View Full Version : virusresponse2009.com Cant get rid of Need Help
terminator1315
2008-10-22, 11:34
I have this program always running in my apprications located at the right bottom of the screen. Its slowing down the computer. Can anyone help get rid of this nonsense............here is a hijackthislog that i just ran...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:08 AM, on 10/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: VirRLWarningBHO Class - {A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} - C:\Program Files\VirRL2009\VirRLWarning.dll (file missing)
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124652851904
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O22 - SharedTaskScheduler: awash - {e3623691-f85d-48d8-8e4d-abe79077f841} - C:\WINDOWS\system32\bcxjqr.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly :D
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
terminator1315
2008-10-23, 06:18
Here are the report logs..
info.txt logfile of random's system information tool 1.04 2008-10-22 20:15:25
======Uninstall list======
-->C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE7C3A14-1D20-49F6-B903-491561076F0F}\SETUP.EXE" -l0x9
AT&T Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5662C158-CA24-4228-BF6C-596FADA08682} /l1033
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}
Canon Camera Window DVC for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A70D14C6-FF2C-4B8E-A643-7E74EC607614}
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E73534D5-CC93-4C63-9072-5A9734255C74}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEB416DB-4FA9-42B6-84D3-1E0081300C9E}
Canon PhotoRecord-->MsiExec.exe /X{862983D7-FA08-493E-A9ED-6B7859E069D3}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD & DVD Creator 6-->MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
EphPod-->C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
iPod for Windows 2005-09-06-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1} /l1033
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microtek FineReader OCR Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}\setup.exe"
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealDownload-->C:\Program Files\Real\RealDownload\Realdownload.exe -u
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RichFX Player-->RunDll32 C:\PROGRA~1\COMMON~1\RichFX\npvpg004.dll,Uninstall_Player
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
ScanWizard 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B08D262E-D902-11D5-9C28-0080C85A0C2D}\setup.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Ulead Photo Explorer 7.0 SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E38E1721-7FE7-11D4-A898-0000E83DCDA6}\setup.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885626-->C:\WINDOWS\$NtUninstallKB885626$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
=====HijackThis Backups=====
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O4 - HKCU\..\Run: [YourPrivacyGuard] C:\Program Files\YourPrivacyGuard\GDC.exe
======Hosts File======
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
======Security center information======
AV: Avira AntiVir PersonalEdition
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Here's the other file...
Logfile of random's system information tool 1.04 (written by random/random)
Run by end-user at 2008-10-22 20:15:12
Microsoft Windows XP Professional Service Pack 2
System drive C: has 78 GB (68%) free of 114 GB
Total RAM: 1023 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:20 PM, on 10/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\end-user\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\end-user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: VirRLWarningBHO Class - {A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} - C:\Program Files\VirRL2009\VirRLWarning.dll (file missing)
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124652851904
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O22 - SharedTaskScheduler: awash - {e3623691-f85d-48d8-8e4d-abe79077f841} - C:\WINDOWS\system32\bcxjqr.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 8805 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-18 308856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A}]
VirRLWarningBHO Class - C:\Program Files\VirRL2009\VirRLWarning.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBCDDA60-2A68-11D3-8A43-0060083CFB9C}]
BrowserHelper Class - C:\WINDOWS\system32\nzdd.dll [2007-06-18 1150976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-01 77824]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
"RoxioDragToDisc"=C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-05-30 868352]
"RoxioAudioCentral"=C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [2003-05-22 319488]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-02-07 294912]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416]
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]
"Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [2005-08-24 442455]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-18 185896]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=1 []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"VirRL2009"=C:\Program Files\VirRL2009\VirRL2009.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2004-02-11 118784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
RealDownload.lnk - C:\Program Files\Real\RealDownload\Realdownload.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-03 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
awash - {e3623691-f85d-48d8-8e4d-abe79077f841} - C:\WINDOWS\system32\bcxjqr.dll [2008-10-17 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9020eccc-6d33-11da-818a-0013d31118c7}]
shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{968ab160-54b0-11da-8155-0013d31118c7}]
shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b045bf8d-6d35-11da-89ff-0013d31118c7}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b045bf8e-6d35-11da-89ff-0013d31118c7}]
shell\AutoRun\command - H:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d061ebfa-6d34-11da-818b-0013d31118c7}]
shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f250496c-6d2c-11da-8189-0013d31118c7}]
shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f250496d-6d2c-11da-8189-0013d31118c7}]
shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe
======List of files/folders created in the last 1 months======
2008-10-22 20:15:12 ----D---- C:\rsit
2008-10-15 23:35:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 23:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 23:34:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 23:34:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 23:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 23:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-08 16:13:12 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
======List of files/folders modified in the last 1 months======
2008-10-22 20:15:02 ----D---- C:\WINDOWS\Prefetch
2008-10-22 19:35:28 ----D---- C:\WINDOWS\TEMP
2008-10-22 02:29:37 ----D---- C:\WINDOWS\security
2008-10-22 02:29:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-22 01:13:33 ----D---- C:\WINDOWS\system32\drivers
2008-10-22 01:13:33 ----D---- C:\WINDOWS\system32
2008-10-22 00:00:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-21 23:58:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-21 23:54:30 ----RD---- C:\Program Files
2008-10-21 23:51:08 ----D---- C:\WINDOWS
2008-10-17 17:24:52 ----AS---- C:\WINDOWS\system32\bcxjqr.dll
2008-10-15 23:35:12 ----HD---- C:\WINDOWS\inf
2008-10-15 23:35:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-15 23:35:07 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 23:35:05 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 23:35:04 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-15 23:34:15 ----D---- C:\Program Files\Internet Explorer
2008-10-15 21:10:27 ----D---- C:\My Downloads
2008-10-15 21:08:47 ----D---- C:\My Download Files
2008-10-08 16:15:51 ----SHD---- C:\Config.Msi
2008-10-08 16:13:57 ----SHD---- C:\WINDOWS\Installer
2008-10-08 16:13:30 ----D---- C:\Program Files\iTunes
2008-10-08 16:13:14 ----D---- C:\Program Files\iPod
2008-10-08 16:11:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-08 16:11:51 ----D---- C:\WINDOWS\system32\CatRoot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-07-17 75072]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-07-23 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-07-23 9464]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-05-30 259072]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-05-30 146560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-05-30 118409]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-05-30 213120]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-08-03 1273344]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-05-30 21737]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\C:\DOCUME~1\end-user\LOCALS~1\Temp\catchme.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-05-30 22713]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-07-17 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-14 149761]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-03 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
-----------------EOF-----------------
Step 1
Disable Teatimer
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
----------------------------------------------------------- -----------------------------------------------------------
Step 2
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------- -----------------------------------------------------------
If the previous step did not automatically reboot your machine, Please reboot now
----------------------------------------------------------- -----------------------------------------------------------
Step 3
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O2 - BHO: VirRLWarningBHO Class - {A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} - C:\Program Files\VirRL2009\VirRLWarning.dll (file missing)
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe"
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O22 - SharedTaskScheduler: awash - {e3623691-f85d-48d8-8e4d-abe79077f841} - C:\WINDOWS\system32\bcxjqr.dll
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
----------------------------------------------------------- -----------------------------------------------------------
Step 4
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
----------------------------------------------------------- -----------------------------------------------------------
Step 5
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
MalwareBytes Log
Kaspersky Log
A Fresh HJTlog ( after Rebooting)
How are things running now ?
----------------------------------------------------------- -----------------------------------------------------------
Additional Notes
Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
Adobe Acrobat 5.0 < this is very much out of date, and I recommend you remove it. If you require Adobe Reader please let me know
Java(TM) 6 Update 3
Now close the Control Panel.
terminator1315
2008-10-28, 11:34
Everything seems to be running better and faster. I but wonder about the torjan horses found within the system. Any suggestions... Here are the logs..
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 28, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 28, 2008 07:38:23
Records in database: 1352970
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Files scanned: 64283
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 01:12:29
File name / Threat name / Threats count
C:\qoobox\Quarantine\C\WINDOWS\afxp.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.elk 1
C:\qoobox\Quarantine\C\WINDOWS\bndsrvnl.dll.vir Infected: not-a-virus:AdWare.Win32.Vapsup.atf 1
C:\qoobox\Quarantine\C\WINDOWS\main_uninstaller.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.xt 1
C:\qoobox\Quarantine\C\WINDOWS\msvb.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.mi 1
The selected area was scanned.
-----------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.30
Database version: 1331
Windows 5.1.2600 Service Pack 2
10/28/2008 12:38:22 AM
mbam-log-2008-10-28 (00-38-22).txt
Scan type: Quick Scan
Objects scanned: 50138
Time elapsed: 4 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\virrlwarning.warningbho (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\virrlwarning.warningbho.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e3623691-f85d-48d8-8e4d-abe79077f841} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a81ebfd7-0fa3-41ec-b60d-6dae78b4d31a} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a81ebfd7-0fa3-41ec-b60d-6dae78b4d31a} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a81ebfd7-0fa3-41ec-b60d-6dae78b4d31a} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VirRL2009 (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{b33de756-deee-4d7a-87db-1d905ba2aa21} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{e3623691-f85d-48d8-8e4d-abe79077f841} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virrl2009 (Rogue.AVLab) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\bcxjqr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\toolbar.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:26 AM, on 10/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124652851904
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 8102 bytes
Information
I but wonder about the torjan horses found within the system. Any suggestions
They don't worry me, they are just standard dross.
However, this one does concern me so I will run some extra scans
C:\WINDOWS\toolbar.exe (Backdoor.Bot)
----------------------------------------------------------- -----------------------------------------------------------
Step 1
Download and Run ComboFix
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below
Please visit this webpage for instructions on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
ComboFix.exe 1 (http://subs.geekstogo.com/ComboFix.exe)
ComboFix.exe 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper
----------------------------------------------------------- -----------------------------------------------------------
Step 2
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.
----------------------------------------------------------- -----------------------------------------------------------
Step 3
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
ComboFix Log
Active Scan Log
terminator1315
2008-10-29, 13:43
Active scan log...................
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-29 04:39:40
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition 8.0.1.30 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00324988 adware/webattaker Adware No 0 Yes No c:\windows\uniq
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\fixwareout\FindT\nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP130\A0047753.exe
03946637 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP128\A0047590.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location ;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description i}
;===================================================================================================================================================================================
Hijack this log....................
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:45 AM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124652851904
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 8345 bytes
Do you have the ComboFix Log ?
C:\Combofix.txt
terminator1315
2008-10-30, 02:00
ComboFix 08-10-29.04 - end-user 2008-10-29 2:14:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.645 [GMT -7:00]
Running from: C:\Documents and Settings\end-user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\end-user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))))
.
