Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 47

Thread: Virtumonde.sdn

  1. 2009-03-24, 00:24 #21
    RallyReal
    RallyReal is offline
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Combofix Cont.

    + 2008-04-14 00:11:56 15,872 ------w c:\winnt\ServicePackFiles\i386\jsproxy.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbd101.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbd106.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbd106n.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdax2.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdbhc.dll
    - 2004-08-04 05:58:32 24,576 ------w c:\winnt\ServicePackFiles\i386\kbdclass.sys
    + 2008-04-13 18:39:47 24,576 ------w c:\winnt\ServicePackFiles\i386\kbdclass.sys
    - 2004-08-04 07:56:10 7,168 ------w c:\winnt\ServicePackFiles\i386\kbdfi1.dll
    + 2008-04-14 00:09:55 7,168 ------w c:\winnt\ServicePackFiles\i386\kbdfi1.dll
    - 2004-08-04 05:58:34 14,848 ------w c:\winnt\ServicePackFiles\i386\kbdhid.sys
    + 2008-04-13 18:39:48 14,592 ------w c:\winnt\ServicePackFiles\i386\kbdhid.sys
    + 2008-04-14 00:09:55 7,168 ------w c:\winnt\ServicePackFiles\i386\kbdibm02.dll
    - 2004-08-04 07:56:10 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdinbe1.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdinbe1.dll
    - 2004-08-04 07:56:10 6,656 ------w c:\winnt\ServicePackFiles\i386\kbdinben.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdinben.dll
    - 2004-08-04 07:56:10 6,656 ------w c:\winnt\ServicePackFiles\i386\kbdinmal.dll
    + 2008-04-14 00:09:55 6,656 ------w c:\winnt\ServicePackFiles\i386\kbdinmal.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdiultn.dll
    + 2008-04-14 00:09:55 6,656 ------w c:\winnt\ServicePackFiles\i386\kbdlk41a.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdlk41j.dll
    - 2004-08-04 07:56:10 5,632 ------w c:\winnt\ServicePackFiles\i386\kbdmaori.dll
    + 2008-04-14 00:09:55 5,632 ------w c:\winnt\ServicePackFiles\i386\kbdmaori.dll
    - 2004-08-04 07:56:10 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdmlt47.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdmlt47.dll
    - 2004-08-04 07:56:10 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdmlt48.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdmlt48.dll
    + 2008-04-14 00:09:55 7,168 ------w c:\winnt\ServicePackFiles\i386\kbdnec.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdnepr.dll
    - 2004-08-04 07:56:10 7,168 ------w c:\winnt\ServicePackFiles\i386\kbdno1.dll
    + 2008-04-14 00:09:55 7,168 ------w c:\winnt\ServicePackFiles\i386\kbdno1.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\ServicePackFiles\i386\kbdpash.dll
    - 2004-08-04 07:56:10 7,680 ------w c:\winnt\ServicePackFiles\i386\kbdsmsfi.dll
    + 2008-04-14 00:09:55 7,680 ------w c:\winnt\ServicePackFiles\i386\kbdsmsfi.dll
    - 2004-08-04 07:56:10 7,680 ------w c:\winnt\ServicePackFiles\i386\kbdsmsno.dll
    + 2008-04-14 00:09:55 7,680 ------w c:\winnt\ServicePackFiles\i386\kbdsmsno.dll
    - 2004-08-04 07:56:10 7,168 ------w c:\winnt\ServicePackFiles\i386\kbdukx.dll
    + 2008-04-14 00:09:55 7,168 ------w c:\winnt\ServicePackFiles\i386\kbdukx.dll
    - 2004-08-04 05:59:23 7,424 ------w c:\winnt\ServicePackFiles\i386\kd1394.dll
    + 2008-04-13 18:31:35 7,424 ------w c:\winnt\ServicePackFiles\i386\kd1394.dll
    + 2008-04-14 00:11:56 184,832 ------w c:\winnt\ServicePackFiles\i386\kdcsvc.dll
    + 2008-04-14 00:11:56 48,640 ------w c:\winnt\ServicePackFiles\i386\kdsui.dll
    + 2008-04-14 00:11:56 253,952 ------w c:\winnt\ServicePackFiles\i386\kdsusd.dll
    - 2004-08-04 07:56:42 294,400 ------w c:\winnt\ServicePackFiles\i386\kerberos.dll
    + 2008-04-14 00:11:56 299,520 ------w c:\winnt\ServicePackFiles\i386\kerberos.dll
    - 2004-08-04 07:56:42 983,552 ------w c:\winnt\ServicePackFiles\i386\kernel32.dll
    + 2008-04-14 00:11:56 989,696 ------w c:\winnt\ServicePackFiles\i386\kernel32.dll
    - 2004-08-04 07:56:42 150,528 ------w c:\winnt\ServicePackFiles\i386\keymgr.dll
    + 2008-04-14 00:11:56 150,528 ------w c:\winnt\ServicePackFiles\i386\keymgr.dll
    - 2004-08-04 06:07:48 171,776 ------w c:\winnt\ServicePackFiles\i386\kmixer.sys
    + 2008-04-13 18:45:09 172,416 ------w c:\winnt\ServicePackFiles\i386\kmixer.sys
    + 2008-04-14 00:11:56 61,440 ------w c:\winnt\ServicePackFiles\i386\kmsvc.dll
    + 2008-04-14 00:09:56 102,912 ------w c:\winnt\ServicePackFiles\i386\knperdpc.dll
    + 2008-04-14 00:09:56 24,064 ------w c:\winnt\ServicePackFiles\i386\knperpid.dll
    + 2008-04-14 00:09:56 102,912 ------w c:\winnt\ServicePackFiles\i386\knprodpc.dll
    + 2008-04-14 00:09:56 24,576 ------w c:\winnt\ServicePackFiles\i386\knpropid.dll
    + 2008-04-14 00:11:56 8,192 ------w c:\winnt\ServicePackFiles\i386\koc.dll
    + 2008-04-14 00:09:56 102,912 ------w c:\winnt\ServicePackFiles\i386\kperdpc.dll
    + 2008-04-14 00:09:56 24,064 ------w c:\winnt\ServicePackFiles\i386\kperpid.dll
    + 2008-04-14 00:09:56 102,912 ------w c:\winnt\ServicePackFiles\i386\kprodpc.dll
    + 2008-04-14 00:09:56 24,576 ------w c:\winnt\ServicePackFiles\i386\kpropid.dll
    - 2004-08-04 07:56:42 24,576 ------w c:\winnt\ServicePackFiles\i386\krnlprov.dll
    + 2008-04-14 00:11:56 24,576 ------w c:\winnt\ServicePackFiles\i386\krnlprov.dll
    - 2004-08-04 06:15:21 140,928 ------w c:\winnt\ServicePackFiles\i386\ks.sys
    + 2008-04-13 19:16:36 141,056 ------w c:\winnt\ServicePackFiles\i386\ks.sys
    - 2004-08-04 05:59:47 92,032 ------w c:\winnt\ServicePackFiles\i386\ksecdd.sys
    + 2008-04-13 18:31:43 92,288 ------w c:\winnt\ServicePackFiles\i386\ksecdd.sys
    - 2004-08-04 07:56:42 4,096 ------w c:\winnt\ServicePackFiles\i386\ksuser.dll
    + 2008-04-14 00:11:56 4,096 ------w c:\winnt\ServicePackFiles\i386\ksuser.dll
    + 2008-04-14 00:11:56 37,376 ------w c:\winnt\ServicePackFiles\i386\l2store.dll
    - 2004-08-04 05:31:51 97,792 ------w c:\winnt\ServicePackFiles\i386\lang\chtmbx.dll
    + 2008-04-14 00:09:05 97,792 ------w c:\winnt\ServicePackFiles\i386\lang\chtmbx.dll
    - 2004-08-04 05:31:52 56,320 ------w c:\winnt\ServicePackFiles\i386\lang\chtskdic.dll
    + 2008-04-14 00:09:05 56,320 ------w c:\winnt\ServicePackFiles\i386\lang\chtskdic.dll
    - 2004-08-04 05:31:53 173,568 ------w c:\winnt\ServicePackFiles\i386\lang\chtskf.dll
    + 2008-04-14 00:09:05 173,568 ------w c:\winnt\ServicePackFiles\i386\lang\chtskf.dll
    - 2004-08-04 05:31:52 198,656 ------w c:\winnt\ServicePackFiles\i386\lang\cintime.dll
    + 2008-04-14 00:09:06 198,656 ------w c:\winnt\ServicePackFiles\i386\lang\cintime.dll
    + 2008-04-14 00:09:39 13,463,552 ------w c:\winnt\ServicePackFiles\i386\lang\hwxjpn.dll
    - 2004-08-04 06:04:36 106,496 ------w c:\winnt\ServicePackFiles\i386\lang\imekrcic.dll
    + 2008-04-14 00:09:43 106,496 ------w c:\winnt\ServicePackFiles\i386\lang\imekrcic.dll
    - 2004-08-04 06:04:32 86,016 ------w c:\winnt\ServicePackFiles\i386\lang\imekrmbx.dll
    + 2008-04-14 00:09:43 86,016 ------w c:\winnt\ServicePackFiles\i386\lang\imekrmbx.dll
    - 2004-08-04 05:31:48 811,064 ------w c:\winnt\ServicePackFiles\i386\lang\imjp81k.dll
    + 2008-04-14 00:09:44 811,064 ------w c:\winnt\ServicePackFiles\i386\lang\imjp81k.dll
    - 2004-08-04 05:31:50 368,696 ------w c:\winnt\ServicePackFiles\i386\lang\imjpcic.dll
    + 2008-04-14 00:09:45 368,696 ------w c:\winnt\ServicePackFiles\i386\lang\imjpcic.dll
    - 2004-08-04 05:31:51 716,856 ------w c:\winnt\ServicePackFiles\i386\lang\imjpcus.dll
    + 2008-04-14 00:09:45 716,856 ------w c:\winnt\ServicePackFiles\i386\lang\imjpcus.dll
    - 2004-08-04 05:31:52 81,976 ------w c:\winnt\ServicePackFiles\i386\lang\imjpdct.dll
    + 2008-04-14 00:09:45 81,976 ------w c:\winnt\ServicePackFiles\i386\lang\imjpdct.dll
    - 2004-08-04 05:32:15 274,489 ------w c:\winnt\ServicePackFiles\i386\lang\imjputyc.dll
    + 2008-04-14 00:09:46 274,489 ------w c:\winnt\ServicePackFiles\i386\lang\imjputyc.dll
    - 2004-08-04 05:32:26 102,456 ------w c:\winnt\ServicePackFiles\i386\lang\imlang.dll
    + 2008-04-14 00:09:46 102,456 ------w c:\winnt\ServicePackFiles\i386\lang\imlang.dll
    + 2008-04-14 00:09:47 315,455 ------w c:\winnt\ServicePackFiles\i386\lang\imskf.dll
    - 2004-08-04 05:32:10 15,872 ------w c:\winnt\ServicePackFiles\i386\lang\padrs404.dll
    + 2008-04-14 00:10:33 15,872 ------w c:\winnt\ServicePackFiles\i386\lang\padrs404.dll
    - 2004-08-04 05:31:49 15,360 ------w c:\winnt\ServicePackFiles\i386\lang\padrs804.dll
    + 2008-04-14 00:10:33 15,360 ------w c:\winnt\ServicePackFiles\i386\lang\padrs804.dll
    - 2004-08-04 05:31:49 175,104 ------w c:\winnt\ServicePackFiles\i386\lang\pintlcsa.dll
    + 2008-04-14 00:10:34 175,104 ------w c:\winnt\ServicePackFiles\i386\lang\pintlcsa.dll
    - 2004-08-04 05:31:49 53,760 ------w c:\winnt\ServicePackFiles\i386\lang\pintlcsd.dll
    + 2008-04-14 00:10:34 53,760 ------w c:\winnt\ServicePackFiles\i386\lang\pintlcsd.dll
    - 2004-08-04 05:31:48 70,144 ------w c:\winnt\ServicePackFiles\i386\lang\pintlphr.exe
    + 2008-04-13 16:43:36 70,144 ------w c:\winnt\ServicePackFiles\i386\lang\pintlphr.exe
    - 2004-08-04 05:31:49 67,584 ------w c:\winnt\ServicePackFiles\i386\lang\pmigrate.dll
    + 2008-04-14 00:10:34 67,584 ------w c:\winnt\ServicePackFiles\i386\lang\pmigrate.dll
    - 2004-08-04 05:32:13 10,240 ------w c:\winnt\ServicePackFiles\i386\lang\tmigrate.dll
    + 2008-04-14 00:10:59 10,240 ------w c:\winnt\ServicePackFiles\i386\lang\tmigrate.dll
    - 2004-08-04 06:04:11 76,288 ------w c:\winnt\ServicePackFiles\i386\lang\uniime.dll
    + 2008-04-14 00:11:01 76,288 ------w c:\winnt\ServicePackFiles\i386\lang\uniime.dll
    - 2004-08-04 05:32:34 426,041 ------w c:\winnt\ServicePackFiles\i386\lang\voicepad.dll
    + 2008-04-14 00:11:04 426,041 ------w c:\winnt\ServicePackFiles\i386\lang\voicepad.dll
    - 2004-08-04 05:32:35 86,073 ------w c:\winnt\ServicePackFiles\i386\lang\voicesub.dll
    + 2008-04-14 00:11:04 86,073 ------w c:\winnt\ServicePackFiles\i386\lang\voicesub.dll
    - 2004-08-04 05:59:32 34,688 ------w c:\winnt\ServicePackFiles\i386\lbrtfdc.sys
    + 2008-04-13 18:40:26 34,688 ------w c:\winnt\ServicePackFiles\i386\lbrtfdc.sys
    + 2008-04-14 00:12:23 677,888 ------w c:\winnt\ServicePackFiles\i386\lhmstsc.exe
    + 2008-04-14 00:11:56 2,061,824 ------w c:\winnt\ServicePackFiles\i386\lhmstscx.dll
    - 2004-08-04 07:56:44 423,936 ------w c:\winnt\ServicePackFiles\i386\licdll.dll
    + 2008-04-14 12:41:58 423,936 ------w c:\winnt\ServicePackFiles\i386\licdll.dll
    - 2004-08-04 07:56:42 22,016 ------w c:\winnt\ServicePackFiles\i386\licmgr10.dll
    + 2008-04-14 00:11:56 22,016 ------w c:\winnt\ServicePackFiles\i386\licmgr10.dll
    - 2004-08-04 07:56:42 58,880 ------w c:\winnt\ServicePackFiles\i386\licwmi.dll
    + 2008-04-14 00:11:56 58,880 ------w c:\winnt\ServicePackFiles\i386\licwmi.dll
    - 2004-08-04 07:56:42 18,944 ------w c:\winnt\ServicePackFiles\i386\linkinfo.dll
    + 2008-04-14 00:11:56 19,968 ------w c:\winnt\ServicePackFiles\i386\linkinfo.dll
    - 2004-08-04 07:56:42 13,824 ------w c:\winnt\ServicePackFiles\i386\lmhsvc.dll
    + 2008-04-14 00:11:56 13,824 ------w c:\winnt\ServicePackFiles\i386\lmhsvc.dll
    - 2004-08-04 07:56:42 33,792 ------w c:\winnt\ServicePackFiles\i386\lmmib2.dll
    + 2008-04-14 00:11:56 33,792 ------w c:\winnt\ServicePackFiles\i386\lmmib2.dll
    - 2004-08-04 07:56:42 399,872 ------w c:\winnt\ServicePackFiles\i386\lmrt.dll
    + 2008-04-14 00:11:56 399,872 ------w c:\winnt\ServicePackFiles\i386\lmrt.dll
    - 2004-08-04 07:56:42 97,280 ------w c:\winnt\ServicePackFiles\i386\loadperf.dll
    + 2008-04-14 00:11:56 97,280 ------w c:\winnt\ServicePackFiles\i386\loadperf.dll
    - 2004-08-04 07:56:42 221,696 ------w c:\winnt\ServicePackFiles\i386\localsec.dll
    + 2008-04-14 00:11:56 221,696 ------w c:\winnt\ServicePackFiles\i386\localsec.dll
    - 2004-08-04 07:56:42 341,504 ------w c:\winnt\ServicePackFiles\i386\localspl.dll
    + 2008-04-14 00:11:56 343,040 ------w c:\winnt\ServicePackFiles\i386\localspl.dll
    - 2004-08-04 07:56:42 11,776 ------w c:\winnt\ServicePackFiles\i386\localui.dll
    + 2008-04-14 00:11:56 11,776 ------w c:\winnt\ServicePackFiles\i386\localui.dll
    - 2004-08-04 07:56:50 75,264 ------w c:\winnt\ServicePackFiles\i386\locator.exe
    + 2008-04-14 00:12:24 75,264 ------w c:\winnt\ServicePackFiles\i386\locator.exe
    - 2004-08-04 07:56:42 19,968 ------w c:\winnt\ServicePackFiles\i386\log.dll
