"Outer info" and "PurityScan-Q" are paying me visits

[Tenn Karti]

18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-03 23:56:44 73,728 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2006-12-22 12:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2004-07-14 23:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2005-09-23 07:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
- 2004-08-03 23:56:44 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:42:42 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2004-08-03 23:56:44 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:42:42 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2004-08-03 23:56:44 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:42:42 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2004-08-03 23:56:44 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:54:06 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2004-08-03 23:56:44 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 10:16:33 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-03 23:56:44 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-11 06:13:45 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-03 23:56:44 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-03 23:56:54 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 14:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-03 23:56:44 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 14:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-03 23:56:18 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 14:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2004-08-03 23:56:54 40,960 ----a-w C:\WINDOWS\system32\msiregmv.exe
- 2004-08-03 23:56:44 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 14:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2005-01-28 13:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2004-08-03 23:57:02 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-08-03 23:56:44 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-11 06:13:45 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-03 23:56:44 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-11 06:13:45 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-03 23:56:46 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2007-12-10 19:15:02 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 15:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2004-08-04 00:05:44 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2004-08-04 00:56:46 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
- 2004-08-03 23:56:46 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-03 23:56:46 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2006-03-01 19:42:42 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2003-02-20 18:43:36 4,096 ----a-w C:\WINDOWS\system32\mui\0409\mscoreer.dll
+ 2006-12-22 13:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2004-08-03 23:56:46 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2003-02-20 19:16:34 32,768 ----a-w C:\WINDOWS\system32\netfxperf.dll
- 2004-08-03 23:56:46 198,144 ----a-w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\system32\netman.dll
- 2004-08-04 00:05:44 2,015,232 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2004-08-03 22:18:32 2,148,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 09:08:48 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2001-08-23 12:00:00 58,880 ----a-w C:\WINDOWS\system32\nwapi32.dll
+ 2006-10-13 12:35:12 64,000 ----a-w C:\WINDOWS\system32\nwapi32.dll
- 2004-08-03 23:56:46 144,384 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2004-08-03 23:56:46 64,000 ----a-w C:\WINDOWS\system32\nwwks.dll
+ 2006-10-13 12:35:12 65,536 ----a-w C:\WINDOWS\system32\nwwks.dll
- 2004-08-03 23:56:46 1,281,536 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32.dll
- 2004-08-03 23:56:46 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2001-08-23 12:00:00 68,608 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2001-08-23 12:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2005-07-26 04:39:49 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
- 2001-08-23 12:00:00 117,760 ----a-w C:\WINDOWS\system32\oledlg.dll
+ 2006-10-16 16:15:00 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2007-12-10 20:11:05 40,394 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-19 20:44:52 60,768 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-10 20:11:05 312,172 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-19 20:44:52 397,942 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2004-08-03 23:56:46 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-10-11 06:13:45 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-10 19:38:56 53,248 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2007-12-17 23:45:50 53,248 ----a-w C:\WINDOWS\system32\pxhpinst.exe
- 2004-08-03 23:56:46 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-03 23:56:46 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
+ 2006-06-22 05:06:30 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
- 2004-08-03 23:56:46 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:37:10 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2004-08-03 23:56:46 174,080 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:47:18 181,248 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2004-08-04 00:56:44 47,616 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\iyuv_32.dll
+ 2004-08-03 23:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\ks.sys
+ 2004-08-04 00:56:44 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\ksuser.dll
+ 2004-08-04 00:56:46 17,408 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\msyuv.dll
+ 2001-08-17 22:36:34 8,192 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\tsbyuv.dll
+ 2004-08-03 23:10:12 78,464 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\usbvideo.sys
+ 2004-08-04 00:56:48 53,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\vfwwdm32.dll
+ 2006-10-18 01:09:54 73,344 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\R5U870FLx86.sys
+ 2006-10-18 01:09:14 43,904 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\R5U870FUx86.sys
+ 2006-07-27 14:44:42 581,632 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\CHDAud.sys
+ 2006-07-27 14:44:48 24,064 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\CHdAudprop.dll
+ 2006-07-27 14:44:50 5,120 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\CHdAudPropres.dll
+ 2006-07-27 14:44:56 61,952 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\CHDAudPropShortcut.exe
+ 2006-06-09 10:58:48 659,456 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\HXFSetup.exe
+ 2004-08-04 00:05:44 60,288 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\drmk.sys
+ 2004-08-04 00:05:44 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\ks.sys
+ 2004-08-04 00:56:44 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\ksuser.dll
+ 2004-08-04 00:05:44 145,792 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\portcls.sys
+ 2004-08-04 00:05:44 48,640 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\stream.sys
+ 2006-03-16 17:06:02 118,784 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\UCI32105.dll
+ 2003-09-30 11:56:32 217,088 ----a-w C:\WINDOWS\system32\ReWire.dll
+ 2007-08-03 01:44:02 169,147 ----a-w C:\WINDOWS\system32\rey2\qopre83122.exe

