PDA

View Full Version : using Firefox but many IE popups, HELP



jwayne73
2009-03-26, 06:06
HELP, I am in deep crap. I know my pc is infected badly:
1. I'm using Firefox only but many IE windows popup.
2. My Mcafee expired so I use my ISP free anti-virus protection software CA, Computer Associate. I get alert that many threats were deleted but apparently some got thru.
3. TeaTimer alert me program like PerfectKeylogger was identified and killed, hopefully bank passwords have not already been stolen.

also I'm a bit confused with instruction 4 and 5(below). Is 4 and 5 the same one, basically to not have TT running. Anyway after reboot TT is still running so I manually kill via TaskManager and then ran HJT.exe. Let me know if I need to repeat, THANKS.
4. Then click on the Resident Icon in the List.
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.


here's the HJT log,


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:12 PM, on 3/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\John\Desktop\HiJackThis(2).exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {9b738f2f-1299-4289-83b5-1d6579a27c82} - (no file)
O2 - BHO: {38b0e727-2b41-6f2a-a034-cc943194694c} - {c4964913-49cc-430a-a2f6-14b2727e0b83} - C:\WINDOWS\system32\ebnqto.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {f44c12ab-a9e5-43c0-be43-f9dab699e2e1} - C:\WINDOWS\system32\yudedawo.dll (file missing)
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - (no file)
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [kililuvedu] Rundll32.exe "C:\WINDOWS\system32\gakejuha.dll",s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a8a82eba] rundll32.exe "C:\WINDOWS\system32\denekilo.dll",b
O4 - HKLM\..\Run: [CPMab9b1d26] Rundll32.exe "c:\windows\system32\kajoveka.dll",a
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [kililuvedu] Rundll32.exe "C:\WINDOWS\system32\morahove.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kililuvedu] Rundll32.exe "C:\WINDOWS\system32\morahove.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\nagefipi.dll ebnqto.dll c:\windows\system32\kajoveka.dll c:\windows\system32\gupureje.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kajoveka.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kajoveka.dll
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (file missing)

--
End of file - 7848 bytes

pskelley
2009-03-27, 14:25
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Pinned (sticky) to the top of this forum, and posted above are the directions, make sure you have read and followed them.

You really need to read and follow the directions if you want help here, start with these:

1) Disable TeaTimer as instructed.

When Spybot-S&D is installed.
TeaTimer needs to be disabled so that its protection does not interfere with fixes.

2) Locate HJT safely as instructed.

By default it will install to C:\Program Files\Trend Micro\HijackThis

When that is done post a new HJT log.

Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks

jwayne73
2009-03-28, 06:59
appreciated, thanks for helping. I was confused with instruction earlier but I'm ok now.

1. done Disable TT, reboot, ran ERUNT
2. ran HJT, here's the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:21 AM, on 3/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\John\Desktop\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: {032a4a5b-93c3-d8fa-f9b4-2496b2b3a498} - {894a3b2b-6942-4b9f-af8d-3c39b5a4a230} - C:\WINDOWS\system32\uwthqn.dll
O2 - BHO: (no name) - {9b738f2f-1299-4289-83b5-1d6579a27c82} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {f44c12ab-a9e5-43c0-be43-f9dab699e2e1} - C:\WINDOWS\system32\yudedawo.dll (file missing)
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - (no file)
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [kililuvedu] Rundll32.exe "C:\WINDOWS\system32\gakejuha.dll",s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPMab9b1d26] Rundll32.exe "c:\windows\system32\kafuyora.dll",a
O4 - HKLM\..\Run: [a8a82eba] rundll32.exe "C:\WINDOWS\system32\bebidatu.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA7921] command.com /c del "c:\windows\system32\gupureje.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4166] cmd.exe /c del "c:\windows\system32\gupureje.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9401] command.com /c del "C:\WINDOWS\system32\mayonibe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC504] cmd.exe /c del "C:\WINDOWS\system32\mayonibe.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [kililuvedu] Rundll32.exe "C:\WINDOWS\system32\morahove.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kililuvedu] Rundll32.exe "C:\WINDOWS\system32\morahove.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3841567307-4091171729-3825519540-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jean')
O4 - HKUS\S-1-5-21-3841567307-4091171729-3825519540-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Guest01')
O4 - HKUS\S-1-5-21-3841567307-4091171729-3825519540-1012\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-3841567307-4091171729-3825519540-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: uwthqn.dll c:\windows\system32\kafuyora.dll,C:\WINDOWS\system32\nagefipi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kafuyora.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kafuyora.dll
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (file missing)

--
End of file - 7915 bytes


3. here's the uninstall list:

Ad-Aware SE Personal
Adobe Acrobat 6.0 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Bob the Builder
Broadcom Management Programs
CA Anti-Spyware
CA Anti-Virus
CA Desktop DNA Migrator
CA Internet Security Suite
CA Pest Patrol Realtime Protection
CA Website Inspector
Cars - Radiator Springs Adventures
Citrix ICA Web Client
Classic PhoneTools
CleanUp!
Clifford Thinking Adventures
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
DellSupport
Digital Line Detect
Disney's Activity Center, Winnie the Pooh
Disney's Mickey Mouse Toddler
DriverLINX Port I/O Driver
EarthLink Setup Files
Ernie's Adventures in Space
ERUNT 1.1j
Google Earth
Google Toolbar for Internet Explorer
Grey Olltwit's Where's Tigger
Hex Workshop v4.23
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HOT ALBUM MYBOX
hotComm® CL
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
J2SE Runtime Environment 5.0
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
Lehman VPNConnect Client
LogMeIn
MathPlayer
Memories Disc Creator 2.0
MetaFrame Presentation Server Web Client for Win32
MetaStock Professional 9.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Modem Helper
Mozilla Firefox (3.0.8)
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Mtrader mIRC - v2
Musicmatch® Jukebox
NetWaiting
NVIDIA Drivers
PowerQuest PartitionMagic 8.0
QuickTime
RABCO
Reader Rabbit's Reading Ages 4-6
Reading Basics
RealTick
Registry Mechanic 7.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Skype™ 3.8
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Thomas & Friends - Railway Adventures
Tier Creator for Dummies II
Tonka Search and Rescue
TradeStation 8.3 (Build 1419)
TradeStation 8.3 (Build 1631)
TradeStation 8.4 (Build 1688)
TradeStation 8.4 (Build 1693)
Ulead VideoStudio 8.0 SE DVD
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB2.0 TVBOX
Verizon Online
VIA Register Tool
VPN Client
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Messenger
Yahoo! Toolbar

pskelley
2009-03-28, 12:06
C:\Documents and Settings\John\Desktop\HiJackThis(2).exe <<< :sad:
You need to read the directions again carefully.

By default it will install to C:\Program Files\Trend Micro\HijackThis
That is NOT where you placed HJT, follow these directions please:

DO THIS FIRST:
Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log. <<< close HJT until I ask for a log later.

1)) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks

This can be done as time permits, but it is important, and may be why you are infected.
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Adobe Reader 8.1.2 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

J2SE Runtime Environment 5.0
Java 2 Runtime Environment, SE v1.4.2_03 <<< VERY OLD
Java(TM) 6 Update 11
Out of date and unsafe, see this:
Sun Microsystems~Java. Security vunerability in older versions left on system
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php
http://raproducts.org/ <<< this tool will help if you have problems uninstalling old versions.

Spybot - Search & Destroy <<< make sure this is up to date
Spybot - Search & Destroy 1.3 <<< uninstall that very old version
Please be sure Spybot S&D is up to date and fully immunized.
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/news/2008-07-08.html
http://www.safer-networking.org/en/faq/index.html
http://www.safer-networking.org/en/tutorial/index.html

jwayne73
2009-03-29, 03:37
thanks again.

downloaded and ran new HJT see log below.

ran combofix see log.

ComboFix 09-03-27.02 - John 2009-03-28 10:48:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.950 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\Rabio
c:\windows\BMab9b1d26.txt
c:\windows\system32\abpoon.dll
c:\windows\system32\aflzar.dll
c:\windows\system32\bawoguki.dll
c:\windows\system32\bebidatu.dll
c:\windows\system32\cvlsuu.dll
c:\windows\system32\dodegebu.dll
c:\windows\system32\dofozeha.dll
c:\windows\system32\dubutawe.dll
c:\windows\system32\ebnqto.dll
c:\windows\system32\feklaxqb.ini
c:\windows\system32\femififi.dll
c:\windows\system32\FFFFgumivuleUUU.dll
c:\windows\system32\FFFFnagefipiUUUU.dll
c:\windows\system32\FFFFwusonahaUUUU.dll
c:\windows\system32\FFFFyudedawoUUU.dll
c:\windows\system32\gakejuha.dll
c:\windows\system32\gawajaso.dll
c:\windows\system32\gekujedo.dll
c:\windows\system32\halihupe.dll
c:\windows\system32\hesudipi.dll
c:\windows\system32\hryrax.dll
c:\windows\system32\jaduzida.dll
c:\windows\system32\janopuza.dll
c:\windows\system32\jitajomo.dll
c:\windows\system32\jubetufa.dll
c:\windows\system32\kafuyora.dll
c:\windows\system32\kajoveka.dll
c:\windows\system32\kjrsqx.dll
c:\windows\system32\laxnkv.dll
c:\windows\system32\lelohute.dll
c:\windows\system32\muwideka.dll
c:\windows\system32\nemihito.dll
c:\windows\system32\nivedusa.dll
c:\windows\system32\nugeloba.dll
c:\windows\system32\papubovu.dll
c:\windows\system32\popuguji.dll
c:\windows\system32\qebrspcr.ini
c:\windows\system32\qnvnzh.dll
c:\windows\system32\qpvxje.dll
c:\windows\system32\rhgflu.dll
c:\windows\system32\riwevito.dll
c:\windows\system32\robotihu.dll
c:\windows\system32\sabiyubi.dll
c:\windows\system32\sayabase.dll
c:\windows\system32\sitoruso.dll
c:\windows\system32\tabisape.dll
c:\windows\system32\tmp.reg
c:\windows\system32\tomiyegi.dll
c:\windows\system32\ubapanoy.ini
c:\windows\system32\utadibeb.ini
c:\windows\system32\uwthqn.dll
c:\windows\system32\wafhhi.dll
c:\windows\system32\wenoyala.dll
c:\windows\system32\wisezeki.dll
c:\windows\system32\yimogate.dll
c:\windows\system32\yonapabu.dll
c:\windows\system32\zigubose.dll
c:\windows\system32\zipomona.dll
c:\windows\system32\zonirina.dll
c:\windows\system32\zukepive.dll
c:\windows\system32\zukumuha.dll

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PCIDump


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.