    + 2008-04-14 00:11:56 19,968 ------w c:\winnt\ServicePackFiles\i386\log.dll
    - 2004-08-04 07:56:50 59,392 ------w c:\winnt\ServicePackFiles\i386\logman.exe
    + 2008-04-14 00:12:24 59,392 ------w c:\winnt\ServicePackFiles\i386\logman.exe
    - 2004-08-04 07:56:57 220,672 ------w c:\winnt\ServicePackFiles\i386\logon.scr
    + 2008-04-14 00:12:43 220,672 ------w c:\winnt\ServicePackFiles\i386\logon.scr
    - 2004-08-04 07:56:50 514,560 ------w c:\winnt\ServicePackFiles\i386\logonui.exe
    + 2008-04-14 00:12:24 514,560 ------w c:\winnt\ServicePackFiles\i386\logonui.exe
    - 2004-08-04 07:56:42 22,528 ------w c:\winnt\ServicePackFiles\i386\lpdsvc.dll
    + 2008-04-14 00:11:56 22,528 ------w c:\winnt\ServicePackFiles\i386\lpdsvc.dll
    - 2004-08-04 07:56:42 22,016 ------w c:\winnt\ServicePackFiles\i386\lpk.dll
    + 2008-04-14 00:11:56 22,016 ------w c:\winnt\ServicePackFiles\i386\lpk.dll
    - 2004-08-04 07:56:42 10,240 ------w c:\winnt\ServicePackFiles\i386\lprhelp.dll
    + 2008-04-14 00:11:56 10,240 ------w c:\winnt\ServicePackFiles\i386\lprhelp.dll
    - 2004-08-04 07:56:42 18,944 ------w c:\winnt\ServicePackFiles\i386\lprmon.dll
    + 2008-04-14 00:11:56 18,944 ------w c:\winnt\ServicePackFiles\i386\lprmon.dll
    - 2004-08-04 07:56:42 721,920 ------w c:\winnt\ServicePackFiles\i386\lsasrv.dll
    + 2008-04-14 00:11:56 728,064 ------w c:\winnt\ServicePackFiles\i386\lsasrv.dll
    - 2004-08-04 07:56:50 13,312 ------w c:\winnt\ServicePackFiles\i386\lsass.exe
    + 2008-04-14 00:12:24 13,312 ------w c:\winnt\ServicePackFiles\i386\lsass.exe
    - 2004-08-04 06:00:06 7,040 ------w c:\winnt\ServicePackFiles\i386\ltotape.sys
    + 2008-04-13 18:40:52 7,040 ------w c:\winnt\ServicePackFiles\i386\ltotape.sys
    - 2004-08-04 07:56:50 72,704 ------w c:\winnt\ServicePackFiles\i386\magnify.exe
    + 2008-04-14 00:12:24 72,704 ------w c:\winnt\ServicePackFiles\i386\magnify.exe
    - 2004-08-04 07:56:50 85,504 ------w c:\winnt\ServicePackFiles\i386\makecab.exe
    + 2008-04-14 00:12:25 57,344 ------w c:\winnt\ServicePackFiles\i386\makecab.exe
    - 2004-08-04 07:56:42 14,848 ------w c:\winnt\ServicePackFiles\i386\mcastmib.dll
    + 2008-04-14 00:11:56 14,336 ------w c:\winnt\ServicePackFiles\i386\mcastmib.dll
    - 2004-08-04 07:56:42 84,480 ------w c:\winnt\ServicePackFiles\i386\mciavi32.dll
    + 2008-04-14 00:11:56 84,480 ------w c:\winnt\ServicePackFiles\i386\mciavi32.dll
    - 2004-08-04 07:56:42 35,328 ------w c:\winnt\ServicePackFiles\i386\mciqtz32.dll
    + 2008-04-14 00:11:56 35,328 ------w c:\winnt\ServicePackFiles\i386\mciqtz32.dll
    - 2004-08-04 07:56:42 23,040 ------w c:\winnt\ServicePackFiles\i386\mciseq.dll
    + 2008-04-14 00:11:56 23,040 ------w c:\winnt\ServicePackFiles\i386\mciseq.dll
    - 2004-08-04 07:56:42 23,552 ------w c:\winnt\ServicePackFiles\i386\mciwave.dll
    + 2008-04-14 00:11:56 23,552 ------w c:\winnt\ServicePackFiles\i386\mciwave.dll
    - 2004-08-04 07:56:42 118,272 ------w c:\winnt\ServicePackFiles\i386\mdminst.dll
    + 2008-04-14 00:11:56 118,272 ------w c:\winnt\ServicePackFiles\i386\mdminst.dll
    - 2004-08-04 07:56:42 86,016 ------w c:\winnt\ServicePackFiles\i386\mdmxsdk.dll
    + 2008-04-14 00:11:56 86,016 ------w c:\winnt\ServicePackFiles\i386\mdmxsdk.dll
    - 2004-08-04 06:00:49 26,112 ------w c:\winnt\ServicePackFiles\i386\memstpci.sys
    + 2008-04-13 18:41:21 26,112 ------w c:\winnt\ServicePackFiles\i386\memstpci.sys
    - 2004-08-04 06:07:44 63,744 ------w c:\winnt\ServicePackFiles\i386\mf.sys
    + 2008-04-13 18:36:41 63,744 ------w c:\winnt\ServicePackFiles\i386\mf.sys
    - 2004-08-04 07:56:42 39,936 ------w c:\winnt\ServicePackFiles\i386\mf3216.dll
    + 2008-04-14 00:11:56 40,960 ------w c:\winnt\ServicePackFiles\i386\mf3216.dll
    + 2008-04-14 00:11:56 927,504 ------w c:\winnt\ServicePackFiles\i386\mfc40u.dll
    - 2004-08-04 07:56:42 1,028,096 ------w c:\winnt\ServicePackFiles\i386\mfc42.dll
    + 2008-04-14 00:11:56 1,028,096 ------w c:\winnt\ServicePackFiles\i386\mfc42.dll
    - 2004-08-04 07:56:42 1,024,000 ------w c:\winnt\ServicePackFiles\i386\mfc42u.dll
    + 2006-10-14 08:13:25 981,760 ------w c:\winnt\ServicePackFiles\i386\mfc42u.dll
    - 2004-08-04 07:56:42 22,528 ------w c:\winnt\ServicePackFiles\i386\mfcsubs.dll
    + 2008-04-14 00:11:56 22,528 ------w c:\winnt\ServicePackFiles\i386\mfcsubs.dll
    - 2004-08-04 07:56:42 14,848 ------w c:\winnt\ServicePackFiles\i386\mgmtapi.dll
    + 2008-04-14 00:11:56 14,848 ------w c:\winnt\ServicePackFiles\i386\mgmtapi.dll
    - 2004-08-04 07:56:42 18,944 ------w c:\winnt\ServicePackFiles\i386\midimap.dll
    + 2008-04-14 00:11:57 18,944 ------w c:\winnt\ServicePackFiles\i386\midimap.dll
    - 2004-08-04 07:56:42 201,216 ------w c:\winnt\ServicePackFiles\i386\migism.dll
    + 2008-04-14 00:11:57 274,432 ------w c:\winnt\ServicePackFiles\i386\migism.dll
    + 2008-04-14 00:11:57 261,120 ------w c:\winnt\ServicePackFiles\i386\migisma.dll
    - 2004-08-04 07:56:42 60,928 ------w c:\winnt\ServicePackFiles\i386\miglibnt.dll
    + 2008-04-14 00:11:57 60,928 ------w c:\winnt\ServicePackFiles\i386\miglibnt.dll
    - 2004-08-04 07:56:50 103,424 ------w c:\winnt\ServicePackFiles\i386\migload.exe
    + 2008-04-14 00:12:25 103,936 ------w c:\winnt\ServicePackFiles\i386\migload.exe
    - 2004-08-04 07:56:51 7,680 ------w c:\winnt\ServicePackFiles\i386\migregdb.exe
    + 2008-04-14 00:12:25 7,680 ------w c:\winnt\ServicePackFiles\i386\migregdb.exe
    - 2004-08-04 07:56:51 240,128 ------w c:\winnt\ServicePackFiles\i386\migwiz.exe
    + 2008-04-14 00:12:25 245,248 ------w c:\winnt\ServicePackFiles\i386\migwiz.exe
    + 2008-04-14 00:12:25 241,152 ------w c:\winnt\ServicePackFiles\i386\migwiza.exe
    + 2008-04-14 00:11:57 29,696 ------w c:\winnt\ServicePackFiles\i386\mimefilt.dll
    - 2004-08-04 07:56:42 586,240 ------w c:\winnt\ServicePackFiles\i386\mlang.dll
    + 2008-04-14 00:11:57 586,240 ------w c:\winnt\ServicePackFiles\i386\mlang.dll
    - 2004-08-04 07:56:51 815,104 ------w c:\winnt\ServicePackFiles\i386\mmc.exe
    + 2008-04-14 00:12:25 1,414,656 ------w c:\winnt\ServicePackFiles\i386\mmc.exe
    + 2008-04-14 00:11:57 184,320 ------w c:\winnt\ServicePackFiles\i386\mmc30.dll
    + 2008-04-14 00:11:57 28,672 ------w c:\winnt\ServicePackFiles\i386\mmc30r.dll
    - 2004-08-04 07:56:42 70,656 ------w c:\winnt\ServicePackFiles\i386\mmcbase.dll
    + 2008-04-14 00:11:57 163,328 ------w c:\winnt\ServicePackFiles\i386\mmcbase.dll
    + 2008-04-14 00:11:57 397,312 ------w c:\winnt\ServicePackFiles\i386\mmcex.dll
    + 2008-04-14 00:11:57 40,960 ------w c:\winnt\ServicePackFiles\i386\mmcexr.dll
    + 2008-04-14 00:11:57 106,496 ------w c:\winnt\ServicePackFiles\i386\mmcfxc.dll
    + 2008-04-14 00:11:57 6,656 ------w c:\winnt\ServicePackFiles\i386\mmcfxcr.dll
    - 2004-08-04 07:56:42 1,192,960 ------w c:\winnt\ServicePackFiles\i386\mmcndmgr.dll
    + 2008-04-14 00:11:57 1,872,896 ------w c:\winnt\ServicePackFiles\i386\mmcndmgr.dll
    + 2008-04-14 00:12:25 33,792 ------w c:\winnt\ServicePackFiles\i386\mmcperf.exe
    - 2004-08-04 07:56:42 50,688 ------w c:\winnt\ServicePackFiles\i386\mmcshext.dll
    + 2008-04-14 00:11:57 61,440 ------w c:\winnt\ServicePackFiles\i386\mmcshext.dll
    - 2004-08-04 07:56:42 17,408 ------w c:\winnt\ServicePackFiles\i386\mmfutil.dll
    + 2008-04-14 00:11:57 17,408 ------w c:\winnt\ServicePackFiles\i386\mmfutil.dll
    - 2004-08-04 07:56:42 34,560 ------w c:\winnt\ServicePackFiles\i386\mnmdd.dll
    + 2008-04-14 00:11:57 34,560 ------w c:\winnt\ServicePackFiles\i386\mnmdd.dll
    - 2004-08-04 07:56:51 32,768 ------w c:\winnt\ServicePackFiles\i386\mnmsrvc.exe
    + 2008-04-14 00:12:25 32,768 ------w c:\winnt\ServicePackFiles\i386\mnmsrvc.exe
    - 2004-08-04 07:56:42 207,360 ------w c:\winnt\ServicePackFiles\i386\mobsync.dll
    + 2008-04-14 00:11:57 207,360 ------w c:\winnt\ServicePackFiles\i386\mobsync.dll
    - 2004-08-04 07:56:51 143,360 ------w c:\winnt\ServicePackFiles\i386\mobsync.exe
    + 2008-04-14 00:12:26 143,360 ------w c:\winnt\ServicePackFiles\i386\mobsync.exe
    - 2004-08-04 06:08:05 30,080 ------w c:\winnt\ServicePackFiles\i386\modem.sys
    + 2008-04-13 19:00:19 30,080 ------w c:\winnt\ServicePackFiles\i386\modem.sys
    - 2004-08-04 07:56:42 153,600 ------w c:\winnt\ServicePackFiles\i386\modemui.dll
    + 2008-04-14 00:11:57 153,600 ------w c:\winnt\ServicePackFiles\i386\modemui.dll
    - 2004-08-04 07:56:51 16,384 ------w c:\winnt\ServicePackFiles\i386\mofcomp.exe
    + 2008-04-14 00:12:26 16,384 ------w c:\winnt\ServicePackFiles\i386\mofcomp.exe
    - 2004-08-04 07:56:42 123,904 ------w c:\winnt\ServicePackFiles\i386\mofd.dll
    + 2008-04-14 00:11:57 123,904 ------w c:\winnt\ServicePackFiles\i386\mofd.dll
    + 2008-04-14 00:12:42 16,896 ------w c:\winnt\ServicePackFiles\i386\more.com
    - 2004-08-04 07:56:11 216,064 ------w c:\winnt\ServicePackFiles\i386\moricons.dll
    + 2008-04-13 16:45:30 216,064 ------w c:\winnt\ServicePackFiles\i386\moricons.dll
    - 2004-08-04 05:58:32 23,040 ------w c:\winnt\ServicePackFiles\i386\mouclass.sys
    + 2008-04-13 18:39:47 23,040 ------w c:\winnt\ServicePackFiles\i386\mouclass.sys
    - 2004-08-04 05:58:30 42,240 ------w c:\winnt\ServicePackFiles\i386\mountmgr.sys
    + 2008-04-13 18:39:46 42,368 ------w c:\winnt\ServicePackFiles\i386\mountmgr.sys
    - 2004-08-04 07:56:52 3,555,328 ------w c:\winnt\ServicePackFiles\i386\moviemk.exe
    + 2008-04-14 00:12:27 3,558,912 ------w c:\winnt\ServicePackFiles\i386\moviemk.exe
    - 2004-08-04 06:10:12 15,360 ------w c:\winnt\ServicePackFiles\i386\mpe.sys
    + 2008-04-13 18:46:22 15,232 ------w c:\winnt\ServicePackFiles\i386\mpe.sys
    - 2004-08-04 07:56:52 123,392 ------w c:\winnt\ServicePackFiles\i386\mplay32.exe
    + 2008-04-14 00:12:27 123,392 ------w c:\winnt\ServicePackFiles\i386\mplay32.exe
    - 2004-08-04 07:56:42 59,904 ------w c:\winnt\ServicePackFiles\i386\mpr.dll
    + 2008-04-14 00:11:57 59,904 ------w c:\winnt\ServicePackFiles\i386\mpr.dll
    - 2004-08-04 07:56:42 87,040 ------w c:\winnt\ServicePackFiles\i386\mprapi.dll
    + 2008-04-14 00:11:57 87,040 ------w c:\winnt\ServicePackFiles\i386\mprapi.dll
    + 2008-04-14 00:11:57 53,248 ------w c:\winnt\ServicePackFiles\i386\mprdim.dll
    - 2004-08-04 06:00:56 181,248 ------w c:\winnt\ServicePackFiles\i386\mrxdav.sys
    + 2008-04-13 18:32:44 180,608 ------w c:\winnt\ServicePackFiles\i386\mrxdav.sys
    - 2004-08-04 06:15:16 451,456 ------w c:\winnt\ServicePackFiles\i386\mrxsmb.sys
    + 2008-04-13 19:17:01 456,576 ------w c:\winnt\ServicePackFiles\i386\mrxsmb.sys
    - 2004-08-04 07:56:42 71,680 ------w c:\winnt\ServicePackFiles\i386\msacm32.dll
    + 2008-04-14 00:11:58 71,680 ------w c:\winnt\ServicePackFiles\i386\msacm32.dll
    - 2004-08-04 07:56:42 331,776 ------w c:\winnt\ServicePackFiles\i386\msadce.dll
    + 2008-04-14 00:11:58 331,776 ------w c:\winnt\ServicePackFiles\i386\msadce.dll
    - 2004-08-04 07:56:12 20,480 ------w c:\winnt\ServicePackFiles\i386\msadcer.dll
    + 2008-04-13 17:25:57 20,480 ------w c:\winnt\ServicePackFiles\i386\msadcer.dll
    - 2004-08-04 07:56:42 61,440 ------w c:\winnt\ServicePackFiles\i386\msadcf.dll
    + 2008-04-14 00:11:58 61,440 ------w c:\winnt\ServicePackFiles\i386\msadcf.dll
    - 2004-08-04 07:56:12 16,384 ------w c:\winnt\ServicePackFiles\i386\msadcfr.dll
    + 2008-04-13 17:25:57 16,384 ------w c:\winnt\ServicePackFiles\i386\msadcfr.dll
    - 2004-08-04 07:56:42 143,360 ------w c:\winnt\ServicePackFiles\i386\msadco.dll
    + 2008-04-14 00:11:58 143,360 ------w c:\winnt\ServicePackFiles\i386\msadco.dll
    - 2004-08-04 07:56:12 16,384 ------w c:\winnt\ServicePackFiles\i386\msadcor.dll
    + 2008-04-13 17:25:57 16,384 ------w c:\winnt\ServicePackFiles\i386\msadcor.dll
    - 2004-08-04 07:56:42 53,248 ------w c:\winnt\ServicePackFiles\i386\msadcs.dll
    + 2008-04-14 00:11:58 53,248 ------w c:\winnt\ServicePackFiles\i386\msadcs.dll
    - 2004-08-04 07:56:42 155,648 ------w c:\winnt\ServicePackFiles\i386\msadds.dll
    + 2008-04-14 00:11:58 155,648 ------w c:\winnt\ServicePackFiles\i386\msadds.dll
    - 2004-08-04 07:56:12 24,576 ------w c:\winnt\ServicePackFiles\i386\msaddsr.dll
    + 2008-04-13 17:25:58 24,576 ------w c:\winnt\ServicePackFiles\i386\msaddsr.dll
    - 2004-08-04 07:56:12 24,576 ------w c:\winnt\ServicePackFiles\i386\msader15.dll
    + 2008-04-13 17:26:17 24,576 ------w c:\winnt\ServicePackFiles\i386\msader15.dll
    - 2004-08-04 07:56:42 536,576 ------w c:\winnt\ServicePackFiles\i386\msado15.dll