[Tenn Karti]

18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-03 23:56:44 73,728 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2006-12-22 12:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2004-07-14 23:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2005-09-23 07:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll
- 2004-08-03 23:56:44 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:42:42 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2004-08-03 23:56:44 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:42:42 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2004-08-03 23:56:44 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:42:42 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2004-08-03 23:56:44 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:54:06 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2004-08-03 23:56:44 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 10:16:33 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-03 23:56:44 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-11 06:13:45 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-03 23:56:44 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-03 23:56:54 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 14:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-03 23:56:44 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 14:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-03 23:56:18 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 14:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2004-08-03 23:56:54 40,960 ----a-w C:\WINDOWS\system32\msiregmv.exe
- 2004-08-03 23:56:44 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 14:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2005-01-28 13:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2004-08-03 23:57:02 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-08-03 23:56:44 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-11 06:13:45 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-03 23:56:44 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-11 06:13:45 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-03 23:56:46 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2007-12-10 19:15:02 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 15:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2004-08-04 00:05:44 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
+ 2004-08-04 00:56:46 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
- 2004-08-03 23:56:46 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-03 23:56:46 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2006-03-01 19:42:42 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2003-02-20 18:43:36 4,096 ----a-w C:\WINDOWS\system32\mui\0409\mscoreer.dll
+ 2006-12-22 13:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2004-08-03 23:56:46 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2003-02-20 19:16:34 32,768 ----a-w C:\WINDOWS\system32\netfxperf.dll
- 2004-08-03 23:56:46 198,144 ----a-w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\system32\netman.dll
- 2004-08-04 00:05:44 2,015,232 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2004-08-03 22:18:32 2,148,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 09:08:48 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2001-08-23 12:00:00 58,880 ----a-w C:\WINDOWS\system32\nwapi32.dll
+ 2006-10-13 12:35:12 64,000 ----a-w C:\WINDOWS\system32\nwapi32.dll
- 2004-08-03 23:56:46 144,384 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2004-08-03 23:56:46 64,000 ----a-w C:\WINDOWS\system32\nwwks.dll
+ 2006-10-13 12:35:12 65,536 ----a-w C:\WINDOWS\system32\nwwks.dll
- 2004-08-03 23:56:46 1,281,536 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32.dll
- 2004-08-03 23:56:46 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2001-08-23 12:00:00 68,608 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2001-08-23 12:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2005-07-26 04:39:49 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
- 2001-08-23 12:00:00 117,760 ----a-w C:\WINDOWS\system32\oledlg.dll
+ 2006-10-16 16:15:00 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2007-12-10 20:11:05 40,394 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-19 20:44:52 60,768 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-10 20:11:05 312,172 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-19 20:44:52 397,942 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2004-08-03 23:56:46 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-10-11 06:13:45 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-10 19:38:56 53,248 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2007-12-17 23:45:50 53,248 ----a-w C:\WINDOWS\system32\pxhpinst.exe
- 2004-08-03 23:56:46 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-03 23:56:46 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
+ 2006-06-22 05:06:30 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
- 2004-08-03 23:56:46 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:37:10 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2004-08-03 23:56:46 174,080 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:47:18 181,248 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2004-08-04 00:56:44 47,616 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\iyuv_32.dll
+ 2004-08-03 23:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\ks.sys
+ 2004-08-04 00:56:44 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\ksuser.dll
+ 2004-08-04 00:56:46 17,408 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\msyuv.dll
+ 2001-08-17 22:36:34 8,192 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\tsbyuv.dll
+ 2004-08-03 23:10:12 78,464 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\usbvideo.sys
+ 2004-08-04 00:56:48 53,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\vfwwdm32.dll
+ 2006-10-18 01:09:54 73,344 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\R5U870FLx86.sys
+ 2006-10-18 01:09:14 43,904 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\R5U870FUx86.sys
+ 2006-07-27 14:44:42 581,632 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\CHDAud.sys
+ 2006-07-27 14:44:48 24,064 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\CHdAudprop.dll
+ 2006-07-27 14:44:50 5,120 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\CHdAudPropres.dll
+ 2006-07-27 14:44:56 61,952 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\CHDAudPropShortcut.exe
+ 2006-06-09 10:58:48 659,456 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\HXFSetup.exe
+ 2004-08-04 00:05:44 60,288 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\drmk.sys
+ 2004-08-04 00:05:44 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\ks.sys
+ 2004-08-04 00:56:44 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\ksuser.dll
+ 2004-08-04 00:05:44 145,792 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\portcls.sys
+ 2004-08-04 00:05:44 48,640 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\stream.sys
+ 2006-03-16 17:06:02 118,784 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\UCI32105.dll
+ 2003-09-30 11:56:32 217,088 ----a-w C:\WINDOWS\system32\ReWire.dll
+ 2007-08-03 01:44:02 169,147 ----a-w C:\WINDOWS\system32\rey2\qopre83122.exe