2009-03-25 23:37 . 2009-03-25 23:37 <DIR> d-------- c:\program files\ERUNT
2009-03-25 10:15 . 2009-03-25 10:15 2,098 ---hs---- c:\windows\SYSTEM32\rejijejo.dll
2009-03-05 23:54 . 2009-03-05 23:54 230 --a------ c:\windows\SYSTEM32\spupdsvc.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 14:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2009-03-28 14:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2009-03-28 14:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2009-03-28 14:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2009-03-28 14:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2009-03-28 14:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2009-03-28 14:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2009-03-28 14:52 279,134 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2009-03-26 03:15 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-25 03:33 --------- d-----w c:\documents and settings\John\Application Data\CallingID
2009-03-25 03:19 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-15 13:56 --------- d-----w c:\documents and settings\Jean\Application Data\CallingID
2009-03-02 03:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-04 14:11 --------- d-----w c:\program files\Java
2009-02-04 08:07 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2005-08-02 20:46 187,904 --sha-r c:\windows\Sm9obg\asappsrv.dll
2005-08-02 20:58 293,888 --sha-r c:\windows\Sm9obg\command.exe
2005-07-29 20:24 472 --sha-r c:\windows\Sm9obg\mA6Cv0.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-03-21_23.54.32.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 ----a-w c:\windows\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w c:\windows\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w c:\windows\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w c:\windows\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-05-02 13:30:08 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:49 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3GDR\msgsc.dll
+ 2008-05-02 13:42:10 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-03-01 13:03:00 124,928 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
+ 2008-03-01 13:03:00 347,136 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
+ 2008-03-01 13:03:00 214,528 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
+ 2008-03-01 13:03:00 132,608 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
+ 2008-03-01 13:03:00 63,488 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
+ 2008-02-22 09:39:56 70,656 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
+ 2008-03-01 13:03:00 153,088 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
+ 2008-03-01 13:03:00 230,400 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
+ 2008-03-01 13:03:00 383,488 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
+ 2008-03-01 13:03:00 388,608 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
+ 2008-03-01 13:03:01 6,067,712 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
+ 2008-03-01 13:03:01 44,544 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
+ 2008-03-01 13:03:01 267,776 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
+ 2008-02-22 09:39:56 13,824 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
+ 2008-02-22 09:40:22 625,664 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
+ 2008-03-01 13:03:01 27,648 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
+ 2008-03-01 13:03:01 459,264 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
+ 2008-03-01 13:03:01 52,224 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
+ 2008-03-01 13:03:01 3,593,216 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
+ 2008-03-01 13:03:01 478,208 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
+ 2008-03-01 13:03:01 193,024 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
+ 2008-03-01 13:03:01 671,232 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
+ 2008-03-01 13:03:01 102,912 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
+ 2008-03-01 13:03:01 44,544 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
+ 2008-03-01 13:03:02 105,984 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
+ 2008-03-01 13:03:02 1,162,752 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
+ 2008-03-01 13:03:02 233,472 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
+ 2008-03-01 13:03:02 827,392 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB947864-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB947864-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB947864-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB947864-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB947864-IE7\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w c:\windows\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-23 03:35:35 124,928 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll
+ 2008-04-23 03:35:35 347,136 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll
+ 2008-04-23 03:35:35 214,528 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll
+ 2008-04-23 03:35:35 132,608 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll
+ 2008-04-23 03:35:35 63,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll
+ 2008-04-22 08:02:19 70,656 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe
+ 2008-04-23 03:35:35 153,088 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll
+ 2008-04-23 03:35:35 230,400 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll
+ 2008-04-20 05:07:38 161,792 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat
+ 2008-04-23 03:35:35 383,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll
+ 2008-04-23 03:35:35 388,608 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll
+ 2008-04-23 03:35:36 6,068,224 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll
+ 2008-04-23 03:35:36 44,544 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll
+ 2008-04-23 03:35:36 267,776 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll
+ 2008-04-22 08:02:19 13,824 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe
+ 2008-04-22 08:02:46 625,664 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
+ 2008-04-23 03:35:36 27,648 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll
+ 2008-04-23 03:35:36 459,264 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll
+ 2008-04-23 03:35:36 52,224 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll
+ 2008-04-23 03:35:36 3,593,728 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
+ 2008-04-23 03:35:36 478,208 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll
+ 2008-04-23 03:35:36 193,024 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll
+ 2008-04-23 03:35:36 671,232 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll
+ 2008-04-23 03:35:36 102,912 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll
+ 2008-04-23 03:35:36 44,544 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll
+ 2008-04-23 03:35:36 105,984 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\url.dll
+ 2008-04-23 03:35:36 1,162,752 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll
+ 2008-04-23 03:35:36 233,472 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll
+ 2008-04-23 03:35:36 827,392 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB950759-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB950759-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB950759-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB950759-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB950759-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 ----a-w c:\windows\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 18:39:39 683,520 ----a-w c:\windows\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-12 04:22:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:31 755,576 ----a-w c:\windows\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-13 09:52:16 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-13 11:05:51 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-13 11:27:43 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-04-14 11:00:16 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 12:30:49 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 12:36:35 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-01 15:04:00 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:33:02 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:38:05 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 16:01:38 124,928 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll
+ 2008-06-23 16:01:38 347,136 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:01:39 214,528 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll
+ 2008-06-23 16:01:39 132,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll
+ 2008-06-23 16:01:39 63,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll
+ 2008-06-23 08:23:18 70,656 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
+ 2008-06-23 16:01:39 153,088 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll
+ 2008-06-23 16:01:39 230,400 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll
+ 2008-06-21 05:23:53 161,792 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat
+ 2008-06-23 16:01:40 383,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll
+ 2008-06-23 16:01:40 388,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll
+ 2008-06-23 16:01:43 6,068,736 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll
+ 2008-06-23 16:01:43 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll
+ 2008-06-23 16:01:44 267,776 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll
+ 2008-06-23 08:23:18 13,824 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
+ 2008-06-23 08:23:52 625,664 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
+ 2008-06-23 16:01:46 27,648 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll
+ 2008-06-23 16:01:46 459,264 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll
+ 2008-06-23 16:01:46 52,224 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll
+ 2008-06-23 16:01:49 3,594,240 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
+ 2008-06-23 16:01:49 477,696 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll
+ 2008-06-23 16:01:49 193,024 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll
+ 2008-06-23 16:01:50 671,232 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll
+ 2008-06-23 16:01:50 102,912 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll
+ 2008-06-23 16:01:50 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll
+ 2008-06-23 16:01:50 105,984 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\url.dll
+ 2008-06-23 16:01:51 1,162,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll
+ 2008-06-23 16:01:51 233,472 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll
+ 2008-06-23 16:01:51 827,904 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB953839\update\updspapi.dll
+ 2008-09-15 12:17:07 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP2QFE\win32k.sys
+ 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\$hf_mig$\KB954211\SP3GDR\win32k.sys
+ 2008-09-15 12:25:27 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-10-03 09:57:49 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP2QFE\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3GDR\strmdll.dll
+ 2008-10-03 09:49:31 247,326 ----a-w c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954600\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954600\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954600\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB954600\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB954600\update\updspapi.dll
+ 2008-09-04 16:32:52 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP2QFE\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3GDR\msxml3.dll
+ 2008-09-04 17:12:27 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 18:08:38 382,840 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-14 09:48:52 138,368 ----a-w c:\windows\$hf_mig$\KB956803\SP2QFE\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3GDR\afd.sys
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 09:55:01 2,142,720 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlmp.exe
+ 2008-08-14 09:18:44 2,062,976 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
+ 2008-08-14 09:18:46 2,020,864 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrpamp.exe
+ 2008-08-14 09:57:20 2,185,984 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
+ 2008-08-14 10:09:26 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
+ 2008-08-14 10:39:28 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 19:39:46 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 10:09:44 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 20:11:10 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-08-28 10:35:33 333,056 ----a-w c:\windows\$hf_mig$\KB957095\SP2QFE\srv.sys
+ 2008-09-08 10:41:42 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3GDR\srv.sys
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-24 11:25:29 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04 755,576 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12 382,840 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-16 20:24:09 124,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
+ 2008-10-16 20:24:09 347,136 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
+ 2008-10-16 20:24:09 214,528 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
+ 2008-10-16 20:24:09 132,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
+ 2008-10-16 20:24:09 63,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
+ 2008-10-16 12:46:08 70,656 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
+ 2008-10-16 20:24:09 153,088 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
+ 2008-10-16 20:24:09 230,400 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
+ 2008-10-15 06:33:26 161,792 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
+ 2008-10-16 20:24:09 380,928 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
+ 2008-10-16 20:24:09 388,608 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-16 20:24:09 6,068,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
+ 2008-10-16 20:24:09 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
+ 2008-10-16 20:24:09 267,776 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
+ 2008-10-16 12:46:08 13,824 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
+ 2008-10-15 06:34:58 633,632 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
+ 2008-10-16 20:24:10 27,648 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
+ 2008-10-16 20:24:10 459,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
+ 2008-10-16 20:24:10 52,224 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
+ 2008-10-16 20:24:10 3,595,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
+ 2008-10-16 20:24:10 477,696 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
+ 2008-10-16 20:24:10 193,024 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
+ 2008-10-16 20:24:10 671,232 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
+ 2008-10-16 20:24:10 102,912 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
+ 2008-10-16 20:24:10 44,544 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
+ 2008-10-16 20:24:10 105,984 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
+ 2008-10-16 20:24:11 1,163,264 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
+ 2008-10-16 20:24:11 233,472 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
+ 2008-10-16 20:24:11 827,904 ----a-w c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB958215-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB958215-IE7\update\updspapi.dll
+ 2008-10-15 16:53:28 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP2QFE\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\$hf_mig$\KB958644\SP3GDR\netapi32.dll
+ 2008-10-15 16:25:53 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2008-12-11 10:24:44 333,184 ----a-w c:\windows\$hf_mig$\KB958687\SP2QFE\srv.sys
+ 2008-12-11 10:57:09 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3GDR\srv.sys
+ 2008-12-11 12:33:59 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3QFE\srv.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB958687\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB958687\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB958687\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958687\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958687\update\updspapi.dll
+ 2008-12-13 06:26:56 3,594,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB960714-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB960714-IE7\update\updspapi.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB960715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB960715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB960715\update\spcustom.dll
+ 2008-11-15 17:18:04 755,576 ----a-w c:\windows\$hf_mig$\KB960715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB960715\update\updspapi.dll
+ 2008-12-20 23:55:43 124,928 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\advpack.dll
+ 2008-12-20 23:55:44 347,136 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\dxtmsft.dll
+ 2008-12-20 23:55:44 214,528 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\dxtrans.dll
+ 2008-12-20 23:55:44 132,608 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\extmgr.dll
+ 2008-12-20 23:55:45 63,488 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\icardie.dll
+ 2008-12-19 09:41:51 70,656 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ie4uinit.exe
+ 2008-12-20 23:55:45 153,088 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieakeng.dll
+ 2008-12-20 23:55:45 230,400 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieaksie.dll
+ 2008-12-19 05:24:02 161,792 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dat
+ 2008-12-20 23:55:46 380,928 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dll
+ 2008-12-20 23:55:46 388,608 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iedkcs32.dll
+ 2008-12-20 23:55:50 6,068,736 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieframe.dll
+ 2008-12-20 23:55:50 44,544 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iernonce.dll
+ 2008-12-20 23:55:50 267,776 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iertutil.dll
+ 2008-12-19 09:41:52 13,824 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\ieudinit.exe
+ 2008-12-19 05:25:30 634,024 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
+ 2008-12-20 23:55:51 27,648 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\jsproxy.dll
+ 2008-12-20 23:55:51 459,264 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msfeeds.dll
+ 2008-12-20 23:55:51 52,224 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msfeedsbs.dll
+ 2009-01-16 16:24:38 3,596,288 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
+ 2008-12-20 23:55:56 477,696 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtmled.dll
+ 2008-12-20 23:55:56 193,024 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\msrating.dll
+ 2008-12-20 23:55:57 671,232 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mstime.dll
+ 2008-12-20 23:55:57 102,912 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\occache.dll
+ 2008-12-20 23:55:57 44,544 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\pngfilt.dll
+ 2008-12-20 23:55:57 105,984 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\url.dll
+ 2008-12-20 23:55:59 1,163,264 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\urlmon.dll
+ 2008-12-20 23:55:59 233,472 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\webcheck.dll
+ 2008-12-20 23:56:00 827,904 ----a-w c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB961260-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB961260-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB961260-IE7\update\updspapi.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\$hf_mig$\KB967715\SP3GDR\shell32.dll
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2002-08-29 10:00:00 1,740 -c----w c:\windows\$NtServicePackUninstall$\dcache.bin
+ 2002-08-29 06:32:34 2,816 -c----w c:\windows\$NtServicePackUninstall$\drmkaud.sys
+ 2004-08-04 07:56:42 294,400 -c----w c:\windows\$NtUninstallKB932823-v3$\msctf.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB932823-v3$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB932823-v3$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB941693$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB941693$\spuninst\updspapi.dll
+ 2007-03-08 13:47:48 1,843,584 -c----w c:\windows\$NtUninstallKB941693$\win32k.sys
+ 2006-06-26 17:37:10 148,480 -c----w c:\windows\$NtUninstallKB945553$\dnsapi.dll
+ 2004-08-04 07:56:42 45,568 -c----w c:\windows\$NtUninstallKB945553$\dnsrslvr.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB945553$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB945553$\spuninst\updspapi.dll
+ 2004-08-04 07:56:43 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB946648$\spuninst\updspapi.dll
+ 2007-06-19 13:31:19 282,112 -c----w c:\windows\$NtUninstallKB948590$\gdi32.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB948590$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB948590$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\$NtUninstallKB948881$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\$NtUninstallKB948881$\spuninst\updspapi.dll
+ 2004-08-04 07:56:42 561,179 -c----w c:\windows\$NtUninstallKB950749$\dao360.dll
+ 2004-08-04 07:56:43 512,029 -c----w c:\windows\$NtUninstallKB950749$\msexch40.dll
+ 2004-08-04 07:56:43 319,517 -c----w c:\windows\$NtUninstallKB950749$\msexcl40.dll
+ 2004-08-04 07:56:43 1,507,356 -c----w c:\windows\$NtUninstallKB950749$\msjet40.dll
+ 2004-03-01 18:52:15 358,976 -c----w c:\windows\$NtUninstallKB950749$\msjetol1.dll
+ 2004-03-01 18:52:15 358,976 -c----w c:\windows\$NtUninstallKB950749$\msjetoledb40.dll
+ 2004-08-04 07:56:43 151,583 -c----w c:\windows\$NtUninstallKB950749$\msjint40.dll
+ 2004-08-04 07:56:43 53,279 -c----w c:\windows\$NtUninstallKB950749$\msjter40.dll
+ 2004-08-04 07:56:43 241,693 -c----w c:\windows\$NtUninstallKB950749$\msjtes40.dll
+ 2004-08-04 07:56:43 213,023 -c----w c:\windows\$NtUninstallKB950749$\msltus40.dll
+ 2004-08-04 07:56:43 348,189 -c----w c:\windows\$NtUninstallKB950749$\mspbde40.dll
+ 2004-08-04 07:56:43 421,919 -c----w c:\windows\$NtUninstallKB950749$\msrd2x40.dll
+ 2004-08-04 07:56:43 315,423 -c----w c:\windows\$NtUninstallKB950749$\msrd3x40.dll
+ 2004-08-04 07:56:43 552,989 -c----w c:\windows\$NtUninstallKB950749$\msrepl40.dll
+ 2004-08-04 07:56:43 258,077 -c----w c:\windows\$NtUninstallKB950749$\mstext40.dll
+ 2004-08-04 07:56:44 831,519 -c----w c:\windows\$NtUninstallKB950749$\mswdat10.dll
+ 2004-08-04 07:56:44 614,429 -c----w c:\windows\$NtUninstallKB950749$\mswstr10.dll
+ 2004-08-04 07:56:44 348,189 -c----w c:\windows\$NtUninstallKB950749$\msxbde40.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB950749$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB950749$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950760$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950760$\spuninst\updspapi.dll
+ 2006-07-13 08:48:58 202,240 -c----w c:\windows\$NtUninstallKB950762$\rmcast.sys
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950762$\spuninst\updspapi.dll
+ 2005-07-26 04:39:45 243,200 -c----w c:\windows\$NtUninstallKB950974$\es.dll