    + 2008-04-14 00:11:58 536,576 ------w c:\winnt\ServicePackFiles\i386\msado15.dll
    - 2004-08-04 07:56:42 180,224 ------w c:\winnt\ServicePackFiles\i386\msadomd.dll
    + 2008-04-14 00:11:58 180,224 ------w c:\winnt\ServicePackFiles\i386\msadomd.dll
    - 2004-08-04 07:56:42 57,344 ------w c:\winnt\ServicePackFiles\i386\msador15.dll
    + 2008-04-14 00:11:58 57,344 ------w c:\winnt\ServicePackFiles\i386\msador15.dll
    - 2004-08-04 07:56:42 200,704 ------w c:\winnt\ServicePackFiles\i386\msadox.dll
    + 2008-04-14 00:11:58 200,704 ------w c:\winnt\ServicePackFiles\i386\msadox.dll
    - 2004-08-04 07:56:42 57,344 ------w c:\winnt\ServicePackFiles\i386\msadrh15.dll
    + 2008-04-14 00:11:58 57,344 ------w c:\winnt\ServicePackFiles\i386\msadrh15.dll
    - 2004-08-04 07:56:12 3,584 ------w c:\winnt\ServicePackFiles\i386\msafd.dll
    + 2008-04-14 00:10:06 3,584 ------w c:\winnt\ServicePackFiles\i386\msafd.dll
    - 2004-08-04 07:56:42 86,016 ------w c:\winnt\ServicePackFiles\i386\msapsspc.dll
    + 2008-04-14 00:11:58 86,016 ------w c:\winnt\ServicePackFiles\i386\msapsspc.dll
    - 2004-08-04 07:56:42 57,344 ------w c:\winnt\ServicePackFiles\i386\msasn1.dll
    + 2008-04-14 00:11:58 57,344 ------w c:\winnt\ServicePackFiles\i386\msasn1.dll
    - 2004-08-04 07:56:42 220,160 ------w c:\winnt\ServicePackFiles\i386\mscandui.dll
    + 2008-04-14 00:11:58 220,160 ------w c:\winnt\ServicePackFiles\i386\mscandui.dll
    - 2004-08-04 07:56:42 73,728 ------w c:\winnt\ServicePackFiles\i386\mscms.dll
    + 2008-04-14 00:11:58 73,728 ------w c:\winnt\ServicePackFiles\i386\mscms.dll
    - 2004-08-04 07:56:42 69,632 ------w c:\winnt\ServicePackFiles\i386\msconf.dll
    + 2008-04-14 00:11:58 69,632 ------w c:\winnt\ServicePackFiles\i386\msconf.dll
    - 2004-08-04 07:56:53 158,208 ------w c:\winnt\ServicePackFiles\i386\msconfig.exe
    + 2008-04-14 00:12:27 169,984 ------w c:\winnt\ServicePackFiles\i386\msconfig.exe
    - 2004-08-04 07:56:12 12,288 ------w c:\winnt\ServicePackFiles\i386\mscpx32r.dll
    + 2008-04-13 17:26:07 12,288 ------w c:\winnt\ServicePackFiles\i386\mscpx32r.dll
    - 2004-08-04 07:56:42 36,864 ------w c:\winnt\ServicePackFiles\i386\mscpxl32.dll
    + 2008-04-14 00:11:58 36,864 ------w c:\winnt\ServicePackFiles\i386\mscpxl32.dll
    - 2004-08-04 07:56:42 294,400 ------w c:\winnt\ServicePackFiles\i386\msctf.dll
    + 2008-04-14 00:11:58 297,984 ------w c:\winnt\ServicePackFiles\i386\msctf.dll
    - 2004-08-04 07:56:42 69,120 ------w c:\winnt\ServicePackFiles\i386\msctfp.dll
    + 2008-04-14 00:11:58 68,608 ------w c:\winnt\ServicePackFiles\i386\msctfp.dll
    - 2004-08-04 07:56:42 4,096 ------w c:\winnt\ServicePackFiles\i386\msdadc.dll
    + 2008-04-14 00:11:58 4,096 ------w c:\winnt\ServicePackFiles\i386\msdadc.dll
    - 2004-08-04 07:56:42 118,784 ------w c:\winnt\ServicePackFiles\i386\msdadiag.dll
    + 2008-04-14 00:11:58 118,784 ------w c:\winnt\ServicePackFiles\i386\msdadiag.dll
    - 2004-08-04 07:56:42 4,096 ------w c:\winnt\ServicePackFiles\i386\msdaenum.dll
    + 2008-04-14 00:11:58 4,096 ------w c:\winnt\ServicePackFiles\i386\msdaenum.dll
    - 2004-08-04 07:56:42 4,096 ------w c:\winnt\ServicePackFiles\i386\msdaer.dll
    + 2008-04-14 00:11:58 4,096 ------w c:\winnt\ServicePackFiles\i386\msdaer.dll
    - 2004-08-04 07:56:43 532,480 ------w c:\winnt\ServicePackFiles\i386\msdaipp.dll
    + 2008-04-14 00:11:58 532,480 ------w c:\winnt\ServicePackFiles\i386\msdaipp.dll
    - 2004-08-04 07:56:43 233,472 ------w c:\winnt\ServicePackFiles\i386\msdaora.dll
    + 2008-04-14 00:11:58 233,472 ------w c:\winnt\ServicePackFiles\i386\msdaora.dll
    - 2004-08-04 07:56:13 16,384 ------w c:\winnt\ServicePackFiles\i386\msdaorar.dll
    + 2008-04-13 17:24:14 16,384 ------w c:\winnt\ServicePackFiles\i386\msdaorar.dll
    - 2004-08-04 07:56:43 77,824 ------w c:\winnt\ServicePackFiles\i386\msdaosp.dll
    + 2008-04-14 00:11:58 77,824 ------w c:\winnt\ServicePackFiles\i386\msdaosp.dll
    - 2004-08-04 07:56:13 16,384 ------w c:\winnt\ServicePackFiles\i386\msdaprsr.dll
    + 2008-04-13 17:25:58 16,384 ------w c:\winnt\ServicePackFiles\i386\msdaprsr.dll
    - 2004-08-04 07:56:43 200,704 ------w c:\winnt\ServicePackFiles\i386\msdaprst.dll
    + 2008-04-14 00:11:58 200,704 ------w c:\winnt\ServicePackFiles\i386\msdaprst.dll
    - 2004-08-04 07:56:43 204,800 ------w c:\winnt\ServicePackFiles\i386\msdaps.dll
    + 2008-04-14 00:11:59 204,800 ------w c:\winnt\ServicePackFiles\i386\msdaps.dll
    - 2004-08-04 07:56:43 118,784 ------w c:\winnt\ServicePackFiles\i386\msdarem.dll
    + 2008-04-14 00:11:59 118,784 ------w c:\winnt\ServicePackFiles\i386\msdarem.dll
    - 2004-08-04 07:56:13 16,384 ------w c:\winnt\ServicePackFiles\i386\msdaremr.dll
    + 2008-04-13 17:25:58 16,384 ------w c:\winnt\ServicePackFiles\i386\msdaremr.dll
    - 2004-08-04 07:56:43 151,552 ------w c:\winnt\ServicePackFiles\i386\msdart.dll
    + 2008-04-14 00:11:59 151,552 ------w c:\winnt\ServicePackFiles\i386\msdart.dll
    - 2004-08-04 07:56:43 4,096 ------w c:\winnt\ServicePackFiles\i386\msdasc.dll
    + 2008-04-14 00:11:59 4,096 ------w c:\winnt\ServicePackFiles\i386\msdasc.dll
    - 2004-08-04 07:56:43 315,392 ------w c:\winnt\ServicePackFiles\i386\msdasql.dll
    + 2008-04-14 00:11:59 315,392 ------w c:\winnt\ServicePackFiles\i386\msdasql.dll
    - 2004-08-04 07:56:13 16,384 ------w c:\winnt\ServicePackFiles\i386\msdasqlr.dll
    + 2008-04-13 17:26:07 16,384 ------w c:\winnt\ServicePackFiles\i386\msdasqlr.dll
    - 2004-08-04 07:56:43 94,208 ------w c:\winnt\ServicePackFiles\i386\msdatl3.dll
    + 2008-04-14 00:11:59 94,208 ------w c:\winnt\ServicePackFiles\i386\msdatl3.dll
    - 2004-08-04 07:56:43 20,480 ------w c:\winnt\ServicePackFiles\i386\msdatt.dll
    + 2008-04-14 00:11:59 20,480 ------w c:\winnt\ServicePackFiles\i386\msdatt.dll
    - 2004-08-04 07:56:43 4,096 ------w c:\winnt\ServicePackFiles\i386\msdaurl.dll
    + 2008-04-14 00:11:59 4,096 ------w c:\winnt\ServicePackFiles\i386\msdaurl.dll
    - 2004-08-04 07:56:43 36,864 ------w c:\winnt\ServicePackFiles\i386\msdfmap.dll
    + 2008-04-14 00:11:59 36,864 ------w c:\winnt\ServicePackFiles\i386\msdfmap.dll
    - 2004-08-04 07:56:43 14,336 ------w c:\winnt\ServicePackFiles\i386\msdmo.dll
    + 2008-04-14 00:11:59 14,336 ------w c:\winnt\ServicePackFiles\i386\msdmo.dll
    - 2004-08-04 07:56:53 6,144 ------w c:\winnt\ServicePackFiles\i386\msdtc.exe
    + 2008-04-14 00:12:27 6,144 ------w c:\winnt\ServicePackFiles\i386\msdtc.exe
    - 2004-08-04 07:56:43 58,880 ------w c:\winnt\ServicePackFiles\i386\msdtclog.dll
    + 2008-04-14 00:11:59 58,880 ------w c:\winnt\ServicePackFiles\i386\msdtclog.dll
    - 2004-08-04 07:56:43 425,472 ------w c:\winnt\ServicePackFiles\i386\msdtcprx.dll
    + 2008-04-14 00:11:59 427,008 ------w c:\winnt\ServicePackFiles\i386\msdtcprx.dll
    + 2008-04-14 00:11:59 90,112 ------w c:\winnt\ServicePackFiles\i386\msdtcstp.dll
    - 2004-08-04 07:56:43 949,248 ------w c:\winnt\ServicePackFiles\i386\msdtctm.dll
    + 2008-04-14 00:11:59 956,928 ------w c:\winnt\ServicePackFiles\i386\msdtctm.dll
    - 2004-08-04 07:56:43 161,280 ------w c:\winnt\ServicePackFiles\i386\msdtcuiu.dll
    + 2008-04-14 00:11:59 161,792 ------w c:\winnt\ServicePackFiles\i386\msdtcuiu.dll
    - 2004-08-04 06:09:58 51,328 ------w c:\winnt\ServicePackFiles\i386\msdv.sys
    + 2008-04-13 18:46:09 51,200 ------w c:\winnt\ServicePackFiles\i386\msdv.sys
    - 2004-08-04 07:56:43 512,029 ------w c:\winnt\ServicePackFiles\i386\msexch40.dll
    + 2008-03-25 04:50:28 518,944 ------w c:\winnt\ServicePackFiles\i386\msexch40.dll
    - 2004-08-04 07:56:43 319,517 ------w c:\winnt\ServicePackFiles\i386\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 ------w c:\winnt\ServicePackFiles\i386\msexcl40.dll
    - 2004-08-04 06:00:41 19,072 ------w c:\winnt\ServicePackFiles\i386\msfs.sys
    + 2008-04-13 18:32:39 19,072 ------w c:\winnt\ServicePackFiles\i386\msfs.sys
    - 2004-08-04 07:56:43 537,088 ------w c:\winnt\ServicePackFiles\i386\msftedit.dll
    + 2008-04-14 00:11:59 539,136 ------w c:\winnt\ServicePackFiles\i386\msftedit.dll
    - 2004-08-04 07:56:43 994,304 ------w c:\winnt\ServicePackFiles\i386\msgina.dll
    + 2008-04-14 00:11:59 997,376 ------w c:\winnt\ServicePackFiles\i386\msgina.dll
    - 2004-08-04 06:04:12 35,072 ------w c:\winnt\ServicePackFiles\i386\msgpc.sys
    + 2008-04-13 18:56:32 35,072 ------w c:\winnt\ServicePackFiles\i386\msgpc.sys
    - 2004-08-04 07:56:43 3,166,208 ------w c:\winnt\ServicePackFiles\i386\msgr3en.dll
    + 2008-04-14 00:11:59 3,166,208 ------w c:\winnt\ServicePackFiles\i386\msgr3en.dll
    - 2004-08-04 07:56:43 15,360 ------w c:\winnt\ServicePackFiles\i386\msgrocm.dll
    + 2008-04-14 00:11:59 15,360 ------w c:\winnt\ServicePackFiles\i386\msgrocm.dll
    - 2004-08-04 07:56:43 82,944 ------w c:\winnt\ServicePackFiles\i386\msgsc.dll
    + 2008-04-14 00:11:59 82,944 ------w c:\winnt\ServicePackFiles\i386\msgsc.dll
    - 2004-08-04 07:56:13 180,224 ------w c:\winnt\ServicePackFiles\i386\msgslang.dll
    + 2008-04-13 17:30:28 180,224 ------w c:\winnt\ServicePackFiles\i386\msgslang.dll
    - 2004-08-04 07:56:43 33,792 ------w c:\winnt\ServicePackFiles\i386\msgsvc.dll
    + 2008-04-14 00:11:59 33,792 ------w c:\winnt\ServicePackFiles\i386\msgsvc.dll
    + 2008-04-14 00:12:45 188,416 ------w c:\winnt\ServicePackFiles\i386\msh261.drv
    + 2008-04-14 00:12:45 294,912 ------w c:\winnt\ServicePackFiles\i386\msh263.drv
    - 2004-08-04 07:56:53 29,184 ------w c:\winnt\ServicePackFiles\i386\mshta.exe
    + 2008-04-14 00:12:27 29,184 ------w c:\winnt\ServicePackFiles\i386\mshta.exe
    - 2004-08-04 07:56:43 3,003,392 ------w c:\winnt\ServicePackFiles\i386\mshtml.dll
    + 2008-04-14 00:11:59 3,066,880 ------w c:\winnt\ServicePackFiles\i386\mshtml.dll
    - 2004-08-04 07:56:43 448,512 ------w c:\winnt\ServicePackFiles\i386\mshtmled.dll
    + 2008-04-14 00:11:59 449,024 ------w c:\winnt\ServicePackFiles\i386\mshtmled.dll
    - 2004-08-04 07:56:14 56,832 ------w c:\winnt\ServicePackFiles\i386\mshtmler.dll
    + 2008-04-13 16:26:26 56,832 ------w c:\winnt\ServicePackFiles\i386\mshtmler.dll
    - 2004-08-04 07:56:43 2,804,224 ------w c:\winnt\ServicePackFiles\i386\msi.dll
    + 2008-04-14 00:11:59 2,843,136 ------w c:\winnt\ServicePackFiles\i386\msi.dll
    - 2004-08-04 07:56:43 51,712 ------w c:\winnt\ServicePackFiles\i386\msident.dll
    + 2008-04-14 00:11:59 51,712 ------w c:\winnt\ServicePackFiles\i386\msident.dll
    - 2004-08-04 07:56:43 6,656 ------w c:\winnt\ServicePackFiles\i386\msidle.dll
    + 2008-04-14 00:11:59 6,656 ------w c:\winnt\ServicePackFiles\i386\msidle.dll
    - 2004-08-04 07:56:43 248,832 ------w c:\winnt\ServicePackFiles\i386\msieftp.dll
    + 2008-04-14 00:11:59 248,832 ------w c:\winnt\ServicePackFiles\i386\msieftp.dll
    - 2004-08-04 07:56:53 77,312 ------w c:\winnt\ServicePackFiles\i386\msiexec.exe
    + 2008-04-14 00:12:28 78,848 ------w c:\winnt\ServicePackFiles\i386\msiexec.exe
    - 2004-08-04 07:56:43 331,264 ------w c:\winnt\ServicePackFiles\i386\msihnd.dll
    + 2008-04-14 00:11:59 271,360 ------w c:\winnt\ServicePackFiles\i386\msihnd.dll
    - 2004-08-04 07:56:43 4,608 ------w c:\winnt\ServicePackFiles\i386\msimg32.dll
    + 2008-04-14 00:11:59 4,608 ------w c:\winnt\ServicePackFiles\i386\msimg32.dll
    - 2004-08-04 07:56:53 60,416 ------w c:\winnt\ServicePackFiles\i386\msimn.exe
    + 2008-04-14 00:12:28 60,416 ------w c:\winnt\ServicePackFiles\i386\msimn.exe
    - 2004-08-04 07:56:17 884,736 ------w c:\winnt\ServicePackFiles\i386\msimsg.dll
    + 2008-04-13 15:39:43 884,736 ------w c:\winnt\ServicePackFiles\i386\msimsg.dll
    - 2004-08-04 07:56:43 159,232 ------w c:\winnt\ServicePackFiles\i386\msimtf.dll
    + 2008-04-14 00:11:59 159,232 ------w c:\winnt\ServicePackFiles\i386\msimtf.dll
    - 2004-08-04 07:56:43 376,320 ------w c:\winnt\ServicePackFiles\i386\msinfo.dll
    + 2008-04-14 00:11:59 376,832 ------w c:\winnt\ServicePackFiles\i386\msinfo.dll
    - 2004-08-04 06:00:46 22,016 ------w c:\winnt\ServicePackFiles\i386\msircomm.sys
    + 2008-04-13 18:54:28 22,016 ------w c:\winnt\ServicePackFiles\i386\msircomm.sys
    - 2004-08-04 07:56:53 40,960 ------w c:\winnt\ServicePackFiles\i386\msiregmv.exe
    + 2008-04-14 00:12:28 40,960 ------w c:\winnt\ServicePackFiles\i386\msiregmv.exe
    - 2004-08-04 07:56:43 44,032 ------w c:\winnt\ServicePackFiles\i386\msisip.dll
    + 2008-04-14 00:11:59 15,360 ------w c:\winnt\ServicePackFiles\i386\msisip.dll