[Shaba]

Hi

You can edit out snapshot section as it seems to be very big

[Tenn Karti]

169,147 ----a-w C:\WINDOWS\system32\rey2\qopre83122.exe
- 2004-08-03 23:56:46 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:54:06 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-08-03 23:56:46 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-03 23:56:46 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2004-08-03 23:56:46 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2004-08-03 23:56:46 1,483,264 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-10-11 06:13:45 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2004-08-03 23:56:46 8,384,000 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-03 23:56:46 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-10-11 06:13:45 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-03 23:56:46 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2007-11-07 15:34:40 51,736 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2007-07-30 19:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2003-04-16 08:00:36 50,520 ----a-w C:\WINDOWS\system32\SP32395.SYS
+ 2006-12-10 14:10:02 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2005-10-05 13:19:30 73,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hlp256.dll
+ 2005-04-27 10:06:34 430,080 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lexedf.dll
+ 2007-04-24 19:24:42 29,616 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lexgo.exe
+ 2007-01-22 23:18:28 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbacfg.dll
+ 2007-04-02 18:09:04 2,629,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbaclr1.dll
+ 2007-04-02 18:09:04 2,629,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbaclr2.dll
+ 2007-04-02 18:09:06 2,629,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbaclr3.dll
+ 2007-04-02 18:09:06 667,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbaclr4.dll
+ 2007-04-24 11:59:54 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbacu.dll
+ 2007-04-24 12:09:20 94,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbacur.dll
+ 2007-03-26 08:50:04 93,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbadr5c.dll
+ 2007-04-02 18:08:40 118,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbafc5c.dll
+ 2007-03-06 16:36:50 983,083 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbagf.dll
+ 2007-04-02 18:09:02 266,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbaicur.dll
+ 2007-04-24 12:00:28 131,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbains.dll
+ 2007-04-24 12:00:30 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbainsb.dll
+ 2007-04-24 12:09:22 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbainsr.dll
+ 2007-04-24 12:00:44 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbajsw.dll
+ 2007-04-24 12:09:26 479,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbajswr.dll
+ 2007-04-24 19:24:24 78,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbajswx.exe
+ 2007-04-24 12:09:06 778,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbalpa.dll
+ 2007-04-24 12:09:54 3,854,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbalpar.dll
+ 2007-04-24 12:03:34 483,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbaprp.dll
+ 2007-04-24 12:09:42 1,998,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbaprpr.dll
+ 2007-04-24 12:01:38 311,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbapsw.dll
+ 2007-04-24 12:09:32 573,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbapswr.dll
+ 2007-04-24 19:24:28 119,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbapswx.exe
+ 2007-03-06 16:36:58 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbask0.dll
+ 2007-03-06 16:36:58 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbask1.dll
+ 2007-03-06 16:37:00 245,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbask2.dll
+ 2007-03-26 08:56:22 858,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbastrn.dll
+ 2007-03-26 08:51:02 89,600 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbaui5c.dll
+ 2007-04-24 12:09:18 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbaupd.dll
+ 2007-04-24 12:09:56 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbaupdr.dll
+ 2007-04-24 11:59:44 413,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbautil.dll