2008-10-28 00:31 . 2008-10-28 00:31 <DIR> d-------- C:\Documents and Settings\end-user\Application Data\Malwarebytes
2008-10-28 00:31 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-28 00:31 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-28 00:30 . 2008-10-28 00:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 00:30 . 2008-10-28 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 20:15 . 2008-10-22 20:15 <DIR> d-------- C:\rsit
2008-10-08 16:13 . 2008-10-08 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 09:22 --------- d-----w C:\Program Files\Java
2008-10-22 07:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-22 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-08 23:13 --------- d-----w C:\Program Files\iTunes
2008-10-08 23:13 --------- d-----w C:\Program Files\iPod
2008-09-20 18:45 --------- d-----w C:\Program Files\QuickTime
2008-09-20 18:45 --------- d-----w C:\Program Files\Bonjour
2008-09-20 18:44 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-05 16:29 --------- d-----w C:\Documents and Settings\end-user\Application Data\DivX
2008-09-05 16:27 --------- d-----w C:\Program Files\DivX
2008-09-04 03:53 --------- d-----w C:\Program Files\Apple Software Update
2008-09-02 23:11 --------- d-----w C:\Program Files\Safari
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2007-03-28 04:56 20,888 ----a-w C:\Documents and Settings\end-user\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2007-10-22_21.49.34.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-06 09:52:38 72,960 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys
+ 2007-07-06 13:08:11 138,240 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll
+ 2007-07-06 13:08:11 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
+ 2007-07-06 13:08:11 16,896 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll
+ 2007-07-06 13:08:11 660,992 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll
+ 2007-07-06 13:08:11 177,152 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll
+ 2007-07-06 13:08:11 95,744 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll
+ 2007-07-06 13:08:11 48,640 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
+ 2007-07-06 13:08:11 471,552 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll
+ 2007-10-11 05:57:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll
+ 2007-10-11 05:57:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll
+ 2007-10-11 05:57:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll
+ 2007-10-11 05:57:30 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll
+ 2007-10-11 05:57:30 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll
+ 2007-10-10 10:48:23 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe
+ 2007-10-11 05:57:31 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll
+ 2007-10-11 05:57:31 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll
+ 2007-10-11 05:57:31 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll
+ 2007-10-30 09:55:21 3,065,856 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll
+ 2007-10-11 05:57:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll
+ 2007-10-11 05:57:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll
+ 2007-10-11 05:57:37 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll
+ 2007-10-11 05:57:37 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll
+ 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll
+ 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll
+ 2007-10-11 05:57:40 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll
+ 2007-10-11 05:57:41 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
+ 2007-10-10 10:34:35 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\updspapi.dll
+ 2008-05-02 13:30:08 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:49 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3GDR\msgsc.dll
+ 2008-05-02 13:42:10 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\xpsp3res.dll
+ 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:01 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 18:39:39 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-12 07:22:26 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:31 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-13 09:52:16 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-13 11:05:51 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-13 11:27:43 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-04-14 11:00:16 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 12:30:49 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 12:36:35 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-01 15:04:00 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:33:02 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:38:05 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 16:11:40 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\browseui.dll
+ 2008-06-23 16:11:40 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\cdfview.dll
+ 2008-06-23 16:11:42 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\danim.dll
+ 2008-06-23 16:11:43 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:11:43 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtrans.dll
+ 2008-06-23 16:11:43 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\extmgr.dll
+ 2008-06-23 09:53:58 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iedw.exe
+ 2008-06-23 16:11:52 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iepeers.dll
+ 2008-06-23 16:11:52 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\inseng.dll
+ 2008-06-23 16:11:52 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\jsproxy.dll
+ 2008-06-23 16:11:58 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtml.dll
+ 2008-06-23 16:12:00 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtmled.dll
+ 2008-06-23 16:12:02 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\msrating.dll
+ 2008-06-23 16:12:02 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mstime.dll
+ 2008-06-23 16:12:02 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\pngfilt.dll
+ 2008-06-23 16:12:05 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shdocvw.dll
+ 2008-06-23 16:12:05 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shlwapi.dll
+ 2008-06-23 16:12:06 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\urlmon.dll
+ 2008-06-23 16:12:08 667,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
+ 2008-07-03 09:14:02 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\xpsp3res.dll
+ 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll
+ 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll
+ 2008-06-26 08:15:30 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll
+ 2008-06-23 15:09:27 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
+ 2008-06-25 04:24:48 3,067,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll
+ 2008-06-26 08:00:52 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
+ 2008-06-26 08:00:52 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll
+ 2008-06-23 14:54:47 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\updspapi.dll
+ 2001-08-17 21:01:16 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2001-08-23 12:00:00 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh261.drv
+ 2001-08-23 12:00:00 286,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh263.drv
+ 2001-08-18 05:37:04 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\wdmaud.drv
+ 2001-08-23 12:00:00 131,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\winspool.drv
+ 2004-08-04 05:58:20 72,960 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqac.sys
+ 2004-08-04 07:56:42 138,240 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqad.dll
+ 2004-08-04 07:56:42 47,104 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqdscli.dll
+ 2004-08-04 07:56:42 16,896 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqise.dll
+ 2004-08-04 07:56:42 660,992 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqqm.dll
+ 2004-08-04 07:56:42 177,152 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqrt.dll
+ 2004-08-04 07:56:42 95,744 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqsec.dll
+ 2004-08-04 07:56:42 48,640 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqupgrd.dll
+ 2004-08-04 07:56:42 471,552 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqutil.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB937894$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-28 00:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-28 00:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2006-10-19 04:47:18 222,208 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi.dll
+ 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\$NtUninstallKB941693$\win32k.sys
+ 2007-08-22 13:12:15 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB942615$\browseui.dll
+ 2007-08-22 13:12:15 151,040 -c----w C:\WINDOWS\$NtUninstallKB942615$\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB942615$\danim.dll
+ 2007-08-22 13:12:16 357,888 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 -c----w C:\WINDOWS\$NtUninstallKB942615$\extmgr.dll
+ 2007-08-21 10:30:45 18,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\iedw.exe
+ 2007-08-22 13:12:16 251,392 -c----w C:\WINDOWS\$NtUninstallKB942615$\iepeers.dll
+ 2007-08-22 13:12:16 96,256 -c----w C:\WINDOWS\$NtUninstallKB942615$\inseng.dll
+ 2007-08-22 13:12:16 16,384 -c----w C:\WINDOWS\$NtUninstallKB942615$\jsproxy.dll
+ 2007-08-22 13:12:17 3,058,176 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll
+ 2007-08-22 13:12:17 449,024 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtmled.dll
+ 2007-08-22 13:12:17 146,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\msrating.dll
+ 2007-08-22 13:12:17 532,480 -c----w C:\WINDOWS\$NtUninstallKB942615$\mstime.dll
+ 2007-08-22 13:12:17 39,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB942615$\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 -c----w C:\WINDOWS\$NtUninstallKB942615$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\updspapi.dll
+ 2007-08-22 13:12:18 615,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\urlmon.dll
+ 2007-08-22 13:12:18 658,944 -c----w C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\$NtUninstallKB942840$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\updspapi.dll
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2007-08-21 10:20:02 115,712 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2007-11-14 07:26:56 450,560 -c----w C:\WINDOWS\$NtUninstallKB944338$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944338$\spuninst\updspapi.dll
+ 2004-08-04 07:56:46 417,792 -c----w C:\WINDOWS\$NtUninstallKB944338$\vbscript.dll
+ 2007-10-11 06:13:44 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll
+ 2007-10-11 06:13:44 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll
+ 2007-10-11 06:13:44 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll
+ 2007-10-11 06:13:44 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll
+ 2007-10-11 06:13:44 205,312 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll
+ 2007-10-11 06:13:44 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll
+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe
+ 2007-10-11 06:13:44 251,392 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll
+ 2007-10-11 06:13:44 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll
+ 2007-10-11 06:13:44 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll
+ 2007-10-30 10:16:33 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
+ 2007-10-11 06:13:45 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll
+ 2007-10-11 06:13:45 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll
+ 2007-10-11 06:13:45 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll
+ 2007-10-11 06:13:45 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll
+ 2007-10-11 06:13:45 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll
+ 2007-10-11 06:13:45 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll
+ 2007-10-11 06:13:45 615,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll
+ 2007-10-11 06:13:45 659,456 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
+ 2007-10-29 10:26:53 115,712 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll
+ 2001-08-23 12:00:00 27,440 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsapi.dll
+ 2004-08-04 07:56:42 45,568 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi.dll
+ 2004-08-04 06:00:56 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\updspapi.dll
+ 2004-08-04 07:56:43 82,944 -c----w C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\updspapi.dll
+ 2007-12-07 01:07:12 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB947864$\browseui.dll
+ 2007-12-07 01:07:12 151,040 -c----w C:\WINDOWS\$NtUninstallKB947864$\cdfview.dll
+ 2007-12-07 01:07:12 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB947864$\danim.dll
+ 2007-12-07 01:07:12 357,888 -c----w C:\WINDOWS\$NtUninstallKB947864$\dxtmsft.dll
+ 2007-12-07 01:07:12 205,312 -c----w C:\WINDOWS\$NtUninstallKB947864$\dxtrans.dll
+ 2007-12-07 01:07:12 55,808 -c----w C:\WINDOWS\$NtUninstallKB947864$\extmgr.dll
+ 2007-12-06 13:07:07 18,432 -c----w C:\WINDOWS\$NtUninstallKB947864$\iedw.exe
+ 2007-12-07 01:07:12 251,392 -c----w C:\WINDOWS\$NtUninstallKB947864$\iepeers.dll
+ 2007-12-07 01:07:12 96,256 -c----w C:\WINDOWS\$NtUninstallKB947864$\inseng.dll
+ 2007-12-07 01:07:12 16,384 -c----w C:\WINDOWS\$NtUninstallKB947864$\jsproxy.dll
+ 2007-12-07 14:37:14 3,059,200 -c----w C:\WINDOWS\$NtUninstallKB947864$\mshtml.dll
+ 2007-12-07 01:07:13 449,024 -c----w C:\WINDOWS\$NtUninstallKB947864$\mshtmled.dll
+ 2007-12-07 01:07:13 146,432 -c----w C:\WINDOWS\$NtUninstallKB947864$\msrating.dll
+ 2007-12-07 01:07:13 532,480 -c----w C:\WINDOWS\$NtUninstallKB947864$\mstime.dll
+ 2007-12-07 01:07:13 39,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\pngfilt.dll
+ 2007-12-07 01:07:13 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB947864$\shdocvw.dll
+ 2007-12-07 01:07:13 474,112 -c----w C:\WINDOWS\$NtUninstallKB947864$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\spuninst\updspapi.dll
+ 2007-12-07 01:07:14 615,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\urlmon.dll
+ 2007-12-07 01:07:14 659,456 -c----w C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
+ 2007-12-06 09:38:31 350,720 -c----w C:\WINDOWS\$NtUninstallKB947864$\xpsp3res.dll
+ 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi.dll
+ 2004-08-04 07:56:42 561,179 -c----w C:\WINDOWS\$NtUninstallKB950749$\dao360.dll
+ 2004-08-04 07:56:43 512,029 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexch40.dll
+ 2004-08-04 07:56:43 319,517 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexcl40.dll
+ 2004-08-04 07:56:43 1,507,356 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjet40.dll
+ 2004-03-01 18:52:15 358,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjetol1.dll
+ 2004-03-01 18:52:15 358,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjetoledb40.dll
+ 2004-08-04 07:56:43 151,583 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjint40.dll
+ 2004-08-04 07:56:43 53,279 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjter40.dll
+ 2004-08-04 07:56:43 241,693 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjtes40.dll
+ 2004-08-04 07:56:43 213,023 -c----w C:\WINDOWS\$NtUninstallKB950749$\msltus40.dll
+ 2004-08-04 07:56:43 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\mspbde40.dll
+ 2004-08-04 07:56:43 421,919 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd2x40.dll
+ 2004-08-04 07:56:43 315,423 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd3x40.dll
+ 2004-08-04 07:56:43 552,989 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrepl40.dll
+ 2004-08-04 07:56:43 258,077 -c----w C:\WINDOWS\$NtUninstallKB950749$\mstext40.dll
+ 2004-08-04 07:56:44 831,519 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswdat10.dll
+ 2004-08-04 07:56:44 614,429 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswstr10.dll
+ 2004-08-04 07:56:44 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\msxbde40.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\updspapi.dll
+ 2008-02-16 08:59:34 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB950759$\browseui.dll
+ 2008-02-16 08:59:35 151,040 -c----w C:\WINDOWS\$NtUninstallKB950759$\cdfview.dll
+ 2008-02-16 08:59:35 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB950759$\danim.dll