    - 2004-08-04 07:56:43 1,507,356 ------w c:\winnt\ServicePackFiles\i386\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 ------w c:\winnt\ServicePackFiles\i386\msjet40.dll
    - 2004-03-01 18:52:15 358,976 ------w c:\winnt\ServicePackFiles\i386\msjetol1.dll
    + 2008-03-25 04:50:40 355,112 ------w c:\winnt\ServicePackFiles\i386\msjetol1.dll
    - 2004-08-04 07:56:43 151,583 ------w c:\winnt\ServicePackFiles\i386\msjint40.dll
    + 2008-04-14 00:12:00 151,583 ------w c:\winnt\ServicePackFiles\i386\msjint40.dll
    - 2004-08-04 07:56:43 102,400 ------w c:\winnt\ServicePackFiles\i386\msjro.dll
    + 2008-04-14 00:12:00 102,400 ------w c:\winnt\ServicePackFiles\i386\msjro.dll
    - 2004-08-04 07:56:43 53,279 ------w c:\winnt\ServicePackFiles\i386\msjter40.dll
    + 2008-03-25 04:50:42 60,192 ------w c:\winnt\ServicePackFiles\i386\msjter40.dll
    - 2004-08-04 07:56:43 241,693 ------w c:\winnt\ServicePackFiles\i386\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 ------w c:\winnt\ServicePackFiles\i386\msjtes40.dll
    - 2004-08-04 05:58:41 7,552 ------w c:\winnt\ServicePackFiles\i386\mskssrv.sys
    + 2008-04-13 18:39:52 7,552 ------w c:\winnt\ServicePackFiles\i386\mskssrv.sys
    - 2004-08-04 07:56:43 25,088 ------w c:\winnt\ServicePackFiles\i386\mslbui.dll
    + 2008-04-14 00:12:00 25,088 ------w c:\winnt\ServicePackFiles\i386\mslbui.dll
    - 2004-08-04 07:56:43 213,023 ------w c:\winnt\ServicePackFiles\i386\msltus40.dll
    + 2008-03-25 04:50:44 219,936 ------w c:\winnt\ServicePackFiles\i386\msltus40.dll
    - 2004-08-04 07:56:43 39,936 ------w c:\winnt\ServicePackFiles\i386\mslwvtts.dll
    + 2008-04-14 00:12:00 39,936 ------w c:\winnt\ServicePackFiles\i386\mslwvtts.dll
    - 2004-08-04 07:56:53 1,667,584 ------w c:\winnt\ServicePackFiles\i386\msmsgs.exe
    + 2008-04-14 00:12:28 1,695,232 ------w c:\winnt\ServicePackFiles\i386\msmsgs.exe
    + 2007-04-02 18:39:43 11,053,008 ------w c:\winnt\ServicePackFiles\i386\msncli.exe
    - 2004-08-04 07:56:43 290,816 ------w c:\winnt\ServicePackFiles\i386\msnsspc.dll
    + 2008-04-14 00:12:00 290,816 ------w c:\winnt\ServicePackFiles\i386\msnsspc.dll
    + 2007-04-02 18:42:37 1,327,320 ------w c:\winnt\ServicePackFiles\i386\msnsusii.exe
    - 2004-08-04 07:56:43 122,368 ------w c:\winnt\ServicePackFiles\i386\msobcomm.dll
    + 2008-04-14 00:12:00 122,368 ------w c:\winnt\ServicePackFiles\i386\msobcomm.dll
    - 2004-08-04 07:56:43 16,384 ------w c:\winnt\ServicePackFiles\i386\msobdl.dll
    + 2008-04-14 00:12:00 16,384 ------w c:\winnt\ServicePackFiles\i386\msobdl.dll
    - 2004-08-04 07:56:43 561,664 ------w c:\winnt\ServicePackFiles\i386\msobmain.dll
    + 2008-04-14 00:12:00 565,248 ------w c:\winnt\ServicePackFiles\i386\msobmain.dll
    - 2004-08-04 07:56:43 30,720 ------w c:\winnt\ServicePackFiles\i386\msobshel.dll
    + 2008-04-14 00:12:00 30,720 ------w c:\winnt\ServicePackFiles\i386\msobshel.dll
    - 2004-08-04 07:56:43 18,944 ------w c:\winnt\ServicePackFiles\i386\msobweb.dll
    + 2008-04-14 00:12:00 19,456 ------w c:\winnt\ServicePackFiles\i386\msobweb.dll
    - 2004-08-04 07:56:43 1,311,232 ------w c:\winnt\ServicePackFiles\i386\msoe.dll
    + 2008-04-14 00:12:00 1,314,816 ------w c:\winnt\ServicePackFiles\i386\msoe.dll
    - 2004-08-04 07:56:43 252,928 ------w c:\winnt\ServicePackFiles\i386\msoeacct.dll
    + 2008-04-14 00:12:00 252,928 ------w c:\winnt\ServicePackFiles\i386\msoeacct.dll
    - 2004-08-04 07:56:18 2,479,616 ------w c:\winnt\ServicePackFiles\i386\msoeres.dll
    + 2008-04-13 16:23:54 2,479,616 ------w c:\winnt\ServicePackFiles\i386\msoeres.dll
    - 2004-08-04 07:56:43 105,984 ------w c:\winnt\ServicePackFiles\i386\msoert2.dll
    + 2008-04-14 00:12:00 105,984 ------w c:\winnt\ServicePackFiles\i386\msoert2.dll
    + 2008-04-14 00:12:28 29,184 ------w c:\winnt\ServicePackFiles\i386\msoobe.exe
    - 2004-08-04 07:56:18 20,480 ------w c:\winnt\ServicePackFiles\i386\msorc32r.dll
    + 2008-04-13 17:24:14 20,480 ------w c:\winnt\ServicePackFiles\i386\msorc32r.dll
    - 2004-08-04 07:56:43 143,360 ------w c:\winnt\ServicePackFiles\i386\msorcl32.dll
    + 2008-04-14 00:12:00 143,360 ------w c:\winnt\ServicePackFiles\i386\msorcl32.dll
    - 2004-08-04 07:56:53 343,040 ------w c:\winnt\ServicePackFiles\i386\mspaint.exe
    + 2008-04-14 00:12:28 343,040 ------w c:\winnt\ServicePackFiles\i386\mspaint.exe
    - 2004-08-04 07:56:43 30,208 ------w c:\winnt\ServicePackFiles\i386\mspatcha.dll
    + 2008-04-14 00:12:00 29,696 ------w c:\winnt\ServicePackFiles\i386\mspatcha.dll
    - 2004-08-04 07:56:43 348,189 ------w c:\winnt\ServicePackFiles\i386\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 ------w c:\winnt\ServicePackFiles\i386\mspbde40.dll
    - 2004-08-04 05:58:38 5,376 ------w c:\winnt\ServicePackFiles\i386\mspclock.sys
    + 2008-04-13 18:39:50 5,376 ------w c:\winnt\ServicePackFiles\i386\mspclock.sys
    - 2004-08-04 05:58:40 4,992 ------w c:\winnt\ServicePackFiles\i386\mspqm.sys
    + 2008-04-13 18:39:51 4,992 ------w c:\winnt\ServicePackFiles\i386\mspqm.sys
    - 2004-08-04 07:56:18 48,128 ------w c:\winnt\ServicePackFiles\i386\msprivs.dll
    + 2008-04-13 16:23:31 48,128 ------w c:\winnt\ServicePackFiles\i386\msprivs.dll
    - 2004-08-04 07:56:43 146,432 ------w c:\winnt\ServicePackFiles\i386\msrating.dll
    + 2008-04-14 00:12:00 146,432 ------w c:\winnt\ServicePackFiles\i386\msrating.dll
    - 2004-08-04 07:56:43 421,919 ------w c:\winnt\ServicePackFiles\i386\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 ------w c:\winnt\ServicePackFiles\i386\msrd2x40.dll
    - 2004-08-04 07:56:43 315,423 ------w c:\winnt\ServicePackFiles\i386\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 ------w c:\winnt\ServicePackFiles\i386\msrd3x40.dll
    - 2004-08-04 07:56:43 552,989 ------w c:\winnt\ServicePackFiles\i386\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 ------w c:\winnt\ServicePackFiles\i386\msrepl40.dll
    - 2004-08-04 07:56:43 11,264 ------w c:\winnt\ServicePackFiles\i386\msrle32.dll
    + 2008-04-14 00:12:00 11,264 ------w c:\winnt\ServicePackFiles\i386\msrle32.dll
    - 2004-08-04 07:56:43 134,656 ------w c:\winnt\ServicePackFiles\i386\mssap.dll
    + 2008-04-14 00:12:00 134,656 ------w c:\winnt\ServicePackFiles\i386\mssap.dll
    + 2008-04-14 00:12:00 155,136 ------w c:\winnt\ServicePackFiles\i386\mssha.dll
    + 2008-04-13 18:14:58 76,800 ------w c:\winnt\ServicePackFiles\i386\msshamsg.dll
    - 2004-08-04 06:07:47 15,488 ------w c:\winnt\ServicePackFiles\i386\mssmbios.sys
    + 2008-04-13 18:36:46 15,488 ------w c:\winnt\ServicePackFiles\i386\mssmbios.sys
    - 2004-08-04 07:56:43 274,432 ------w c:\winnt\ServicePackFiles\i386\mst120.dll
    + 2008-04-14 00:12:00 274,432 ------w c:\winnt\ServicePackFiles\i386\mst120.dll
    - 2004-08-04 07:56:43 57,344 ------w c:\winnt\ServicePackFiles\i386\mst123.dll
    + 2008-04-14 00:12:00 57,344 ------w c:\winnt\ServicePackFiles\i386\mst123.dll
    - 2004-08-04 06:09:58 49,024 ------w c:\winnt\ServicePackFiles\i386\mstape.sys
    + 2008-04-13 18:46:08 49,024 ------w c:\winnt\ServicePackFiles\i386\mstape.sys
    - 2004-08-04 07:56:43 274,944 ------w c:\winnt\ServicePackFiles\i386\mstask.dll
    + 2008-04-14 00:12:00 274,944 ------w c:\winnt\ServicePackFiles\i386\mstask.dll
    - 2004-08-04 05:58:38 5,504 ------w c:\winnt\ServicePackFiles\i386\mstee.sys
    + 2008-04-13 18:39:50 5,504 ------w c:\winnt\ServicePackFiles\i386\mstee.sys
    - 2004-08-04 07:56:43 258,077 ------w c:\winnt\ServicePackFiles\i386\mstext40.dll
    + 2008-03-25 04:50:55 264,992 ------w c:\winnt\ServicePackFiles\i386\mstext40.dll
    - 2004-08-04 07:56:43 530,432 ------w c:\winnt\ServicePackFiles\i386\mstime.dll
    + 2008-04-14 00:12:00 532,480 ------w c:\winnt\ServicePackFiles\i386\mstime.dll
    - 2004-08-04 07:56:53 12,288 ------w c:\winnt\ServicePackFiles\i386\mstinit.exe
    + 2008-04-14 00:12:29 12,288 ------w c:\winnt\ServicePackFiles\i386\mstinit.exe
    - 2004-08-04 07:56:43 115,712 ------w c:\winnt\ServicePackFiles\i386\mstlsapi.dll
    + 2008-04-14 00:12:00 116,224 ------w c:\winnt\ServicePackFiles\i386\mstlsapi.dll
    - 2004-08-04 07:56:43 195,072 ------w c:\winnt\ServicePackFiles\i386\msutb.dll
    + 2008-04-14 00:12:00 195,072 ------w c:\winnt\ServicePackFiles\i386\msutb.dll
    - 2004-08-04 07:56:43 129,536 ------w c:\winnt\ServicePackFiles\i386\msv1_0.dll
    + 2008-04-14 00:12:00 132,608 ------w c:\winnt\ServicePackFiles\i386\msv1_0.dll
    - 2004-08-04 07:56:43 1,392,671 ------w c:\winnt\ServicePackFiles\i386\msvbvm60.dll
    + 2008-04-14 00:12:00 1,384,479 ------w c:\winnt\ServicePackFiles\i386\msvbvm60.dll
    - 2004-08-04 07:56:43 54,784 ------w c:\winnt\ServicePackFiles\i386\msvcirt.dll
    + 2008-04-14 00:12:01 57,344 ------w c:\winnt\ServicePackFiles\i386\msvcirt.dll
    - 2004-08-04 07:56:43 413,696 ------w c:\winnt\ServicePackFiles\i386\msvcp60.dll
    + 2008-04-14 00:12:01 413,696 ------w c:\winnt\ServicePackFiles\i386\msvcp60.dll
    - 2004-08-04 07:56:43 343,040 ------w c:\winnt\ServicePackFiles\i386\msvcrt.dll
    + 2008-04-14 00:12:01 343,040 ------w c:\winnt\ServicePackFiles\i386\msvcrt.dll
    - 2004-08-04 05:58:25 61,440 ------w c:\winnt\ServicePackFiles\i386\msvcrt40.dll
    + 2008-04-13 18:30:46 61,440 ------w c:\winnt\ServicePackFiles\i386\msvcrt40.dll
    - 2004-08-04 07:56:43 120,832 ------w c:\winnt\ServicePackFiles\i386\msvfw32.dll
    + 2008-04-14 00:12:01 121,344 ------w c:\winnt\ServicePackFiles\i386\msvfw32.dll
    - 2004-08-04 07:56:43 1,428,480 ------w c:\winnt\ServicePackFiles\i386\msvidctl.dll
    + 2008-04-14 00:12:01 1,428,992 ------w c:\winnt\ServicePackFiles\i386\msvidctl.dll
    - 2004-08-04 07:56:43 72,704 ------w c:\winnt\ServicePackFiles\i386\msw3prt.dll
    + 2008-04-14 00:12:01 72,704 ------w c:\winnt\ServicePackFiles\i386\msw3prt.dll
    - 2004-08-04 07:56:44 831,519 ------w c:\winnt\ServicePackFiles\i386\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 ------w c:\winnt\ServicePackFiles\i386\mswdat10.dll
    - 2004-08-04 07:56:44 204,288 ------w c:\winnt\ServicePackFiles\i386\mswebdvd.dll
    + 2008-04-14 00:12:01 203,776 ------w c:\winnt\ServicePackFiles\i386\mswebdvd.dll
    - 2004-08-04 07:56:44 245,248 ------w c:\winnt\ServicePackFiles\i386\mswsock.dll
    + 2008-04-14 00:12:01 245,248 ------w c:\winnt\ServicePackFiles\i386\mswsock.dll
    - 2004-08-04 07:56:44 614,429 ------w c:\winnt\ServicePackFiles\i386\mswstr10.dll
    + 2008-03-25 04:50:58 621,344 ------w c:\winnt\ServicePackFiles\i386\mswstr10.dll
    - 2004-08-04 07:56:44 24,576 ------w c:\winnt\ServicePackFiles\i386\msxactps.dll
    + 2008-04-14 00:12:01 24,576 ------w c:\winnt\ServicePackFiles\i386\msxactps.dll
    - 2004-08-04 07:56:44 348,189 ------w c:\winnt\ServicePackFiles\i386\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 ------w c:\winnt\ServicePackFiles\i386\msxbde40.dll
    - 2004-08-04 07:56:44 506,368 ------w c:\winnt\ServicePackFiles\i386\msxml.dll
    + 2008-04-14 00:12:01 506,368 ------w c:\winnt\ServicePackFiles\i386\msxml.dll
    - 2004-08-04 07:56:44 701,440 ------w c:\winnt\ServicePackFiles\i386\msxml2.dll
    + 2008-04-14 00:12:01 701,440 ------w c:\winnt\ServicePackFiles\i386\msxml2.dll
    - 2004-08-04 07:56:44 1,236,480 ------w c:\winnt\ServicePackFiles\i386\msxml3.dll
    + 2008-04-14 00:12:01 1,104,896 ------w c:\winnt\ServicePackFiles\i386\msxml3.dll
    - 2004-08-04 07:56:44 17,408 ------w c:\winnt\ServicePackFiles\i386\msyuv.dll
    + 2008-04-14 00:12:01 16,896 ------w c:\winnt\ServicePackFiles\i386\msyuv.dll
    + 2008-04-14 00:12:29 119,808 ------w c:\winnt\ServicePackFiles\i386\mtstocom.exe
    - 2004-08-04 07:56:44 66,560 ------w c:\winnt\ServicePackFiles\i386\mtxclu.dll
    + 2008-04-14 00:12:01 66,560 ------w c:\winnt\ServicePackFiles\i386\mtxclu.dll
    + 2008-04-14 00:12:01 30,720 ------w c:\winnt\ServicePackFiles\i386\mtxdm.dll
    + 2008-04-14 00:12:01 4,096 ------w c:\winnt\ServicePackFiles\i386\mtxex.dll
    + 2008-04-14 00:12:01 34,304 ------w c:\winnt\ServicePackFiles\i386\mtxlegih.dll
    - 2004-08-04 07:56:44 90,112 ------w c:\winnt\ServicePackFiles\i386\mtxoci.dll
    + 2008-04-14 00:12:01 91,648 ------w c:\winnt\ServicePackFiles\i386\mtxoci.dll
    - 2004-08-04 07:56:44 1,737,856 ------w c:\winnt\ServicePackFiles\i386\mtxparhd.dll
    + 2008-04-14 00:12:01 1,737,856 ------w c:\winnt\ServicePackFiles\i386\mtxparhd.dll
  2. 2009-03-24, 00:24 #22
    RallyReal
    RallyReal is offline
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Combofix Cont.