jwayne73
2009-03-29, 03:38
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB950974$\spuninst\updspapi.dll
+ 2007-08-21 06:15:44 683,520 -c----w c:\windows\$NtUninstallKB951066$\inetcomm.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951066$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951072-v2$\spuninst\updspapi.dll
+ 2007-11-13 11:31:11 60,416 -c----w c:\windows\$NtUninstallKB951072-v2$\tzchange.exe
+ 2008-04-14 11:01:02 272,128 -c----w c:\windows\$NtUninstallKB951376-v2$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB951376-v2$\spuninst\updspapi.dll
+ 2004-08-04 06:10:37 274,304 -c----w c:\windows\$NtUninstallKB951376$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951376$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB951376$\spuninst\updspapi.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w c:\windows\$NtUninstallKB951698$\quartz.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951698$\spuninst\updspapi.dll
+ 2004-08-04 06:14:14 138,496 -c----w c:\windows\$NtUninstallKB951748$\afd.sys
+ 2008-02-20 05:32:43 148,992 -c----w c:\windows\$NtUninstallKB951748$\dnsapi.dll
+ 2004-08-04 07:56:44 245,248 -c----w c:\windows\$NtUninstallKB951748$\mswsock.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB951748$\spuninst\updspapi.dll
+ 2007-10-30 17:20:55 360,064 -c----w c:\windows\$NtUninstallKB951748$\tcpip.sys
+ 2006-08-16 09:37:30 225,664 -c----w c:\windows\$NtUninstallKB951748$\tcpip6.sys
+ 2006-10-19 00:03:58 100,864 -c----w c:\windows\$NtUninstallKB952069_WM9$\logagent.exe
+ 2007-07-27 14:41:48 231,288 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe
+ 2007-07-27 14:41:48 382,840 -c----w c:\windows\$NtUninstallKB952069_WM9$\spuninst\updspapi.dll
+ 2006-10-19 01:47:20 937,984 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmnetmgr.dll
+ 2006-10-19 01:47:22 2,450,944 -c----w c:\windows\$NtUninstallKB952069_WM9$\wmvcore.dll
+ 2004-08-04 07:56:42 331,776 -c----w c:\windows\$NtUninstallKB952287$\msadce.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB952287$\spuninst\updspapi.dll
+ 2005-06-29 01:46:00 74,240 -c----w c:\windows\$NtUninstallKB952954$\mscms.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB952954$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB953839$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB953839$\spuninst\updspapi.dll
+ 2007-07-27 14:41:48 231,288 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe
+ 2007-07-27 14:41:48 382,840 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll
+ 2006-10-19 01:47:20 295,936 -c----w c:\windows\$NtUninstallKB954154_WM11$\wmpeffects.dll
+ 2007-07-27 14:41:48 231,288 -c----w c:\windows\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe
+ 2007-07-27 14:41:48 382,840 -c----w c:\windows\$NtUninstallKB954156_WM9L$\spuninst\updspapi.dll
+ 2002-12-11 23:38:52 929,280 -c----w c:\windows\$NtUninstallKB954156_WM9L$\wmex.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi.dll
+ 2008-03-19 09:47:00 1,845,248 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB954600$\spuninst\updspapi.dll
+ 2006-08-21 14:52:08 246,814 -c----w c:\windows\$NtUninstallKB954600$\strmdll.dll
+ 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 18:08:38 382,840 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB955839$\spuninst\updspapi.dll
+ 2008-07-14 11:09:18 62,976 -c----w c:\windows\$NtUninstallKB955839$\tzchange.exe
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2008-02-20 06:51:05 282,624 -c----w c:\windows\$NtUninstallKB956802$\gdi32.dll
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll
+ 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll
+ 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\$NtUninstallKB956841$\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi.dll
+ 2006-08-14 10:34:41 332,928 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
+ 2006-05-05 09:41:45 453,120 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:02:12 382,840 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2006-08-17 12:28:27 332,288 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958687$\spuninst\updspapi.dll
+ 2008-08-28 10:04:17 333,056 -c----w c:\windows\$NtUninstallKB958687$\srv.sys
+ 2008-07-09 07:38:25 231,288 -c----w c:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB960715$\spuninst\updspapi.dll
+ 2007-10-26 03:34:01 8,460,288 -c----w c:\windows\$NtUninstallKB967715$\shell32.dll
+ 2008-07-09 07:38:25 231,288 -c----w c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll
+ 2007-10-29 10:04:03 350,720 -c----w c:\windows\$NtUninstallKB967715$\xpsp3res.dll
- 2004-09-15 20:58:35 997,992 -c--a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2009-02-04 08:02:26 1,000,848 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
- 2004-09-15 20:58:36 1,100,392 -c--a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2009-02-04 08:05:14 1,103,248 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
- 2004-09-15 20:58:36 141,928 -c--a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2009-02-04 08:02:53 144,784 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
- 2004-09-15 21:03:44 88,776 -c--a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2009-02-04 08:05:53 91,488 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
- 2004-09-15 21:03:44 101,064 -c--a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2009-02-04 08:05:53 103,776 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
- 2004-09-15 20:58:36 408,176 -c--a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2009-02-04 08:05:30 411,024 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
- 2004-09-15 20:58:36 35,448 -c--a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2009-02-04 08:05:24 38,304 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
- 2004-09-15 20:58:36 461,416 -c--a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2009-02-04 08:05:05 464,272 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
- 2004-09-15 20:58:36 223,856 -c--a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-02-04 08:05:46 226,712 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2004-09-15 20:58:36 211,568 -c--a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2009-02-04 08:05:49 214,424 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
- 2004-09-15 20:58:36 20,080 -c--a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2009-02-04 08:05:01 22,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
- 2004-09-15 20:58:36 662,120 -c--a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-02-04 08:05:39 664,968 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2004-09-15 20:58:36 371,296 -c--a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2009-02-04 08:02:52 374,152 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
- 2004-09-15 20:58:36 64,088 -c--a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-02-04 08:02:45 66,936 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2004-09-15 20:58:36 223,800 -c--a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-02-04 08:02:36 226,656 ----a-w c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\I386\bthport.sys
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\Driver Cache\I386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\I386\mrxsmb.sys
- 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\I386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\Driver Cache\I386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\I386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\Driver Cache\I386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\I386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\Driver Cache\I386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\I386\ntoskrnl.exe
+ 2005-10-20 16:02:28 163,328 ----a-w c:\windows\erdnt\3-25-2009\ERDNT.EXE
+ 2009-03-26 03:37:35 11,141,120 ----a-w c:\windows\erdnt\3-25-2009\Users\00000001\NTUSER.DAT
+ 2009-03-26 03:37:35 3,309,568 ----a-w c:\windows\erdnt\3-25-2009\Users\00000002\UsrClass.dat
+ 2005-10-20 16:02:28 163,328 ----a-w c:\windows\erdnt\AutoBackup\2009-03-28\ERDNT.EXE
+ 2009-03-28 14:54:21 11,169,792 ----a-w c:\windows\erdnt\AutoBackup\2009-03-28\Users\00000001\NTUSER.DAT
+ 2009-03-28 14:54:22 3,309,568 ----a-w c:\windows\erdnt\AutoBackup\2009-03-28\Users\00000002\UsrClass.dat
- 2000-08-31 12:00:00 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 12:00:00 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2000-08-31 12:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 12:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2008-03-01 13:06:20 124,928 -c----w c:\windows\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w c:\windows\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w c:\windows\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w c:\windows\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w c:\windows\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w c:\windows\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w c:\windows\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w c:\windows\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w c:\windows\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w c:\windows\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w c:\windows\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w c:\windows\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w c:\windows\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w c:\windows\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w c:\windows\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w c:\windows\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w c:\windows\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w c:\windows\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w c:\windows\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w c:\windows\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w c:\windows\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w c:\windows\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w c:\windows\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w c:\windows\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w c:\windows\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w c:\windows\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w c:\windows\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w c:\windows\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w c:\windows\ie7updates\KB950759-IE7\wininet.dll
+ 2008-06-23 16:57:27 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 14:57:40 3,592,192 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-10-17 07:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2004-09-15 20:58:35 997,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ACCESS.DLL
+ 2003-07-15 02:43:20 87,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2003-07-15 02:57:34 38,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 02:53:06 94,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 02:53:24 60,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\BLNMGR.DLL
+ 2003-07-15 02:53:22 46,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 07:18:12 47,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-25 22:57:20 75,832 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-15 02:56:54 14,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 02:57:14 98,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2004-09-15 20:58:36 1,100,392 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL
+ 2003-07-15 02:41:44 13,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2002-10-07 13:49:36 192,573 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2004-09-15 20:58:36 371,296 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL
+ 2003-07-15 02:40:12 179,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 02:40:12 165,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2004-09-15 20:58:36 141,928 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL
+ 2003-07-24 02:32:32 121,400 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-07-15 02:45:14 58,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
+ 2003-06-18 21:31:10 252,928 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-18 21:31:34 443,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-07-15 02:46:08 176,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-07-15 07:13:58 130,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL
+ 2003-07-15 02:57:14 124,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-07-15 03:12:22 47,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-07-15 02:58:04 230,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2002-12-17 23:08:50 359,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2002-12-17 23:08:54 1,383,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-15 02:56:14 40,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 02:51:44 87,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 07:14:00 139,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL
+ 2002-04-10 00:14:36 187,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2003-07-15 02:52:52 17,464 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-15 02:57:16 120,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 02:52:52 27,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 02:44:06 25,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 02:52:56 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2002-12-17 23:09:24 2,071,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2003-07-15 02:56:16 54,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-11 06:15:48 1,292,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 07:18:52 376,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-15 02:52:54 28,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 02:52:52 35,896 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 02:53:00 55,872 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-07-15 02:53:20 39,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 02:46:16 42,040 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 02:45:12 55,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 02:45:12 39,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-18 21:31:24 1,033,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-06-18 21:31:54 788,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-06-18 21:31:50 16,384 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 20:05:52 128,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-06-19 20:05:50 364,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 03:02:42 637,496 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-07-15 02:52:58 41,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2004-09-15 20:58:36 20,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL
+ 2003-07-15 03:00:54 145,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 02:57:10 56,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 02:56:52 13,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-06-18 21:31:58 6,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
+ 2004-09-15 20:58:36 223,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 07:14:26 283,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 07:14:26 27,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 07:14:26 242,240 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2004-09-15 20:58:36 35,448 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL
+ 2003-07-15 03:05:24 1,054,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-15 03:05:24 1,054,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL_0002
+ 2003-07-15 02:44:34 102,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 02:44:32 88,128 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2004-09-15 20:58:36 408,176 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL
+ 2003-07-15 02:43:18 64,056 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-15 02:43:16 49,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2004-09-15 20:58:36 461,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL
+ 2003-07-15 07:18:54 430,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 07:18:44 93,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2004-09-15 20:58:36 223,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL
+ 2002-10-07 14:11:00 167,997 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2004-09-15 20:58:36 211,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBPIA.DLL
+ 2003-07-15 02:40:16 51,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-07-15 02:42:26 37,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-05-09 01:54:00 77,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 02:57:08 40,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2002-10-07 13:49:42 81,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-21 15:46:38 390,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 02:57:18 349,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-15 02:44:16 66,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 02:57:08 58,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 02:53:14 11,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-08-03 14:52:32 2,808,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2002-10-07 13:53:04 106,561 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2003-07-15 03:00:22 99,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2002-10-07 13:50:44 241,729 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 13:51:04 180,289 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 13:51:14 147,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 13:51:20 102,467 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 13:50:04 118,847 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 13:49:56 81,983 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2002-10-07 13:51:44 221,252 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2003-07-15 02:57:40 59,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2004-09-15 20:58:36 64,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2004-09-15 20:58:36 662,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL
+ 2002-10-07 14:03:34 1,794,113 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-04-30 15:52:32 1,581,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2003-01-17 18:03:34 59,466 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
+ 2007-03-23 00:07:56 91,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-03-23 00:07:54 80,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2001-06-05 12:13:22 289,926 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2001-06-05 12:13:22 34,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2007-04-19 18:53:52 137,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 18:41:06 10,352,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 19:09:30 167,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 18:53:52 127,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2001-06-05 12:13:24 18,844 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 12:13:26 65,536 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2007-04-19 18:54:04 183,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-06-18 22:16:32 12,259,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-10 18:35:04 6,747,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2001-10-23 04:13:42 53,260 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2001-06-05 12:13:26 40,972 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
+ 2007-05-31 18:43:46 7,613,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 18:53:44 106,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 18:42:14 200,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 18:53:56 149,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 18:53:24 69,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-05-31 18:35:22 6,420,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-31 18:35:46 133,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-05-31 18:36:08 612,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-10 18:34:48 562,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-03-23 00:07:10 41,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-23 00:07:54 78,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 00:22:02 103,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-09 22:19:48 2,585,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 18:37:40 12,310,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2008-10-27 20:48:49 8,854 ----a-r c:\windows\Installer\{0AFD47CE-CA9C-4372-AA20-CB05D33638FA}\ARPPRODUCTICON.exe
+ 2008-11-24 14:14:06 45,056 ----a-r c:\windows\Installer\{127FD6A9-4498-4D73-A6C4-6D6DD0ADC6FA}\ARPPRODUCTICON.exe