+ 2008-02-16 08:59:35 357,888 -c----w C:\WINDOWS\$NtUninstallKB950759$\dxtmsft.dll
+ 2008-02-16 08:59:35 205,312 -c----w C:\WINDOWS\$NtUninstallKB950759$\dxtrans.dll
+ 2008-02-16 08:59:35 55,808 -c----w C:\WINDOWS\$NtUninstallKB950759$\extmgr.dll
+ 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\$NtUninstallKB950759$\iedw.exe
+ 2008-02-16 08:59:35 251,392 -c----w C:\WINDOWS\$NtUninstallKB950759$\iepeers.dll
+ 2008-02-16 08:59:35 96,256 -c----w C:\WINDOWS\$NtUninstallKB950759$\inseng.dll
+ 2008-02-16 08:59:35 16,384 -c----w C:\WINDOWS\$NtUninstallKB950759$\jsproxy.dll
+ 2008-02-16 22:29:38 3,059,712 -c----w C:\WINDOWS\$NtUninstallKB950759$\mshtml.dll
+ 2008-02-16 08:59:37 449,024 -c----w C:\WINDOWS\$NtUninstallKB950759$\mshtmled.dll
+ 2008-02-16 08:59:37 146,432 -c----w C:\WINDOWS\$NtUninstallKB950759$\msrating.dll
+ 2008-02-16 08:59:37 532,480 -c----w C:\WINDOWS\$NtUninstallKB950759$\mstime.dll
+ 2008-02-16 08:59:37 39,424 -c----w C:\WINDOWS\$NtUninstallKB950759$\pngfilt.dll
+ 2008-02-16 08:59:38 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB950759$\shdocvw.dll
+ 2008-02-16 08:59:38 474,112 -c----w C:\WINDOWS\$NtUninstallKB950759$\shlwapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950759$\spuninst\updspapi.dll
+ 2008-02-16 08:59:38 615,936 -c----w C:\WINDOWS\$NtUninstallKB950759$\urlmon.dll
+ 2008-02-16 08:59:39 659,456 -c----w C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
+ 2008-02-15 09:06:21 351,744 -c----w C:\WINDOWS\$NtUninstallKB950759$\xpsp3res.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\updspapi.dll
+ 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll
+ 2005-07-26 04:39:45 243,200 -c----w C:\WINDOWS\$NtUninstallKB950974$\es.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\updspapi.dll
+ 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\updspapi.dll
+ 2007-11-13 11:31:11 60,416 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\tzchange.exe
+ 2008-04-14 11:01:02 272,128 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll
+ 2004-08-04 06:10:37 274,304 -c----w C:\WINDOWS\$NtUninstallKB951376$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\updspapi.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll
+ 2004-08-04 06:14:14 138,496 -c----w C:\WINDOWS\$NtUninstallKB951748$\afd.sys
+ 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll
+ 2004-08-04 07:56:44 245,248 -c----w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\updspapi.dll
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
+ 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys
+ 2004-08-04 07:56:42 331,776 -c----w C:\WINDOWS\$NtUninstallKB952287$\msadce.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\updspapi.dll
+ 2005-06-29 01:46:00 74,240 -c----w C:\WINDOWS\$NtUninstallKB952954$\mscms.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\updspapi.dll
+ 2008-04-21 07:03:56 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB953838$\browseui.dll
+ 2008-04-21 07:03:56 151,040 -c----w C:\WINDOWS\$NtUninstallKB953838$\cdfview.dll
+ 2008-04-21 07:03:57 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB953838$\danim.dll
+ 2008-04-21 07:03:57 357,888 -c----w C:\WINDOWS\$NtUninstallKB953838$\dxtmsft.dll
+ 2008-04-21 07:03:57 205,312 -c----w C:\WINDOWS\$NtUninstallKB953838$\dxtrans.dll
+ 2008-04-21 07:03:57 55,808 -c----w C:\WINDOWS\$NtUninstallKB953838$\extmgr.dll
+ 2008-04-17 10:52:54 18,432 -c----w C:\WINDOWS\$NtUninstallKB953838$\iedw.exe
+ 2008-04-21 07:03:58 251,392 -c----w C:\WINDOWS\$NtUninstallKB953838$\iepeers.dll
+ 2008-04-21 07:03:58 96,256 -c----w C:\WINDOWS\$NtUninstallKB953838$\inseng.dll
+ 2008-04-21 07:03:58 16,384 -c----w C:\WINDOWS\$NtUninstallKB953838$\jsproxy.dll
+ 2008-04-21 07:03:59 3,059,712 -c----w C:\WINDOWS\$NtUninstallKB953838$\mshtml.dll
+ 2008-04-21 07:03:59 449,024 -c----w C:\WINDOWS\$NtUninstallKB953838$\mshtmled.dll
+ 2008-04-21 07:03:59 146,432 -c----w C:\WINDOWS\$NtUninstallKB953838$\msrating.dll
+ 2008-04-21 07:03:59 532,480 -c----w C:\WINDOWS\$NtUninstallKB953838$\mstime.dll
+ 2008-04-21 07:03:59 39,424 -c----w C:\WINDOWS\$NtUninstallKB953838$\pngfilt.dll
+ 2008-04-21 07:04:00 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB953838$\shdocvw.dll
+ 2008-04-21 07:04:00 474,112 -c----w C:\WINDOWS\$NtUninstallKB953838$\shlwapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB953838$\spuninst\updspapi.dll
+ 2008-04-21 07:04:00 615,936 -c----w C:\WINDOWS\$NtUninstallKB953838$\urlmon.dll
+ 2008-04-21 07:04:00 659,456 -c----w C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
+ 2008-04-17 10:37:04 351,744 -c----w C:\WINDOWS\$NtUninstallKB953838$\xpsp3res.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\updspapi.dll
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2007-02-28 09:08:48 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 15:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 15:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2008-09-02 23:12:07 27,136 ----a-r C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-09-20 18:45:36 86,016 ----a-r C:\WINDOWS\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2005-08-22 01:16:40 2,560 -c--a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-06-03 23:39:03 2,862 -c--a-r C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\UninstallStartMenuSh_C1D76D7AF3BB47EAA7465B1E2FFC1DF2.exe
+ 2008-09-02 23:11:33 307,200 ----a-r C:\WINDOWS\Installer\{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}\SafariIco.exe
+ 2008-10-08 23:13:41 102,400 ----a-r C:\WINDOWS\Installer\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}\iTunesIco.exe
- 2001-01-12 23:10:24 6,550 ----a-w C:\WINDOWS\jautoexp.dat
+ 2003-02-28 23:35:26 6,550 ----a-w C:\WINDOWS\jautoexp.dat
+ 2007-09-27 02:38:42 2,232 ----a-w C:\WINDOWS\java\Packages\Data\3V5NV5NB.DAT
+ 2008-06-12 04:03:41 2,678 ----a-w C:\WINDOWS\java\Packages\Data\4OKAEISG.DAT
+ 2008-06-12 04:03:38 2,678 ----a-w C:\WINDOWS\java\Packages\Data\DF9RJHJ3.DAT
+ 2008-06-12 04:03:38 2,678 ----a-w C:\WINDOWS\java\Packages\Data\I9V3NFDV.DAT
+ 2008-06-12 04:03:38 2,678 ----a-w C:\WINDOWS\java\Packages\Data\LNDRXFB9.DAT
+ 2008-06-12 04:03:39 2,678 ----a-w C:\WINDOWS\java\Packages\Data\NJ7XV9JV.DAT
- 2007-06-17 07:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 15:00:00 28,672 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 15:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 08:07:21 1,788 -c----w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 -c----w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2004-08-04 07:56:57 188,416 -c----w C:\WINDOWS\ServicePackFiles\i386\msh261.drv
+ 2004-08-04 07:56:57 294,912 -c----w C:\WINDOWS\ServicePackFiles\i386\msh263.drv
+ 2004-08-04 07:56:57 23,552 -c----w C:\WINDOWS\ServicePackFiles\i386\wdmaud.drv
terminator1315
2008-10-30, 02:01
+ 2004-08-04 07:56:57 146,432 -c----w C:\WINDOWS\ServicePackFiles\i386\winspool.drv
- 2001-01-13 01:04:08 46,352 ----a-w C:\WINDOWS\setdebug.exe
+ 2003-03-01 01:26:30 46,352 ----a-w C:\WINDOWS\setdebug.exe
+ 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
+ 2000-08-31 15:00:00 136,704 ----a-w C:\WINDOWS\SWSC.exe
+ 2000-08-31 15:00:00 212,480 ----a-w C:\WINDOWS\SWXCACLS.exe
+ 2001-08-23 12:00:00 2,000 -c--a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-08-23 12:00:00 73,376 -c--a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2001-08-23 12:00:00 25,264 -c--a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2001-08-23 12:00:00 28,160 -c--a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2001-08-23 12:00:00 2,032 -c--a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-23 12:00:00 1,744 -c--a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-08-23 12:00:00 3,360 -c--a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2001-08-23 12:00:00 4,048 -c--a-w C:\WINDOWS\system\TIMER.DRV
+ 2001-08-23 12:00:00 2,176 -c--a-w C:\WINDOWS\system\VGA.DRV
+ 2001-08-23 12:00:00 13,600 -c--a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-04 07:56:57 146,432 -c--a-w C:\WINDOWS\system\winspool.drv
- 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-08-20 05:38:45 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-08-20 05:38:39 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2008-07-19 05:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
- 2001-01-13 01:04:06 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
+ 2003-03-01 01:26:26 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
+ 2001-08-23 12:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
- 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-08-20 05:38:40 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2004-08-04 08:07:21 1,788 -c--a-w C:\WINDOWS\system32\dcache.bin
+ 2008-07-25 08:34:36 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
+ 2008-07-25 08:34:42 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
+ 2008-07-25 08:34:40 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
+ 2008-07-25 08:34:40 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
+ 2008-07-25 08:34:40 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
+ 2008-07-25 08:34:30 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
+ 2008-07-25 08:36:00 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
+ 2008-07-23 16:46:38 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
+ 2008-08-14 09:51:43 138,368 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2007-08-22 13:12:15 1,022,976 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-08-20 05:38:45 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-04 06:10:37 274,304 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-06-13 13:10:50 272,128 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
- 2007-08-22 13:12:15 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-08-20 05:38:39 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-07-31 02:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-19 05:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-08-22 13:12:16 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-08-20 05:38:40 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-08-22 13:12:16 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-20 05:38:40 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-22 13:12:16 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-20 05:38:40 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll
- 2007-08-22 13:12:16 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-20 05:38:40 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-08-21 10:30:45 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-08-19 09:30:39 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-22 13:12:16 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-08-20 05:38:41 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-08-22 13:12:16 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-08-20 05:38:41 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-08-22 13:12:16 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-20 05:38:44 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2001-08-23 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
- 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2001-08-23 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-08-23 12:00:00 73,376 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2001-08-23 12:00:00 25,264 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2001-08-23 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2001-08-23 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
- 2004-08-04 05:58:20 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
- 2004-08-04 07:56:42 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
- 2004-08-04 07:56:42 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
- 2004-08-04 07:56:42 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
- 2004-08-04 07:56:42 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
- 2004-08-04 07:56:42 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 95,744 -c----w C:\WINDOWS\system32\dllcache\mqsec.dll
- 2004-08-04 07:56:42 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 471,552 -c----w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-12-18 09:51:35 179,584 -c----w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2008-05-01 14:30:33 331,776 -c----w C:\WINDOWS\system32\dllcache\msadce.dll
+ 2008-06-24 16:23:05 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll
- 2004-08-04 07:56:43 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-04 07:56:43 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2007-08-22 13:12:17 3,058,176 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-20 05:38:47 3,060,224 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-22 13:12:17 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-20 05:38:43 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 07:56:43 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-03-01 18:52:15 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-04 07:56:43 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-04 07:56:43 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-04 07:56:43 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-04 07:56:43 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-04 07:56:43 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2007-08-22 13:12:17 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-20 05:38:41 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-04 07:56:43 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-04 07:56:43 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2007-08-22 13:12:17 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-20 05:38:41 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 07:56:44 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-06-20 17:41:10 245,248 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2004-08-04 07:56:44 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-04 07:56:44 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2006-08-17 12:28:27 332,288 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2007-02-28 09:08:48 2,136,064 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2001-08-23 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
- 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-08-22 13:12:17 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-20 05:38:41 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2007-08-22 13:12:18 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:38:42 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-08-22 13:12:18 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-08-20 05:38:44 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2001-08-23 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
- 2006-08-14 10:34:41 332,928 -c----w C:\WINDOWS\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c----w C:\WINDOWS\system32\dllcache\srv.sys
+ 2001-08-23 12:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2001-08-23 12:00:00 4,048 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
- 2007-08-22 13:12:18 615,424 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-20 05:38:45 615,936 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2001-08-23 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2001-08-23 12:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
- 2006-06-19 23:20:42 702,768 -c----w C:\WINDOWS\system32\dllcache\WgaLogon.dll
+ 2007-04-10 21:00:46 236,928 -c----w C:\WINDOWS\system32\dllcache\WgaLogon.dll
- 2006-06-19 23:19:26 304,944 -c----w C:\WINDOWS\system32\dllcache\WgaTray.exe
+ 2007-04-10 21:01:18 336,768 -c----w C:\WINDOWS\system32\dllcache\WgaTray.exe
- 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-08-22 13:12:18 658,944 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-20 05:38:43 659,456 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2001-08-23 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2004-08-04 07:56:57 146,432 -c--a-w C:\WINDOWS\system32\dllcache\winspool.drv
+ 2001-08-23 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
- 2006-10-19 04:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
+ 2007-10-28 01:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2001-08-23 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