    - 2004-08-04 07:56:53 90,624 ------w c:\winnt\ServicePackFiles\i386\muisetup.exe
    + 2008-04-14 00:12:29 90,624 ------w c:\winnt\ServicePackFiles\i386\muisetup.exe
    - 2004-08-04 06:15:20 107,904 ------w c:\winnt\ServicePackFiles\i386\mup.sys
    + 2008-04-13 19:17:05 105,344 ------w c:\winnt\ServicePackFiles\i386\mup.sys
    - 2004-08-04 06:04:51 12,672 ------w c:\winnt\ServicePackFiles\i386\mutohpen.sys
    + 2008-04-13 18:43:55 12,672 ------w c:\winnt\ServicePackFiles\i386\mutohpen.sys
    - 2004-08-04 07:56:44 90,624 ------w c:\winnt\ServicePackFiles\i386\mydocs.dll
    + 2008-04-14 00:12:01 90,624 ------w c:\winnt\ServicePackFiles\i386\mydocs.dll
    - 2004-08-04 06:10:28 85,376 ------w c:\winnt\ServicePackFiles\i386\nabtsfec.sys
    + 2008-04-13 18:46:25 85,248 ------w c:\winnt\ServicePackFiles\i386\nabtsfec.sys
    - 2004-08-04 07:56:44 221,184 ------w c:\winnt\ServicePackFiles\i386\nac.dll
    + 2008-04-14 00:12:01 221,184 ------w c:\winnt\ServicePackFiles\i386\nac.dll
    + 2008-04-14 00:12:01 30,208 ------w c:\winnt\ServicePackFiles\i386\napipsec.dll
    + 2008-04-14 00:12:01 193,024 ------w c:\winnt\ServicePackFiles\i386\napmontr.dll
    + 2008-04-14 00:12:29 176,640 ------w c:\winnt\ServicePackFiles\i386\napstat.exe
    - 2004-08-04 07:56:54 53,760 ------w c:\winnt\ServicePackFiles\i386\narrator.exe
    + 2008-04-14 00:12:29 53,760 ------w c:\winnt\ServicePackFiles\i386\narrator.exe
    - 2004-08-04 07:56:44 36,352 ------w c:\winnt\ServicePackFiles\i386\ncobjapi.dll
    + 2008-04-14 00:12:01 36,352 ------w c:\winnt\ServicePackFiles\i386\ncobjapi.dll
    - 2004-08-04 07:56:44 47,104 ------w c:\winnt\ServicePackFiles\i386\ncprov.dll
    + 2008-04-14 00:12:01 47,104 ------w c:\winnt\ServicePackFiles\i386\ncprov.dll
    - 2004-08-04 07:56:44 9,728 ------w c:\winnt\ServicePackFiles\i386\ncpsres.dll
    + 2008-04-14 00:12:01 9,728 ------w c:\winnt\ServicePackFiles\i386\ncpsres.dll
    - 2004-08-04 07:56:44 17,920 ------w c:\winnt\ServicePackFiles\i386\nddeapi.dll
    + 2008-04-14 00:12:01 17,920 ------w c:\winnt\ServicePackFiles\i386\nddeapi.dll
    - 2004-08-04 07:56:54 4,096 ------w c:\winnt\ServicePackFiles\i386\nddeapir.exe
    + 2008-04-14 00:12:29 4,096 ------w c:\winnt\ServicePackFiles\i386\nddeapir.exe
    - 2004-08-04 07:56:44 18,944 ------w c:\winnt\ServicePackFiles\i386\nddenb32.dll
    + 2008-04-14 00:12:01 18,944 ------w c:\winnt\ServicePackFiles\i386\nddenb32.dll
    - 2004-08-04 06:14:28 182,912 ------w c:\winnt\ServicePackFiles\i386\ndis.sys
    + 2008-04-13 19:20:37 182,656 ------w c:\winnt\ServicePackFiles\i386\ndis.sys
    - 2004-08-04 06:10:12 10,880 ------w c:\winnt\ServicePackFiles\i386\ndisip.sys
    + 2008-04-13 18:46:22 10,880 ------w c:\winnt\ServicePackFiles\i386\ndisip.sys
    - 2004-08-04 07:56:44 57,344 ------w c:\winnt\ServicePackFiles\i386\ndisnpp.dll
    + 2008-04-14 00:12:01 57,344 ------w c:\winnt\ServicePackFiles\i386\ndisnpp.dll
    + 2008-04-13 18:57:27 10,112 ------w c:\winnt\ServicePackFiles\i386\ndistapi.sys
    - 2004-08-04 06:03:12 12,928 ------w c:\winnt\ServicePackFiles\i386\ndisuio.sys
    + 2008-04-13 18:55:58 14,592 ------w c:\winnt\ServicePackFiles\i386\ndisuio.sys
    - 2004-08-04 06:14:31 91,776 ------w c:\winnt\ServicePackFiles\i386\ndiswan.sys
    + 2008-04-13 19:20:42 91,520 ------w c:\winnt\ServicePackFiles\i386\ndiswan.sys
    + 2008-04-13 18:57:29 40,576 ------w c:\winnt\ServicePackFiles\i386\ndproxy.sys
    - 2004-08-04 07:56:54 42,496 ------w c:\winnt\ServicePackFiles\i386\net.exe
    + 2008-04-14 00:12:29 42,496 ------w c:\winnt\ServicePackFiles\i386\net.exe
    - 2004-08-04 07:56:54 124,928 ------w c:\winnt\ServicePackFiles\i386\net1.exe
    + 2008-04-14 00:12:29 124,928 ------w c:\winnt\ServicePackFiles\i386\net1.exe
    - 2004-08-04 07:56:44 332,288 ------w c:\winnt\ServicePackFiles\i386\netapi32.dll
    + 2008-04-14 00:12:01 337,408 ------w c:\winnt\ServicePackFiles\i386\netapi32.dll
    - 2004-08-04 06:03:21 34,560 ------w c:\winnt\ServicePackFiles\i386\netbios.sys
    + 2008-04-13 18:56:02 34,688 ------w c:\winnt\ServicePackFiles\i386\netbios.sys
    - 2004-08-04 06:14:37 162,816 ------w c:\winnt\ServicePackFiles\i386\netbt.sys
    + 2008-04-13 19:21:00 162,816 ------w c:\winnt\ServicePackFiles\i386\netbt.sys
    - 2004-08-04 07:56:44 622,080 ------w c:\winnt\ServicePackFiles\i386\netcfgx.dll
    + 2008-04-14 00:12:01 622,592 ------w c:\winnt\ServicePackFiles\i386\netcfgx.dll
    - 2004-08-04 07:56:54 111,104 ------w c:\winnt\ServicePackFiles\i386\netdde.exe
    + 2008-04-14 00:12:29 111,104 ------w c:\winnt\ServicePackFiles\i386\netdde.exe
    - 2004-08-04 07:56:44 139,264 ------w c:\winnt\ServicePackFiles\i386\netid.dll
    + 2008-04-14 00:12:01 139,264 ------w c:\winnt\ServicePackFiles\i386\netid.dll
    - 2004-08-04 07:56:44 407,040 ------w c:\winnt\ServicePackFiles\i386\netlogon.dll
    + 2008-04-14 00:12:01 407,040 ------w c:\winnt\ServicePackFiles\i386\netlogon.dll
    - 2004-08-04 07:56:44 198,144 ------w c:\winnt\ServicePackFiles\i386\netman.dll
    + 2008-04-14 00:12:01 198,144 ------w c:\winnt\ServicePackFiles\i386\netman.dll
    - 2004-08-04 07:56:44 77,312 ------w c:\winnt\ServicePackFiles\i386\netoc.dll
    + 2008-04-14 00:12:01 77,312 ------w c:\winnt\ServicePackFiles\i386\netoc.dll
    - 2004-08-04 07:56:44 875,008 ------w c:\winnt\ServicePackFiles\i386\netplwiz.dll
    + 2008-04-14 00:12:01 875,008 ------w c:\winnt\ServicePackFiles\i386\netplwiz.dll
    - 2004-08-04 07:56:44 12,288 ------w c:\winnt\ServicePackFiles\i386\netrap.dll
    + 2008-04-14 00:12:01 11,776 ------w c:\winnt\ServicePackFiles\i386\netrap.dll
    - 2004-08-04 08:02:44 329,728 ------w c:\winnt\ServicePackFiles\i386\netsetup.exe
    + 2008-04-14 00:16:51 329,728 ------w c:\winnt\ServicePackFiles\i386\netsetup.exe
    - 2004-08-04 07:56:54 86,016 ------w c:\winnt\ServicePackFiles\i386\netsh.exe
    + 2008-04-14 00:12:29 86,016 ------w c:\winnt\ServicePackFiles\i386\netsh.exe
    - 2004-08-04 07:56:44 1,708,032 ------w c:\winnt\ServicePackFiles\i386\netshell.dll
    + 2008-04-14 00:12:02 1,703,936 ------w c:\winnt\ServicePackFiles\i386\netshell.dll
    - 2004-08-04 07:56:54 36,864 ------w c:\winnt\ServicePackFiles\i386\netstat.exe
    + 2008-04-14 00:12:29 36,864 ------w c:\winnt\ServicePackFiles\i386\netstat.exe
    - 2004-08-04 07:56:44 80,896 ------w c:\winnt\ServicePackFiles\i386\netui0.dll
    + 2008-04-14 00:12:02 80,896 ------w c:\winnt\ServicePackFiles\i386\netui0.dll
    - 2004-08-04 07:56:44 245,760 ------w c:\winnt\ServicePackFiles\i386\netui1.dll
    + 2008-04-14 00:12:02 245,760 ------w c:\winnt\ServicePackFiles\i386\netui1.dll
    - 2004-08-04 07:56:44 248,832 ------w c:\winnt\ServicePackFiles\i386\newdev.dll
    + 2008-04-14 00:12:02 247,808 ------w c:\winnt\ServicePackFiles\i386\newdev.dll
    - 2004-08-04 05:58:29 61,824 ------w c:\winnt\ServicePackFiles\i386\nic1394.sys
    + 2008-04-13 18:51:25 61,824 ------w c:\winnt\ServicePackFiles\i386\nic1394.sys
    - 2004-08-04 07:56:44 103,936 ------w c:\winnt\ServicePackFiles\i386\nlhtml.dll
    + 2008-04-14 00:12:02 98,304 ------w c:\winnt\ServicePackFiles\i386\nlhtml.dll
    - 2004-08-04 07:56:44 229,376 ------w c:\winnt\ServicePackFiles\i386\nmas.dll
    + 2008-04-14 00:12:02 229,376 ------w c:\winnt\ServicePackFiles\i386\nmas.dll
    - 2004-08-04 07:56:44 28,672 ------w c:\winnt\ServicePackFiles\i386\nmasnt.dll
    + 2008-04-14 00:12:02 28,672 ------w c:\winnt\ServicePackFiles\i386\nmasnt.dll
    - 2004-08-04 07:56:44 81,920 ------w c:\winnt\ServicePackFiles\i386\nmchat.dll
    + 2008-04-14 00:12:02 81,920 ------w c:\winnt\ServicePackFiles\i386\nmchat.dll
    - 2004-08-04 07:56:44 77,824 ------w c:\winnt\ServicePackFiles\i386\nmcom.dll
    + 2008-04-14 00:12:02 77,824 ------w c:\winnt\ServicePackFiles\i386\nmcom.dll
    - 2004-08-04 07:56:44 151,552 ------w c:\winnt\ServicePackFiles\i386\nmft.dll
    + 2008-04-14 00:12:02 151,552 ------w c:\winnt\ServicePackFiles\i386\nmft.dll
    - 2004-08-04 07:56:44 28,672 ------w c:\winnt\ServicePackFiles\i386\nmmkcert.dll
    + 2008-04-14 00:12:02 28,672 ------w c:\winnt\ServicePackFiles\i386\nmmkcert.dll
    - 2004-08-04 05:59:50 40,320 ------w c:\winnt\ServicePackFiles\i386\nmnt.sys
    + 2008-04-13 18:53:09 40,320 ------w c:\winnt\ServicePackFiles\i386\nmnt.sys
    - 2004-08-04 07:56:44 172,032 ------w c:\winnt\ServicePackFiles\i386\nmoldwb.dll
    + 2008-04-14 00:12:02 172,032 ------w c:\winnt\ServicePackFiles\i386\nmoldwb.dll
    - 2004-08-04 07:56:44 188,416 ------w c:\winnt\ServicePackFiles\i386\nmwb.dll
    + 2008-04-14 00:12:02 188,416 ------w c:\winnt\ServicePackFiles\i386\nmwb.dll
    - 2004-08-04 07:56:54 69,120 ------w c:\winnt\ServicePackFiles\i386\notepad.exe
    + 2008-04-14 00:12:29 69,120 ------w c:\winnt\ServicePackFiles\i386\notepad.exe
    - 2004-08-04 06:00:43 30,848 ------w c:\winnt\ServicePackFiles\i386\npfs.sys
    + 2008-04-13 18:32:39 30,848 ------w c:\winnt\ServicePackFiles\i386\npfs.sys
    - 2004-08-04 07:56:54 15,360 ------w c:\winnt\ServicePackFiles\i386\nppagent.exe
    + 2008-04-14 00:12:29 15,360 ------w c:\winnt\ServicePackFiles\i386\nppagent.exe
    - 2004-08-04 07:56:44 54,784 ------w c:\winnt\ServicePackFiles\i386\npptools.dll
    + 2008-04-14 00:12:02 54,784 ------w c:\winnt\ServicePackFiles\i386\npptools.dll
    - 2004-08-04 06:00:50 28,672 ------w c:\winnt\ServicePackFiles\i386\nscirda.sys
    + 2008-04-13 18:54:36 28,672 ------w c:\winnt\ServicePackFiles\i386\nscirda.sys
    - 2004-08-04 07:56:54 76,800 ------w c:\winnt\ServicePackFiles\i386\nslookup.exe
    + 2008-04-14 00:12:29 76,800 ------w c:\winnt\ServicePackFiles\i386\nslookup.exe
    - 2004-08-04 07:56:36 708,096 ------w c:\winnt\ServicePackFiles\i386\ntdll.dll
    + 2008-04-14 00:11:24 706,048 ------w c:\winnt\ServicePackFiles\i386\ntdll.dll
    - 2004-08-04 07:56:44 67,072 ------w c:\winnt\ServicePackFiles\i386\ntdsapi.dll
    + 2008-04-14 00:12:02 67,072 ------w c:\winnt\ServicePackFiles\i386\ntdsapi.dll
    - 2004-08-04 07:56:44 212,992 ------w c:\winnt\ServicePackFiles\i386\ntevt.dll
    + 2008-04-14 00:12:02 212,992 ------w c:\winnt\ServicePackFiles\i386\ntevt.dll
    - 2004-08-04 06:15:09 574,592 ------w c:\winnt\ServicePackFiles\i386\ntfs.sys
    + 2008-04-13 19:15:53 574,976 ------w c:\winnt\ServicePackFiles\i386\ntfs.sys
    - 2004-08-04 06:18:30 2,148,352 ------w c:\winnt\ServicePackFiles\i386\ntkrnlmp.exe
    + 2008-04-13 19:24:37 2,145,280 ------w c:\winnt\ServicePackFiles\i386\ntkrnlmp.exe
    - 2004-08-04 05:58:58 2,056,832 ------w c:\winnt\ServicePackFiles\i386\ntkrnlpa.exe
    + 2008-04-13 18:31:21 2,065,792 ------w c:\winnt\ServicePackFiles\i386\ntkrnlpa.exe
    - 2004-08-04 05:59:01 2,015,232 ------w c:\winnt\ServicePackFiles\i386\ntkrpamp.exe
    + 2008-04-13 18:31:21 2,023,936 ------w c:\winnt\ServicePackFiles\i386\ntkrpamp.exe
    - 2004-08-04 07:56:44 43,520 ------w c:\winnt\ServicePackFiles\i386\ntlanman.dll
    + 2008-04-14 00:12:02 44,032 ------w c:\winnt\ServicePackFiles\i386\ntlanman.dll
    - 2004-08-04 07:56:44 8,192 ------w c:\winnt\ServicePackFiles\i386\ntlsapi.dll
    + 2008-04-14 00:12:02 8,192 ------w c:\winnt\ServicePackFiles\i386\ntlsapi.dll
    - 2004-08-04 07:56:44 118,784 ------w c:\winnt\ServicePackFiles\i386\ntmarta.dll
    + 2008-04-14 00:12:02 118,784 ------w c:\winnt\ServicePackFiles\i386\ntmarta.dll
    - 2004-08-04 07:56:44 40,960 ------w c:\winnt\ServicePackFiles\i386\ntmsapi.dll
    + 2008-04-14 00:12:02 40,960 ------w c:\winnt\ServicePackFiles\i386\ntmsapi.dll
    - 2004-08-04 07:56:44 179,712 ------w c:\winnt\ServicePackFiles\i386\ntmsdba.dll
    + 2008-04-14 00:12:02 179,200 ------w c:\winnt\ServicePackFiles\i386\ntmsdba.dll
    - 2004-08-04 07:56:44 488,448 ------w c:\winnt\ServicePackFiles\i386\ntmsmgr.dll
    + 2008-04-14 00:12:02 488,448 ------w c:\winnt\ServicePackFiles\i386\ntmsmgr.dll
    - 2004-08-04 07:56:44 435,200 ------w c:\winnt\ServicePackFiles\i386\ntmssvc.dll
    + 2008-04-14 00:12:02 435,200 ------w c:\winnt\ServicePackFiles\i386\ntmssvc.dll
    - 2004-08-04 07:56:44 62,976 ------w c:\winnt\ServicePackFiles\i386\ntoc.dll
    + 2008-04-14 00:12:02 62,976 ------w c:\winnt\ServicePackFiles\i386\ntoc.dll
    - 2004-08-04 06:19:59 2,180,992 ------w c:\winnt\ServicePackFiles\i386\ntoskrnl.exe
    + 2008-04-13 19:27:53 2,188,928 ------w c:\winnt\ServicePackFiles\i386\ntoskrnl.exe
    - 2004-08-04 07:56:44 91,136 ------w c:\winnt\ServicePackFiles\i386\ntprint.dll
    + 2008-04-14 00:12:02 91,136 ------w c:\winnt\ServicePackFiles\i386\ntprint.dll
    - 2004-08-04 07:56:44 143,872 ------w c:\winnt\ServicePackFiles\i386\ntshrui.dll
    + 2008-04-14 00:12:02 143,360 ------w c:\winnt\ServicePackFiles\i386\ntshrui.dll
    - 2004-08-04 07:56:54 419,840 ------w c:\winnt\ServicePackFiles\i386\ntvdm.exe
    + 2008-04-14 00:12:30 420,864 ------w c:\winnt\ServicePackFiles\i386\ntvdm.exe
    + 2008-04-14 00:12:02 15,360 ------w c:\winnt\ServicePackFiles\i386\ntvdmd.dll
    - 2004-08-04 07:56:44 4,274,816 ------w c:\winnt\ServicePackFiles\i386\nv4_disp.dll
    + 2008-04-14 00:12:02 4,274,816 ------w c:\winnt\ServicePackFiles\i386\nv4_disp.dll
    - 2004-08-04 06:03:35 88,448 ------w c:\winnt\ServicePackFiles\i386\nwlnkipx.sys
    + 2008-04-13 18:56:06 88,320 ------w c:\winnt\ServicePackFiles\i386\nwlnkipx.sys
    - 2004-08-04 07:56:44 144,384 ------w c:\winnt\ServicePackFiles\i386\nwprovau.dll
    + 2008-04-14 00:12:02 142,336 ------w c:\winnt\ServicePackFiles\i386\nwprovau.dll
    - 2004-08-04 07:56:44 266,752 ------w c:\winnt\ServicePackFiles\i386\oakley.dll
    + 2008-04-14 00:12:02 270,336 ------w c:\winnt\ServicePackFiles\i386\oakley.dll