+ 2007-03-06 16:34:58 311,612 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\wavs.exe
+ 2005-10-05 13:19:30 73,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\hlp256.dll
+ 2005-04-27 10:06:34 430,080 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lexedf.dll
+ 2007-04-24 19:24:42 29,616 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lexgo.exe
+ 2007-01-22 23:18:28 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbacfg.dll
+ 2007-04-02 18:09:04 2,629,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbaclr1.dll
+ 2007-04-02 18:09:04 2,629,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbaclr2.dll
+ 2007-04-02 18:09:06 2,629,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbaclr3.dll
+ 2007-04-02 18:09:06 667,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbaclr4.dll
+ 2007-04-24 11:59:54 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbacu.dll
+ 2007-04-24 12:09:20 94,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbacur.dll
+ 2007-03-26 08:50:04 93,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbadr5c.dll
+ 2007-04-02 18:08:40 118,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbafc5c.dll
+ 2007-03-06 16:36:50 983,083 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbagf.dll
+ 2007-04-02 18:09:02 266,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbaicur.dll
+ 2007-04-24 12:00:28 131,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbains.dll
+ 2007-04-24 12:00:30 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbainsb.dll
+ 2007-04-24 12:09:22 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbainsr.dll
+ 2007-04-24 12:00:44 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbajsw.dll
+ 2007-04-24 12:09:26 479,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbajswr.dll
+ 2007-04-24 19:24:24 78,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbajswx.exe
+ 2007-04-24 12:09:06 778,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbalpa.dll
+ 2007-04-24 12:09:54 3,854,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbalpar.dll
+ 2007-04-24 12:03:34 483,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbaprp.dll
+ 2007-04-24 12:09:42 1,998,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbaprpr.dll
+ 2007-04-24 12:01:38 311,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbapsw.dll
+ 2007-04-24 12:09:32 573,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbapswr.dll
+ 2007-04-24 19:24:28 119,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbapswx.exe
+ 2007-03-06 16:36:58 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbask0.dll
+ 2007-03-06 16:36:58 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbask1.dll
+ 2007-03-06 16:37:00 245,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbask2.dll
+ 2007-03-26 08:56:22 858,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbastrn.dll
+ 2007-03-26 08:51:02 89,600 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbaui5c.dll
+ 2007-04-24 12:09:18 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbaupd.dll
+ 2007-04-24 12:09:56 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbaupdr.dll
+ 2007-04-24 11:59:44 413,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\lxbautil.dll
+ 2007-03-06 16:34:58 311,612 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_x5100_seriese0ce\wavs.exe
+ 2007-03-26 08:51:48 102,400 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbapp5c.dll
- 2004-08-03 23:56:58 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-28 10:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2004-08-03 23:56:46 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
+ 2004-12-07 19:32:34 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
- 2004-08-03 23:56:46 246,302 ----a-w C:\WINDOWS\system32\strmdll.dll
+ 2006-08-21 09:52:08 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
- 2004-08-03 23:56:48 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2006-10-19 13:56:32 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
- 2004-08-03 23:56:48 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll
+ 2005-10-17 21:14:46 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
- 2004-08-03 23:56:48 246,272 ----a-w C:\WINDOWS\system32\tapisrv.dll
+ 2005-07-08 16:27:56 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll

[Tenn Karti]