- 2007-07-31 02:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-19 05:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-31 02:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-19 05:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-31 02:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-19 05:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-31 02:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-19 05:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-31 02:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-19 05:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-31 02:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-19 05:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 07:56:42 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-07-25 08:34:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2008-07-25 08:34:46 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
+ 2008-07-25 08:34:46 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
+ 2008-07-25 08:34:50 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
+ 2008-07-25 08:34:46 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
+ 2008-07-25 08:34:46 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
+ 2008-07-25 08:34:46 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
- 2004-08-04 06:14:14 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2007-08-09 20:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 21:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-07-18 00:45:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
- 2004-08-04 06:10:37 274,304 -c----w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
- 2003-05-30 07:21:38 66,992 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2008-07-23 16:50:48 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
- 2003-05-30 07:21:38 24,698 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2008-07-23 16:50:48 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2004-08-04 06:07:57 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2005-02-02 09:21:04 14,408 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 20:12:54 15,464 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2004-08-04 05:58:20 72,960 -c--a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-04 06:00:56 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2001-08-23 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2008-07-23 16:50:48 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2001-08-23 12:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-03-01 17:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2008-01-15 10:39:58 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
+ 2008-04-17 20:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 20:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-10-01 20:01:28 32,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
+ 2008-07-25 08:34:52 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
- 2001-01-12 23:09:58 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
+ 2003-02-28 23:34:42 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
- 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-20 05:38:40 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-20 05:38:40 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll
- 2007-08-22 13:12:16 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-20 05:38:40 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2007-04-08 04:45:49 119,744 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-18 00:24:54 119,744 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2005-05-31 18:20:36 79,432 -c--a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-04-17 20:12:54 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
- 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-08-20 05:38:41 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-08-20 05:38:41 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-09-25 05:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 08:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2001-01-13 01:04:00 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
+ 2003-03-01 01:26:16 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
- 2001-01-13 01:04:00 139,536 ----a-w C:\WINDOWS\system32\javaee.dll
+ 2003-03-01 01:26:18 139,536 ----a-w C:\WINDOWS\system32\javaee.dll
- 2001-01-13 01:04:00 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
+ 2003-03-01 01:26:18 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
- 2001-01-13 01:04:02 404,752 ----a-w C:\WINDOWS\system32\javart.dll
+ 2003-03-01 01:26:18 404,752 ----a-w C:\WINDOWS\system32\javart.dll
- 2007-09-25 05:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 08:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-25 06:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 09:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2001-01-13 01:04:08 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
+ 2003-03-01 01:26:30 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
- 2001-01-13 01:04:02 171,280 ----a-w C:\WINDOWS\system32\jit.dll
+ 2003-03-01 01:26:20 171,280 ----a-w C:\WINDOWS\system32\jit.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-20 05:38:44 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2001-01-13 01:04:08 172,304 ----a-w C:\WINDOWS\system32\jview.exe
+ 2003-03-01 01:26:30 172,304 ----a-w C:\WINDOWS\system32\jview.exe
+ 2001-08-23 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2001-08-23 12:00:00 221,600 -c--a-w C:\WINDOWS\system32\lanman.drv
- 2006-06-19 23:19:42 571,184 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-04-10 21:02:50 1,476,992 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-07-23 16:48:40 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2001-08-23 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2008-10-05 03:16:26 235,936 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
+ 2008-10-18 19:55:32 88,590 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2001-08-23 12:00:00 73,376 -c--a-w C:\WINDOWS\system32\mciavi.drv
+ 2001-08-23 12:00:00 25,264 -c--a-w C:\WINDOWS\system32\mciseq.drv
+ 2001-08-23 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\mciwave.drv
+ 2001-08-23 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
- 2004-08-04 07:56:42 138,240 -c--a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-04 07:56:42 47,104 -c--a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-04 07:56:42 16,896 -c--a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-04 07:56:42 660,992 -c--a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-04 07:56:42 177,152 -c--a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-04 07:56:42 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-04 07:56:42 48,640 -c--a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-04 07:56:42 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2001-08-23 12:00:00 20,480 ----a-w C:\WINDOWS\system32\msacm32.drv
- 2001-01-13 01:04:02 154,896 ----a-w C:\WINDOWS\system32\msawt.dll
+ 2003-03-01 01:26:20 154,384 ----a-w C:\WINDOWS\system32\msawt.dll
- 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2004-08-04 07:56:43 512,029 -c--a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 07:56:43 319,517 -c--a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2004-08-04 07:56:57 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-04 07:56:57 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-20 05:38:47 3,060,224 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-20 05:38:43 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2001-01-13 01:04:06 945,424 ----a-w C:\WINDOWS\system32\msjava.dll
+ 2003-03-01 01:26:26 947,472 ----a-w C:\WINDOWS\system32\msjava.dll
- 2001-01-13 01:04:06 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
+ 2003-03-01 01:26:26 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
- 2004-08-04 07:56:43 1,507,356 -c--a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-03-01 18:52:15 358,976 -c--a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 07:56:43 151,583 -c--a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-04 07:56:43 53,279 -c--a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 07:56:43 241,693 -c--a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 07:56:43 213,023 -c--a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 07:56:43 348,189 -c--a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-08-20 05:38:41 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 07:56:43 421,919 -c--a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 -c--a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 -c--a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 07:56:43 258,077 -c--a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-08-20 05:38:41 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 07:56:44 831,519 -c--a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 07:56:44 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
- 2004-08-04 07:56:44 614,429 -c--a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 07:56:44 348,189 -c--a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2001-08-23 12:00:00 2,656 -c--a-w C:\WINDOWS\system32\netware.drv
- 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2007-03-11 21:59:51 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-09 20:52:34 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-03-11 21:59:51 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-09 20:52:34 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-10-15 03:28:24 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-06-19 02:20:17 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2007-10-15 03:28:25 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-06-19 02:20:20 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2007-10-15 03:28:25 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-06-19 02:20:20 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-20 05:38:41 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-07-23 16:50:46 551,672 ------w C:\WINDOWS\system32\px.dll
+ 2008-07-23 16:50:46 129,784 ------w C:\WINDOWS\system32\pxafs.dll
+ 2008-07-23 16:50:46 66,296 ------w C:\WINDOWS\system32\pxcpya64.exe
+ 2008-07-23 16:50:48 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
+ 2008-07-23 16:50:48 518,904 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2008-07-23 16:50:48 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2008-07-23 16:50:46 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
+ 2008-07-23 16:50:46 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
+ 2008-07-23 16:50:50 187,128 ------w C:\WINDOWS\system32\pxmas.dll
+ 2008-07-23 16:50:48 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll
+ 2008-07-23 16:50:48 379,640 ------w C:\WINDOWS\system32\pxwave.dll
+ 2008-07-23 16:50:52 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2004-08-04 06:08:46 26,496 ----a-w C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\USBSTOR.SYS
- 2007-10-15 03:28:29 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-06-19 02:20:30 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
- 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-08-20 05:38:42 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-08-20 05:38:44 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-07-19 05:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 05:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2001-08-23 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
- 2006-09-26 00:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-07-23 16:48:40 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
+ 2001-08-23 12:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2001-08-23 12:00:00 4,048 -c--a-w C:\WINDOWS\system32\timer.drv
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-20 05:38:45 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 07:56:46 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2001-08-23 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
- 2001-01-13 01:04:06 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
+ 2003-03-01 01:26:26 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
+ 2008-07-23 16:50:46 88,824 ------w C:\WINDOWS\system32\vxblock.dll
+ 2004-08-04 07:56:57 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2001-08-23 12:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
- 2006-06-19 23:20:42 702,768 ------w C:\WINDOWS\system32\WgaLogon.dll
+ 2007-04-10 21:00:46 236,928 ----a-w C:\WINDOWS\system32\WgaLogon.dll
- 2006-06-19 23:19:26 304,944 ------w C:\WINDOWS\system32\WgaTray.exe
+ 2007-04-10 21:01:18 336,768 ----a-w C:\WINDOWS\system32\WgaTray.exe
+ 2001-08-23 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-04 07:56:57 146,432 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2001-08-23 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
- 2001-01-13 01:04:08 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
+ 2003-03-01 01:26:32 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
- 2006-10-19 04:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-28 01:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2001-08-23 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\wowdeb.exe
- 2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2008-07-19 05:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2008-07-19 05:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2008-07-19 05:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2008-07-19 05:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2008-07-19 05:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-07-31 02:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2008-07-19 05:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-07-19 05:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
- 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-08-19 09:20:32 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2000-08-31 15:00:00 49,152 ----a-w C:\WINDOWS\VFIND.exe
+ 2006-12-02 06:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 06:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 06:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2000-08-31 15:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-30 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-22 319488]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-07 294912]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-18 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 C:\WINDOWS\SOUNDMAN.EXE]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-10-02 217088]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2006-01-24 303104]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-08-15 118784]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9020eccc-6d33-11da-818a-0013d31118c7}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{968ab160-54b0-11da-8155-0013d31118c7}]
\Shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b045bf8d-6d35-11da-89ff-0013d31118c7}]
\Shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b045bf8e-6d35-11da-89ff-0013d31118c7}]
\Shell\AutoRun\command - H:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d061ebfa-6d34-11da-818b-0013d31118c7}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f250496c-6d2c-11da-8189-0013d31118c7}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f250496d-6d2c-11da-8189-0013d31118c7}]
\Shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe
.
Contents of the 'Scheduled Tasks' folder
2008-10-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-HPHUPD04 - C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
MSConfigStartUp-Share-to-Web Namespace Daemon - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/?rs=1
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O18 -: Name-Space Handler: ftp\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} -
O18 -: Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} -
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 02:15:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-29 2:17:50
ComboFix-quarantined-files.txt 2008-10-29 09:17:43
Pre-Run: 81,280,475,136 bytes free
Post-Run: 81,448,751,104 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
1264 --- E O F --- 2008-10-28 09:40:55
It looks like combofix ran twice, please can you post the contents of
C:\Qoobox\combofix2.txt
How are things running now, any problems still ?
terminator1315
2008-10-31, 09:17
Its only on file but there's too many characters so I broke the file in half.... Do you still need a copy??
Yes, I need to see that file.