+ 2008-11-12 08:00:49 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2008-10-27 19:15:32 53,248 ----a-r c:\windows\Installer\{8F5BB347-9C6C-4502-B58F-AB1080FE93CF}\ARPPRODUCTICON.exe
- 2006-05-07 16:14:45 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-02-11 08:04:56 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2006-05-07 16:14:46 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-02-11 08:04:56 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-05-07 16:14:46 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-02-11 08:04:56 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-05-07 16:14:45 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-02-11 08:04:55 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-05-07 16:14:46 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-02-11 08:04:56 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-05-07 16:14:46 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-02-11 08:04:56 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-05-07 16:14:46 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-02-11 08:04:56 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-05-07 16:14:46 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-02-11 08:04:56 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-05-07 16:14:45 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-02-11 08:04:56 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-05-07 16:14:45 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-02-11 08:04:55 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-05-07 16:14:46 23,040 -c--a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-02-11 08:04:56 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-05-07 16:14:45 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-02-11 08:04:55 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-05-07 16:14:45 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-02-11 08:04:55 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-01 22:59:17 65,536 ----a-r c:\windows\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}\ARPPRODUCTICON.exe
+ 2008-04-01 22:59:17 65,536 ----a-r c:\windows\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}\NewShortcut2_4BDFD2CE632942E498019B3D1F10D79B.exe
+ 2008-04-01 22:59:17 65,536 ----a-r c:\windows\Installer\{A654A805-41D9-40C7-AA46-4AF04F044D61}\NewShortcut3_4BDFD2CE632942E498019B3D1F10D79B.exe
+ 2008-04-01 23:02:39 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2008-10-27 20:49:40 10,134 ----a-r c:\windows\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\ARPPRODUCTICON.exe
+ 2009-01-14 14:57:57 45,056 ----a-r c:\windows\Installer\{BE0C7E78-E597-494C-A781-8566119A7905}\ARPPRODUCTICON.exe
+ 2008-05-05 17:30:00 45,056 ----a-r c:\windows\Installer\{D6CEFB63-C4A7-479C-89B9-15EA5DCB739E}\ARPPRODUCTICON.exe
+ 2008-03-22 04:40:45 45,056 ----a-r c:\windows\Installer\{DD61FE64-6ACB-401D-9458-6F75BFF129C8}\ARPPRODUCTICON.exe
+ 2008-10-27 20:47:52 8,854 ----a-r c:\windows\Installer\{F05A5232-CE5E-4274-AB27-44EB8105898D}\ARPPRODUCTICON.exe
- 1998-10-29 22:45:06 306,688 ----a-w c:\windows\IsUninst.exe
+ 2000-06-20 05:02:00 306,688 ----a-w c:\windows\IsUninst.exe
+ 2005-03-01 22:54:30 2,678 -c--a-w c:\windows\Java\Packages\Data\2ZRBHJ79.DAT
+ 2005-03-01 22:54:31 2,678 -c--a-w c:\windows\Java\Packages\Data\9RXBFZDN.DAT
+ 2005-03-01 22:54:33 2,678 -c--a-w c:\windows\Java\Packages\Data\A8NZ1JP3.DAT
+ 2005-03-01 22:54:30 2,678 -c--a-w c:\windows\Java\Packages\Data\J3TZ9B75.DAT
+ 2005-03-01 22:54:31 2,678 -c--a-w c:\windows\Java\Packages\Data\Q1RBT7BJ.DAT
+ 2005-02-26 04:22:39 2,232 -c--a-w c:\windows\Java\Packages\Data\RN3JXRB3.DAT
- 2000-08-31 12:00:00 28,160 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 12:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 12:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2004-08-04 08:07:21 1,788 -c----w c:\windows\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 -c----w c:\windows\ServicePackFiles\i386\drmkaud.sys
+ 2002-04-15 18:31:50 107,776 ----a-w c:\windows\setupupd\dudrvs\3229025\ac97ich4.sys
+ 2001-07-14 21:32:24 69,632 ----a-w c:\windows\setupupd\temp\wsdueng.dll
+ 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 12:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 12:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2002-08-29 10:00:00 2,000 -c--a-w c:\windows\SYSTEM\KEYBOARD.DRV
+ 2002-08-29 10:00:00 2,032 -c--a-w c:\windows\SYSTEM\MOUSE.DRV
+ 2002-08-29 10:00:00 1,744 -c--a-w c:\windows\SYSTEM\SOUND.DRV
+ 2002-08-29 10:00:00 2,176 -c--a-w c:\windows\SYSTEM\VGA.DRV
- 2006-11-07 08:26:44 71,680 -c--a-w c:\windows\SYSTEM32\admparse.dll
+ 2004-08-04 07:56:41 61,440 ----a-w c:\windows\SYSTEM32\admparse.dll
- 2007-12-07 02:21:45 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
+ 2004-08-04 07:56:41 99,840 ----a-w c:\windows\SYSTEM32\advpack.dll
- 2007-07-30 23:19:20 92,504 ----a-w c:\windows\SYSTEM32\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
- 2007-01-09 00:01:14 17,408 ----a-w c:\windows\SYSTEM32\corpol.dll
+ 2004-08-04 07:56:41 35,328 ----a-w c:\windows\SYSTEM32\corpol.dll
+ 2004-08-04 08:07:21 1,788 -c--a-w c:\windows\SYSTEM32\dcache.bin
+ 2009-02-04 14:11:42 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll
+ 2004-03-15 06:04:00 2,233 ----a-w c:\windows\SYSTEM32\dla\tfsndres.sys
- 2007-12-07 02:21:45 124,928 ----a-w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2004-08-04 07:56:41 99,840 ----a-w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-08-14 09:51:43 138,368 ------w c:\windows\SYSTEM32\DLLCACHE\afd.sys
- 2004-08-04 06:10:37 274,304 ----a-w c:\windows\SYSTEM32\DLLCACHE\bthport.sys
+ 2008-06-13 13:10:50 272,128 ----a-w c:\windows\SYSTEM32\DLLCACHE\bthport.sys
- 2007-07-30 23:19:20 92,504 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
- 2004-08-11 05:45:04 28,672 ----a-w c:\windows\SYSTEM32\DLLCACHE\custsat.dll
+ 2006-06-03 11:40:49 33,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\custsat.dll
+ 2008-03-25 04:50:25 554,008 ------w c:\windows\SYSTEM32\DLLCACHE\dao360.dll
- 2006-06-26 17:37:10 148,480 ----a-w c:\windows\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w c:\windows\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 ------w c:\windows\SYSTEM32\DLLCACHE\dnsrslvr.dll
+ 2004-08-04 06:07:57 2,944 -c--a-w c:\windows\SYSTEM32\DLLCACHE\drmkaud.sys
- 2007-12-19 23:01:06 347,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2006-10-23 15:34:20 357,888 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2006-10-23 15:34:20 205,312 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2005-07-26 04:39:45 243,200 -c--a-w c:\windows\SYSTEM32\DLLCACHE\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\SYSTEM32\DLLCACHE\es.dll
- 2007-12-07 02:21:45 133,120 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2006-10-23 15:34:20 55,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-06-19 13:31:19 282,112 ----a-w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
+ 2004-08-04 07:56:50 743,936 ----a-w c:\windows\SYSTEM32\DLLCACHE\helpsvc.exe
- 2007-12-07 02:21:45 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-12-20 23:15:13 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2007-12-07 02:21:45 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2006-10-17 17:04:50 69,120 -c--a-w c:\windows\SYSTEM32\DLLCACHE\iedw.exe
+ 2006-10-23 11:02:37 18,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedw.exe
- 2007-12-07 02:21:46 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
- 2006-11-08 02:03:36 191,488 ----a-w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2006-10-23 15:34:20 251,904 ----a-w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
- 2007-12-07 02:21:46 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2007-12-06 11:00:58 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2007-12-06 11:01:25 625,664 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2004-08-04 07:56:50 93,184 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
- 2007-08-21 06:15:44 683,520 ------w c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ------w c:\windows\SYSTEM32\DLLCACHE\inetcomm.dll
- 2006-11-07 08:26:24 92,672 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll
+ 2006-10-23 15:34:20 96,256 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll
- 2006-10-17 17:00:00 491,520 -c--a-w c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2006-05-18 05:24:25 450,560 ----a-w c:\windows\SYSTEM32\DLLCACHE\jscript.dll
- 2007-12-07 02:21:47 27,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2006-10-23 15:34:20 15,872 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2002-08-29 10:00:00 2,000 ----a-w c:\windows\SYSTEM32\DLLCACHE\keyboard.drv
- 2006-10-17 17:05:10 40,960 ----a-w c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
+ 2004-08-04 07:56:42 22,016 ----a-w c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
+ 2002-08-29 10:00:00 2,032 ----a-w c:\windows\SYSTEM32\DLLCACHE\mouse.drv
- 2006-05-05 09:41:45 453,120 -c--a-w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
+ 2008-05-01 14:30:33 331,776 ------w c:\windows\SYSTEM32\DLLCACHE\msadce.dll
+ 2008-06-24 16:23:05 74,240 ------w c:\windows\SYSTEM32\DLLCACHE\mscms.dll
- 2004-08-04 07:56:42 294,400 ----a-w c:\windows\SYSTEM32\DLLCACHE\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w c:\windows\SYSTEM32\DLLCACHE\msctf.dll
- 2004-08-04 07:56:43 512,029 ----a-w c:\windows\SYSTEM32\DLLCACHE\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\msexch40.dll
- 2004-08-04 07:56:43 319,517 ----a-w c:\windows\SYSTEM32\DLLCACHE\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\msexcl40.dll
- 2007-12-07 02:21:47 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2006-10-17 16:56:10 45,568 -c--a-w c:\windows\SYSTEM32\DLLCACHE\mshta.exe
+ 2004-08-04 07:56:53 29,184 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshta.exe
- 2007-12-08 05:21:48 3,592,192 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2006-10-23 15:34:22 3,061,248 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2006-10-23 15:34:21 448,512 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-03-25 04:50:34 1,516,568 ------w c:\windows\SYSTEM32\DLLCACHE\msjet40.dll
- 2004-03-01 18:52:15 358,976 -c----w c:\windows\SYSTEM32\DLLCACHE\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 ------w c:\windows\SYSTEM32\DLLCACHE\msjetol1.dll
+ 2008-03-27 08:12:54 151,583 ------w c:\windows\SYSTEM32\DLLCACHE\msjint40.dll
+ 2008-03-25 04:50:42 60,192 ------w c:\windows\SYSTEM32\DLLCACHE\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w c:\windows\SYSTEM32\DLLCACHE\msjtes40.dll
- 2006-11-08 02:03:36 156,160 -c--a-w c:\windows\SYSTEM32\DLLCACHE\msls31.dll
+ 2002-08-29 10:00:00 146,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\msls31.dll
- 2004-08-04 07:56:43 213,023 ----a-w c:\windows\SYSTEM32\DLLCACHE\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w c:\windows\SYSTEM32\DLLCACHE\msltus40.dll
- 2004-08-04 07:56:43 348,189 ----a-w c:\windows\SYSTEM32\DLLCACHE\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w c:\windows\SYSTEM32\DLLCACHE\mspbde40.dll
- 2007-12-07 02:21:48 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2006-10-23 15:34:21 146,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2004-08-04 07:56:43 421,919 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrepl40.dll
- 2004-08-04 07:56:43 258,077 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstext40.dll
- 2007-12-07 02:21:48 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2006-10-23 15:34:21 532,480 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2004-08-04 07:56:44 831,519 ----a-w c:\windows\SYSTEM32\DLLCACHE\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\mswdat10.dll
- 2004-08-04 07:56:44 245,248 -c--a-w c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w c:\windows\SYSTEM32\DLLCACHE\mswsock.dll
+ 2008-03-25 04:50:58 621,344 ------w c:\windows\SYSTEM32\DLLCACHE\mswstr10.dll
- 2004-08-04 07:56:44 348,189 ----a-w c:\windows\SYSTEM32\DLLCACHE\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w c:\windows\SYSTEM32\DLLCACHE\msxbde40.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
- 2006-08-17 12:28:27 332,288 -c--a-w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
- 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 -c--a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 -c--a-w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
- 2004-08-04 07:56:44 4,274,816 ----a-w c:\windows\SYSTEM32\DLLCACHE\nv4_disp.dll
+ 2007-12-05 05:41:00 5,773,568 ----a-w c:\windows\SYSTEM32\DLLCACHE\nv4_disp.dll
+ 2007-12-05 05:41:00 7,435,392 ----a-w c:\windows\SYSTEM32\DLLCACHE\nv4_mini.sys
- 2008-01-11 05:53:32 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2006-10-23 15:34:21 39,424 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 ------w c:\windows\SYSTEM32\DLLCACHE\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ------w c:\windows\SYSTEM32\DLLCACHE\quartz.dll
- 2006-07-13 08:48:58 202,240 ----a-w c:\windows\SYSTEM32\DLLCACHE\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\SYSTEM32\DLLCACHE\rmcast.sys
- 2007-10-26 03:34:01 8,460,288 ----a-w c:\windows\SYSTEM32\DLLCACHE\shell32.dll
+ 2008-07-03 13:03:29 8,460,800 ----a-w c:\windows\SYSTEM32\DLLCACHE\shell32.dll
+ 2004-08-04 07:56:56 50,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\smss.exe
+ 2002-08-29 10:00:00 1,744 ----a-w c:\windows\SYSTEM32\DLLCACHE\sound.drv
+ 2004-08-04 07:56:57 57,856 ----a-w c:\windows\SYSTEM32\DLLCACHE\spoolsv.exe
- 2006-08-14 10:34:41 332,928 -c----w c:\windows\SYSTEM32\DLLCACHE\srv.sys
+ 2008-12-11 11:57:21 333,184 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
- 2006-08-21 14:52:08 246,814 -c----w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
- 2007-10-30 17:20:55 360,064 ----a-w c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w c:\windows\SYSTEM32\DLLCACHE\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\SYSTEM32\DLLCACHE\tcpip6.sys
- 2007-12-07 02:21:48 105,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2004-08-04 07:56:46 37,888 ----a-w c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2006-10-23 15:34:22 615,936 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2006-11-08 02:03:36 413,696 -c--a-w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2004-08-04 07:56:46 417,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2002-08-29 10:00:00 2,176 ----a-w c:\windows\SYSTEM32\DLLCACHE\vga.drv
- 2007-07-12 23:31:54 765,952 ----a-w c:\windows\SYSTEM32\DLLCACHE\vgx.dll
+ 2006-12-19 18:08:07 852,480 ----a-w c:\windows\SYSTEM32\DLLCACHE\vgx.dll
- 2007-12-07 02:21:48 233,472 ----a-w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2004-08-04 07:56:46 276,480 ----a-w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 -c--a-w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
- 2007-12-07 02:21:48 824,832 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2006-10-23 15:34:22 664,576 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2006-10-19 01:47:20 937,984 -c--a-w c:\windows\SYSTEM32\DLLCACHE\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 -c--a-w c:\windows\SYSTEM32\DLLCACHE\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
- 2007-07-30 23:19:36 549,720 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
- 2007-07-30 23:19:16 53,080 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
- 2007-07-30 23:19:32 325,976 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
- 2007-07-30 23:18:40 33,624 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
- 2007-07-30 23:19:28 203,096 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
- 2006-06-26 17:37:10 148,480 ----a-w c:\windows\SYSTEM32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w c:\windows\SYSTEM32\dnsapi.dll
- 2004-08-04 07:56:42 45,568 ----a-w c:\windows\SYSTEM32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w c:\windows\SYSTEM32\dnsrslvr.dll
- 2004-08-04 06:14:14 138,496 ----a-w c:\windows\SYSTEM32\DRIVERS\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\SYSTEM32\DRIVERS\afd.sys
- 2004-08-04 06:10:37 274,304 -c----w c:\windows\SYSTEM32\DRIVERS\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w c:\windows\SYSTEM32\DRIVERS\bthport.sys
+ 2004-08-04 06:07:57 2,944 ----a-w c:\windows\SYSTEM32\DRIVERS\drmkaud.sys
+ 2008-03-21 20:00:06 63,504 ----a-w c:\windows\SYSTEM32\DRIVERS\KmxAgent.sys
+ 2008-06-04 16:27:44 134,648 ----a-w c:\windows\SYSTEM32\DRIVERS\KmxCF.sys
+ 2008-05-30 20:56:30 88,816 ----a-w c:\windows\SYSTEM32\DRIVERS\KmxCfg.sys
+ 2008-03-21 20:00:06 45,584 ----a-w c:\windows\SYSTEM32\DRIVERS\KmxFile.sys
+ 2008-03-19 15:56:58 115,216 ----a-w c:\windows\SYSTEM32\DRIVERS\KmxFw.sys
+ 2008-03-21 20:00:06 66,576 ----a-w c:\windows\SYSTEM32\DRIVERS\KmxSbx.sys
+ 2008-03-19 15:56:58 93,712 ----a-w c:\windows\SYSTEM32\DRIVERS\KmxStart.sys
- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\SYSTEM32\DRIVERS\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\SYSTEM32\DRIVERS\mrxsmb.sys
+ 2002-08-29 10:00:00 2,944 ----a-w c:\windows\SYSTEM32\DRIVERS\NULL.SYS
- 2004-08-04 05:29:54 1,897,408 ----a-w c:\windows\SYSTEM32\DRIVERS\nv4_mini.sys
+ 2007-12-05 05:41:00 7,435,392 ----a-w c:\windows\SYSTEM32\DRIVERS\nv4_mini.sys
+ 2008-10-27 19:16:13 15,172 ----a-w c:\windows\SYSTEM32\DRIVERS\PzWDM.sys
+ 2008-07-13 12:59:20 1,950 ----a-w c:\windows\SYSTEM32\DRIVERS\REGISTER.SYS
- 2006-07-13 08:48:58 202,240 -c--a-w c:\windows\SYSTEM32\DRIVERS\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\SYSTEM32\DRIVERS\rmcast.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\SYSTEM32\DRIVERS\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\SYSTEM32\DRIVERS\srv.sys
- 2007-10-30 17:20:55 360,064 ----a-w c:\windows\SYSTEM32\DRIVERS\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\SYSTEM32\DRIVERS\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w c:\windows\SYSTEM32\DRIVERS\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\SYSTEM32\DRIVERS\tcpip6.sys
+ 2008-08-30 20:14:36 26,352 ----a-w c:\windows\SYSTEM32\DRIVERS\vet-filt.sys
+ 2008-08-30 20:14:34 21,104 ----a-w c:\windows\SYSTEM32\DRIVERS\vet-rec.sys
+ 2008-12-11 16:55:07 108,368 ----a-w c:\windows\SYSTEM32\DRIVERS\veteboot.sys
+ 2008-12-11 16:55:07 880,560 ----a-w c:\windows\SYSTEM32\DRIVERS\vetefile.sys
+ 2008-08-30 20:14:28 21,488 ----a-w c:\windows\SYSTEM32\DRIVERS\vetfddnt.sys
+ 2008-08-30 20:14:34 32,240 ----a-w c:\windows\SYSTEM32\DRIVERS\vetmonnt.sys
- 2007-12-19 23:01:06 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
+ 2006-10-23 15:34:20 357,888 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
+ 2006-10-23 15:34:20 205,312 ----a-w c:\windows\SYSTEM32\dxtrans.dll
+ 2002-11-01 04:00:00 65,536 ----a-w c:\windows\SYSTEM32\EPPicMgr.dll
+ 2003-10-02 04:00:00 39,121 ----a-w c:\windows\SYSTEM32\EPPICPattern1.dat
+ 2003-10-02 04:00:00 76,956 ----a-w c:\windows\SYSTEM32\EPPICPattern2.dat
+ 2003-10-02 04:01:00 27,965 ----a-w c:\windows\SYSTEM32\EPPICPresetData_JP.dat
+ 2003-10-02 04:00:00 91,923 ----a-w c:\windows\SYSTEM32\EPPICPrinterDB.dat
+ 2002-11-01 04:00:00 114,688 ----a-w c:\windows\SYSTEM32\EpPicPrt.dll
- 2005-07-26 04:39:45 243,200 ----a-w c:\windows\SYSTEM32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\SYSTEM32\es.dll
- 2007-12-07 02:21:45 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
+ 2006-10-23 15:34:20 55,808 ----a-w c:\windows\SYSTEM32\extmgr.dll
- 2004-03-11 22:13:13 1,146,320 ----a-w c:\windows\SYSTEM32\FM20.DLL
+ 2007-06-06 15:53:34 1,195,888 ----a-w c:\windows\SYSTEM32\FM20.DLL
- 2003-07-15 02:57:04 32,584 -c--a-w c:\windows\SYSTEM32\FM20ENU.DLL
+ 2007-03-23 00:17:04 35,440 ----a-w c:\windows\SYSTEM32\FM20ENU.DLL
- 2007-07-09 03:13:48 279,744 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2009-02-04 08:14:54 283,720 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w c:\windows\SYSTEM32\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\SYSTEM32\gdi32.dll
+ 2009-03-27 15:16:04 61,440 --sha-w c:\windows\SYSTEM32\gedoyipi.exe
+ 1997-10-24 17:42:10 642,560 ----a-w c:\windows\SYSTEM32\Gsprop32.dll
+ 1997-10-24 17:42:16 468,928 ----a-w c:\windows\SYSTEM32\Gsw32.exe
+ 1997-10-24 17:42:16 263,120 ----a-w c:\windows\SYSTEM32\Gswag32.dll
+ 1997-10-24 17:42:16 104,384 ----a-w c:\windows\SYSTEM32\Gswdll32.dll
+ 2004-02-24 00:53:12 458,752 ----a-w c:\windows\SYSTEM32\HHActiveX.dll
+ 2009-03-27 03:15:53 61,440 --sha-w c:\windows\SYSTEM32\huforiti.exe
- 2007-12-06 11:00:57 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
+ 2004-08-04 07:56:50 34,304 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
+ 2004-08-04 07:56:42 139,264 ----a-w c:\windows\SYSTEM32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll

jwayne73
2009-03-29, 03:40
+ 2004-08-04 07:56:42 216,576 ----a-w c:\windows\SYSTEM32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w c:\windows\SYSTEM32\ieakui.dll
+ 2002-08-29 10:00:00 221,184 ----a-w c:\windows\SYSTEM32\ieakui.dll
- 2007-12-07 02:21:45 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
+ 2004-08-04 07:56:42 323,584 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
- 2006-10-17 17:06:00 78,336 -c--a-w c:\windows\SYSTEM32\ieencode.dll
+ 2004-08-04 07:56:42 81,920 ----a-w c:\windows\SYSTEM32\ieencode.dll
- 2006-11-08 02:03:36 191,488 ----a-w c:\windows\SYSTEM32\iepeers.dll
+ 2006-10-23 15:34:20 251,904 ----a-w c:\windows\SYSTEM32\iepeers.dll
- 2007-12-07 02:21:46 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
+ 2004-08-04 07:56:42 48,640 ----a-w c:\windows\SYSTEM32\iernonce.dll
- 2006-11-07 08:26:42 55,296 -c--a-w c:\windows\SYSTEM32\iesetup.dll
+ 2004-08-04 07:56:42 62,976 ----a-w c:\windows\SYSTEM32\iesetup.dll
- 2007-12-06 11:00:58 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
- 2006-10-17 16:57:58 36,352 ----a-w c:\windows\SYSTEM32\imgutil.dll
+ 2004-08-04 07:56:42 35,840 ----a-w c:\windows\SYSTEM32\imgutil.dll
- 2007-08-21 06:15:44 683,520 ----a-w c:\windows\SYSTEM32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\SYSTEM32\inetcomm.dll
- 2006-11-07 08:26:24 92,672 -c--a-w c:\windows\SYSTEM32\inseng.dll
+ 2006-10-23 15:34:20 96,256 ----a-w c:\windows\SYSTEM32\inseng.dll
+ 2008-08-30 20:14:28 99,568 ----a-w c:\windows\SYSTEM32\isafeif.dll
+ 2008-08-30 20:14:34 91,376 ----a-w c:\windows\SYSTEM32\isafprod.dll
- 2003-11-19 21:36:26 24,681 -c--a-w c:\windows\SYSTEM32\java.exe
+ 2009-02-04 14:11:42 144,792 ----a-w c:\windows\SYSTEM32\java.exe
- 2003-11-19 21:36:30 28,779 -c--a-w c:\windows\SYSTEM32\javaw.exe
+ 2009-02-04 14:11:42 144,792 ----a-w c:\windows\SYSTEM32\javaw.exe
+ 2009-02-04 14:11:42 148,888 ----a-w c:\windows\SYSTEM32\javaws.exe
- 2006-10-17 17:00:00 491,520 ----a-w c:\windows\SYSTEM32\jscript.dll
+ 2006-05-18 05:24:25 450,560 ----a-w c:\windows\SYSTEM32\jscript.dll
- 2007-12-07 02:21:47 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
+ 2006-10-23 15:34:20 15,872 ----a-w c:\windows\SYSTEM32\jsproxy.dll
+ 2002-08-29 10:00:00 2,000 ----a-w c:\windows\SYSTEM32\KEYBOARD.DRV
+ 2007-12-05 05:41:00 425,984 ----a-w c:\windows\SYSTEM32\keystone.exe
- 2006-10-17 17:05:10 40,960 -c--a-w c:\windows\SYSTEM32\licmgr10.dll
+ 2004-08-04 07:56:42 22,016 ----a-w c:\windows\SYSTEM32\licmgr10.dll
- 2006-10-19 00:03:58 100,864 -c--a-w c:\windows\SYSTEM32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe
+ 2002-08-29 10:00:00 2,560 ----a-w c:\windows\SYSTEM32\LZ32.DLL
+ 2008-03-25 02:32:44 218,496 ----a-r c:\windows\SYSTEM32\Macromed\Flash\FlashUtil9f.exe
+ 2003-12-08 17:58:22 94,208 ----a-w c:\windows\SYSTEM32\Macromed\Flash\GetFlash.exe
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2007-07-21 01:37:39 48,749 ----a-w c:\windows\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
+ 2008-10-08 12:41:19 74,137 ----a-w c:\windows\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
+ 2008-12-18 15:12:20 84,661 ----a-w c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2004-03-22 22:17:05 24,816 ----a-w c:\windows\SYSTEM32\mdimon.dll
+ 2007-04-09 18:23:54 28,040 ----a-w c:\windows\SYSTEM32\mdimon.dll
+ 2002-08-29 10:00:00 2,032 ----a-w c:\windows\SYSTEM32\MOUSE.DRV
- 2005-06-29 01:46:00 74,240 ----a-w c:\windows\SYSTEM32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\SYSTEM32\mscms.dll
- 2004-08-04 07:56:42 294,400 ----a-w c:\windows\SYSTEM32\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w c:\windows\SYSTEM32\msctf.dll
- 2004-08-04 07:56:43 512,029 -c--a-w c:\windows\SYSTEM32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w c:\windows\SYSTEM32\msexch40.dll
- 2004-08-04 07:56:43 319,517 -c--a-w c:\windows\SYSTEM32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w c:\windows\SYSTEM32\msexcl40.dll
- 2006-10-17 16:56:10 45,568 ----a-w c:\windows\SYSTEM32\mshta.exe
+ 2004-08-04 07:56:53 29,184 ----a-w c:\windows\SYSTEM32\mshta.exe
- 2007-12-08 05:21:48 3,592,192 ----a-w c:\windows\SYSTEM32\mshtml.dll
+ 2006-10-23 15:34:22 3,061,248 ----a-w c:\windows\SYSTEM32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w c:\windows\SYSTEM32\mshtmled.dll
+ 2006-10-23 15:34:21 448,512 ----a-w c:\windows\SYSTEM32\mshtmled.dll
- 2006-10-17 16:28:56 48,128 -c--a-w c:\windows\SYSTEM32\mshtmler.dll
+ 2004-08-04 07:56:14 56,832 ----a-w c:\windows\SYSTEM32\mshtmler.dll
- 2004-08-04 07:56:43 1,507,356 ----a-w c:\windows\SYSTEM32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w c:\windows\SYSTEM32\msjet40.dll
- 2004-03-01 18:52:15 358,976 ----a-w c:\windows\SYSTEM32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w c:\windows\SYSTEM32\msjetoledb40.dll
- 2004-08-04 07:56:43 151,583 ----a-w c:\windows\SYSTEM32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w c:\windows\SYSTEM32\msjint40.dll
- 2004-08-04 07:56:43 53,279 ----a-w c:\windows\SYSTEM32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w c:\windows\SYSTEM32\msjter40.dll
- 2004-08-04 07:56:43 241,693 ----a-w c:\windows\SYSTEM32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w c:\windows\SYSTEM32\msjtes40.dll
- 2006-11-08 02:03:36 156,160 ----a-w c:\windows\SYSTEM32\msls31.dll
+ 2002-08-29 10:00:00 146,432 ----a-w c:\windows\SYSTEM32\msls31.dll
- 2004-08-04 07:56:43 213,023 -c--a-w c:\windows\SYSTEM32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w c:\windows\SYSTEM32\msltus40.dll
- 2004-08-04 07:56:43 348,189 -c--a-w c:\windows\SYSTEM32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w c:\windows\SYSTEM32\mspbde40.dll
- 2007-12-07 02:21:48 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
+ 2006-10-23 15:34:21 146,432 ----a-w c:\windows\SYSTEM32\msrating.dll
- 2004-08-04 07:56:43 421,919 -c--a-w c:\windows\SYSTEM32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w c:\windows\SYSTEM32\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 -c--a-w c:\windows\SYSTEM32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w c:\windows\SYSTEM32\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 -c--a-w c:\windows\SYSTEM32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w c:\windows\SYSTEM32\msrepl40.dll
- 2004-08-04 07:56:43 258,077 -c--a-w c:\windows\SYSTEM32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w c:\windows\SYSTEM32\mstext40.dll
- 2007-12-07 02:21:48 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
+ 2006-10-23 15:34:21 532,480 ----a-w c:\windows\SYSTEM32\mstime.dll
- 2004-08-04 07:56:44 831,519 -c--a-w c:\windows\SYSTEM32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w c:\windows\SYSTEM32\mswdat10.dll
- 2004-08-04 07:56:44 245,248 ----a-w c:\windows\SYSTEM32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w c:\windows\SYSTEM32\mswsock.dll
- 2004-08-04 07:56:44 614,429 ----a-w c:\windows\SYSTEM32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w c:\windows\SYSTEM32\mswstr10.dll
- 2004-08-04 07:56:44 348,189 -c--a-w c:\windows\SYSTEM32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w c:\windows\SYSTEM32\msxbde40.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\SYSTEM32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
- 2007-05-08 19:03:04 1,275,392 ----a-w c:\windows\SYSTEM32\msxml4.dll
+ 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll
+ 2008-10-16 19:06:48 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
+ 2008-10-16 19:06:48 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\SYSTEM32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\SYSTEM32\netapi32.dll
- 2007-02-28 08:38:55 2,057,600 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
- 2007-02-28 09:10:57 2,180,352 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
- 2004-08-04 07:56:44 4,274,816 -c--a-w c:\windows\SYSTEM32\nv4_disp.dll
+ 2007-12-05 05:41:00 5,773,568 ----a-w c:\windows\SYSTEM32\nv4_disp.dll
+ 2007-12-05 05:41:00 385,024 ----a-w c:\windows\SYSTEM32\nvapi.dll
+ 2007-12-05 05:41:00 442,368 ----a-w c:\windows\SYSTEM32\nvappbar.exe
+ 2007-12-05 05:41:00 35,328 ----a-w c:\windows\SYSTEM32\nvcod.dll
+ 2007-12-05 05:41:00 35,328 ----a-w c:\windows\SYSTEM32\nvcodins.dll
+ 2007-12-05 05:41:00 147,456 ----a-w c:\windows\SYSTEM32\nvcolor.exe
+ 2007-12-05 05:41:00 8,523,776 ----a-w c:\windows\SYSTEM32\nvcpl.dll
+ 2007-12-05 05:41:00 753,664 ----a-w c:\windows\SYSTEM32\nvcplui.exe
+ 2007-12-05 05:41:00 1,073,152 ----a-w c:\windows\SYSTEM32\nvcpluir.dll
+ 2007-12-05 05:41:00 1,089,536 ----a-w c:\windows\SYSTEM32\nvcuda.dll
+ 2007-12-05 05:41:00 6,549,504 ----a-w c:\windows\SYSTEM32\nvdisps.dll
+ 2007-12-05 05:41:00 5,611,520 ----a-w c:\windows\SYSTEM32\nvdispsr.dll
+ 2007-12-05 05:41:00 1,339,392 ----a-w c:\windows\SYSTEM32\nvdspsch.exe
+ 2007-12-05 05:41:00 307,200 ----a-w c:\windows\SYSTEM32\nvexpbar.dll
+ 2007-12-05 05:41:00 3,420,160 ----a-w c:\windows\SYSTEM32\nvgames.dll
+ 2007-12-05 05:41:00 3,334,144 ----a-w c:\windows\SYSTEM32\nvgamesr.dll
+ 2005-12-10 07:06:00 573,440 ----a-w c:\windows\SYSTEM32\nvhwvid.dll
+ 2007-12-05 05:41:00 1,474,560 ----a-w c:\windows\SYSTEM32\nview.dll
+ 2007-12-05 05:41:00 229,376 ----a-w c:\windows\SYSTEM32\nvmccs.dll
+ 2007-12-05 05:41:00 45,056 ----a-w c:\windows\SYSTEM32\nvmccsrs.dll
+ 2007-12-05 05:41:00 188,416 ----a-w c:\windows\SYSTEM32\nvmccss.dll
+ 2007-12-05 05:41:00 458,752 ----a-w c:\windows\SYSTEM32\nvmccssr.dll
+ 2007-12-05 05:41:00 81,920 ----a-w c:\windows\SYSTEM32\nvmctray.dll
+ 2007-12-05 05:41:00 1,228,800 ----a-w c:\windows\SYSTEM32\nvmobls.dll
+ 2007-12-05 05:41:00 2,854,912 ----a-w c:\windows\SYSTEM32\nvmoblsr.dll
+ 2007-12-05 05:41:00 286,720 ----a-w c:\windows\SYSTEM32\nvnt4cpl.dll
+ 2007-12-05 05:41:00 6,901,760 ----a-w c:\windows\SYSTEM32\nvoglnt.dll
+ 2007-12-05 05:41:00 327,680 ----a-w c:\windows\SYSTEM32\nvrsar.dll
+ 2007-12-05 05:41:00 249,856 ----a-w c:\windows\SYSTEM32\nvrscs.dll
+ 2007-12-05 05:41:00 253,952 ----a-w c:\windows\SYSTEM32\nvrsda.dll
+ 2007-12-05 05:41:00 278,528 ----a-w c:\windows\SYSTEM32\nvrsde.dll
+ 2007-12-05 05:41:00 282,624 ----a-w c:\windows\SYSTEM32\nvrsel.dll
+ 2007-12-05 05:41:00 245,760 ----a-w c:\windows\SYSTEM32\nvrseng.dll
+ 2007-12-05 05:41:00 282,624 ----a-w c:\windows\SYSTEM32\nvrses.dll
+ 2007-12-05 05:41:00 274,432 ----a-w c:\windows\SYSTEM32\nvrsesm.dll
+ 2007-12-05 05:41:00 249,856 ----a-w c:\windows\SYSTEM32\nvrsfi.dll
+ 2007-12-05 05:41:00 282,624 ----a-w c:\windows\SYSTEM32\nvrsfr.dll
+ 2007-12-05 05:41:00 327,680 ----a-w c:\windows\SYSTEM32\nvrshe.dll
+ 2007-12-05 05:41:00 258,048 ----a-w c:\windows\SYSTEM32\nvrshu.dll
+ 2007-12-05 05:41:00 278,528 ----a-w c:\windows\SYSTEM32\nvrsit.dll
+ 2007-12-05 05:41:00 266,240 ----a-w c:\windows\SYSTEM32\nvrsja.dll
+ 2007-12-05 05:41:00 258,048 ----a-w c:\windows\SYSTEM32\nvrsko.dll
+ 2007-12-05 05:41:00 274,432 ----a-w c:\windows\SYSTEM32\nvrsnl.dll
+ 2007-12-05 05:41:00 253,952 ----a-w c:\windows\SYSTEM32\nvrsno.dll
+ 2007-12-05 05:41:00 253,952 ----a-w c:\windows\SYSTEM32\nvrspl.dll
+ 2007-12-05 05:41:00 274,432 ----a-w c:\windows\SYSTEM32\nvrspt.dll
+ 2007-12-05 05:41:00 266,240 ----a-w c:\windows\SYSTEM32\nvrsptb.dll
+ 2007-12-05 05:41:00 270,336 ----a-w c:\windows\SYSTEM32\nvrsru.dll
+ 2007-12-05 05:41:00 258,048 ----a-w c:\windows\SYSTEM32\nvrssk.dll
+ 2007-12-05 05:41:00 258,048 ----a-w c:\windows\SYSTEM32\nvrssl.dll
+ 2007-12-05 05:41:00 253,952 ----a-w c:\windows\SYSTEM32\nvrssv.dll
+ 2007-12-05 05:41:00 253,952 ----a-w c:\windows\SYSTEM32\nvrsth.dll
+ 2007-12-05 05:41:00 258,048 ----a-w c:\windows\SYSTEM32\nvrstr.dll
+ 2007-12-05 05:41:00 225,280 ----a-w c:\windows\SYSTEM32\nvrszhc.dll
+ 2007-12-05 05:41:00 126,976 ----a-w c:\windows\SYSTEM32\nvrszht.dll
+ 2007-12-05 05:41:00 466,944 ----a-w c:\windows\SYSTEM32\nvshell.dll
+ 2007-12-05 05:41:00 155,716 ----a-w c:\windows\SYSTEM32\nvsvc32.exe
+ 2007-12-05 05:41:00 356,352 ----a-w c:\windows\SYSTEM32\nvudisp.exe
+ 2008-05-16 15:48:14 446,464 ----a-w c:\windows\SYSTEM32\NVUNINST.EXE
+ 2007-12-05 05:41:00 3,710,976 ----a-w c:\windows\SYSTEM32\nvvitvs.dll
+ 2007-12-05 05:41:00 3,715,072 ----a-w c:\windows\SYSTEM32\nvvitvsr.dll
+ 2007-12-05 05:41:00 81,920 ----a-w c:\windows\SYSTEM32\nvwddi.dll
+ 2007-12-05 05:41:00 1,703,936 ----a-w c:\windows\SYSTEM32\nvwdmcpl.dll
+ 2007-12-05 05:41:00 1,019,904 ----a-w c:\windows\SYSTEM32\nvwimg.dll
+ 2007-12-05 05:41:00 282,624 ----a-w c:\windows\SYSTEM32\nvwrsar.dll
+ 2007-12-05 05:41:00 286,720 ----a-w c:\windows\SYSTEM32\nvwrscs.dll
+ 2007-12-05 05:41:00 294,912 ----a-w c:\windows\SYSTEM32\nvwrsda.dll
+ 2007-12-05 05:41:00 311,296 ----a-w c:\windows\SYSTEM32\nvwrsde.dll
+ 2007-12-05 05:41:00 335,872 ----a-w c:\windows\SYSTEM32\nvwrsel.dll
+ 2007-12-05 05:41:00 286,720 ----a-w c:\windows\SYSTEM32\nvwrseng.dll
+ 2007-12-05 05:41:00 335,872 ----a-w c:\windows\SYSTEM32\nvwrses.dll
+ 2007-12-05 05:41:00 327,680 ----a-w c:\windows\SYSTEM32\nvwrsesm.dll
+ 2007-12-05 05:41:00 303,104 ----a-w c:\windows\SYSTEM32\nvwrsfi.dll
+ 2007-12-05 05:41:00 327,680 ----a-w c:\windows\SYSTEM32\nvwrsfr.dll
+ 2007-12-05 05:41:00 278,528 ----a-w c:\windows\SYSTEM32\nvwrshe.dll
+ 2007-12-05 05:41:00 315,392 ----a-w c:\windows\SYSTEM32\nvwrshu.dll
+ 2007-12-05 05:41:00 323,584 ----a-w c:\windows\SYSTEM32\nvwrsit.dll
+ 2007-12-05 05:41:00 212,992 ----a-w c:\windows\SYSTEM32\nvwrsja.dll
+ 2007-12-05 05:41:00 196,608 ----a-w c:\windows\SYSTEM32\nvwrsko.dll
+ 2007-12-05 05:41:00 319,488 ----a-w c:\windows\SYSTEM32\nvwrsnl.dll
+ 2007-12-05 05:41:00 299,008 ----a-w c:\windows\SYSTEM32\nvwrsno.dll
+ 2007-12-05 05:41:00 294,912 ----a-w c:\windows\SYSTEM32\nvwrspl.dll
+ 2007-12-05 05:41:00 323,584 ----a-w c:\windows\SYSTEM32\nvwrspt.dll
+ 2007-12-05 05:41:00 319,488 ----a-w c:\windows\SYSTEM32\nvwrsptb.dll
+ 2007-12-05 05:41:00 315,392 ----a-w c:\windows\SYSTEM32\nvwrsru.dll
+ 2007-12-05 05:41:00 299,008 ----a-w c:\windows\SYSTEM32\nvwrssk.dll
+ 2007-12-05 05:41:00 303,104 ----a-w c:\windows\SYSTEM32\nvwrssl.dll
+ 2007-12-05 05:41:00 294,912 ----a-w c:\windows\SYSTEM32\nvwrssv.dll
+ 2007-12-05 05:41:00 290,816 ----a-w c:\windows\SYSTEM32\nvwrsth.dll
+ 2007-12-05 05:41:00 303,104 ----a-w c:\windows\SYSTEM32\nvwrstr.dll
+ 2007-12-05 05:41:00 163,840 ----a-w c:\windows\SYSTEM32\nvwrszhc.dll
+ 2007-12-05 05:41:00 167,936 ----a-w c:\windows\SYSTEM32\nvwrszht.dll
+ 2007-12-05 05:41:00 2,498,560 ----a-w c:\windows\SYSTEM32\nvwss.dll
+ 2007-12-05 05:41:00 2,519,040 ----a-w c:\windows\SYSTEM32\nvwssr.dll
+ 2007-12-05 05:41:00 1,626,112 ----a-w c:\windows\SYSTEM32\nwiz.exe
- 2007-12-07 02:21:48 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
+ 2004-08-04 07:56:44 96,256 ----a-w c:\windows\SYSTEM32\occache.dll
- 2008-03-10 02:03:29 54,670 ----a-w c:\windows\SYSTEM32\PERFC009.DAT
+ 2009-03-11 23:33:07 54,670 ----a-w c:\windows\SYSTEM32\PERFC009.DAT
- 2008-03-10 02:03:29 385,450 ----a-w c:\windows\SYSTEM32\PERFH009.DAT
+ 2009-03-11 23:33:07 385,450 ----a-w c:\windows\SYSTEM32\PERFH009.DAT
+ 2003-10-02 04:00:00 413,696 ----a-w c:\windows\SYSTEM32\PICSDK.dll
- 2008-01-11 05:53:32 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2006-10-23 15:34:21 39,424 ----a-w c:\windows\SYSTEM32\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 ----a-w c:\windows\SYSTEM32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\SYSTEM32\quartz.dll
- 2007-10-26 03:34:01 8,460,288 ----a-w c:\windows\SYSTEM32\shell32.dll
+ 2008-07-03 13:03:29 8,460,800 ----a-w c:\windows\SYSTEM32\shell32.dll
+ 2008-07-19 02:10:20 36,552 ----a-w c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-07-19 02:10:40 45,768 ----a-w c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2002-08-29 10:00:00 1,744 ----a-w c:\windows\SYSTEM32\SOUND.DRV
- 2006-12-10 18:10:02 14,640 ------w c:\windows\SYSTEM32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
- 2004-03-22 22:17:02 765,680 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdigraph.dll
+ 2007-04-09 18:24:04 758,664 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdigraph.dll
- 2004-03-22 22:17:08 42,224 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdiui.dll
+ 2007-04-09 18:23:58 46,472 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdiui.dll
- 2004-03-22 22:17:02 765,680 -c--a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\mdigraph.dll
+ 2007-04-09 18:24:04 758,664 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\mdigraph.dll
- 2004-03-22 22:17:08 42,224 -c--a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\mdiui.dll
+ 2007-04-09 18:23:58 46,472 ----a-w c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\mdiui.dll
- 2004-03-22 22:17:06 25,840 ----a-w c:\windows\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll
+ 2007-04-09 18:23:54 28,552 ----a-w c:\windows\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll
- 2005-06-10 23:53:32 57,856 ----a-w c:\windows\SYSTEM32\spoolsv.exe
+ 2004-08-04 07:56:57 57,856 ----a-w c:\windows\SYSTEM32\spoolsv.exe
- 2006-08-21 14:52:08 246,814 ----a-w c:\windows\SYSTEM32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
- 2007-11-13 11:31:11 60,416 ------w c:\windows\SYSTEM32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\SYSTEM32\tzchange.exe
+ 2007-11-19 18:32:06 117,264 ----a-w c:\windows\SYSTEM32\UmxSbxExw.dll
+ 2007-11-19 18:32:06 256,528 ----a-w c:\windows\SYSTEM32\UmxSbxw.dll
+ 2007-05-18 18:30:00 79,368 ----a-w c:\windows\SYSTEM32\UmxWNP.dll
- 2007-12-07 02:21:48 105,984 ----a-w c:\windows\SYSTEM32\url.dll
+ 2004-08-04 07:56:46 37,888 ----a-w c:\windows\SYSTEM32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w c:\windows\SYSTEM32\urlmon.dll
+ 2006-10-23 15:34:22 615,936 ----a-w c:\windows\SYSTEM32\urlmon.dll
- 2006-11-08 02:03:36 413,696 ----a-w c:\windows\SYSTEM32\vbscript.dll
+ 2004-08-04 07:56:46 417,792 ----a-w c:\windows\SYSTEM32\vbscript.dll
+ 2008-08-30 20:14:38 83,256 ----a-w c:\windows\SYSTEM32\vetredir.dll
+ 2002-08-29 10:00:00 2,176 ----a-w c:\windows\SYSTEM32\VGA.DRV
- 2007-12-07 02:21:48 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll
+ 2004-08-04 07:56:46 276,480 ----a-w c:\windows\SYSTEM32\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 ----a-w c:\windows\SYSTEM32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\SYSTEM32\win32k.sys
- 2007-12-07 02:21:48 824,832 ----a-w c:\windows\SYSTEM32\wininet.dll
+ 2006-10-23 15:34:22 664,576 ----a-w c:\windows\SYSTEM32\wininet.dll
+ 2002-08-29 10:00:00 2,864 ----a-w c:\windows\SYSTEM32\WINSOCK.DLL
+ 2002-08-29 10:00:00 2,112 ----a-w c:\windows\SYSTEM32\WINSPOOL.EXE
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\SYSTEM32\wmnetmgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\SYSTEM32\WMNetmgr.dll
- 2006-10-19 01:47:20 295,936 ------w c:\windows\SYSTEM32\wmpeffects.dll
+ 2008-06-24 22:12:58 295,936 ------w c:\windows\SYSTEM32\wmpeffects.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\SYSTEM32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\WMVCore.dll
+ 2002-08-29 10:00:00 2,736 ----a-w c:\windows\SYSTEM32\WOWDEB.EXE
- 2007-07-30 23:19:36 549,720 ----a-w c:\windows\SYSTEM32\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
- 2007-07-30 23:19:16 53,080 ----a-w c:\windows\SYSTEM32\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
- 2007-07-30 23:19:42 1,712,984 ----a-w c:\windows\SYSTEM32\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
- 2007-07-30 23:19:32 325,976 ----a-w c:\windows\SYSTEM32\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
- 2007-07-30 23:18:40 33,624 ----a-w c:\windows\SYSTEM32\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
- 2007-07-30 23:19:12 43,352 ----a-w c:\windows\SYSTEM32\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
- 2007-07-30 23:19:28 203,096 ----a-w c:\windows\SYSTEM32\wuweb.dll
+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
- 2007-10-29 10:04:03 350,720 ----a-w c:\windows\SYSTEM32\xpsp3res.dll
+ 2008-02-15 09:06:21 351,744 ----a-w c:\windows\SYSTEM32\xpsp3res.dll
+ 2009-03-28 14:53:44 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_6fc.dat
+ 2000-08-31 12:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2000-08-31 12:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-01-19 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-04 136600]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-01-23 181488]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-28 259312]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-30 234736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

