Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:11 AM, on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: GoToAssist Express Customer - C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GoToAssist Express Customer - Unknown owner - C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O24 - Desktop Component 0: (no name) - http://images.mtsyellowpages.com/images/newypheader.gif
--
End of file - 9547 bytes
ComboFix 08-08-27.06 - user 2008-08-28 9:03:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.73 [GMT -5:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\bin.clearspring.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\interclick.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\interclick.com\ud.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0213\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0224\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0227\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0229\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0230\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0232\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0233\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0270\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0282\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0284\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0288\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0296\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0305\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\v1.0.0312\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\static.youku.com\youkuSavedVolume.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\www.youku.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\647L7TSQ\www.youku.com\youkuSavedVolume.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youku.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youku.com\settings.sol
C:\Documents and Settings\user\Cookies\user@2o7[1].txt
C:\Documents and Settings\user\Cookies\user@insightexpressai[2].txt
C:\Documents and Settings\user\Cookies\user@www.mla.mb[2].txt
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\olupymab.reg
C:\Program Files\Microsoft Common
C:\Program Files\Microsoft Common\wuauclt.exe
C:\WINDOWS\buritos.exe
C:\WINDOWS\karina.dat
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\buritos.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.
2008-08-26 19:21 . 2008-08-26 19:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-26 18:58 . 2008-08-26 18:58 19,750 --a------ C:\WINDOWS\system32\yweqo.dl
2008-08-26 18:58 . 2008-08-26 18:58 18,956 --a------ C:\WINDOWS\system32\acawos._dl
2008-08-26 18:58 . 2008-08-26 18:58 17,610 --a------ C:\WINDOWS\oqomoguhe.pif
2008-08-26 18:58 . 2008-08-26 18:58 15,908 --a------ C:\WINDOWS\system32\ahizy.scr
2008-08-26 18:58 . 2008-08-26 18:58 15,861 --a------ C:\WINDOWS\ramoteh.scr
2008-08-26 18:58 . 2008-08-26 18:58 15,428 --a------ C:\WINDOWS\ufutoselo.vbs
2008-08-26 18:58 . 2008-08-26 18:58 14,274 --a------ C:\WINDOWS\system32\yretod.lib
2008-08-26 18:58 . 2008-08-26 18:58 11,968 --a------ C:\Program Files\Common Files\qybat.bat
2008-08-26 18:58 . 2008-08-26 18:58 10,348 --a------ C:\WINDOWS\system32\exozov.bin
2008-08-23 09:00 . 2008-08-23 09:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-08-22 12:54 . 2008-08-22 12:54 0 --a------ C:\WINDOWS\system32\34w03l1x.exe.a_a
2008-08-22 10:49 . 2008-08-25 23:12 82,946 --a------ C:\WINDOWS\system32\34w03l1x.exe
2008-08-22 10:49 . 2008-08-25 07:13 82,434 --a------ C:\WINDOWS\system32\34w03l1x.exe_
2008-08-22 10:36 . 2008-08-22 10:36 0 --a------ C:\WINDOWS\system32\kY7Qi1WU.exe.a_a
2008-08-10 16:59 . 2008-08-10 17:09 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-08-10 16:59 . 2008-08-10 17:10 35,382 --a------ C:\WINDOWS\scunin.dat
2008-08-10 16:59 . 2008-08-10 17:09 967 --a------ C:\WINDOWS\ScUnin.pif
2008-08-10 16:58 . 2008-08-10 17:17 <DIR> d-------- C:\Program Files\Starcraft
2008-08-08 14:27 . 2008-08-08 14:27 <DIR> d-------- C:\Documents and Settings\user\Application Data\GarageGames
2008-08-08 11:45 . 2008-08-08 11:45 <DIR> d-------- C:\Documents and Settings\user\Application Data\Move Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 14:11 --------- d-----w C:\Program Files\lg_fwupdate
2008-08-27 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-26 23:58 14,593 ----a-w C:\Program Files\Common Files\obuwyxybe._sy
2008-08-26 20:45 24 ----a-w C:\Documents and Settings\user\jagex_runescape_preferences.dat
2008-08-26 10:09 --------- d-----w C:\Documents and Settings\user\Application Data\SiteAdvisor
2008-08-21 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-29 21:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-24 18:28 --------- d-----w C:\Program Files\Google
2008-07-24 18:15 --------- d-----w C:\Program Files\Sun
2008-07-24 18:14 --------- d-----w C:\Program Files\Java
2008-07-24 15:05 --------- d-----w C:\Documents and Settings\user\Application Data\Malwarebytes
2008-07-24 15:04 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 15:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 14:52 77 ----a-w C:\Documents and Settings\user\1290.bat
2008-07-24 01:09 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 01:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-23 19:25 --------- d-----w C:\Program Files\YouTubeRobot
2008-07-23 19:25 --------- d-----w C:\Program Files\Yahoo!