    + 2008-04-14 00:10:30 229,376 ------w c:\winnt\ServicePackFiles\i386\obelog.dll
    + 2008-04-14 00:10:30 966,656 ------w c:\winnt\ServicePackFiles\i386\obemetal.dll
    + 2007-04-02 18:44:11 77,824 ------w c:\winnt\ServicePackFiles\i386\obemtllc.dll
    + 2008-04-14 00:10:30 86,016 ------w c:\winnt\ServicePackFiles\i386\obepopc.dll
    - 2004-08-04 07:56:44 285,696 ------w c:\winnt\ServicePackFiles\i386\objsel.dll
    + 2008-04-14 00:12:02 286,208 ------w c:\winnt\ServicePackFiles\i386\objsel.dll
    - 2004-08-04 07:56:22 405,504 ------w c:\winnt\ServicePackFiles\i386\obrb041b.dll
    + 2008-04-13 18:40:52 405,504 ------w c:\winnt\ServicePackFiles\i386\obrb041b.dll
    - 2004-08-04 07:56:22 408,576 ------w c:\winnt\ServicePackFiles\i386\obrb0424.dll
    + 2008-04-13 18:40:56 408,576 ------w c:\winnt\ServicePackFiles\i386\obrb0424.dll
    - 2004-08-04 07:56:44 96,256 ------w c:\winnt\ServicePackFiles\i386\occache.dll
    + 2008-04-14 00:12:02 96,256 ------w c:\winnt\ServicePackFiles\i386\occache.dll
    - 2004-08-04 07:56:44 15,872 ------w c:\winnt\ServicePackFiles\i386\ocgen.dll
    + 2008-04-14 00:12:02 15,360 ------w c:\winnt\ServicePackFiles\i386\ocgen.dll
    + 2008-04-14 00:12:02 67,584 ------w c:\winnt\ServicePackFiles\i386\ocmanage.dll
    - 2004-08-04 07:56:44 17,408 ------w c:\winnt\ServicePackFiles\i386\ocmsn.dll
    + 2008-04-14 00:12:02 17,408 ------w c:\winnt\ServicePackFiles\i386\ocmsn.dll
    - 2004-08-04 07:56:44 249,856 ------w c:\winnt\ServicePackFiles\i386\odbc32.dll
    + 2008-04-14 00:12:02 249,856 ------w c:\winnt\ServicePackFiles\i386\odbc32.dll
    - 2004-08-04 07:56:44 16,384 ------w c:\winnt\ServicePackFiles\i386\odbc32gt.dll
    + 2008-04-14 00:12:02 16,384 ------w c:\winnt\ServicePackFiles\i386\odbc32gt.dll
    - 2004-08-04 07:56:54 32,768 ------w c:\winnt\ServicePackFiles\i386\odbcad32.exe
    + 2008-04-14 00:12:30 32,768 ------w c:\winnt\ServicePackFiles\i386\odbcad32.exe
    - 2004-08-04 07:56:44 24,576 ------w c:\winnt\ServicePackFiles\i386\odbcbcp.dll
    + 2008-04-14 00:12:02 24,576 ------w c:\winnt\ServicePackFiles\i386\odbcbcp.dll
    - 2004-08-04 07:56:44 135,168 ------w c:\winnt\ServicePackFiles\i386\odbcconf.dll
    + 2008-04-14 00:12:02 135,168 ------w c:\winnt\ServicePackFiles\i386\odbcconf.dll
    - 2004-08-04 07:56:54 69,632 ------w c:\winnt\ServicePackFiles\i386\odbcconf.exe
    + 2008-04-14 00:12:30 69,632 ------w c:\winnt\ServicePackFiles\i386\odbcconf.exe
    - 2004-08-04 07:56:44 106,496 ------w c:\winnt\ServicePackFiles\i386\odbccp32.dll
    + 2008-04-14 00:12:02 106,496 ------w c:\winnt\ServicePackFiles\i386\odbccp32.dll
    - 2004-08-04 07:56:44 65,536 ------w c:\winnt\ServicePackFiles\i386\odbccr32.dll
    + 2008-04-14 00:12:02 65,536 ------w c:\winnt\ServicePackFiles\i386\odbccr32.dll
    - 2004-08-04 07:56:44 65,536 ------w c:\winnt\ServicePackFiles\i386\odbccu32.dll
    + 2008-04-14 00:12:02 65,536 ------w c:\winnt\ServicePackFiles\i386\odbccu32.dll
    - 2004-08-04 07:56:22 94,208 ------w c:\winnt\ServicePackFiles\i386\odbcint.dll
    + 2008-04-13 17:26:05 94,208 ------w c:\winnt\ServicePackFiles\i386\odbcint.dll
    - 2004-08-04 07:56:22 53,279 ------w c:\winnt\ServicePackFiles\i386\odbcji32.dll
    + 2008-04-14 00:10:31 53,279 ------w c:\winnt\ServicePackFiles\i386\odbcji32.dll
    - 2004-08-04 07:56:44 278,559 ------w c:\winnt\ServicePackFiles\i386\odbcjt32.dll
    + 2008-04-14 00:12:02 278,559 ------w c:\winnt\ServicePackFiles\i386\odbcjt32.dll
    - 2004-08-04 07:56:22 12,288 ------w c:\winnt\ServicePackFiles\i386\odbcp32r.dll
    + 2008-04-13 17:26:05 12,288 ------w c:\winnt\ServicePackFiles\i386\odbcp32r.dll
    - 2004-08-04 07:56:44 147,456 ------w c:\winnt\ServicePackFiles\i386\odbctrac.dll
    + 2008-04-14 00:12:02 147,456 ------w c:\winnt\ServicePackFiles\i386\odbctrac.dll
    - 2004-08-04 07:56:44 20,511 ------w c:\winnt\ServicePackFiles\i386\oddbse32.dll
    + 2008-04-14 00:12:02 20,511 ------w c:\winnt\ServicePackFiles\i386\oddbse32.dll
    - 2004-08-04 07:56:44 20,510 ------w c:\winnt\ServicePackFiles\i386\odexl32.dll
    + 2008-04-14 00:12:02 20,510 ------w c:\winnt\ServicePackFiles\i386\odexl32.dll
    - 2004-08-04 07:56:44 20,510 ------w c:\winnt\ServicePackFiles\i386\odfox32.dll
    + 2008-04-14 00:12:02 20,510 ------w c:\winnt\ServicePackFiles\i386\odfox32.dll
    - 2004-08-04 07:56:44 20,510 ------w c:\winnt\ServicePackFiles\i386\odpdx32.dll
    + 2008-04-14 00:12:02 20,510 ------w c:\winnt\ServicePackFiles\i386\odpdx32.dll
    - 2004-08-04 07:56:44 20,511 ------w c:\winnt\ServicePackFiles\i386\odtext32.dll
    + 2008-04-14 00:12:02 20,511 ------w c:\winnt\ServicePackFiles\i386\odtext32.dll
    - 2004-08-04 07:56:44 104,448 ------w c:\winnt\ServicePackFiles\i386\oeimport.dll
    + 2008-04-14 00:12:02 104,448 ------w c:\winnt\ServicePackFiles\i386\oeimport.dll
    - 2004-08-04 07:56:54 60,416 ------w c:\winnt\ServicePackFiles\i386\oemig50.exe
    + 2008-04-14 00:12:30 60,416 ------w c:\winnt\ServicePackFiles\i386\oemig50.exe
    - 2004-08-04 07:56:44 35,328 ------w c:\winnt\ServicePackFiles\i386\oemiglib.dll
    + 2008-04-14 00:12:02 35,328 ------w c:\winnt\ServicePackFiles\i386\oemiglib.dll
    - 2004-08-04 07:56:44 120,832 ------w c:\winnt\ServicePackFiles\i386\offfilt.dll
    + 2008-04-14 00:12:02 192,000 ------w c:\winnt\ServicePackFiles\i386\offfilt.dll
    - 2004-08-04 06:10:08 61,056 ------w c:\winnt\ServicePackFiles\i386\ohci1394.sys
    + 2008-04-13 18:46:18 61,696 ------w c:\winnt\ServicePackFiles\i386\ohci1394.sys
    - 2004-08-04 07:56:44 1,281,536 ------w c:\winnt\ServicePackFiles\i386\ole32.dll
    + 2008-04-14 00:12:02 1,287,168 ------w c:\winnt\ServicePackFiles\i386\ole32.dll
    - 2004-08-04 07:56:44 553,472 ------w c:\winnt\ServicePackFiles\i386\oleaut32.dll
    + 2008-04-14 00:12:02 551,936 ------w c:\winnt\ServicePackFiles\i386\oleaut32.dll
    + 2008-04-14 00:12:02 74,752 ------w c:\winnt\ServicePackFiles\i386\olecli32.dll
    + 2008-04-14 00:12:02 37,376 ------w c:\winnt\ServicePackFiles\i386\olecnv32.dll
    - 2004-08-04 07:56:44 487,424 ------w c:\winnt\ServicePackFiles\i386\oledb32.dll
    + 2008-04-14 00:12:02 487,424 ------w c:\winnt\ServicePackFiles\i386\oledb32.dll
    - 2004-08-04 07:56:44 65,536 ------w c:\winnt\ServicePackFiles\i386\oledb32r.dll
    + 2008-04-14 00:12:02 65,536 ------w c:\winnt\ServicePackFiles\i386\oledb32r.dll
    + 2008-04-14 00:12:02 122,880 ------w c:\winnt\ServicePackFiles\i386\oledlg.dll
    - 2004-08-04 07:56:44 107,008 ------w c:\winnt\ServicePackFiles\i386\oleprn.dll
    + 2008-04-14 00:12:02 107,008 ------w c:\winnt\ServicePackFiles\i386\oleprn.dll
    - 2004-08-04 07:56:44 83,456 ------w c:\winnt\ServicePackFiles\i386\olepro32.dll
    + 2008-04-14 00:12:02 84,992 ------w c:\winnt\ServicePackFiles\i386\olepro32.dll
    + 2008-04-14 00:12:02 144,384 ------w c:\winnt\ServicePackFiles\i386\onex.dll
    - 2004-08-04 07:56:54 51,200 ------w c:\winnt\ServicePackFiles\i386\oobebaln.exe
    + 2008-04-14 00:12:31 51,200 ------w c:\winnt\ServicePackFiles\i386\oobebaln.exe
    - 2004-08-04 07:56:44 713,728 ------w c:\winnt\ServicePackFiles\i386\opengl32.dll
    + 2008-04-14 00:12:02 713,728 ------w c:\winnt\ServicePackFiles\i386\opengl32.dll
    - 2004-08-04 06:00:21 166,400 ------w c:\winnt\ServicePackFiles\i386\oschoice.exe
    + 2008-04-13 18:32:32 166,912 ------w c:\winnt\ServicePackFiles\i386\oschoice.exe
    - 2004-08-04 07:56:55 215,552 ------w c:\winnt\ServicePackFiles\i386\osk.exe
    + 2008-04-14 00:12:31 215,552 ------w c:\winnt\ServicePackFiles\i386\osk.exe
    - 2004-08-04 05:59:33 230,400 ------w c:\winnt\ServicePackFiles\i386\osloader.exe
    + 2008-04-13 18:31:43 230,400 ------w c:\winnt\ServicePackFiles\i386\osloader.exe
    - 2004-08-04 07:56:44 67,584 ------w c:\winnt\ServicePackFiles\i386\osuninst.dll
    + 2008-04-14 00:12:02 67,584 ------w c:\winnt\ServicePackFiles\i386\osuninst.dll
    - 2004-08-04 07:56:44 116,224 ------w c:\winnt\ServicePackFiles\i386\p2p.dll
    + 2008-04-14 00:12:02 153,600 ------w c:\winnt\ServicePackFiles\i386\p2p.dll
    - 2004-08-04 07:56:44 86,016 ------w c:\winnt\ServicePackFiles\i386\p2pgasvc.dll
    + 2008-04-14 00:12:02 105,472 ------w c:\winnt\ServicePackFiles\i386\p2pgasvc.dll
    - 2004-08-04 07:56:44 312,320 ------w c:\winnt\ServicePackFiles\i386\p2pgraph.dll
    + 2008-04-14 00:12:02 313,856 ------w c:\winnt\ServicePackFiles\i386\p2pgraph.dll
    - 2004-08-04 07:56:44 88,064 ------w c:\winnt\ServicePackFiles\i386\p2pnetsh.dll
    + 2008-04-14 00:12:02 115,712 ------w c:\winnt\ServicePackFiles\i386\p2pnetsh.dll
    - 2004-08-04 07:56:44 526,848 ------w c:\winnt\ServicePackFiles\i386\p2psvc.dll
    + 2008-04-14 00:12:02 554,496 ------w c:\winnt\ServicePackFiles\i386\p2psvc.dll
    - 2004-08-04 05:59:19 42,496 ------w c:\winnt\ServicePackFiles\i386\p3.sys
    + 2008-04-13 18:31:31 42,752 ------w c:\winnt\ServicePackFiles\i386\p3.sys
    - 2004-08-04 07:56:55 58,368 ------w c:\winnt\ServicePackFiles\i386\packager.exe
    + 2008-04-14 00:12:31 58,368 ------w c:\winnt\ServicePackFiles\i386\packager.exe
    - 2004-08-04 05:59:06 80,128 ------w c:\winnt\ServicePackFiles\i386\parport.sys
    + 2008-04-13 18:40:10 80,128 ------w c:\winnt\ServicePackFiles\i386\parport.sys
    + 2008-04-13 18:40:49 19,712 ------w c:\winnt\ServicePackFiles\i386\partmgr.sys
    - 2004-08-04 07:56:44 62,976 ------w c:\winnt\ServicePackFiles\i386\pautoenr.dll
    + 2008-04-14 00:12:02 67,584 ------w c:\winnt\ServicePackFiles\i386\pautoenr.dll
    - 2004-08-04 07:56:44 102,400 ------w c:\winnt\ServicePackFiles\i386\pchshell.dll
    + 2008-04-14 00:12:02 102,912 ------w c:\winnt\ServicePackFiles\i386\pchshell.dll
    - 2004-08-04 07:56:44 38,912 ------w c:\winnt\ServicePackFiles\i386\pchsvc.dll
    + 2008-04-14 00:12:02 38,400 ------w c:\winnt\ServicePackFiles\i386\pchsvc.dll
    - 2004-08-04 06:07:46 68,224 ------w c:\winnt\ServicePackFiles\i386\pci.sys
    + 2008-04-13 18:36:44 68,224 ------w c:\winnt\ServicePackFiles\i386\pci.sys
    - 2004-08-04 05:59:41 25,088 ------w c:\winnt\ServicePackFiles\i386\pciidex.sys
    + 2008-04-13 18:40:29 24,960 ------w c:\winnt\ServicePackFiles\i386\pciidex.sys
    + 2007-05-15 08:08:11 288,768 ------w c:\winnt\ServicePackFiles\i386\pcl4res.dll
    - 2004-08-04 07:56:23 676,864 ------w c:\winnt\ServicePackFiles\i386\pcl5eres.dll
    + 2007-05-15 08:08:13 1,058,816 ------w c:\winnt\ServicePackFiles\i386\pcl5eres.dll
    + 2007-05-15 08:08:14 1,057,280 ------w c:\winnt\ServicePackFiles\i386\pcl5ures.dll
    - 2004-08-04 07:56:23 169,472 ------w c:\winnt\ServicePackFiles\i386\pclxl.dll
    + 2007-05-15 08:08:14 207,872 ------w c:\winnt\ServicePackFiles\i386\pclxl.dll
    - 2004-08-04 06:07:46 119,936 ------w c:\winnt\ServicePackFiles\i386\pcmcia.sys
    + 2008-04-13 18:36:43 120,192 ------w c:\winnt\ServicePackFiles\i386\pcmcia.sys
    - 2004-08-04 07:56:44 283,648 ------w c:\winnt\ServicePackFiles\i386\pdh.dll
    + 2008-04-14 00:12:02 284,160 ------w c:\winnt\ServicePackFiles\i386\pdh.dll
    - 2004-08-04 07:56:44 39,936 ------w c:\winnt\ServicePackFiles\i386\perfctrs.dll
    + 2008-04-14 00:12:02 39,936 ------w c:\winnt\ServicePackFiles\i386\perfctrs.dll
    - 2004-08-04 07:56:44 26,624 ------w c:\winnt\ServicePackFiles\i386\perfdisk.dll
    + 2008-04-14 00:12:02 26,624 ------w c:\winnt\ServicePackFiles\i386\perfdisk.dll
    - 2004-08-04 07:56:55 15,872 ------w c:\winnt\ServicePackFiles\i386\perfmon.exe
    + 2008-04-14 00:12:31 15,872 ------w c:\winnt\ServicePackFiles\i386\perfmon.exe
    + 2008-04-14 00:12:02 17,920 ------w c:\winnt\ServicePackFiles\i386\perfnet.dll
    - 2004-08-04 07:56:44 25,088 ------w c:\winnt\ServicePackFiles\i386\perfos.dll
    + 2008-04-14 00:12:02 25,088 ------w c:\winnt\ServicePackFiles\i386\perfos.dll
    - 2004-08-04 07:56:44 34,816 ------w c:\winnt\ServicePackFiles\i386\perfproc.dll
    + 2008-04-14 00:12:02 34,816 ------w c:\winnt\ServicePackFiles\i386\perfproc.dll
    - 2004-08-04 06:06:55 27,904 ------w c:\winnt\ServicePackFiles\i386\perm2.sys
    + 2008-04-13 18:44:29 27,904 ------w c:\winnt\ServicePackFiles\i386\perm2.sys
    - 2004-08-04 07:56:23 211,712 ------w c:\winnt\ServicePackFiles\i386\perm2dll.dll
    + 2008-04-14 00:10:34 211,584 ------w c:\winnt\ServicePackFiles\i386\perm2dll.dll
    - 2004-08-04 06:06:56 28,032 ------w c:\winnt\ServicePackFiles\i386\perm3.sys
    + 2008-04-13 18:44:30 28,032 ------w c:\winnt\ServicePackFiles\i386\perm3.sys
    - 2004-08-04 07:56:23 259,328 ------w c:\winnt\ServicePackFiles\i386\perm3dd.dll
    + 2008-04-14 00:10:34 259,328 ------w c:\winnt\ServicePackFiles\i386\perm3dd.dll
    - 2004-08-04 07:56:44 176,128 ------w c:\winnt\ServicePackFiles\i386\photowiz.dll
    + 2008-04-14 00:12:02 176,128 ------w c:\winnt\ServicePackFiles\i386\photowiz.dll
    - 2004-08-04 07:56:44 35,328 ------w c:\winnt\ServicePackFiles\i386\pid.dll
    + 2008-04-14 00:12:02 35,328 ------w c:\winnt\ServicePackFiles\i386\pid.dll
    - 2004-08-04 06:04:41 24,064 ------w c:\winnt\ServicePackFiles\i386\pidgen.dll
    + 2008-04-13 18:35:22 24,064 ------w c:\winnt\ServicePackFiles\i386\pidgen.dll
    - 2004-08-04 07:56:55 281,088 ------w c:\winnt\ServicePackFiles\i386\pinball.exe
    + 2008-04-14 00:12:31 281,088 ------w c:\winnt\ServicePackFiles\i386\pinball.exe
    - 2004-08-04 07:56:55 17,920 ------w c:\winnt\ServicePackFiles\i386\ping.exe
    + 2008-04-14 00:12:31 17,920 ------w c:\winnt\ServicePackFiles\i386\ping.exe
    - 2004-08-04 07:56:44 15,360 ------w c:\winnt\ServicePackFiles\i386\pjlmon.dll
    + 2008-04-14 00:12:02 15,360 ------w c:\winnt\ServicePackFiles\i386\pjlmon.dll
    - 2004-08-04 07:56:44 44,544 ------w c:\winnt\ServicePackFiles\i386\plotter.dll