249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2004-08-03 23:56:58 75,264 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2005-05-10 23:45:48 75,776 ----a-w C:\WINDOWS\system32\telnet.exe
- 2001-08-23 12:00:00 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
+ 2001-08-17 22:36:34 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
- 2004-08-03 23:56:48 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2005-07-26 04:39:49 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2006-03-16 17:06:02 118,784 ----a-w C:\WINDOWS\system32\UCI32105.dll
- 2004-08-03 23:56:48 118,272 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2005-08-23 03:35:42 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2004-08-03 23:56:48 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2004-08-03 23:56:48 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-11 06:13:45 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2003-02-20 19:06:20 282,624 ----a-w C:\WINDOWS\system32\URTTemp\fusion.dll
+ 2003-02-20 19:06:24 155,648 ----a-w C:\WINDOWS\system32\URTTemp\mscoree.dll
+ 2003-02-20 19:09:18 77,824 ----a-w C:\WINDOWS\system32\URTTemp\mscorsn.dll
+ 2003-02-20 19:08:32 2,482,176 ----a-w C:\WINDOWS\system32\URTTemp\mscorwks.dll
+ 2003-02-21 04:42:22 348,160 ----a-w C:\WINDOWS\system32\URTTemp\msvcr71.dll
+ 2003-02-21 05:16:08 49,152 ----a-w C:\WINDOWS\system32\URTTemp\regtlib.exe
- 2004-08-04 00:56:48 74,240 ----a-w C:\WINDOWS\system32\usbui.dll
+ 2004-08-04 00:05:44 74,240 ----a-w C:\WINDOWS\system32\usbui.dll
- 2004-08-03 23:56:48 577,024 ----a-w C:\WINDOWS\system32\user32.dll
+ 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
+ 2006-03-17 00:38:01 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe
- 2004-08-03 23:56:48 67,584 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2007-04-10 14:00:46 236,928 ----a-w C:\WINDOWS\system32\WgaLogon.dll
+ 2007-04-10 14:01:18 336,768 ----a-w C:\WINDOWS\system32\WgaTray.exe
- 2004-08-03 23:56:48 333,312 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2004-08-03 22:17:42 1,835,904 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
- 2004-08-03 23:56:48 656,384 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-11 06:13:45 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
- 2004-08-03 23:56:48 290,816 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-03 23:56:48 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:28:27 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
- 2005-01-28 13:44:28 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 17:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-08-03 23:56:48 4,874,240 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 02:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2004-08-03 23:56:48 221,184 ----a-w C:\WINDOWS\system32\wmpns.dll
- 2005-01-28 13:44:28 2,370,296 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2004-08-03 23:56:48 430,592 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 19:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2004-08-03 23:56:58 111,104 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 19:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-08-03 23:56:48 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 19:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-08-03 23:56:48 112,640 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 19:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2004-08-03 23:56:48 36,864 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 19:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 19:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2004-08-03 23:56:48 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 19:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
- 2004-08-03 23:56:48 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-03-01 19:42:42 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2007-10-29 10:26:53 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-12-19 21:04:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6fc.dat
+ 2001-08-23 12:00:00 921,088 ----a-w C:\WINDOWS\WinSxS\InstallTemp\73825\comctl32.dll
+ 2007-05-08 15:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2007-04-18 10:36:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2007-01-19 20:15:24 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2007-01-19 20:15:24 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2007-01-19 20:15:24 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2007-01-19 20:15:24 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2006-12-01 22:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 22:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 22:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-08-25 15:45:55 1,054,208 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-12-02 15:42]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08]
"8k1qc6f"="C:\WINDOWS\system32\8k1qc6f.exe" [2007-12-14 23:40]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"Tcuzub"="C:\WINDOWS\system32\?icrosoft.NET\??rss.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 16:02]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-07-20 20:58 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 14:44 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"8k1qc6f"="C:\WINDOWS\system32\8k1qc6f.exe" [2007-12-14 23:40]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 21:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\tmp_e6y.dll

R2 lxba_device;lxba_device;C:\WINDOWS\system32\lxbacoms.exe -service
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\WINDOWS\system32\Drivers\R5U870FLx86.sys
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\WINDOWS\system32\Drivers\R5U870FUx86.sys
S2 WindowsDown;Performance Logs and Ale;C:\WINDOWS\system32\servet.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 16:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\TENNKR~1\LOCALS~1\Temp\pysayjyr06FCC24.dll
C:\Documents and Settings\All Users\Favorites\hfdf.hlp
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 21:06:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????E??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-19 21:08:22 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-10 21:01
.
--- E O F ---