2008-07-23 19:24 --------- d-----w C:\Program Files\Xilisoft
2008-07-23 19:22 --------- d-----w C:\Program Files\RM Converter
2008-07-23 19:22 --------- d-----w C:\Program Files\NCH Software
2008-07-23 16:57 --------- d-----w C:\Program Files\Trend Micro
2008-07-23 02:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-23 02:23 --------- d-----w C:\Program Files\DivX
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 15:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-03-29 18:38 65,848 ----a-w C:\Documents and Settings\user\g2ax_customer_downloadhelper_win32_x86.exe
2004-10-01 21:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-08-04 10:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 10:00 50,688 -csh--w C:\WINDOWS\twain_32.dll
2004-08-04 10:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 10:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 10:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 10:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 10:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 10:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-24_12.18.48.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-08-25 04:17:11 100,888 ----a-w C:\WINDOWS\.jagex_cache_32\loginapplet\cache--1999123318.dat
- 2008-03-10 20:48:54 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-08-24 15:36:23 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2008-03-10 20:48:54 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-08-24 15:36:15 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-24 03:16:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
+ 2003-07-15 08:13:58 166,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL
+ 2003-07-15 03:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 03:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 03:53:24 60,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\BLNMGR.DLL
+ 2003-07-15 03:53:22 46,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 08:14:28 350,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 08:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-15 03:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 03:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-08-13 07:34:38 10,073,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2003-08-03 15:56:16 1,146,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2003-07-24 04:01:40 1,949,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-07-15 04:36:14 186,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-15 03:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 03:40:12 165,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-26 00:00:16 1,157,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-26 00:14:50 799,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-15 04:11:42 2,139,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-15 03:57:44 87,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-15 03:53:50 161,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-06-18 22:31:44 758,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-06-18 22:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-18 22:31:48 17,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-06-18 22:31:48 18,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-18 22:31:46 35,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 22:31:34 443,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-08-15 05:54:08 6,627,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE
+ 2003-07-15 08:13:58 130,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL
+ 2003-07-15 03:58:04 230,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-15 03:51:50 116,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
+ 2002-12-18 00:08:50 359,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2002-12-18 00:08:54 1,383,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-15 03:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 08:14:00 139,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL
+ 2002-04-10 01:14:36 187,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2003-07-15 03:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-08-08 05:23:16 12,172,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-07-15 03:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 08:14:18 106,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-24 03:35:26 127,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 03:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 03:44:06 25,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 03:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2002-12-18 00:09:24 2,071,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2003-07-11 07:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 08:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-15 03:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 03:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 03:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 03:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 03:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-18 22:31:24 1,033,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-06-18 22:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-28 17:24:40 5,677,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPUB.EXE
+ 2003-06-19 21:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 03:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-15 04:02:14 627,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-15 03:56:24 124,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-24 03:40:00 482,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 04:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 03:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 03:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2008-03-10 20:48:54 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 08:14:26 283,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 08:14:26 828,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 08:14:26 27,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 08:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 04:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-08-04 18:19:34 7,330,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
+ 2003-08-01 20:09:04 8,086,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-07-30 17:40:40 6,133,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-07-15 08:18:54 430,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 08:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-31 20:21:08 1,782,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-15 03:40:26 130,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PRTF9.DLL
+ 2003-07-15 03:51:12 604,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PTXT9.DLL
+ 2003-07-15 03:50:26 551,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBCONV.DLL
+ 2003-07-15 03:40:16 51,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-05-09 02:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 03:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-07-15 03:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 03:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-08-06 18:26:18 445,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SOA.DLL