c:\documents and settings\John\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-06-23 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\1stWORKS\\hotCommCL\\BIN\\hotComm.exe"=
"c:\\Program Files\\Mtrader mIRC - v2\\mirc32.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\ftp.exe"=
"c:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\capfsem.exe"=
"c:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\cavrid.exe"=
"c:\\Program Files\\CA\\CA Internet Security Suite\\CA Website Inspector\\Light\\CAGlobalLight.exe"=
"c:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe"=
"c:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\capfasem.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=

R0 KmxStart;KmxStart;c:\windows\SYSTEM32\DRIVERS\KmxStart.sys [2008-03-19 93712]
R0 PzWDM;PzWDM;c:\windows\SYSTEM32\DRIVERS\PzWDM.sys [2008-10-27 15172]
R1 KmxAgent;KmxAgent;c:\windows\SYSTEM32\DRIVERS\KmxAgent.sys [2008-03-21 63504]
R1 KmxFile;KmxFile;c:\windows\SYSTEM32\DRIVERS\KmxFile.sys [2008-03-21 45584]
R1 KmxFw;KmxFw;c:\windows\SYSTEM32\DRIVERS\KmxFw.sys [2008-03-19 115216]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\SYSTEM32\DRIVERS\DLPORTIO.sys [2005-03-20 3584]
R2 KmxCF;KmxCF;c:\windows\SYSTEM32\DRIVERS\KmxCF.sys [2008-06-04 134648]
R2 KmxSbx;KmxSbx;c:\windows\SYSTEM32\DRIVERS\KmxSbx.sys [2008-03-21 66576]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-04-17 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [2007-07-09 46112]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-04-15 281104]
R3 KmxCfg;KmxCfg;c:\windows\SYSTEM32\DRIVERS\KmxCfg.sys [2008-05-30 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-10-27 185584]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - project
.
Contents of the 'Scheduled Tasks' folder