[Tenn Karti]

Hi Shaba. I Just red your post now, anyway it's all posted now. I'll wait for further instructions... see you

[Shaba]

Hi

If snapshot section is again big, please edit it out.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\system32\servet.exe
C:\WINDOWS\system32\imnrmhub.dat
C:\WINDOWS\system32\xmksvcrf.dat
C:\WINDOWS\system32\wjseybkp.dat
C:\WINDOWS\system32\htbeozsh.dat
C:\WINDOWS\system32\yqzatrmi.dat
C:\WINDOWS\system32\8k1qc6f.exe
C:\WINDOWS\system32\mnfskqfx.exe

Folder::
C:\WINDOWS\VGVubiBLcmF0aQ
C:\WINDOWS\system32\twdr
C:\WINDOWS\system32\rey2
C:\WINDOWS\system32\ref1
C:\WINDOWS\system32\ineWc01
C:\Temp\tpBe12

Driver::
WindowsDown

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8k1qc6f"=-
"Tcuzub"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8k1qc6f"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

[Tenn Karti]

The Combofix version i had looks to be out of date and uninstalled itself from the computer when i tried to activate it. Where can i get the latest version or any tha will work?

[Shaba]

Hi

Try these links:

Link 1
Link 2
Link 3

[Tenn Karti]

ComboFix 07-12-21.4 - Tenn Krati 2007-12-21 22:17:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1578 [GMT 0:00]
Running from: C:\Documents and Settings\Tenn Krati\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tenn Krati\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\8k1qc6f.exe
C:\WINDOWS\system32\htbeozsh.dat
C:\WINDOWS\system32\imnrmhub.dat
C:\WINDOWS\system32\mnfskqfx.exe
C:\WINDOWS\system32\servet.exe
C:\WINDOWS\system32\wjseybkp.dat
C:\WINDOWS\system32\xmksvcrf.dat
C:\WINDOWS\system32\yqzatrmi.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\tpBe12
C:\Temp\tpBe12\etFr.log
C:\WINDOWS\system32\1.exe
C:\WINDOWS\system32\8k1qc6f.exe
C:\WINDOWS\system32\htbeozsh.dat
C:\WINDOWS\system32\imnrmhub.dat
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\ineWc01\ineWc011065.exe
C:\WINDOWS\system32\mnfskqfx.exe
C:\WINDOWS\system32\ref1
C:\WINDOWS\system32\rey2
C:\WINDOWS\system32\rey2\qopre83122.exe
C:\WINDOWS\system32\servet.exe
C:\WINDOWS\system32\twdr
C:\WINDOWS\system32\wjseybkp.dat
C:\WINDOWS\system32\xmksvcrf.dat
C:\WINDOWS\system32\yqzatrmi.dat
C:\WINDOWS\VGVubiBLcmF0aQ
C:\WINDOWS\VGVubiBLcmF0aQ\p3pRv21MwAIXuk.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WINDOWSDOWN
-------\WindowsDown