    + 2008-04-14 00:12:02 44,544 ------w c:\winnt\ServicePackFiles\i386\plotter.dll
    - 2004-08-04 07:56:44 52,736 ------w c:\winnt\ServicePackFiles\i386\plotui.dll
    + 2008-04-14 00:12:02 52,736 ------w c:\winnt\ServicePackFiles\i386\plotui.dll
    + 2008-04-14 00:12:02 412,160 ------w c:\winnt\ServicePackFiles\i386\pmh.dll
    - 2004-08-04 07:56:44 39,424 ------w c:\winnt\ServicePackFiles\i386\pngfilt.dll
    + 2008-04-14 00:12:02 39,424 ------w c:\winnt\ServicePackFiles\i386\pngfilt.dll
    - 2004-08-04 07:56:44 48,640 ------w c:\winnt\ServicePackFiles\i386\pnrpnsp.dll
    + 2008-04-14 00:12:02 58,880 ------w c:\winnt\ServicePackFiles\i386\pnrpnsp.dll
    - 2004-08-04 07:56:44 105,472 ------w c:\winnt\ServicePackFiles\i386\polstore.dll
    + 2008-04-14 00:12:02 105,472 ------w c:\winnt\ServicePackFiles\i386\polstore.dll
    - 2004-08-04 06:15:49 145,792 ------w c:\winnt\ServicePackFiles\i386\portcls.sys
    + 2008-04-13 19:19:41 146,048 ------w c:\winnt\ServicePackFiles\i386\portcls.sys
    - 2004-08-04 07:56:55 49,152 ------w c:\winnt\ServicePackFiles\i386\powercfg.exe
    + 2008-04-14 00:12:31 49,152 ------w c:\winnt\ServicePackFiles\i386\powercfg.exe
    + 2008-04-13 18:40:56 8,832 ------w c:\winnt\ServicePackFiles\i386\powerfil.sys
    - 2004-08-04 07:56:44 17,408 ------w c:\winnt\ServicePackFiles\i386\powrprof.dll
    + 2008-04-14 00:12:03 17,408 ------w c:\winnt\ServicePackFiles\i386\powrprof.dll
    - 2004-08-04 06:00:16 17,664 ------w c:\winnt\ServicePackFiles\i386\ppa3.sys
    + 2008-04-13 18:41:00 17,664 ------w c:\winnt\ServicePackFiles\i386\ppa3.sys
    - 2004-08-04 07:56:44 560,640 ------w c:\winnt\ServicePackFiles\i386\printui.dll
    + 2008-04-14 00:12:03 560,640 ------w c:\winnt\ServicePackFiles\i386\printui.dll
    - 2004-08-04 05:59:17 35,328 ------w c:\winnt\ServicePackFiles\i386\processr.sys
    + 2008-04-13 18:31:30 35,840 ------w c:\winnt\ServicePackFiles\i386\processr.sys
    - 2004-08-04 07:56:44 27,648 ------w c:\winnt\ServicePackFiles\i386\profmap.dll
    + 2008-04-14 00:12:03 27,648 ------w c:\winnt\ServicePackFiles\i386\profmap.dll
    - 2004-08-04 07:56:55 109,568 ------w c:\winnt\ServicePackFiles\i386\progman.exe
    + 2008-04-14 00:12:31 109,568 ------w c:\winnt\ServicePackFiles\i386\progman.exe
    - 2004-08-04 07:56:55 50,176 ------w c:\winnt\ServicePackFiles\i386\proquota.exe
    + 2008-04-14 00:12:32 50,176 ------w c:\winnt\ServicePackFiles\i386\proquota.exe
    - 2004-08-04 07:56:44 237,056 ------w c:\winnt\ServicePackFiles\i386\provthrd.dll
    + 2008-04-14 00:12:03 237,056 ------w c:\winnt\ServicePackFiles\i386\provthrd.dll
    - 2004-08-04 07:56:55 9,216 ------w c:\winnt\ServicePackFiles\i386\proxycfg.exe
    + 2008-04-14 00:12:32 9,216 ------w c:\winnt\ServicePackFiles\i386\proxycfg.exe
    - 2004-08-04 07:56:44 132,608 ------w c:\winnt\ServicePackFiles\i386\ps5ui.dll
    + 2008-04-14 00:12:03 728,576 ------w c:\winnt\ServicePackFiles\i386\ps5ui.dll
    - 2004-08-04 07:56:44 23,040 ------w c:\winnt\ServicePackFiles\i386\psapi.dll
    + 2008-04-14 00:12:03 23,040 ------w c:\winnt\ServicePackFiles\i386\psapi.dll
    - 2004-08-04 07:56:44 96,768 ------w c:\winnt\ServicePackFiles\i386\psbase.dll
    + 2008-04-14 00:12:03 96,768 ------w c:\winnt\ServicePackFiles\i386\psbase.dll
    - 2004-08-04 06:04:19 69,120 ------w c:\winnt\ServicePackFiles\i386\psched.sys
    + 2008-04-13 18:56:38 69,120 ------w c:\winnt\ServicePackFiles\i386\psched.sys
    - 2004-08-04 07:56:44 464,384 ------w c:\winnt\ServicePackFiles\i386\pscript5.dll
    + 2008-04-14 00:12:03 543,232 ------w c:\winnt\ServicePackFiles\i386\pscript5.dll
    - 2004-08-04 07:56:44 363,520 ------w c:\winnt\ServicePackFiles\i386\psisdecd.dll
    + 2008-04-14 00:12:03 363,520 ------w c:\winnt\ServicePackFiles\i386\psisdecd.dll
    - 2004-08-04 07:56:44 43,520 ------w c:\winnt\ServicePackFiles\i386\pstorec.dll
    + 2008-04-14 00:12:03 43,520 ------w c:\winnt\ServicePackFiles\i386\pstorec.dll
    - 2004-08-04 07:56:44 34,304 ------w c:\winnt\ServicePackFiles\i386\pstorsvc.dll
    + 2008-04-14 00:12:03 34,304 ------w c:\winnt\ServicePackFiles\i386\pstorsvc.dll
    - 2004-08-04 07:56:44 159,232 ------w c:\winnt\ServicePackFiles\i386\ptpusd.dll
    + 2008-04-14 00:12:03 159,232 ------w c:\winnt\ServicePackFiles\i386\ptpusd.dll
    + 2008-04-14 00:12:03 150,528 ------w c:\winnt\ServicePackFiles\i386\qagent.dll
    + 2008-04-14 00:12:03 291,328 ------w c:\winnt\ServicePackFiles\i386\qagentrt.dll
    - 2004-08-04 07:56:44 237,568 ------w c:\winnt\ServicePackFiles\i386\qasf.dll
    + 2008-04-14 00:12:03 237,568 ------w c:\winnt\ServicePackFiles\i386\qasf.dll
    - 2004-08-04 07:56:44 192,512 ------w c:\winnt\ServicePackFiles\i386\qcap.dll
    + 2008-04-14 00:12:03 192,512 ------w c:\winnt\ServicePackFiles\i386\qcap.dll
    + 2008-04-14 00:12:03 62,464 ------w c:\winnt\ServicePackFiles\i386\qcliprov.dll
    - 2004-08-04 07:56:44 279,040 ------w c:\winnt\ServicePackFiles\i386\qdv.dll
    + 2008-04-14 00:12:03 279,040 ------w c:\winnt\ServicePackFiles\i386\qdv.dll
    - 2004-08-04 07:56:44 385,024 ------w c:\winnt\ServicePackFiles\i386\qdvd.dll
    + 2008-04-14 00:12:03 386,048 ------w c:\winnt\ServicePackFiles\i386\qdvd.dll
    - 2004-08-04 07:56:44 562,176 ------w c:\winnt\ServicePackFiles\i386\qedit.dll
    + 2008-04-14 00:12:03 562,176 ------w c:\winnt\ServicePackFiles\i386\qedit.dll
    - 2004-08-04 07:56:24 733,696 ------w c:\winnt\ServicePackFiles\i386\qedwipes.dll
    + 2008-04-13 17:21:32 733,696 ------w c:\winnt\ServicePackFiles\i386\qedwipes.dll
    - 2004-08-04 06:00:05 6,016 ------w c:\winnt\ServicePackFiles\i386\qic157.sys
    + 2008-04-13 18:40:52 6,016 ------w c:\winnt\ServicePackFiles\i386\qic157.sys
    - 2004-08-04 07:56:44 382,464 ------w c:\winnt\ServicePackFiles\i386\qmgr.dll
    + 2008-04-14 00:12:03 409,088 ------w c:\winnt\ServicePackFiles\i386\qmgr.dll
    - 2004-08-04 07:56:44 18,944 ------w c:\winnt\ServicePackFiles\i386\qmgrprxy.dll
    + 2008-04-14 00:12:03 18,944 ------w c:\winnt\ServicePackFiles\i386\qmgrprxy.dll
    - 2004-08-04 07:56:55 20,480 ------w c:\winnt\ServicePackFiles\i386\qprocess.exe
    + 2008-04-14 00:12:32 19,968 ------w c:\winnt\ServicePackFiles\i386\qprocess.exe
    - 2004-08-04 07:56:44 1,287,680 ------w c:\winnt\ServicePackFiles\i386\quartz.dll
    + 2008-04-14 00:12:03 1,288,192 ------w c:\winnt\ServicePackFiles\i386\quartz.dll
    - 2004-08-04 07:56:44 1,435,648 ------w c:\winnt\ServicePackFiles\i386\query.dll
    + 2008-04-14 00:12:03 1,435,648 ------w c:\winnt\ServicePackFiles\i386\query.dll
    + 2008-04-14 00:12:03 76,800 ------w c:\winnt\ServicePackFiles\i386\qutil.dll
    - 2004-08-04 07:56:44 43,520 ------w c:\winnt\ServicePackFiles\i386\racpldlg.dll
    + 2008-04-14 00:12:03 43,520 ------w c:\winnt\ServicePackFiles\i386\racpldlg.dll
    - 2004-08-04 06:00:51 20,736 ------w c:\winnt\ServicePackFiles\i386\ramdisk.sys
    + 2008-04-13 18:41:23 20,736 ------w c:\winnt\ServicePackFiles\i386\ramdisk.sys
    - 2004-08-04 07:56:44 8,192 ------w c:\winnt\ServicePackFiles\i386\rasadhlp.dll
    + 2008-04-14 00:12:03 7,680 ------w c:\winnt\ServicePackFiles\i386\rasadhlp.dll
    - 2004-08-04 07:56:44 236,544 ------w c:\winnt\ServicePackFiles\i386\rasapi32.dll
    + 2008-04-14 00:12:03 237,056 ------w c:\winnt\ServicePackFiles\i386\rasapi32.dll
    - 2004-08-04 07:56:44 89,088 ------w c:\winnt\ServicePackFiles\i386\rasauto.dll
    + 2008-04-14 00:12:03 88,576 ------w c:\winnt\ServicePackFiles\i386\rasauto.dll
    - 2004-08-04 07:56:44 69,632 ------w c:\winnt\ServicePackFiles\i386\raschap.dll
    + 2008-04-14 00:12:03 79,872 ------w c:\winnt\ServicePackFiles\i386\raschap.dll
    - 2004-08-04 07:56:44 657,920 ------w c:\winnt\ServicePackFiles\i386\rasdlg.dll
    + 2008-04-14 00:12:03 658,432 ------w c:\winnt\ServicePackFiles\i386\rasdlg.dll
    - 2004-08-04 06:14:22 51,328 ------w c:\winnt\ServicePackFiles\i386\rasl2tp.sys
    + 2008-04-13 19:19:43 51,328 ------w c:\winnt\ServicePackFiles\i386\rasl2tp.sys
    - 2004-08-04 07:56:44 61,440 ------w c:\winnt\ServicePackFiles\i386\rasman.dll
    + 2008-04-14 00:12:03 61,440 ------w c:\winnt\ServicePackFiles\i386\rasman.dll
    - 2004-08-04 07:56:44 174,080 ------w c:\winnt\ServicePackFiles\i386\rasmans.dll
    + 2008-04-14 00:12:03 186,368 ------w c:\winnt\ServicePackFiles\i386\rasmans.dll
    - 2004-08-04 07:56:55 56,832 ------w c:\winnt\ServicePackFiles\i386\rasphone.exe
    + 2008-04-14 00:12:32 56,832 ------w c:\winnt\ServicePackFiles\i386\rasphone.exe
    - 2004-08-04 07:56:44 206,336 ------w c:\winnt\ServicePackFiles\i386\rasppp.dll
    + 2008-04-14 00:12:03 210,944 ------w c:\winnt\ServicePackFiles\i386\rasppp.dll
    - 2004-08-04 06:05:07 41,472 ------w c:\winnt\ServicePackFiles\i386\raspppoe.sys
    + 2008-04-13 18:57:32 41,472 ------w c:\winnt\ServicePackFiles\i386\raspppoe.sys
    - 2004-08-04 06:14:26 48,384 ------w c:\winnt\ServicePackFiles\i386\raspptp.sys
    + 2008-04-13 19:19:48 48,384 ------w c:\winnt\ServicePackFiles\i386\raspptp.sys
    + 2008-04-14 00:12:03 61,952 ------w c:\winnt\ServicePackFiles\i386\rasqec.dll
    - 2004-08-04 07:56:44 16,896 ------w c:\winnt\ServicePackFiles\i386\rassapi.dll
    + 2008-04-14 00:12:03 16,384 ------w c:\winnt\ServicePackFiles\i386\rassapi.dll
    - 2004-08-04 07:56:44 58,880 ------w c:\winnt\ServicePackFiles\i386\rastapi.dll
    + 2008-04-14 00:12:03 58,368 ------w c:\winnt\ServicePackFiles\i386\rastapi.dll
    - 2004-08-04 07:56:44 112,128 ------w c:\winnt\ServicePackFiles\i386\rastls.dll
    + 2008-04-14 00:12:03 150,016 ------w c:\winnt\ServicePackFiles\i386\rastls.dll
    - 2004-08-04 07:56:44 102,400 ------w c:\winnt\ServicePackFiles\i386\rcbdyctl.dll
    + 2008-04-14 00:12:03 102,400 ------w c:\winnt\ServicePackFiles\i386\rcbdyctl.dll
    - 2004-08-04 07:56:55 35,840 ------w c:\winnt\ServicePackFiles\i386\rcimlby.exe
    + 2008-04-14 00:12:32 35,840 ------w c:\winnt\ServicePackFiles\i386\rcimlby.exe
    - 2004-08-04 07:56:55 21,504 ------w c:\winnt\ServicePackFiles\i386\rcp.exe
    + 2008-04-14 00:12:32 21,504 ------w c:\winnt\ServicePackFiles\i386\rcp.exe
    - 2004-08-04 06:20:06 176,512 ------w c:\winnt\ServicePackFiles\i386\rdbss.sys
    + 2008-04-13 19:28:39 175,744 ------w c:\winnt\ServicePackFiles\i386\rdbss.sys
    - 2004-08-04 07:56:44 147,968 ------w c:\winnt\ServicePackFiles\i386\rdchost.dll
    + 2008-04-14 00:12:03 147,968 ------w c:\winnt\ServicePackFiles\i386\rdchost.dll
    - 2004-08-04 07:56:55 62,464 ------w c:\winnt\ServicePackFiles\i386\rdpclip.exe
    + 2008-04-14 00:12:32 62,976 ------w c:\winnt\ServicePackFiles\i386\rdpclip.exe
    - 2004-08-04 08:01:07 92,168 ------w c:\winnt\ServicePackFiles\i386\rdpdd.dll
    + 2008-04-14 00:13:22 92,424 ------w c:\winnt\ServicePackFiles\i386\rdpdd.dll
    - 2004-08-04 06:01:15 196,864 ------w c:\winnt\ServicePackFiles\i386\rdpdr.sys
    + 2008-04-13 18:32:51 196,224 ------w c:\winnt\ServicePackFiles\i386\rdpdr.sys
    - 2004-08-04 07:56:44 19,968 ------w c:\winnt\ServicePackFiles\i386\rdpsnd.dll
    + 2008-04-14 00:12:04 19,968 ------w c:\winnt\ServicePackFiles\i386\rdpsnd.dll
    - 2004-08-04 08:01:08 139,400 ------w c:\winnt\ServicePackFiles\i386\rdpwd.sys
    + 2008-04-14 00:13:22 139,656 ------w c:\winnt\ServicePackFiles\i386\rdpwd.sys
    - 2004-08-04 08:01:08 87,176 ------w c:\winnt\ServicePackFiles\i386\rdpwsx.dll
    + 2008-04-14 00:13:22 87,176 ------w c:\winnt\ServicePackFiles\i386\rdpwsx.dll
    - 2004-08-04 07:56:55 13,824 ------w c:\winnt\ServicePackFiles\i386\rdsaddin.exe
    + 2008-04-14 00:12:32 13,824 ------w c:\winnt\ServicePackFiles\i386\rdsaddin.exe
    - 2004-08-04 07:56:55 67,072 ------w c:\winnt\ServicePackFiles\i386\rdshost.exe
    + 2008-04-14 00:12:32 67,072 ------w c:\winnt\ServicePackFiles\i386\rdshost.exe
    - 2004-08-04 05:59:37 57,472 ------w c:\winnt\ServicePackFiles\i386\redbook.sys
    + 2008-04-13 18:40:27 57,600 ------w c:\winnt\ServicePackFiles\i386\redbook.sys
    - 2004-08-04 07:56:55 50,176 ------w c:\winnt\ServicePackFiles\i386\reg.exe
    + 2008-04-14 00:12:32 50,176 ------w c:\winnt\ServicePackFiles\i386\reg.exe
    - 2004-08-04 07:56:44 49,664 ------w c:\winnt\ServicePackFiles\i386\regapi.dll
    + 2008-04-14 00:12:04 49,664 ------w c:\winnt\ServicePackFiles\i386\regapi.dll
    - 2004-08-04 07:56:55 146,432 ------w c:\winnt\ServicePackFiles\i386\regedit.exe
    + 2008-04-14 00:12:32 146,432 ------w c:\winnt\ServicePackFiles\i386\regedit.exe
    - 2004-08-04 07:56:44 59,904 ------w c:\winnt\ServicePackFiles\i386\regsvc.dll
    + 2008-04-14 00:12:04 59,904 ------w c:\winnt\ServicePackFiles\i386\regsvc.dll
    - 2004-08-04 07:56:55 11,776 ------w c:\winnt\ServicePackFiles\i386\regsvr32.exe
    + 2008-04-14 00:12:32 11,776 ------w c:\winnt\ServicePackFiles\i386\regsvr32.exe
    - 2004-08-04 07:56:44 397,824 ------w c:\winnt\ServicePackFiles\i386\regwizc.dll
    + 2008-04-14 00:12:04 397,824 ------w c:\winnt\ServicePackFiles\i386\regwizc.dll
    - 2004-08-04 07:56:44 60,416 ------w c:\winnt\ServicePackFiles\i386\remotepg.dll
    + 2008-04-14 00:12:04 60,416 ------w c:\winnt\ServicePackFiles\i386\remotepg.dll
    - 2004-08-04 07:56:44 177,152 ------w c:\winnt\ServicePackFiles\i386\repdrvfs.dll
    + 2008-04-14 00:12:04 178,176 ------w c:\winnt\ServicePackFiles\i386\repdrvfs.dll
    - 2004-08-04 07:56:44 58,880 ------w c:\winnt\ServicePackFiles\i386\resutils.dll
    + 2008-04-14 00:12:04 58,880 ------w c:\winnt\ServicePackFiles\i386\resutils.dll
    - 2004-08-04 07:56:55 13,824 ------w c:\winnt\ServicePackFiles\i386\rexec.exe
    + 2008-04-14 00:12:33 13,824 ------w c:\winnt\ServicePackFiles\i386\rexec.exe
