forums.spybot.info
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3B48A7-1C39-43AD-9D30-353181A238A5}: NameServer = 207.69.188.187 207.69.188.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C3B48A7-1C39-43AD-9D30-353181A238A5}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4091 bytes

Blade81
2008-05-13, 10:23
Hi


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Clear Malwarebytes' Anti-malware quarantines thru the program itself.

Delete items in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery folder (not the folder itself!).


Delete following file:
C:\WINDOWS\AppPatch\wuaclt.exe

After those only existing bad items are in system restore (system restore reset takes care of them) and Qoobox folder (uninstalling ComboFix takes care of them). Instructions below.


Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



We need to re hide system files. To do so, please follow the steps below:
Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab.
Put a check by
Hide file extensions for known file types.
Under the
Hidden files
folder, select
Show hidden files and folders.
Check
Hide protected operating system files.
Click Apply, and then click OK.


Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK




UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Download Adaware
Adaware is a free program. It scans for known spyware on your computer. These scans should be run at least once every two weeks. For more information, see this tutorial (http://www.bleepingcomputer.com/forums/index.php?showtutorial=48)
The program is available for download here (http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10319876.html?tag=lst-0-1)
Download SpywareBlaster
Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
kill bits
in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
You can download SpywareBlaster here here (http://majorgeeks.com/downloadget.php?id=2859&file=11&evp=61b0e8ad41924a03c37615f4682b4cef)
SpywareBlaster tutorial (http://www.bleepingcomputer.com/forums/tutorial49.html)

Download iespyad
It puts many bad webpages on your restricted zones list. This means that you can still view the
bad
webpages, but the webpages cannot do certain things (such as use javascripts and cookies).
If you need help understanding how it works, there is a tutorial here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
Download it here (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe)

hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Run the spybot and adaware regularly. (Once or twice a week minimum.)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

Blade81
2008-05-19, 21:28
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.