((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-21 11:56 . 2007-12-21 11:56 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-18 12:54 . 2007-12-18 12:54 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-17 21:48 . 2007-12-17 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-17 21:47 . 2007-12-17 21:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-17 16:16 . 2007-12-17 16:16 <DIR> d-------- C:\Program Files\CCleaner
2007-12-17 15:15 . 2007-12-17 15:15 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-17 14:56 . 2007-12-18 11:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-17 14:56 . 2007-12-17 14:56 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-17 14:18 . 2007-12-21 13:14 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-17 13:35 . 2007-12-17 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-17 13:05 . 2001-08-23 12:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2007-12-17 13:03 . 2001-08-23 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-12-17 13:02 . 2001-08-23 12:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2007-12-17 13:01 . 2004-08-03 23:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2007-12-17 12:58 . 2007-12-17 12:58 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-17 12:58 . 2007-12-17 12:58 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-17 12:58 . 2007-12-17 12:58 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-17 12:58 . 2007-12-17 12:58 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2007-12-17 12:58 . 2007-12-17 12:58 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-17 12:58 . 2007-12-17 12:58 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-17 12:40 . 2001-08-23 12:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-12-17 12:40 . 2001-08-23 12:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-12-17 12:40 . 2001-08-23 12:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-12-17 12:40 . 2001-08-23 12:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-12-16 23:57 . 2007-12-16 23:57 5,650 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 23:56 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-16 23:56 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-16 23:56 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-16 23:56 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-16 23:56 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-16 23:56 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-16 23:38 . 2007-12-16 23:38 <DIR> d--hs---- C:\SpyGuardPro
2007-12-16 23:38 . 2007-12-16 23:38 <DIR> d-------- C:\Documents and Settings\Tenn Krati\Application Data\SpyGuardPro
2007-12-16 23:38 . 2007-12-16 23:38 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2007-12-16 23:38 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-12-16 23:38 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-16 23:33 . 2007-12-21 22:18 <DIR> d-------- C:\Temp
2007-12-15 22:40 . 2007-12-18 00:48 <DIR> d-------- C:\Program Files\Soulseek
2007-12-15 17:51 . 2007-12-15 17:51 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2007-12-15 17:51 . 2007-12-15 17:51 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-15 00:48 . 2007-12-15 00:48 <DIR> d-------- C:\WINDOWS\CatRoot
2007-12-15 00:48 . 2006-08-10 20:00 921,656 --a------ C:\WINDOWS\system32\VGA.RAW
2007-12-15 00:48 . 2006-10-13 18:43 253,952 --a------ C:\WINDOWS\system32\vmprp326.ax
2007-12-15 00:48 . 2006-10-13 15:52 219,520 --a------ C:\WINDOWS\system32\drivers\usbvm326.sys
2007-12-15 00:48 . 2006-06-05 13:44 192,512 --a------ C:\WINDOWS\VimicroCam.exe
2007-12-15 00:48 . 2006-06-08 11:25 73,728 --a------ C:\WINDOWS\VMInstNT.exe
2007-12-15 00:48 . 2006-08-21 21:13 40,960 --a------ C:\WINDOWS\VM303UninstNT.exe
2007-12-15 00:48 . 2006-08-10 20:00 32,768 --a------ C:\WINDOWS\system32\VMCtrl326.ax
2007-12-15 00:48 . 2002-02-26 18:47 15,086 --a------ C:\WINDOWS\uninstall.ico
2007-12-15 00:48 . 2005-09-29 16:26 8,990 --a------ C:\WINDOWS\Product.ico
2007-12-15 00:41 . 2006-10-18 01:09 73,344 --a------ C:\WINDOWS\system32\drivers\R5U870FLx86.sys
2007-12-15 00:41 . 2006-10-18 01:09 43,904 --a------ C:\WINDOWS\system32\drivers\R5U870FUx86.sys
2007-12-15 00:09 . 2007-12-21 22:13 <DIR> d-------- C:\Documents and Settings\Tenn Krati\Application Data\skypePM
2007-12-15 00:09 . 2007-12-15 00:09 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-15 00:06 . 2007-12-15 00:06 <DIR> d-------- C:\Program Files\Skype
2007-12-15 00:06 . 2007-12-15 00:06 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-15 00:06 . 2007-12-21 22:15 <DIR> d-------- C:\Documents and Settings\Tenn Krati\Application Data\Skype