Just split it over 2-3 post if needed.
terminator1315
2008-11-01, 04:31
ComboFix 08-10-29.04 - end-user 2008-10-29 2:14:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.645 [GMT -7:00]
Running from: C:\Documents and Settings\end-user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\end-user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))))
.
2008-10-28 00:31 . 2008-10-28 00:31 <DIR> d-------- C:\Documents and Settings\end-user\Application Data\Malwarebytes
2008-10-28 00:31 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-28 00:31 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-28 00:30 . 2008-10-28 00:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 00:30 . 2008-10-28 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 20:15 . 2008-10-22 20:15 <DIR> d-------- C:\rsit
2008-10-08 16:13 . 2008-10-08 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 09:22 --------- d-----w C:\Program Files\Java
2008-10-22 07:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-22 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-08 23:13 --------- d-----w C:\Program Files\iTunes
2008-10-08 23:13 --------- d-----w C:\Program Files\iPod
2008-09-20 18:45 --------- d-----w C:\Program Files\QuickTime
2008-09-20 18:45 --------- d-----w C:\Program Files\Bonjour
2008-09-20 18:44 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-05 16:29 --------- d-----w C:\Documents and Settings\end-user\Application Data\DivX
2008-09-05 16:27 --------- d-----w C:\Program Files\DivX
2008-09-04 03:53 --------- d-----w C:\Program Files\Apple Software Update
2008-09-02 23:11 --------- d-----w C:\Program Files\Safari
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2007-03-28 04:56 20,888 ----a-w C:\Documents and Settings\end-user\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2007-10-22_21.49.34.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-06 09:52:38 72,960 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys
+ 2007-07-06 13:08:11 138,240 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll
+ 2007-07-06 13:08:11 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
+ 2007-07-06 13:08:11 16,896 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll
+ 2007-07-06 13:08:11 660,992 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll
+ 2007-07-06 13:08:11 177,152 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll
+ 2007-07-06 13:08:11 95,744 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll
+ 2007-07-06 13:08:11 48,640 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
+ 2007-07-06 13:08:11 471,552 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll
+ 2007-10-11 05:57:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll
+ 2007-10-11 05:57:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll
+ 2007-10-11 05:57:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll
+ 2007-10-11 05:57:30 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll
+ 2007-10-11 05:57:30 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll
+ 2007-10-10 10:48:23 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe
+ 2007-10-11 05:57:31 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll
+ 2007-10-11 05:57:31 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll
+ 2007-10-11 05:57:31 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll
+ 2007-10-30 09:55:21 3,065,856 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll
+ 2007-10-11 05:57:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll
+ 2007-10-11 05:57:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll
+ 2007-10-11 05:57:37 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll
+ 2007-10-11 05:57:37 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll
+ 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll
+ 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll
+ 2007-10-11 05:57:40 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll
+ 2007-10-11 05:57:41 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
+ 2007-10-10 10:34:35 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\updspapi.dll
+ 2008-05-02 13:30:08 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:49 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3GDR\msgsc.dll
+ 2008-05-02 13:42:10 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\browseui.dll
+ 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\cdfview.dll
+ 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\danim.dll
+ 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\extmgr.dll
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iepeers.dll
+ 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\inseng.dll
+ 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\jsproxy.dll
+ 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtml.dll
+ 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mshtmled.dll
+ 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\msrating.dll
+ 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\mstime.dll
+ 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\pngfilt.dll
+ 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shdocvw.dll
+ 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\shlwapi.dll
+ 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\urlmon.dll
+ 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\xpsp3res.dll
+ 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:01 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 18:39:39 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-12 07:22:26 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:31 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-13 09:52:16 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-13 11:05:51 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-13 11:27:43 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-04-14 11:00:16 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 12:30:49 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 12:36:35 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-01 15:04:00 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:33:02 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:38:05 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 16:11:40 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\browseui.dll
+ 2008-06-23 16:11:40 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\cdfview.dll
+ 2008-06-23 16:11:42 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\danim.dll
+ 2008-06-23 16:11:43 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:11:43 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtrans.dll
+ 2008-06-23 16:11:43 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\extmgr.dll
+ 2008-06-23 09:53:58 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iedw.exe
+ 2008-06-23 16:11:52 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iepeers.dll
+ 2008-06-23 16:11:52 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\inseng.dll
+ 2008-06-23 16:11:52 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\jsproxy.dll
+ 2008-06-23 16:11:58 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtml.dll
+ 2008-06-23 16:12:00 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtmled.dll
+ 2008-06-23 16:12:02 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\msrating.dll
+ 2008-06-23 16:12:02 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mstime.dll
+ 2008-06-23 16:12:02 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\pngfilt.dll
+ 2008-06-23 16:12:05 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shdocvw.dll
+ 2008-06-23 16:12:05 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shlwapi.dll
+ 2008-06-23 16:12:06 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\urlmon.dll
+ 2008-06-23 16:12:08 667,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
+ 2008-07-03 09:14:02 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\xpsp3res.dll
+ 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll
+ 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll
+ 2008-06-26 08:15:30 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll
+ 2008-06-23 15:09:27 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
+ 2008-06-25 04:24:48 3,067,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll
+ 2008-06-26 08:00:52 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
+ 2008-06-26 08:00:52 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll
+ 2008-06-23 14:54:47 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\updspapi.dll
+ 2001-08-17 21:01:16 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2001-08-23 12:00:00 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh261.drv
+ 2001-08-23 12:00:00 286,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh263.drv
+ 2001-08-18 05:37:04 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\wdmaud.drv
+ 2001-08-23 12:00:00 131,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\winspool.drv
+ 2004-08-04 05:58:20 72,960 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqac.sys
+ 2004-08-04 07:56:42 138,240 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqad.dll
+ 2004-08-04 07:56:42 47,104 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqdscli.dll
+ 2004-08-04 07:56:42 16,896 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqise.dll
+ 2004-08-04 07:56:42 660,992 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqqm.dll
+ 2004-08-04 07:56:42 177,152 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqrt.dll
+ 2004-08-04 07:56:42 95,744 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqsec.dll
+ 2004-08-04 07:56:42 48,640 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqupgrd.dll
+ 2004-08-04 07:56:42 471,552 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqutil.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB937894$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-28 00:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-28 00:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2006-10-19 04:47:18 222,208 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi.dll
+ 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\$NtUninstallKB941693$\win32k.sys
+ 2007-08-22 13:12:15 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB942615$\browseui.dll
+ 2007-08-22 13:12:15 151,040 -c----w C:\WINDOWS\$NtUninstallKB942615$\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB942615$\danim.dll
+ 2007-08-22 13:12:16 357,888 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 -c----w C:\WINDOWS\$NtUninstallKB942615$\extmgr.dll
+ 2007-08-21 10:30:45 18,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\iedw.exe
+ 2007-08-22 13:12:16 251,392 -c----w C:\WINDOWS\$NtUninstallKB942615$\iepeers.dll
+ 2007-08-22 13:12:16 96,256 -c----w C:\WINDOWS\$NtUninstallKB942615$\inseng.dll
+ 2007-08-22 13:12:16 16,384 -c----w C:\WINDOWS\$NtUninstallKB942615$\jsproxy.dll
+ 2007-08-22 13:12:17 3,058,176 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll
+ 2007-08-22 13:12:17 449,024 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtmled.dll
+ 2007-08-22 13:12:17 146,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\msrating.dll
+ 2007-08-22 13:12:17 532,480 -c----w C:\WINDOWS\$NtUninstallKB942615$\mstime.dll
+ 2007-08-22 13:12:17 39,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB942615$\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 -c----w C:\WINDOWS\$NtUninstallKB942615$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\updspapi.dll
+ 2007-08-22 13:12:18 615,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\urlmon.dll
+ 2007-08-22 13:12:18 658,944 -c----w C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\$NtUninstallKB942840$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\updspapi.dll
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2007-08-21 10:20:02 115,712 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2007-11-14 07:26:56 450,560 -c----w C:\WINDOWS\$NtUninstallKB944338$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944338$\spuninst\updspapi.dll
+ 2004-08-04 07:56:46 417,792 -c----w C:\WINDOWS\$NtUninstallKB944338$\vbscript.dll
+ 2007-10-11 06:13:44 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll
+ 2007-10-11 06:13:44 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll
+ 2007-10-11 06:13:44 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll
+ 2007-10-11 06:13:44 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll
+ 2007-10-11 06:13:44 205,312 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll
+ 2007-10-11 06:13:44 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll
+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe
+ 2007-10-11 06:13:44 251,392 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll
+ 2007-10-11 06:13:44 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll
+ 2007-10-11 06:13:44 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll
+ 2007-10-30 10:16:33 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
+ 2007-10-11 06:13:45 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll
+ 2007-10-11 06:13:45 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll
+ 2007-10-11 06:13:45 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll
+ 2007-10-11 06:13:45 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll
+ 2007-10-11 06:13:45 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll
+ 2007-10-11 06:13:45 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll
+ 2007-10-11 06:13:45 615,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll
+ 2007-10-11 06:13:45 659,456 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
+ 2007-10-29 10:26:53 115,712 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll
+ 2001-08-23 12:00:00 27,440 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsapi.dll
+ 2004-08-04 07:56:42 45,568 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi.dll
+ 2004-08-04 06:00:56 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\updspapi.dll
+ 2004-08-04 07:56:43 82,944 -c----w C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\updspapi.dll
+ 2007-12-07 01:07:12 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB947864$\browseui.dll
+ 2007-12-07 01:07:12 151,040 -c----w C:\WINDOWS\$NtUninstallKB947864$\cdfview.dll
+ 2007-12-07 01:07:12 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB947864$\danim.dll
+ 2007-12-07 01:07:12 357,888 -c----w C:\WINDOWS\$NtUninstallKB947864$\dxtmsft.dll
+ 2007-12-07 01:07:12 205,312 -c----w C:\WINDOWS\$NtUninstallKB947864$\dxtrans.dll
+ 2007-12-07 01:07:12 55,808 -c----w C:\WINDOWS\$NtUninstallKB947864$\extmgr.dll
+ 2007-12-06 13:07:07 18,432 -c----w C:\WINDOWS\$NtUninstallKB947864$\iedw.exe
+ 2007-12-07 01:07:12 251,392 -c----w C:\WINDOWS\$NtUninstallKB947864$\iepeers.dll
+ 2007-12-07 01:07:12 96,256 -c----w C:\WINDOWS\$NtUninstallKB947864$\inseng.dll
+ 2007-12-07 01:07:12 16,384 -c----w C:\WINDOWS\$NtUninstallKB947864$\jsproxy.dll
+ 2007-12-07 14:37:14 3,059,200 -c----w C:\WINDOWS\$NtUninstallKB947864$\mshtml.dll
+ 2007-12-07 01:07:13 449,024 -c----w C:\WINDOWS\$NtUninstallKB947864$\mshtmled.dll
+ 2007-12-07 01:07:13 146,432 -c----w C:\WINDOWS\$NtUninstallKB947864$\msrating.dll
+ 2007-12-07 01:07:13 532,480 -c----w C:\WINDOWS\$NtUninstallKB947864$\mstime.dll
+ 2007-12-07 01:07:13 39,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\pngfilt.dll
+ 2007-12-07 01:07:13 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB947864$\shdocvw.dll
+ 2007-12-07 01:07:13 474,112 -c----w C:\WINDOWS\$NtUninstallKB947864$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\spuninst\updspapi.dll
+ 2007-12-07 01:07:14 615,424 -c----w C:\WINDOWS\$NtUninstallKB947864$\urlmon.dll
+ 2007-12-07 01:07:14 659,456 -c----w C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
+ 2007-12-06 09:38:31 350,720 -c----w C:\WINDOWS\$NtUninstallKB947864$\xpsp3res.dll
+ 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi.dll
+ 2004-08-04 07:56:42 561,179 -c----w C:\WINDOWS\$NtUninstallKB950749$\dao360.dll
+ 2004-08-04 07:56:43 512,029 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexch40.dll
+ 2004-08-04 07:56:43 319,517 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexcl40.dll
+ 2004-08-04 07:56:43 1,507,356 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjet40.dll
+ 2004-03-01 18:52:15 358,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjetol1.dll
+ 2004-03-01 18:52:15 358,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjetoledb40.dll
+ 2004-08-04 07:56:43 151,583 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjint40.dll