+ 2003-08-03 15:52:32 2,808,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-03 20:19:36 2,502,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2008-03-10 20:48:54 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-08-06 18:24:20 12,037,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2007-05-31 18:41:06 10,352,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 19:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-06-18 22:16:32 12,259,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-10 18:35:04 6,747,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2007-05-31 18:35:22 6,420,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-31 18:35:46 133,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-05-31 18:36:08 612,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-10 18:34:48 562,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-05-09 22:19:48 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 18:37:40 12,310,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
- 2008-07-09 12:03:05 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-08-25 12:10:44 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-07-09 12:03:07 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-08-25 12:10:45 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-07-09 12:03:07 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-08-25 12:10:45 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-07-09 12:03:05 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-25 12:10:44 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-07-09 12:03:07 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-08-25 12:10:45 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-07-09 12:03:08 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-08-25 12:10:45 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-09 12:03:08 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-08-25 12:10:45 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-07-09 12:03:08 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-08-25 12:10:45 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-07-09 12:03:05 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-08-25 12:10:44 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-09 12:03:05 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-08-25 12:10:44 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-07-09 12:03:08 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-08-25 12:10:45 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-07-09 12:03:05 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-08-25 12:10:44 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-07-09 12:03:05 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-08-25 12:10:44 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-07-29 21:23:22 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
- 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-07-24 14:42:26 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-28 12:52:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-24 14:42:26 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-28 12:52:55 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-04-23 04:16:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:57:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 10:00:00 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
- 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2003-08-03 15:56:16 1,146,184 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-06-06 15:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2003-07-15 03:57:04 32,584 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2007-03-23 00:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-06-02 11:57:41 192,184 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-24 15:47:06 192,184 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-02-22 06:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 06:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 06:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 07:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2003-06-18 22:31:48 17,920 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2007-04-09 18:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-04-24 03:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 15:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2003-06-18 22:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 18:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2003-06-18 22:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 18:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
- 2003-06-18 22:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 18:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
- 2003-06-18 22:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 18:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2003-06-18 22:31:48 18,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 18:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
- 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-11 14:13 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 18:06 3660848]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-04-05 07:03 249856]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2006-10-02 14:09 35928]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 22:58 746520]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 23:01 244512]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-20 20:04 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 11:24 86016 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 16:32 2807808 C:\WINDOWS\ALCWZRD.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-11 14:13 68856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-21 20:00:00 65588]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2008-03-29 13:38 45368 C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ety12.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Upa71.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vgg36.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
S0 Ety12;Ety12;C:\WINDOWS\system32\Drivers\Ety12.sys []
S0 Upa71;Upa71;C:\WINDOWS\system32\Drivers\Upa71.sys []
S0 Vgg36;Vgg36;C:\WINDOWS\system32\Drivers\Vgg36.sys []
S3 7f105300-7b38-4a82-9c82-6a5cd2dd8228;7f105300-7b38-4a82-9c82-6a5cd2dd8228;F:\CDS300\cds300.dll []
S3 GoToAssist Express Customer;GoToAssist Express Customer;C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_service.exe Start=service []
.
Contents of the 'Scheduled Tasks' folder
2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2004-08-04 05:00]
2008-07-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-buritos - buritos.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\259ynb95.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 09:12:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-08-28 9:20:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-28 14:20:04
ComboFix2.txt 2008-07-24 17:19:40
Pre-Run: 11,233,415,168 bytes free
Post-Run: 11,486,523,392 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
606 --- E O F --- 2008-08-25 12:10:48