2004-09-15 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-08-04 03:56]
.
- - - - ORPHANS REMOVED - - - -

BHO-{894a3b2b-6942-4b9f-af8d-3c39b5a4a230} - c:\windows\system32\uwthqn.dll
BHO-{9b738f2f-1299-4289-83b5-1d6579a27c82} - (no file)
BHO-{f44c12ab-a9e5-43c0-be43-f9dab699e2e1} - c:\windows\system32\yudedawo.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-RegistryMechanic - (no file)
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9d.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\5hbvpu1b.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components\CIDDomFx3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 10:54:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1192)
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\StkASv2K.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe
.
**************************************************************************
.
Completion time: 2009-03-28 11:01:14 - machine was rebooted [John]
ComboFix-quarantined-files.txt 2009-03-28 15:01:10
ComboFix2.txt 2008-03-22 03:55:24

Pre-Run: 10,809,163,776 bytes free
Post-Run: 10,896,277,504 bytes free

1741 --- E O F --- 2009-02-26 08:00:37




HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:35 AM, on 3/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: {032a4a5b-93c3-d8fa-f9b4-2496b2b3a498} - {894a3b2b-6942-4b9f-af8d-3c39b5a4a230} - C:\WINDOWS\system32\uwthqn.dll
O2 - BHO: (no name) - {9b738f2f-1299-4289-83b5-1d6579a27c82} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {f44c12ab-a9e5-43c0-be43-f9dab699e2e1} - C:\WINDOWS\system32\yudedawo.dll (file missing)
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - (no file)
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [kililuvedu] Rundll32.exe "C:\WINDOWS\system32\gakejuha.dll",s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPMab9b1d26] Rundll32.exe "c:\windows\system32\kafuyora.dll",a
O4 - HKLM\..\Run: [a8a82eba] rundll32.exe "C:\WINDOWS\system32\bebidatu.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA7921] command.com /c del "c:\windows\system32\gupureje.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4166] cmd.exe /c del "c:\windows\system32\gupureje.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9401] command.com /c del "C:\WINDOWS\system32\mayonibe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC504] cmd.exe /c del "C:\WINDOWS\system32\mayonibe.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [kililuvedu] Rundll32.exe "C:\WINDOWS\system32\morahove.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [kililuvedu] Rundll32.exe "C:\WINDOWS\system32\morahove.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3841567307-4091171729-3825519540-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jean')
O4 - HKUS\S-1-5-21-3841567307-4091171729-3825519540-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Guest01')
O4 - HKUS\S-1-5-21-3841567307-4091171729-3825519540-1012\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-3841567307-4091171729-3825519540-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: uwthqn.dll c:\windows\system32\kafuyora.dll,C:\WINDOWS\system32\nagefipi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kafuyora.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kafuyora.dll
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (file missing)

--
End of file - 7991 bytes


Also:
- removed unused programs
- loaded PSI
- upgraded adobe flash player active x 9.0.124.0
- upgraded adobe flash player 10 plugin 10.0.22.87

- removed adobe reader 8.1.2
- load foxit reader

- remove java 5.0 and 1.4.2
- load java 6.11

- removed spybot 1.3
- loaded spybot 1.6.2 and immunized


-

pskelley
2009-03-29, 14:12
combofix was run at: comboFix 09-03-27.02 - John 2009-03-28 10:48:00.2

and the HJT log was run at: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:35 AM, on 3/28/2009

Post a new HJT log that is created after combofix was run. Items are in the HJT log you posted that were removed by combofix.

Thanks

jwayne73
2009-03-30, 06:25
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:19 PM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - (no file)
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (file missing)

--
End of file - 6700 bytes

pskelley
2009-03-30, 16:30
You have a very infected computer that is consuming a lot of time to research. I need information about this file:
c:\windows\system32\drivers\kmxcfg.u2k0
Make sure you can view all files and folders for this Operating System:
http://www.bleepingcomputer.com/tutorials/tutorial62.html#winxp
Use one or more of these free online scans to scan that file and post the results.
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/

Please follow the directions carefully and in the numbered order.

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

2) Open notepad and copy/paste the text in the codebox below into it:


File::
c:\windows\SYSTEM32\rejijejo.dll

Folder::
c:\windows\Sm9obg

Save this as CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(you can leave the first two if you set them that way)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
(http://www.benedelman.org/spyware/ask-toolbars/ <<< see this link)
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

5) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFscript, the log from MBAM and a new HJT log. Make sure to include the file information I need.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

How is the computer running?

Thanks

jwayne73
2009-03-31, 07:37
thanks, I really appreciate your help.

1. file kmxcfg.u2k0 is clean:

Scan taken on 31 Mar 2009 02:22:30 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