2007-12-15 00:06 . 2007-12-15 00:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-14 23:31 . 2007-12-14 23:31 <DIR> d-------- C:\System.sav
2007-12-14 20:20 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-14 20:20 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-13 09:52 . 2007-02-22 18:32 344,064 --a------ C:\WINDOWS\system32\lxbacoin.dll
2007-12-13 09:52 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-12-13 09:52 . 2005-12-16 15:15 40,960 --a------ C:\WINDOWS\system32\lxbavs.dll
2007-12-13 09:52 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-13 09:52 . 2007-12-21 13:26 461 --a------ C:\WINDOWS\Lexstat.ini
2007-12-13 09:51 . 2007-12-13 09:51 <DIR> d-------- C:\Program Files\Lexmark X5100 Series
2007-12-13 09:50 . 2007-12-13 09:50 <DIR> d-------- C:\drivers
2007-12-12 23:14 . 2007-12-12 23:14 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-12 14:53 . 2007-12-12 14:53 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2007-12-12 14:53 . 2007-12-12 14:53 <DIR> d-------- C:\Documents and Settings\Tenn Krati\Application Data\PACE Anti-Piracy
2007-12-12 14:53 . 2007-12-12 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2007-12-11 03:02 . 2007-12-11 03:02 <DIR> d-------- C:\Program Files\zabkat
2007-12-11 02:05 . 2007-12-11 02:05 78,648 --a------ C:\WINDOWS\system32\drivers\tpkd.sys
2007-12-11 01:47 . 2007-12-11 01:47 <DIR> d-------- C:\WINDOWS\Sun
2007-12-11 01:47 . 2007-12-11 01:47 <DIR> d-------- C:\Program Files\Java
2007-12-11 01:47 . 2007-12-11 01:47 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-11 01:47 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-11 01:45 . 2007-12-11 01:55 <DIR> d-------- C:\Documents and Settings\Tenn Krati\Application Data\Cycling '74
2007-12-11 00:45 . 2007-12-11 00:45 268 --ah----- C:\sqmdata00.sqm
2007-12-11 00:45 . 2007-12-11 00:45 244 --ah----- C:\sqmnoopt00.sqm
2007-12-11 00:44 . 2007-12-21 22:13 <DIR> d-------- C:\Documents and Settings\Tenn Krati\Tracing
2007-12-11 00:43 . 2007-12-11 00:43 <DIR> d-------- C:\Program Files\Windows Live
2007-12-11 00:42 . 2007-12-11 00:42 <DIR> d-------- C:\Documents and Settings\Tenn Krati\Application Data\Apple Computer
2007-12-11 00:38 . 2007-12-11 00:38 <DIR> d-------- C:\Program Files\QuickTime
2007-12-11 00:38 . 2007-12-11 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-11 00:37 . 2007-12-11 00:37 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-11 00:37 . 2007-12-11 00:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-11 00:29 . 2007-12-16 17:57 <DIR> d-------- C:\Documents and Settings\Tenn Krati\Application Data\BitTorrent
2007-12-11 00:09 . 2007-12-11 00:10 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-12-11 00:05 . 2007-12-11 00:05 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-11 00:00 . 2007-12-11 00:00 <DIR> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2007-12-11 00:00 . 2007-12-11 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-10 23:49 . 2007-12-11 14:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-10 23:24 . 2007-12-11 02:12 <DIR> d-------- C:\Program Files\Cycling '74
2007-12-10 23:24 . 2007-12-11 01:58 <DIR> d-------- C:\Program Files\Common Files\Cycling '74
2007-12-10 23:24 . 2005-05-16 21:21 397,312 --a------ C:\WINDOWS\system32\js32mt.dll
2007-12-10 23:24 . 2003-09-30 11:56 217,088 --a------ C:\WINDOWS\system32\ReWire.dll
2007-12-10 23:24 . 2005-07-21 13:29 159,744 --a------ C:\WINDOWS\system32\mactbldr.dll
2007-12-10 23:24 . 2005-07-28 15:17 90,112 --a------ C:\WINDOWS\system32\MaxAPI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 19:12 20,576 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-09 13:27 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-12-02 15:42]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 16:02]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-07-20 20:58 C:\WINDOWS\system32\nwiz.exe]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 19:29]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 14:44 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 21:59]

R2 lxba_device;lxba_device;C:\WINDOWS\system32\lxbacoms.exe -service []
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\WINDOWS\system32\Drivers\R5U870FLx86.sys [2006-10-18 01:09]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\WINDOWS\system32\Drivers\R5U870FUx86.sys [2006-10-18 01:09]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 16:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 22:22:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ??? B??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-21 22:24:13 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-19 21:08
C:\ComboFix3.txt ... 2007-12-10 21:01
.
2007-12-21 13:15:17 --- E O F ---