+ 2004-08-04 07:56:43 53,279 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjter40.dll
+ 2004-08-04 07:56:43 241,693 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjtes40.dll
+ 2004-08-04 07:56:43 213,023 -c----w C:\WINDOWS\$NtUninstallKB950749$\msltus40.dll
+ 2004-08-04 07:56:43 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\mspbde40.dll
+ 2004-08-04 07:56:43 421,919 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd2x40.dll
+ 2004-08-04 07:56:43 315,423 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd3x40.dll
+ 2004-08-04 07:56:43 552,989 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrepl40.dll
+ 2004-08-04 07:56:43 258,077 -c----w C:\WINDOWS\$NtUninstallKB950749$\mstext40.dll
+ 2004-08-04 07:56:44 831,519 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswdat10.dll
+ 2004-08-04 07:56:44 614,429 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswstr10.dll
+ 2004-08-04 07:56:44 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\msxbde40.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe
terminator1315
2008-11-01, 04:32
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\updspapi.dll
+ 2008-02-16 08:59:34 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB950759$\browseui.dll
+ 2008-02-16 08:59:35 151,040 -c----w C:\WINDOWS\$NtUninstallKB950759$\cdfview.dll
+ 2008-02-16 08:59:35 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB950759$\danim.dll
+ 2008-02-16 08:59:35 357,888 -c----w C:\WINDOWS\$NtUninstallKB950759$\dxtmsft.dll
+ 2008-02-16 08:59:35 205,312 -c----w C:\WINDOWS\$NtUninstallKB950759$\dxtrans.dll
+ 2008-02-16 08:59:35 55,808 -c----w C:\WINDOWS\$NtUninstallKB950759$\extmgr.dll
+ 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\$NtUninstallKB950759$\iedw.exe
+ 2008-02-16 08:59:35 251,392 -c----w C:\WINDOWS\$NtUninstallKB950759$\iepeers.dll
+ 2008-02-16 08:59:35 96,256 -c----w C:\WINDOWS\$NtUninstallKB950759$\inseng.dll
+ 2008-02-16 08:59:35 16,384 -c----w C:\WINDOWS\$NtUninstallKB950759$\jsproxy.dll
+ 2008-02-16 22:29:38 3,059,712 -c----w C:\WINDOWS\$NtUninstallKB950759$\mshtml.dll
+ 2008-02-16 08:59:37 449,024 -c----w C:\WINDOWS\$NtUninstallKB950759$\mshtmled.dll
+ 2008-02-16 08:59:37 146,432 -c----w C:\WINDOWS\$NtUninstallKB950759$\msrating.dll
+ 2008-02-16 08:59:37 532,480 -c----w C:\WINDOWS\$NtUninstallKB950759$\mstime.dll
+ 2008-02-16 08:59:37 39,424 -c----w C:\WINDOWS\$NtUninstallKB950759$\pngfilt.dll
+ 2008-02-16 08:59:38 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB950759$\shdocvw.dll
+ 2008-02-16 08:59:38 474,112 -c----w C:\WINDOWS\$NtUninstallKB950759$\shlwapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950759$\spuninst\updspapi.dll
+ 2008-02-16 08:59:38 615,936 -c----w C:\WINDOWS\$NtUninstallKB950759$\urlmon.dll
+ 2008-02-16 08:59:39 659,456 -c----w C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
+ 2008-02-15 09:06:21 351,744 -c----w C:\WINDOWS\$NtUninstallKB950759$\xpsp3res.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\updspapi.dll
+ 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll
+ 2005-07-26 04:39:45 243,200 -c----w C:\WINDOWS\$NtUninstallKB950974$\es.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\updspapi.dll
+ 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\updspapi.dll
+ 2007-11-13 11:31:11 60,416 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\tzchange.exe
+ 2008-04-14 11:01:02 272,128 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll
+ 2004-08-04 06:10:37 274,304 -c----w C:\WINDOWS\$NtUninstallKB951376$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\updspapi.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll
+ 2004-08-04 06:14:14 138,496 -c----w C:\WINDOWS\$NtUninstallKB951748$\afd.sys
+ 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll
+ 2004-08-04 07:56:44 245,248 -c----w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\updspapi.dll
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
+ 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys
+ 2004-08-04 07:56:42 331,776 -c----w C:\WINDOWS\$NtUninstallKB952287$\msadce.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\updspapi.dll
+ 2005-06-29 01:46:00 74,240 -c----w C:\WINDOWS\$NtUninstallKB952954$\mscms.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\updspapi.dll
+ 2008-04-21 07:03:56 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB953838$\browseui.dll
+ 2008-04-21 07:03:56 151,040 -c----w C:\WINDOWS\$NtUninstallKB953838$\cdfview.dll
+ 2008-04-21 07:03:57 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB953838$\danim.dll
+ 2008-04-21 07:03:57 357,888 -c----w C:\WINDOWS\$NtUninstallKB953838$\dxtmsft.dll
+ 2008-04-21 07:03:57 205,312 -c----w C:\WINDOWS\$NtUninstallKB953838$\dxtrans.dll
+ 2008-04-21 07:03:57 55,808 -c----w C:\WINDOWS\$NtUninstallKB953838$\extmgr.dll
+ 2008-04-17 10:52:54 18,432 -c----w C:\WINDOWS\$NtUninstallKB953838$\iedw.exe
+ 2008-04-21 07:03:58 251,392 -c----w C:\WINDOWS\$NtUninstallKB953838$\iepeers.dll
+ 2008-04-21 07:03:58 96,256 -c----w C:\WINDOWS\$NtUninstallKB953838$\inseng.dll
+ 2008-04-21 07:03:58 16,384 -c----w C:\WINDOWS\$NtUninstallKB953838$\jsproxy.dll
+ 2008-04-21 07:03:59 3,059,712 -c----w C:\WINDOWS\$NtUninstallKB953838$\mshtml.dll
+ 2008-04-21 07:03:59 449,024 -c----w C:\WINDOWS\$NtUninstallKB953838$\mshtmled.dll
+ 2008-04-21 07:03:59 146,432 -c----w C:\WINDOWS\$NtUninstallKB953838$\msrating.dll
+ 2008-04-21 07:03:59 532,480 -c----w C:\WINDOWS\$NtUninstallKB953838$\mstime.dll
+ 2008-04-21 07:03:59 39,424 -c----w C:\WINDOWS\$NtUninstallKB953838$\pngfilt.dll
+ 2008-04-21 07:04:00 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB953838$\shdocvw.dll
+ 2008-04-21 07:04:00 474,112 -c----w C:\WINDOWS\$NtUninstallKB953838$\shlwapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB953838$\spuninst\updspapi.dll
+ 2008-04-21 07:04:00 615,936 -c----w C:\WINDOWS\$NtUninstallKB953838$\urlmon.dll
+ 2008-04-21 07:04:00 659,456 -c----w C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
+ 2008-04-17 10:37:04 351,744 -c----w C:\WINDOWS\$NtUninstallKB953838$\xpsp3res.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\updspapi.dll
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2007-02-28 09:08:48 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 15:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 15:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2008-09-02 23:12:07 27,136 ----a-r C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-09-20 18:45:36 86,016 ----a-r C:\WINDOWS\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2005-08-22 01:16:40 2,560 -c--a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2006-06-03 23:39:03 2,862 -c--a-r C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\UninstallStartMenuSh_C1D76D7AF3BB47EAA7465B1E2FFC1DF2.exe
+ 2008-09-02 23:11:33 307,200 ----a-r C:\WINDOWS\Installer\{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}\SafariIco.exe
+ 2008-10-08 23:13:41 102,400 ----a-r C:\WINDOWS\Installer\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}\iTunesIco.exe
- 2001-01-12 23:10:24 6,550 ----a-w C:\WINDOWS\jautoexp.dat
+ 2003-02-28 23:35:26 6,550 ----a-w C:\WINDOWS\jautoexp.dat
+ 2007-09-27 02:38:42 2,232 ----a-w C:\WINDOWS\java\Packages\Data\3V5NV5NB.DAT
+ 2008-06-12 04:03:41 2,678 ----a-w C:\WINDOWS\java\Packages\Data\4OKAEISG.DAT
+ 2008-06-12 04:03:38 2,678 ----a-w C:\WINDOWS\java\Packages\Data\DF9RJHJ3.DAT
+ 2008-06-12 04:03:38 2,678 ----a-w C:\WINDOWS\java\Packages\Data\I9V3NFDV.DAT
+ 2008-06-12 04:03:38 2,678 ----a-w C:\WINDOWS\java\Packages\Data\LNDRXFB9.DAT
+ 2008-06-12 04:03:39 2,678 ----a-w C:\WINDOWS\java\Packages\Data\NJ7XV9JV.DAT
- 2007-06-17 07:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 15:00:00 28,672 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 15:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 08:07:21 1,788 -c----w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 -c----w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2004-08-04 07:56:57 188,416 -c----w C:\WINDOWS\ServicePackFiles\i386\msh261.drv
+ 2004-08-04 07:56:57 294,912 -c----w C:\WINDOWS\ServicePackFiles\i386\msh263.drv
+ 2004-08-04 07:56:57 23,552 -c----w C:\WINDOWS\ServicePackFiles\i386\wdmaud.drv
+ 2004-08-04 07:56:57 146,432 -c----w C:\WINDOWS\ServicePackFiles\i386\winspool.drv
- 2001-01-13 01:04:08 46,352 ----a-w C:\WINDOWS\setdebug.exe
+ 2003-03-01 01:26:30 46,352 ----a-w C:\WINDOWS\setdebug.exe
+ 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
+ 2000-08-31 15:00:00 136,704 ----a-w C:\WINDOWS\SWSC.exe
+ 2000-08-31 15:00:00 212,480 ----a-w C:\WINDOWS\SWXCACLS.exe
+ 2001-08-23 12:00:00 2,000 -c--a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-08-23 12:00:00 73,376 -c--a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2001-08-23 12:00:00 25,264 -c--a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2001-08-23 12:00:00 28,160 -c--a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2001-08-23 12:00:00 2,032 -c--a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-23 12:00:00 1,744 -c--a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-08-23 12:00:00 3,360 -c--a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2001-08-23 12:00:00 4,048 -c--a-w C:\WINDOWS\system\TIMER.DRV
+ 2001-08-23 12:00:00 2,176 -c--a-w C:\WINDOWS\system\VGA.DRV
+ 2001-08-23 12:00:00 13,600 -c--a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-04 07:56:57 146,432 -c--a-w C:\WINDOWS\system\winspool.drv
- 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-08-20 05:38:45 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-08-20 05:38:39 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2008-07-19 05:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
- 2001-01-13 01:04:06 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
+ 2003-03-01 01:26:26 49,424 ----a-w C:\WINDOWS\system32\clspack.exe
+ 2001-08-23 12:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
- 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-08-20 05:38:40 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2004-08-04 08:07:21 1,788 -c--a-w C:\WINDOWS\system32\dcache.bin
+ 2008-07-25 08:34:36 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
+ 2008-07-25 08:34:42 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
+ 2008-07-25 08:34:40 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
+ 2008-07-25 08:34:40 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
+ 2008-07-25 08:34:40 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
+ 2008-07-25 08:34:30 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
+ 2008-07-25 08:36:00 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
+ 2008-07-23 16:46:38 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
+ 2008-08-14 09:51:43 138,368 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2007-08-22 13:12:15 1,022,976 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-08-20 05:38:45 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-04 06:10:37 274,304 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-06-13 13:10:50 272,128 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
- 2007-08-22 13:12:15 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-08-20 05:38:39 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-07-31 02:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-19 05:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-08-22 13:12:16 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-08-20 05:38:40 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-08-22 13:12:16 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-20 05:38:40 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-22 13:12:16 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-20 05:38:40 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll
- 2007-08-22 13:12:16 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-20 05:38:40 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-08-21 10:30:45 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-08-19 09:30:39 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-22 13:12:16 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-08-20 05:38:41 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-08-22 13:12:16 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-08-20 05:38:41 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-08-22 13:12:16 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-20 05:38:44 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2001-08-23 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
- 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2001-08-23 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-08-23 12:00:00 73,376 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2001-08-23 12:00:00 25,264 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2001-08-23 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2001-08-23 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
- 2004-08-04 05:58:20 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
- 2004-08-04 07:56:42 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
- 2004-08-04 07:56:42 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
- 2004-08-04 07:56:42 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
- 2004-08-04 07:56:42 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
- 2004-08-04 07:56:42 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 95,744 -c----w C:\WINDOWS\system32\dllcache\mqsec.dll
- 2004-08-04 07:56:42 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 471,552 -c----w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-12-18 09:51:35 179,584 -c----w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2008-05-01 14:30:33 331,776 -c----w C:\WINDOWS\system32\dllcache\msadce.dll
+ 2008-06-24 16:23:05 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll
- 2004-08-04 07:56:43 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-04 07:56:43 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2007-08-22 13:12:17 3,058,176 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-20 05:38:47 3,060,224 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-22 13:12:17 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-20 05:38:43 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 07:56:43 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-03-01 18:52:15 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-04 07:56:43 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-04 07:56:43 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-04 07:56:43 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-04 07:56:43 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-04 07:56:43 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2007-08-22 13:12:17 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-20 05:38:41 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-04 07:56:43 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-04 07:56:43 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2007-08-22 13:12:17 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-20 05:38:41 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 07:56:44 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-06-20 17:41:10 245,248 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2004-08-04 07:56:44 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-04 07:56:44 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2006-08-17 12:28:27 332,288 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2007-02-28 09:08:48 2,136,064 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2001-08-23 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
- 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-08-22 13:12:17 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-20 05:38:41 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2007-08-22 13:12:18 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:38:42 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-08-22 13:12:18 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-08-20 05:38:44 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2001-08-23 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
- 2006-08-14 10:34:41 332,928 -c----w C:\WINDOWS\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c----w C:\WINDOWS\system32\dllcache\srv.sys
+ 2001-08-23 12:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2001-08-23 12:00:00 4,048 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