2. CFscript/Combfix log:
ComboFix 09-03-27.02 - John 2009-03-30 22:51:04.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.796 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\SYSTEM32\rejijejo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Sm9obg
c:\windows\Sm9obg\asappsrv.dll
c:\windows\Sm9obg\command.exe
c:\windows\Sm9obg\mA6Cv0.vbs
c:\windows\SYSTEM32\rejijejo.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-28 20:48 . 2009-03-28 20:55 <DIR> d-------- c:\program files\TradeStation 8.5 (Build 2289)
2009-03-28 20:46 . 2009-03-28 20:46 <DIR> d-------- c:\documents and settings\John\Application Data\TradeStation Technologies
2009-03-28 11:45 . 2009-03-28 11:45 <DIR> d-------- c:\program files\AskBarDis
2009-03-28 11:44 . 2009-03-28 11:44 <DIR> d-------- c:\program files\Foxit Software
2009-03-28 11:44 . 2009-03-28 11:44 <DIR> d-------- c:\documents and settings\John\Application Data\Foxit
2009-03-28 11:36 . 2009-03-28 11:36 <DIR> d-------- c:\program files\Secunia
2009-03-25 23:37 . 2009-03-25 23:37 <DIR> d-------- c:\program files\ERUNT
2009-03-24 07:03 . 2009-03-24 07:03 7,808 --a------ c:\windows\SYSTEM32\DRIVERS\psi_mf.sys
2009-02-04 10:11 . 2009-02-04 10:11 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2009-02-04 10:11 . 2009-02-04 10:11 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-02-04 04:07 . 2009-02-04 04:07 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-03 16:41 . 2008-10-16 15:06 268,648 --a------ c:\windows\SYSTEM32\mucltui.dll
2009-02-03 16:41 . 2008-10-16 15:06 208,744 --a------ c:\windows\SYSTEM32\muweb.dll
2009-02-03 16:41 . 2008-10-16 15:06 27,496 --a------ c:\windows\SYSTEM32\mucltui.dll.mui
2009-02-02 23:27 . 2009-03-01 23:07 <DIR> d-------- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 06:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2009-03-30 06:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2009-03-30 06:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2009-03-30 06:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2009-03-30 06:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2009-03-30 06:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2009-03-30 06:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2009-03-30 06:11 466,134 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2009-03-29 00:42 --------- d-----w c:\documents and settings\John\Application Data\CallingID
2009-03-28 17:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-28 17:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-28 16:43 --------- d-----w c:\program files\TradeStation 8.3 (Build 1419)
2009-03-28 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-28 16:19 --------- d-----w c:\program files\Java
2009-03-28 16:17 --------- d-----w c:\program files\HOTALBUMMyBOX
2009-03-28 16:11 --------- d-----w c:\program files\THQ
2009-03-28 16:08 --------- d-----w c:\program files\Common Files\Adobe
2009-03-28 15:53 --------- d-----w c:\documents and settings\John\Application Data\Lavasoft
2009-03-27 15:16 61,440 --sha-w c:\windows\SYSTEM32\gedoyipi.exe
2009-03-27 03:15 61,440 --sha-w c:\windows\SYSTEM32\huforiti.exe
2009-03-15 13:56 --------- d-----w c:\documents and settings\Jean\Application Data\CallingID
2009-02-09 10:19 1,846,272 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 10:19 1,846,272 ----a-w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-12-20 23:15 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
2008-12-20 23:15 6,066,688 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-12-20 23:15 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-12-20 23:15 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
2008-12-20 23:15 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-12-20 23:15 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
2008-12-19 09:10 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-12-12 17:27 3,067,392 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-11 11:57 333,184 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-12-05 07:12 144,896 ----a-w c:\windows\SYSTEM32\schannel.dll
2008-12-05 07:12 144,896 ----a-w c:\windows\SYSTEM32\DLLCACHE\schannel.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-03-28_10.59.09.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-18 14:32:13 450,560 ----a-w c:\windows\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w c:\windows\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB944338-v2\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB944338-v2\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\updspapi.dll
+ 2009-02-09 10:20:05 1,847,424 ----a-w c:\windows\$hf_mig$\KB958690\SP2QFE\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\$hf_mig$\KB958690\SP3GDR\win32k.sys
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:41:26 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP2QFE\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3GDR\schannel.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2005-10-20 16:02:28 163,328 ----a-w c:\windows\erdnt\AutoBackup\3-28-2009\ERDNT.EXE
+ 2009-03-28 16:35:59 11,169,792 ----a-w c:\windows\erdnt\AutoBackup\3-28-2009\Users\00000001\NTUSER.DAT
+ 2009-03-28 16:35:59 3,309,568 ----a-w c:\windows\erdnt\AutoBackup\3-28-2009\Users\00000002\UsrClass.dat
+ 2005-10-20 16:02:28 163,328 ----a-w c:\windows\erdnt\AutoBackup\3-29-2009\ERDNT.EXE
+ 2009-03-29 12:30:18 14,798,848 ----a-w c:\windows\erdnt\AutoBackup\3-29-2009\Users\00000001\NTUSER.DAT
+ 2009-03-29 12:30:18 3,317,760 ----a-w c:\windows\erdnt\AutoBackup\3-29-2009\Users\00000002\UsrClass.dat
+ 2005-10-20 16:02:28 163,328 ----a-w c:\windows\erdnt\AutoBackup\3-30-2009\ERDNT.EXE
+ 2009-03-30 22:57:34 14,798,848 ----a-w c:\windows\erdnt\AutoBackup\3-30-2009\Users\00000001\NTUSER.DAT
+ 2009-03-30 22:57:34 3,317,760 ----a-w c:\windows\erdnt\AutoBackup\3-30-2009\Users\00000002\UsrClass.dat
- 2005-03-20 00:58:13 29,232 ----a-w c:\windows\hpoins03.dat
+ 2009-03-30 22:58:16 29,232 ----a-w c:\windows\hpoins03.dat
- 2009-02-11 08:04:56 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-29 07:04:37 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-02-11 08:04:56 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-29 07:04:37 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-02-11 08:04:56 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-03-29 07:04:37 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-02-11 08:04:55 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-29 07:04:37 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-02-11 08:04:56 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-29 07:04:37 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-02-11 08:04:56 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-29 07:04:37 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-02-11 08:04:56 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-29 07:04:37 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-02-11 08:04:56 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-29 07:04:38 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-02-11 08:04:56 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-29 07:04:37 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-02-11 08:04:55 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-29 07:04:37 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-02-11 08:04:56 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-29 07:04:38 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-02-11 08:04:55 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-29 07:04:37 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-02-11 08:04:55 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-29 07:04:36 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-10-23 15:34:19 1,022,976 ----a-w c:\windows\SYSTEM32\browseui.dll
+ 2008-10-16 10:20:52 1,024,000 ----a-w c:\windows\SYSTEM32\browseui.dll
- 2006-10-23 15:34:19 151,040 -c--a-w c:\windows\SYSTEM32\cdfview.dll
+ 2008-10-16 10:20:42 151,040 ----a-w c:\windows\SYSTEM32\cdfview.dll
- 2006-10-23 15:34:20 1,054,208 -c--a-w c:\windows\SYSTEM32\danim.dll
+ 2008-10-16 10:20:45 1,054,208 ----a-w c:\windows\SYSTEM32\danim.dll
- 2006-10-23 15:34:19 1,022,976 -c--a-w c:\windows\SYSTEM32\DLLCACHE\browseui.dll
+ 2008-10-16 10:20:52 1,024,000 ----a-w c:\windows\SYSTEM32\DLLCACHE\browseui.dll
- 2006-10-23 15:34:19 151,040 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdfview.dll
+ 2008-10-16 10:20:42 151,040 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdfview.dll
- 2006-10-23 15:34:20 1,054,208 ----a-w c:\windows\SYSTEM32\DLLCACHE\danim.dll
+ 2008-10-16 10:20:45 1,054,208 ----a-w c:\windows\SYSTEM32\DLLCACHE\danim.dll
- 2006-10-23 15:34:20 357,888 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-10-16 10:20:45 357,888 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2006-10-23 15:34:20 205,312 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-10-16 10:20:45 205,312 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2006-10-23 15:34:20 55,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-10-16 10:20:46 55,808 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2006-10-23 11:02:37 18,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedw.exe
+ 2008-10-15 14:18:21 18,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\iedw.exe
- 2006-10-23 15:34:20 251,904 ----a-w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2008-10-16 10:20:46 251,904 ----a-w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
- 2006-10-23 15:34:20 96,256 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll
+ 2008-10-16 10:20:46 96,256 ----a-w c:\windows\SYSTEM32\DLLCACHE\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w c:\windows\SYSTEM32\DLLCACHE\jscript.dll
- 2006-10-23 15:34:20 15,872 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-10-16 10:20:50 16,384 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2006-10-23 15:34:21 448,512 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-10-16 10:20:50 449,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2006-10-23 15:34:21 146,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-10-16 10:20:46 146,432 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2006-10-23 15:34:21 532,480 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-10-16 10:20:46 532,480 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2006-10-23 15:34:21 39,424 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-10-16 10:20:46 39,424 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2006-10-23 15:34:22 1,497,600 -c--a-w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
+ 2008-10-16 10:20:48 1,499,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
- 2006-10-23 15:34:22 474,112 -c--a-w c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2008-10-16 10:20:51 474,112 ----a-w c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll
- 2006-10-23 15:34:22 615,936 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-10-16 10:20:53 619,008 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2004-08-04 07:56:46 417,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
- 2006-10-23 15:34:22 664,576 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-10-16 10:20:49 667,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2007-06-12 03:51:12 10,834,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmp.dll
+ 2008-11-11 22:34:42 10,838,016 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmp.dll
- 2006-10-23 15:34:20 357,888 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
+ 2008-10-16 10:20:45 357,888 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
- 2006-10-23 15:34:20 205,312 ----a-w c:\windows\SYSTEM32\dxtrans.dll
+ 2008-10-16 10:20:45 205,312 ----a-w c:\windows\SYSTEM32\dxtrans.dll
- 2006-10-23 15:34:20 55,808 ----a-w c:\windows\SYSTEM32\extmgr.dll
+ 2008-10-16 10:20:46 55,808 ----a-w c:\windows\SYSTEM32\extmgr.dll
- 2009-02-04 08:14:54 283,720 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2009-03-29 07:12:28 284,520 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
- 2006-10-23 15:34:20 251,904 ----a-w c:\windows\SYSTEM32\iepeers.dll
+ 2008-10-16 10:20:46 251,904 ----a-w c:\windows\SYSTEM32\iepeers.dll
- 2006-10-23 15:34:20 96,256 ----a-w c:\windows\SYSTEM32\inseng.dll
+ 2008-10-16 10:20:46 96,256 ----a-w c:\windows\SYSTEM32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w c:\windows\SYSTEM32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w c:\windows\SYSTEM32\jscript.dll
- 2006-10-23 15:34:20 15,872 ----a-w c:\windows\SYSTEM32\jsproxy.dll
+ 2008-10-16 10:20:50 16,384 ----a-w c:\windows\SYSTEM32\jsproxy.dll
- 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
- 2008-10-05 03:24:04 235,936 ----a-w c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-12-18 15:12:20 84,661 ----a-w c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-28 15:40:06 84,661 ----a-w c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2006-10-23 15:34:22 3,061,248 ----a-w c:\windows\SYSTEM32\mshtml.dll
+ 2008-12-12 17:27:54 3,067,392 ----a-w c:\windows\SYSTEM32\mshtml.dll
- 2006-10-23 15:34:21 448,512 ----a-w c:\windows\SYSTEM32\mshtmled.dll
+ 2008-10-16 10:20:50 449,024 ----a-w c:\windows\SYSTEM32\mshtmled.dll
- 2006-10-23 15:34:21 146,432 ----a-w c:\windows\SYSTEM32\msrating.dll
+ 2008-10-16 10:20:46 146,432 ----a-w c:\windows\SYSTEM32\msrating.dll
- 2006-10-23 15:34:21 532,480 ----a-w c:\windows\SYSTEM32\mstime.dll
+ 2008-10-16 10:20:46 532,480 ----a-w c:\windows\SYSTEM32\mstime.dll
- 2006-10-23 15:34:21 39,424 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2008-10-16 10:20:46 39,424 ----a-w c:\windows\SYSTEM32\pngfilt.dll
- 2006-10-23 15:34:22 1,497,600 ----a-w c:\windows\SYSTEM32\shdocvw.dll
+ 2008-10-16 10:20:48 1,499,136 ----a-w c:\windows\SYSTEM32\shdocvw.dll
- 2006-10-23 15:34:22 474,112 ----a-w c:\windows\SYSTEM32\shlwapi.dll
+ 2008-10-16 10:20:51 474,112 ----a-w c:\windows\SYSTEM32\shlwapi.dll
- 2008-07-09 07:38:24 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
- 2006-09-25 21:58:48 23,856 -c--a-w c:\windows\SYSTEM32\spupdsvc.exe
+ 2007-07-27 13:41:38 26,488 ----a-w c:\windows\SYSTEM32\spupdsvc.exe
- 2006-10-23 15:34:22 615,936 ----a-w c:\windows\SYSTEM32\urlmon.dll
+ 2008-10-16 10:20:53 619,008 ----a-w c:\windows\SYSTEM32\urlmon.dll
- 2004-08-04 07:56:46 417,792 ----a-w c:\windows\SYSTEM32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w c:\windows\SYSTEM32\vbscript.dll
- 2006-10-23 15:34:22 664,576 ----a-w c:\windows\SYSTEM32\wininet.dll
+ 2008-10-16 10:20:49 667,648 ----a-w c:\windows\SYSTEM32\wininet.dll
- 2007-06-12 03:51:12 10,834,944 ----a-w c:\windows\SYSTEM32\wmp.dll
+ 2008-11-11 22:34:42 10,838,016 ----a-w c:\windows\SYSTEM32\wmp.dll
- 2008-02-15 09:06:21 351,744 ----a-w c:\windows\SYSTEM32\xpsp3res.dll
+ 2008-10-15 14:00:41 351,744 ----a-w c:\windows\SYSTEM32\xpsp3res.dll
+ 2009-03-30 14:18:38 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_634.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-01-19 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-01-23 181488]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-28 259312]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-30 234736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-04 136600]

c:\documents and settings\John\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-06-23 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mtrader mIRC - v2\\mirc32.exe"=
"c:\\WINDOWS\\SYSTEM32\\ftp.exe"=
"c:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\capfsem.exe"=
"c:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\cavrid.exe"=
"c:\\Program Files\\CA\\CA Internet Security Suite\\CA Website Inspector\\Light\\CAGlobalLight.exe"=
"c:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe"=
"c:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\capfasem.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=

R0 KmxStart;KmxStart;c:\windows\SYSTEM32\DRIVERS\KmxStart.sys [2008-03-19 93712]
R1 KmxAgent;KmxAgent;c:\windows\SYSTEM32\DRIVERS\KmxAgent.sys [2008-03-21 63504]
R1 KmxFile;KmxFile;c:\windows\SYSTEM32\DRIVERS\KmxFile.sys [2008-03-21 45584]
R1 KmxFw;KmxFw;c:\windows\SYSTEM32\DRIVERS\KmxFw.sys [2008-03-19 115216]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\SYSTEM32\DRIVERS\DLPORTIO.sys [2005-03-20 3584]
R2 KmxCF;KmxCF;c:\windows\SYSTEM32\DRIVERS\KmxCF.sys [2008-06-04 134648]
R2 KmxSbx;KmxSbx;c:\windows\SYSTEM32\DRIVERS\KmxSbx.sys [2008-03-21 66576]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [2007-07-09 46112]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-04-15 281104]
R3 KmxCfg;KmxCfg;c:\windows\SYSTEM32\DRIVERS\KmxCfg.sys [2008-05-30 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-10-27 185584]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [2009-03-24 7808]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - project
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\CAAntiSpywareScan_Daily as John at 5 03 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2008-08-27 18:44]

2004-09-15 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-08-04 03:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\5hbvpu1b.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 22:54:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(2024)
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
Completion time: 2009-03-30 22:57:35
ComboFix-quarantined-files.txt 2009-03-31 02:57:32
ComboFix2.txt 2009-03-28 15:01:19
ComboFix3.txt 2008-03-22 03:55:24

Pre-Run: 9,481,732,096 bytes free
Post-Run: 9,560,748,032 bytes free

361 --- E O F --- 2009-03-29 07:05:39


3. mbam log:
Malwarebytes' Anti-Malware 1.35
Database version: 1922
Windows 5.1.2600 Service Pack 2

3/31/2009 12:12:29 AM
mbam-log-2009-03-31 (00-12-29).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 177927
Time elapsed: 40 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 7
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\elfwgps.bqxs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\elfwgps.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dr6 (Adware.Rabio) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ech5 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lows8 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sbc2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\typ2 (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gawajaso.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kjrsqx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\riwevito.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uwthqn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\zukumuha.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gekujedo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP316\A0028518.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP319\A0028587.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP320\A0028748.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP320\A0028749.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP320\A0028759.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP320\A0028772.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP320\A0028781.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP320\A0028791.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\typ2\key89104.exe (Trojan.Downloader) -> Quarantined and deleted successfully.



4. new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:02 AM, on 3/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-21-3841567307-4091171729-3825519540-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jean')
O4 - HKUS\S-1-5-21-3841567307-4091171729-3825519540-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Jean')
O4 - HKUS\S-1-5-21-3841567307-4091171729-3825519540-1008\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Jean')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (file missing)

--
End of file - 7018 bytes



5. It's running great. REALLY APPRECIATED. Question is how do I keep it this way? Thanks.

pskelley
2009-03-31, 13:16
It's running great. REALLY APPRECIATED. Question is how do I keep it this way?
Let's try to wrap up, then I will post information from experts to help you.

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, update it and run it once a month or so)

Update CA Anti-Virus and scan the system, to be sure it is running right and scanning clean. If you have problems with the program, contact tech support for instructions.

If all is well at this point, let me know and I will close the topic.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/computer/advanced/browsing.mspx

jwayne73
2009-04-02, 07:27
MBAM and CA anti-virus came back clean.

THANK YOU SO MUCH FOR YOUR HELP.

pskelley
2009-04-02, 11:09
Thanks for taking the time to let me know:bigthumb: safe surfing.