- 2007-08-22 13:12:18 615,424 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-20 05:38:45 615,936 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2001-08-23 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2001-08-23 12:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
- 2006-06-19 23:20:42 702,768 -c----w C:\WINDOWS\system32\dllcache\WgaLogon.dll
+ 2007-04-10 21:00:46 236,928 -c----w C:\WINDOWS\system32\dllcache\WgaLogon.dll
- 2006-06-19 23:19:26 304,944 -c----w C:\WINDOWS\system32\dllcache\WgaTray.exe
+ 2007-04-10 21:01:18 336,768 -c----w C:\WINDOWS\system32\dllcache\WgaTray.exe
- 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-08-22 13:12:18 658,944 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-20 05:38:43 659,456 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2001-08-23 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2004-08-04 07:56:57 146,432 -c--a-w C:\WINDOWS\system32\dllcache\winspool.drv
+ 2001-08-23 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
- 2006-10-19 04:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
+ 2007-10-28 01:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2001-08-23 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
- 2007-07-31 02:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-19 05:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-31 02:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-19 05:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-31 02:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-19 05:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-31 02:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-19 05:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-31 02:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-19 05:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-31 02:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-19 05:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 07:56:42 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-07-25 08:34:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2008-07-25 08:34:46 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
+ 2008-07-25 08:34:46 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
+ 2008-07-25 08:34:50 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
+ 2008-07-25 08:34:46 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
+ 2008-07-25 08:34:46 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
+ 2008-07-25 08:34:46 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
- 2004-08-04 06:14:14 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2007-08-09 20:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 21:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-07-18 00:45:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
- 2004-08-04 06:10:37 274,304 -c----w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
- 2003-05-30 07:21:38 66,992 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2008-07-23 16:50:48 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
- 2003-05-30 07:21:38 24,698 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2008-07-23 16:50:48 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2004-08-04 06:07:57 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2005-02-02 09:21:04 14,408 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 20:12:54 15,464 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2004-08-04 05:58:20 72,960 -c--a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-04 06:00:56 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2001-08-23 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2008-07-23 16:50:48 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2001-08-23 12:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-03-01 17:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2008-01-15 10:39:58 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
+ 2008-04-17 20:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 20:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-10-01 20:01:28 32,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
+ 2008-07-25 08:34:52 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
- 2001-01-12 23:09:58 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
+ 2003-02-28 23:34:42 313,856 ----a-w C:\WINDOWS\system32\dx3j.dll
- 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-20 05:38:40 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-20 05:38:40 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll
- 2007-08-22 13:12:16 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-20 05:38:40 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2007-04-08 04:45:49 119,744 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-18 00:24:54 119,744 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2005-05-31 18:20:36 79,432 -c--a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-04-17 20:12:54 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
- 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-08-20 05:38:41 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-08-20 05:38:41 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-09-25 05:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 08:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2001-01-13 01:04:00 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
+ 2003-03-01 01:26:16 187,152 ----a-w C:\WINDOWS\system32\javacypt.dll
- 2001-01-13 01:04:00 139,536 ----a-w C:\WINDOWS\system32\javaee.dll
+ 2003-03-01 01:26:18 139,536 ----a-w C:\WINDOWS\system32\javaee.dll
- 2001-01-13 01:04:00 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
+ 2003-03-01 01:26:18 63,248 ----a-w C:\WINDOWS\system32\javaprxy.dll
- 2001-01-13 01:04:02 404,752 ----a-w C:\WINDOWS\system32\javart.dll
+ 2003-03-01 01:26:18 404,752 ----a-w C:\WINDOWS\system32\javart.dll
- 2007-09-25 05:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 08:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-25 06:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 09:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2001-01-13 01:04:08 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
+ 2003-03-01 01:26:30 15,120 ----a-w C:\WINDOWS\system32\jdbgmgr.exe
- 2001-01-13 01:04:02 171,280 ----a-w C:\WINDOWS\system32\jit.dll
+ 2003-03-01 01:26:20 171,280 ----a-w C:\WINDOWS\system32\jit.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-20 05:38:44 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2001-01-13 01:04:08 172,304 ----a-w C:\WINDOWS\system32\jview.exe
+ 2003-03-01 01:26:30 172,304 ----a-w C:\WINDOWS\system32\jview.exe
+ 2001-08-23 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2001-08-23 12:00:00 221,600 -c--a-w C:\WINDOWS\system32\lanman.drv
- 2006-06-19 23:19:42 571,184 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-04-10 21:02:50 1,476,992 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-07-23 16:48:40 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2001-08-23 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2008-10-05 03:16:26 235,936 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
+ 2008-10-18 19:55:32 88,590 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2001-08-23 12:00:00 73,376 -c--a-w C:\WINDOWS\system32\mciavi.drv
+ 2001-08-23 12:00:00 25,264 -c--a-w C:\WINDOWS\system32\mciseq.drv
+ 2001-08-23 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\mciwave.drv
+ 2001-08-23 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
- 2004-08-04 07:56:42 138,240 -c--a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-04 07:56:42 47,104 -c--a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-04 07:56:42 16,896 -c--a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-04 07:56:42 660,992 -c--a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-04 07:56:42 177,152 -c--a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-04 07:56:42 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-04 07:56:42 48,640 -c--a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-04 07:56:42 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2001-08-23 12:00:00 20,480 ----a-w C:\WINDOWS\system32\msacm32.drv
- 2001-01-13 01:04:02 154,896 ----a-w C:\WINDOWS\system32\msawt.dll
+ 2003-03-01 01:26:20 154,384 ----a-w C:\WINDOWS\system32\msawt.dll
- 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2004-08-04 07:56:43 512,029 -c--a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 07:56:43 319,517 -c--a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2004-08-04 07:56:57 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-04 07:56:57 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-20 05:38:47 3,060,224 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-20 05:38:43 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2001-01-13 01:04:06 945,424 ----a-w C:\WINDOWS\system32\msjava.dll
+ 2003-03-01 01:26:26 947,472 ----a-w C:\WINDOWS\system32\msjava.dll
- 2001-01-13 01:04:06 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
+ 2003-03-01 01:26:26 21,264 ----a-w C:\WINDOWS\system32\msjdbc10.dll
- 2004-08-04 07:56:43 1,507,356 -c--a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-03-01 18:52:15 358,976 -c--a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 07:56:43 151,583 -c--a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-04 07:56:43 53,279 -c--a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 07:56:43 241,693 -c--a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 07:56:43 213,023 -c--a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 07:56:43 348,189 -c--a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-08-20 05:38:41 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 07:56:43 421,919 -c--a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 -c--a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 -c--a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 07:56:43 258,077 -c--a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-08-20 05:38:41 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 07:56:44 831,519 -c--a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 07:56:44 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
- 2004-08-04 07:56:44 614,429 -c--a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 07:56:44 348,189 -c--a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2001-08-23 12:00:00 2,656 -c--a-w C:\WINDOWS\system32\netware.drv
- 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2007-03-11 21:59:51 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-09 20:52:34 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-03-11 21:59:51 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-09 20:52:34 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-10-15 03:28:24 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-06-19 02:20:17 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2007-10-15 03:28:25 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-06-19 02:20:20 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2007-10-15 03:28:25 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-06-19 02:20:20 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-20 05:38:41 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-07-23 16:50:46 551,672 ------w C:\WINDOWS\system32\px.dll
+ 2008-07-23 16:50:46 129,784 ------w C:\WINDOWS\system32\pxafs.dll
+ 2008-07-23 16:50:46 66,296 ------w C:\WINDOWS\system32\pxcpya64.exe
+ 2008-07-23 16:50:48 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
+ 2008-07-23 16:50:48 518,904 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2008-07-23 16:50:48 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2008-07-23 16:50:46 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
+ 2008-07-23 16:50:46 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
+ 2008-07-23 16:50:50 187,128 ------w C:\WINDOWS\system32\pxmas.dll
+ 2008-07-23 16:50:48 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll
+ 2008-07-23 16:50:48 379,640 ------w C:\WINDOWS\system32\pxwave.dll
+ 2008-07-23 16:50:52 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2004-08-04 06:08:46 26,496 ----a-w C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\USBSTOR.SYS
- 2007-10-15 03:28:29 185,688 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-06-19 02:20:30 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
- 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-08-20 05:38:42 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-08-20 05:38:44 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-07-19 05:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 05:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2001-08-23 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
- 2006-09-26 00:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-07-23 16:48:40 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
+ 2001-08-23 12:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2001-08-23 12:00:00 4,048 -c--a-w C:\WINDOWS\system32\timer.drv
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-20 05:38:45 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 07:56:46 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2001-08-23 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
- 2001-01-13 01:04:06 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
+ 2003-03-01 01:26:26 286,992 ----a-w C:\WINDOWS\system32\vmhelper.dll
+ 2008-07-23 16:50:46 88,824 ------w C:\WINDOWS\system32\vxblock.dll
+ 2004-08-04 07:56:57 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2001-08-23 12:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
- 2006-06-19 23:20:42 702,768 ------w C:\WINDOWS\system32\WgaLogon.dll
+ 2007-04-10 21:00:46 236,928 ----a-w C:\WINDOWS\system32\WgaLogon.dll
- 2006-06-19 23:19:26 304,944 ------w C:\WINDOWS\system32\WgaTray.exe
+ 2007-04-10 21:01:18 336,768 ----a-w C:\WINDOWS\system32\WgaTray.exe
+ 2001-08-23 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-04 07:56:57 146,432 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2001-08-23 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
- 2001-01-13 01:04:08 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
+ 2003-03-01 01:26:32 171,792 ----a-w C:\WINDOWS\system32\wjview.exe
- 2006-10-19 04:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-28 01:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2001-08-23 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\wowdeb.exe
- 2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2008-07-19 05:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2008-07-19 05:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2008-07-19 05:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2008-07-19 05:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2008-07-19 05:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-07-31 02:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2008-07-19 05:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-07-19 05:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
- 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-08-19 09:20:32 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2000-08-31 15:00:00 49,152 ----a-w C:\WINDOWS\VFIND.exe
+ 2006-12-02 06:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 06:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 06:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2000-08-31 15:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-30 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-22 319488]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-07 294912]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-18 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 C:\WINDOWS\SOUNDMAN.EXE]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-10-02 217088]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2006-01-24 303104]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-08-15 118784]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9020eccc-6d33-11da-818a-0013d31118c7}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{968ab160-54b0-11da-8155-0013d31118c7}]
\Shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b045bf8d-6d35-11da-89ff-0013d31118c7}]
\Shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b045bf8e-6d35-11da-89ff-0013d31118c7}]
\Shell\AutoRun\command - H:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d061ebfa-6d34-11da-818b-0013d31118c7}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f250496c-6d2c-11da-8189-0013d31118c7}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f250496d-6d2c-11da-8189-0013d31118c7}]
\Shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe
.
Contents of the 'Scheduled Tasks' folder
2008-10-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-HPHUPD04 - C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
MSConfigStartUp-Share-to-Web Namespace Daemon - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/?rs=1
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O18 -: Name-Space Handler: ftp\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} -
O18 -: Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} -
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 02:15:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-29 2:17:50
ComboFix-quarantined-files.txt 2008-10-29 09:17:43
Pre-Run: 81,280,475,136 bytes free
Post-Run: 81,448,751,104 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
1264 --- E O F --- 2008-10-28 09:40:55
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
DirLook::
C:\Qoobox
Folder::
C:\fixwareout
c:\windows\uniq
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
How are things running now ?
terminator1315
2008-11-01, 19:00
ComboFix 08-10-30.04 - end-user 2008-11-01 9:45:45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.657 [GMT -7:00]
Running from: C:\Documents and Settings\end-user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\end-user\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\fixwareout
C:\fixwareout\ATF-Cleaner.exe
C:\fixwareout\dnsbak.reg
C:\fixwareout\FindT\clsid.bak
C:\fixwareout\FindT\dumphive.exe
C:\fixwareout\FindT\FixWareOut.reg
C:\fixwareout\FindT\nircmd.exe
C:\fixwareout\FindT\patterns.txt
C:\fixwareout\FindT\rbot.bat
C:\fixwareout\FindT\RestartIt.exe
C:\fixwareout\FindT\runback.txt
C:\fixwareout\FindT\runs.vbs
C:\fixwareout\FindT\swreg.exe
C:\fixwareout\FindT\vfind.exe
C:\fixwareout\FindT\XP-2K2.cmd
C:\fixwareout\FixIt.BAT
C:\fixwareout\Fixwareout.exe
C:\fixwareout\readme.txt
C:\fixwareout\report.txt
c:\windows\uniq\
.
((((((((((((((((((((((((( Files Created from 2008-10-01 to 2008-11-01 )))))))))))))))))))))))))))))))
.
2008-10-29 02:20 . 2008-10-31 17:04 <DIR> d-------- C:\Program Files\Panda Security
2008-10-28 00:31 . 2008-10-28 00:31 <DIR> d-------- C:\Documents and Settings\end-user\Application Data\Malwarebytes
2008-10-28 00:31 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-28 00:31 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-28 00:30 . 2008-10-28 00:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 00:30 . 2008-10-28 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 20:15 . 2008-10-22 20:15 <DIR> d-------- C:\rsit
2008-10-08 16:13 . 2008-10-08 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 09:22 --------- d-----w C:\Program Files\Java
2008-10-22 07:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-22 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-08 23:13 --------- d-----w C:\Program Files\iTunes
2008-10-08 23:13 --------- d-----w C:\Program Files\iPod
2008-09-20 18:45 --------- d-----w C:\Program Files\QuickTime
2008-09-20 18:45 --------- d-----w C:\Program Files\Bonjour
2008-09-20 18:44 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-05 16:29 --------- d-----w C:\Documents and Settings\end-user\Application Data\DivX
2008-09-05 16:27 --------- d-----w C:\Program Files\DivX
2008-09-04 03:53 --------- d-----w C:\Program Files\Apple Software Update
2008-09-02 23:11 --------- d-----w C:\Program Files\Safari
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-20 05:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2007-03-28 04:56 20,888 ----a-w C:\Documents and Settings\end-user\Application Data\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Qoobox ----
2008-11-01 09:45 10379 --a------ C:\Qoobox\BackEnv
2008-11-01 09:44 232 --a------ C:\Qoobox\Quarantine\catchme.log
2008-11-01 09:43 62 --a------ C:\Qoobox\CFScript_used_2008-11-01@9.45.txt
2008-10-29 02:17 8751 --a------ C:\Qoobox\Add-Remove Programs.txt
2008-10-29 02:17 674 --a------ C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Share-to-Web Namespace Daemon.reg.dat
2008-10-29 02:17 652 --a------ C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-HPHUPD04.reg.dat
2008-10-29 02:17 2572 --a------ C:\Qoobox\ComboFix-quarantined-files.txt
2008-10-29 02:17 2 --a------ C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-10-29 02:17 2 --a------ C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-10-29 02:17 2 --a------ C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-10-29 02:17 1208721 --a------ C:\Qoobox\snapshot_2008-10-29_ 2.17.17.81.dat
2008-10-29 02:17 1134213 --a------ C:\Qoobox\snapshot_2008-10-29_ 2.17.17.81_B.dat
2008-10-29 02:17 101093 --a------ C:\Qoobox\ComboFix2.txt
2008-10-29 02:15 5131 --a------ C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2007-10-22 21:49 875912 --a------ C:\Qoobox\snapshot@2007-10-22_21.49.34.32.dat
2007-10-22 21:49 808810 --a------ C:\Qoobox\snapshot@2007-10-22_21.49.34.32_B.dat
2007-10-22 21:46 30240 --a------ C:\Qoobox\Quarantine\Registry_backups\winlogon.reg.dat
2007-10-22 21:45 8192 --a------ C:\Qoobox\Hiv-backup\Users\00000004\UsrClass.dat
2007-10-22 21:45 8192 --a------ C:\Qoobox\Hiv-backup\Users\00000002\UsrClass.dat
2007-10-22 21:45 673 --a------ C:\Qoobox\Hiv-backup\ERDNT.CON
2007-10-22 21:45 6221824 --a------ C:\Qoobox\Hiv-backup\system
2007-10-22 21:45 5279744 --a------ C:\Qoobox\Hiv-backup\Users\00000005\NTUSER.DAT
2007-10-22 21:45 45056 --a------ C:\Qoobox\Hiv-backup\SECURITY
2007-10-22 21:45 290816 --a------ C:\Qoobox\Hiv-backup\default
2007-10-22 21:45 253952 --a------ C:\Qoobox\Hiv-backup\Users\00000003\NTUSER.DAT
2007-10-22 21:45 253952 --a------ C:\Qoobox\Hiv-backup\Users\00000001\NTUSER.DAT
2007-10-22 21:45 24576 --a------ C:\Qoobox\Hiv-backup\SAM
2007-10-22 21:45 24309760 --a------ C:\Qoobox\Hiv-backup\software
2007-10-22 21:45 208896 --a------ C:\Qoobox\Hiv-backup\Users\00000006\UsrClass.dat
2007-10-22 21:45 1243 --a------ C:\Qoobox\Hiv-backup\ERDNT.INF
2007-10-22 21:38 3986 --a------ C:\Qoobox\Quarantine\C\WINDOWS\search_res.txt.vir
2007-10-22 21:24 241 --a------ C:\Qoobox\Quarantine\C\WINDOWS\dat.txt.vir
2007-10-22 18:20 18250 --a------ C:\Qoobox\Quarantine\C\WINDOWS\rs.txt.vir
2007-10-08 10:12 294 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\end-user\Favorites\Spyware&Malware Protection.url.vir
2007-10-08 10:12 294 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\end-user\Favorites\Privacy Protector.url.vir
2007-10-08 10:12 294 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\end-user\Favorites\Error Cleaner.url.vir
2007-10-03 09:00 48640 --a------ C:\Qoobox\Quarantine\C\WINDOWS\main_uninstaller.exe.vir
2007-10-03 09:00 274432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\bndsrvnl.dll.vir
2007-10-03 09:00 258048 --a------ C:\Qoobox\Quarantine\C\WINDOWS\msvb.dll.vir
2007-10-01 16:03 299008 --a------ C:\Qoobox\Quarantine\C\WINDOWS\afxp.dll.vir
2007-08-08 13:57 1151 --a------ C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\index.htm.vir
2007-05-18 01:44 43 --a------ C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\spacer.gif.vir
2007-05-18 01:40 14916 --a------ C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\down.gif.vir
2007-05-18 01:39 47318 --a------ C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\danger.jpg.vir
2007-05-18 01:39 23870 --a------ C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\capt.gif.vir
2007-03-13 10:57 3275 --a------ C:\Qoobox\Hiv-backup\ERDNTWIN.LOC
2007-03-13 10:57 2815 --a------ C:\Qoobox\Hiv-backup\ERDNTDOS.LOC
2007-03-13 10:57 163328 --a------ C:\Qoobox\Hiv-backup\ERDNT.EXE
2005-12-26 13:37 1853447 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\end-user\Application Data\Install.dat.vir
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-30 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-22 319488]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-07 294912]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-18 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 C:\WINDOWS\SOUNDMAN.EXE]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-10-02 217088]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2006-01-24 303104]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-08-15 118784]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9020eccc-6d33-11da-818a-0013d31118c7}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{968ab160-54b0-11da-8155-0013d31118c7}]
\Shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b045bf8d-6d35-11da-89ff-0013d31118c7}]
\Shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b045bf8e-6d35-11da-89ff-0013d31118c7}]
\Shell\AutoRun\command - H:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d061ebfa-6d34-11da-818b-0013d31118c7}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f250496c-6d2c-11da-8189-0013d31118c7}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f250496d-6d2c-11da-8189-0013d31118c7}]
\Shell\AutoRun\command - G:\JDSecure\Windows\JDSecure31.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-10-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 09:47:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-01 9:49:45
ComboFix-quarantined-files.txt 2008-11-01 16:49:24
ComboFix2.txt 2008-10-29 09:17:53
Pre-Run: 81,340,887,040 bytes free
Post-Run: 81,325,875,200 bytes free
187 --- E O F --- 2008-10-28 09:40:55
How are things running now ?
terminator1315
2008-11-07, 08:21
Internet seems to be running slower. Starting to hang up alot. Any suggestions?
I have a question when I start the computer the dos program shows up quickly and says Boot agent.....
then shows
XP professional
XP recovery
and Xp recovery is automaticlly highlighted and runs.
Screen shows for 2 secs so you can't change it.
Should it be running for recovery?
On boot-up, please use the arrow key to highlight XP professional and press enter.
Let me know if it continues to boot to the recovery option.
Please do the following
Click Start >> Run in the run box copy/paste this line :-
C:\Qoobox\ComboFix2.txt
Now press Enter
Notepad will open, please copy paste the contents here.
Also, please run RSIT again and post the log that is produced.
Due to inactivity, this thread will now be closed.
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.