    - 2004-08-04 06:10:39 59,648 ------w c:\winnt\ServicePackFiles\i386\rfcomm.sys
    + 2008-04-13 18:46:32 59,136 ------w c:\winnt\ServicePackFiles\i386\rfcomm.sys
    + 2008-04-14 00:12:04 290,304 ------w c:\winnt\ServicePackFiles\i386\rhttpaa.dll
    - 2004-08-04 07:56:44 123,392 ------w c:\winnt\ServicePackFiles\i386\riafres.dll
    + 2008-04-14 00:12:04 123,392 ------w c:\winnt\ServicePackFiles\i386\riafres.dll
    - 2004-08-04 07:56:44 11,776 ------w c:\winnt\ServicePackFiles\i386\riafui1.dll
    + 2008-04-14 00:12:04 11,776 ------w c:\winnt\ServicePackFiles\i386\riafui1.dll
    - 2004-08-04 07:56:44 11,776 ------w c:\winnt\ServicePackFiles\i386\riafui2.dll
    + 2008-04-14 00:12:04 11,776 ------w c:\winnt\ServicePackFiles\i386\riafui2.dll
    - 2004-08-04 07:56:44 431,616 ------w c:\winnt\ServicePackFiles\i386\riched20.dll
    + 2008-04-14 00:12:04 433,664 ------w c:\winnt\ServicePackFiles\i386\riched20.dll
    + 2008-04-13 18:55:08 202,624 ------w c:\winnt\ServicePackFiles\i386\rmcast.sys
    - 2004-08-04 06:04:31 30,080 ------w c:\winnt\ServicePackFiles\i386\rndismp.sys
    + 2008-04-13 18:56:49 30,592 ------w c:\winnt\ServicePackFiles\i386\rndismp.sys
    - 2004-08-04 06:04:31 30,080 ------w c:\winnt\ServicePackFiles\i386\rndismpx.sys
    + 2008-04-13 18:56:49 30,592 ------w c:\winnt\ServicePackFiles\i386\rndismpx.sys
    - 2004-08-04 05:59:10 79,104 ------w c:\winnt\ServicePackFiles\i386\rocket.sys
    + 2008-04-13 18:40:14 79,104 ------w c:\winnt\ServicePackFiles\i386\rocket.sys
    - 2004-08-04 07:56:44 581,120 ------w c:\winnt\ServicePackFiles\i386\rpcrt4.dll
    + 2008-04-14 00:12:04 584,704 ------w c:\winnt\ServicePackFiles\i386\rpcrt4.dll
    - 2004-08-04 07:56:44 395,776 ------w c:\winnt\ServicePackFiles\i386\rpcss.dll
    + 2008-04-14 00:12:04 399,360 ------w c:\winnt\ServicePackFiles\i386\rpcss.dll
    - 2004-08-04 07:56:44 61,440 ------w c:\winnt\ServicePackFiles\i386\rrcm.dll
    + 2008-04-14 00:12:04 61,440 ------w c:\winnt\ServicePackFiles\i386\rrcm.dll
    - 2004-08-04 05:31:43 152,576 ------w c:\winnt\ServicePackFiles\i386\rsaenh.dll
    + 2008-04-13 17:37:57 208,384 ------w c:\winnt\ServicePackFiles\i386\rsaenh.dll
    - 2004-08-04 07:56:55 14,848 ------w c:\winnt\ServicePackFiles\i386\rsh.exe
    + 2008-04-14 00:12:33 14,848 ------w c:\winnt\ServicePackFiles\i386\rsh.exe
    - 2004-08-04 07:56:44 39,936 ------w c:\winnt\ServicePackFiles\i386\rshx32.dll
    + 2008-04-14 00:12:04 39,936 ------w c:\winnt\ServicePackFiles\i386\rshx32.dll
    - 2004-08-04 07:56:44 18,944 ------w c:\winnt\ServicePackFiles\i386\rsmps.dll
    + 2008-04-14 00:12:04 18,944 ------w c:\winnt\ServicePackFiles\i386\rsmps.dll
    - 2004-08-04 07:56:55 380,416 ------w c:\winnt\ServicePackFiles\i386\rstrui.exe
    + 2008-04-14 00:12:33 380,416 ------w c:\winnt\ServicePackFiles\i386\rstrui.exe
    + 2008-04-14 00:12:04 92,672 ------w c:\winnt\ServicePackFiles\i386\rsvpsp.dll
    - 2004-08-04 07:56:55 77,312 ------w c:\winnt\ServicePackFiles\i386\rtcshare.exe
    + 2008-04-14 00:12:33 77,312 ------w c:\winnt\ServicePackFiles\i386\rtcshare.exe
    - 2004-08-04 07:56:44 31,744 ------w c:\winnt\ServicePackFiles\i386\rtipxmib.dll
    + 2008-04-14 00:12:04 31,744 ------w c:\winnt\ServicePackFiles\i386\rtipxmib.dll
    - 2004-08-04 07:56:44 44,032 ------w c:\winnt\ServicePackFiles\i386\rtutils.dll
    + 2008-04-14 00:12:04 44,032 ------w c:\winnt\ServicePackFiles\i386\rtutils.dll
    - 2004-08-04 07:56:55 33,280 ------w c:\winnt\ServicePackFiles\i386\rundll32.exe
    + 2008-04-14 00:12:33 33,280 ------w c:\winnt\ServicePackFiles\i386\rundll32.exe
    - 2004-08-04 07:56:55 14,336 ------w c:\winnt\ServicePackFiles\i386\runonce.exe
    + 2008-04-14 00:12:33 14,336 ------w c:\winnt\ServicePackFiles\i386\runonce.exe
    + 2008-04-14 00:12:04 27,648 ------w c:\winnt\ServicePackFiles\i386\rw001ext.dll
    + 2008-04-14 00:12:04 29,184 ------w c:\winnt\ServicePackFiles\i386\rw330ext.dll
    + 2008-04-14 00:12:04 27,648 ------w c:\winnt\ServicePackFiles\i386\rw430ext.dll
    + 2008-04-14 00:12:04 29,696 ------w c:\winnt\ServicePackFiles\i386\rw450ext.dll
    - 2004-08-04 07:56:44 397,056 ------w c:\winnt\ServicePackFiles\i386\s3gnb.dll
    + 2008-04-14 00:12:04 397,056 ------w c:\winnt\ServicePackFiles\i386\s3gnb.dll
    - 2004-08-04 07:56:44 43,520 ------w c:\winnt\ServicePackFiles\i386\safrcdlg.dll
    + 2008-04-14 00:12:04 43,520 ------w c:\winnt\ServicePackFiles\i386\safrcdlg.dll
    - 2004-08-04 07:56:44 29,696 ------w c:\winnt\ServicePackFiles\i386\safrdm.dll
    + 2008-04-14 00:12:04 29,696 ------w c:\winnt\ServicePackFiles\i386\safrdm.dll
    - 2004-08-04 07:56:44 45,568 ------w c:\winnt\ServicePackFiles\i386\safrslv.dll
    + 2008-04-14 00:12:04 45,568 ------w c:\winnt\ServicePackFiles\i386\safrslv.dll
    - 2004-08-04 07:56:44 64,000 ------w c:\winnt\ServicePackFiles\i386\samlib.dll
    + 2008-04-14 00:12:04 64,000 ------w c:\winnt\ServicePackFiles\i386\samlib.dll
    - 2004-08-04 07:56:44 415,744 ------w c:\winnt\ServicePackFiles\i386\samsrv.dll
    + 2008-04-14 00:12:04 415,744 ------w c:\winnt\ServicePackFiles\i386\samsrv.dll
    - 2004-08-04 07:56:44 741,376 ------w c:\winnt\ServicePackFiles\i386\sapi.dll
    + 2008-04-14 00:12:04 741,376 ------w c:\winnt\ServicePackFiles\i386\sapi.dll
    - 2004-08-04 07:56:55 13,312 ------w c:\winnt\ServicePackFiles\i386\savedump.exe
    + 2008-04-14 00:12:33 13,312 ------w c:\winnt\ServicePackFiles\i386\savedump.exe
    - 2004-08-04 07:56:44 270,848 ------w c:\winnt\ServicePackFiles\i386\sbe.dll
    + 2008-04-14 00:12:04 270,848 ------w c:\winnt\ServicePackFiles\i386\sbe.dll
    - 2004-08-04 07:56:44 159,232 ------w c:\winnt\ServicePackFiles\i386\sbeio.dll
    + 2008-04-14 00:12:04 159,232 ------w c:\winnt\ServicePackFiles\i386\sbeio.dll
    - 2004-08-04 05:59:56 43,136 ------w c:\winnt\ServicePackFiles\i386\sbp2port.sys
    + 2008-04-13 18:40:48 43,904 ------w c:\winnt\ServicePackFiles\i386\sbp2port.sys
    - 2004-08-04 07:56:44 69,632 ------w c:\winnt\ServicePackFiles\i386\scarddlg.dll
    + 2008-04-14 00:12:04 69,632 ------w c:\winnt\ServicePackFiles\i386\scarddlg.dll
    - 2004-08-04 07:56:55 95,744 ------w c:\winnt\ServicePackFiles\i386\scardsvr.exe
    + 2008-04-14 00:12:33 95,744 ------w c:\winnt\ServicePackFiles\i386\scardsvr.exe
    - 2004-08-04 07:56:44 171,008 ------w c:\winnt\ServicePackFiles\i386\sccsccp.dll
    + 2008-04-14 00:12:05 171,008 ------w c:\winnt\ServicePackFiles\i386\sccsccp.dll
    - 2004-08-04 07:56:44 180,224 ------w c:\winnt\ServicePackFiles\i386\scecli.dll
    + 2008-04-14 00:12:05 181,248 ------w c:\winnt\ServicePackFiles\i386\scecli.dll
    - 2004-08-04 07:56:44 313,856 ------w c:\winnt\ServicePackFiles\i386\scesrv.dll
    + 2008-04-14 00:12:05 314,880 ------w c:\winnt\ServicePackFiles\i386\scesrv.dll
    - 2004-08-04 07:56:44 144,896 ------w c:\winnt\ServicePackFiles\i386\schannel.dll
    + 2008-04-14 00:12:05 144,384 ------w c:\winnt\ServicePackFiles\i386\schannel.dll
    - 2004-08-04 07:56:44 190,976 ------w c:\winnt\ServicePackFiles\i386\schedsvc.dll
    + 2008-04-14 00:12:05 192,512 ------w c:\winnt\ServicePackFiles\i386\schedsvc.dll
    - 2004-08-04 07:56:44 20,992 ------w c:\winnt\ServicePackFiles\i386\sclgntfy.dll
    + 2008-04-14 00:12:05 20,480 ------w c:\winnt\ServicePackFiles\i386\sclgntfy.dll
    - 2004-08-04 07:56:55 36,864 ------w c:\winnt\ServicePackFiles\i386\scrcons.exe
    + 2008-04-14 00:12:34 36,352 ------w c:\winnt\ServicePackFiles\i386\scrcons.exe
    - 2004-08-04 07:56:44 202,752 ------w c:\winnt\ServicePackFiles\i386\script.dll
    + 2008-04-14 00:12:05 215,552 ------w c:\winnt\ServicePackFiles\i386\script.dll
    + 2008-04-14 00:12:05 199,680 ------w c:\winnt\ServicePackFiles\i386\scripta.dll
    - 2004-08-04 07:56:57 9,216 ------w c:\winnt\ServicePackFiles\i386\scrnsave.scr
    + 2008-04-14 00:12:43 9,216 ------w c:\winnt\ServicePackFiles\i386\scrnsave.scr
    - 2004-08-04 07:56:44 159,744 ------w c:\winnt\ServicePackFiles\i386\scrobj.dll
    + 2008-04-14 00:12:05 180,224 ------w c:\winnt\ServicePackFiles\i386\scrobj.dll
    - 2004-08-04 07:56:44 151,552 ------w c:\winnt\ServicePackFiles\i386\scrrun.dll
    + 2008-04-14 00:12:05 172,032 ------w c:\winnt\ServicePackFiles\i386\scrrun.dll
    - 2004-08-04 05:59:41 96,256 ------w c:\winnt\ServicePackFiles\i386\scsiport.sys
    + 2008-04-13 18:40:30 96,384 ------w c:\winnt\ServicePackFiles\i386\scsiport.sys
    + 2008-04-13 18:45:33 11,520 ------w c:\winnt\ServicePackFiles\i386\scsiscan.sys
    - 2004-08-04 07:56:55 77,312 ------w c:\winnt\ServicePackFiles\i386\sdbinst.exe
    + 2008-04-14 00:12:34 77,312 ------w c:\winnt\ServicePackFiles\i386\sdbinst.exe
    - 2004-08-04 06:07:47 67,584 ------w c:\winnt\ServicePackFiles\i386\sdbus.sys
    + 2008-04-13 18:36:44 79,232 ------w c:\winnt\ServicePackFiles\i386\sdbus.sys
    - 2004-08-04 07:56:44 29,184 ------w c:\winnt\ServicePackFiles\i386\sdhcinst.dll
    + 2008-04-14 00:12:05 29,184 ------w c:\winnt\ServicePackFiles\i386\sdhcinst.dll
    - 2004-07-17 18:36:36 27,440 ------w c:\winnt\ServicePackFiles\i386\secdrv.sys
    + 2007-11-13 10:25:53 20,480 ------w c:\winnt\ServicePackFiles\i386\secdrv.sys
    - 2004-08-04 07:56:44 18,944 ------w c:\winnt\ServicePackFiles\i386\seclogon.dll
    + 2008-04-14 00:12:05 18,944 ------w c:\winnt\ServicePackFiles\i386\seclogon.dll
    - 2004-08-04 07:56:44 55,808 ------w c:\winnt\ServicePackFiles\i386\secur32.dll
    + 2008-04-14 00:12:05 56,320 ------w c:\winnt\ServicePackFiles\i386\secur32.dll
    - 2004-08-04 07:56:44 5,632 ------w c:\winnt\ServicePackFiles\i386\security.dll
    + 2008-04-14 00:12:05 5,632 ------w c:\winnt\ServicePackFiles\i386\security.dll
    - 2004-08-04 07:56:44 29,184 ------w c:\winnt\ServicePackFiles\i386\sendcmsg.dll
    + 2008-04-14 00:12:05 29,184 ------w c:\winnt\ServicePackFiles\i386\sendcmsg.dll
    - 2004-08-04 07:56:44 55,296 ------w c:\winnt\ServicePackFiles\i386\sendmail.dll
    + 2008-04-14 00:12:05 54,784 ------w c:\winnt\ServicePackFiles\i386\sendmail.dll
    - 2004-08-04 07:56:44 38,912 ------w c:\winnt\ServicePackFiles\i386\sens.dll
    + 2008-04-14 00:12:05 39,424 ------w c:\winnt\ServicePackFiles\i386\sens.dll
    - 2004-08-04 07:56:44 6,656 ------w c:\winnt\ServicePackFiles\i386\sensapi.dll
    + 2008-04-14 00:12:05 7,168 ------w c:\winnt\ServicePackFiles\i386\sensapi.dll
    - 2004-08-04 05:59:07 15,488 ------w c:\winnt\ServicePackFiles\i386\serenum.sys
    + 2008-04-13 18:40:12 15,744 ------w c:\winnt\ServicePackFiles\i386\serenum.sys
    - 2004-08-04 06:15:52 64,896 ------w c:\winnt\ServicePackFiles\i386\serial.sys
    + 2008-04-13 19:15:45 64,512 ------w c:\winnt\ServicePackFiles\i386\serial.sys
    - 2004-08-04 07:56:44 56,320 ------w c:\winnt\ServicePackFiles\i386\servdeps.dll
    + 2008-04-14 00:12:05 56,320 ------w c:\winnt\ServicePackFiles\i386\servdeps.dll
    - 2004-08-04 07:56:55 108,032 ------w c:\winnt\ServicePackFiles\i386\services.exe
    + 2008-04-14 00:12:34 108,544 ------w c:\winnt\ServicePackFiles\i386\services.exe
    - 2004-08-04 07:56:56 140,800 ------w c:\winnt\ServicePackFiles\i386\sessmgr.exe
    + 2008-04-14 00:12:34 141,312 ------w c:\winnt\ServicePackFiles\i386\sessmgr.exe
    - 2004-08-04 07:56:56 31,232 ------w c:\winnt\ServicePackFiles\i386\sethc.exe
    + 2008-04-14 00:12:34 31,232 ------w c:\winnt\ServicePackFiles\i386\sethc.exe
    - 2004-08-04 07:56:56 23,040 ------w c:\winnt\ServicePackFiles\i386\setup.exe
    + 2008-04-14 00:12:34 23,040 ------w c:\winnt\ServicePackFiles\i386\setup.exe
    - 2004-08-04 07:56:56 73,216 ------w c:\winnt\ServicePackFiles\i386\setup50.exe
    + 2008-04-14 00:12:34 73,216 ------w c:\winnt\ServicePackFiles\i386\setup50.exe
    - 2004-08-04 07:56:46 983,552 ------w c:\winnt\ServicePackFiles\i386\setupapi.dll
    + 2008-04-14 12:42:06 985,088 ------w c:\winnt\ServicePackFiles\i386\setupapi.dll
    + 2008-04-14 00:12:35 32,768 ------w c:\winnt\ServicePackFiles\i386\setupn.exe
    - 2004-08-04 07:56:44 101,376 ------w c:\winnt\ServicePackFiles\i386\setupqry.dll
    + 2008-04-14 00:12:05 101,376 ------w c:\winnt\ServicePackFiles\i386\setupqry.dll
    - 2004-08-04 07:56:44 5,120 ------w c:\winnt\ServicePackFiles\i386\sfc.dll
    + 2008-04-14 00:12:05 5,120 ------w c:\winnt\ServicePackFiles\i386\sfc.dll
    - 2004-08-04 07:56:44 140,288 ------w c:\winnt\ServicePackFiles\i386\sfc_os.dll
    + 2008-04-14 00:12:05 140,288 ------w c:\winnt\ServicePackFiles\i386\sfc_os.dll
    - 2004-08-04 07:56:45 1,580,544 ------w c:\winnt\ServicePackFiles\i386\sfcfiles.dll
    + 2008-04-14 00:12:05 1,614,848 ------w c:\winnt\ServicePackFiles\i386\sfcfiles.dll
    - 2004-08-04 05:59:54 11,136 ------w c:\winnt\ServicePackFiles\i386\sffdisk.sys
    + 2008-04-13 18:40:47 11,904 ------w c:\winnt\ServicePackFiles\i386\sffdisk.sys
    + 2008-04-13 18:40:48 10,240 ------w c:\winnt\ServicePackFiles\i386\sffp_mmc.sys
    - 2004-08-04 05:59:54 10,240 ------w c:\winnt\ServicePackFiles\i386\sffp_sd.sys
    + 2008-04-13 18:40:47 11,008 ------w c:\winnt\ServicePackFiles\i386\sffp_sd.sys
    - 2004-08-04 05:59:54 11,392 ------w c:\winnt\ServicePackFiles\i386\sfloppy.sys
    + 2008-04-13 18:40:48 11,392 ------w c:\winnt\ServicePackFiles\i386\sfloppy.sys
    - 2004-08-04 07:56:27 549,376 ------w c:\winnt\ServicePackFiles\i386\shdoclc.dll
    + 2008-04-13 17:03:19 549,376 ------w c:\winnt\ServicePackFiles\i386\shdoclc.dll
    - 2004-08-04 07:56:45 1,483,264 ------w c:\winnt\ServicePackFiles\i386\shdocvw.dll
    + 2008-04-14 00:12:05 1,499,136 ------w c:\winnt\ServicePackFiles\i386\shdocvw.dll
    - 2004-08-04 07:56:45 8,384,000 ------w c:\winnt\ServicePackFiles\i386\shell32.dll
    + 2008-04-14 00:12:05 8,461,312 ------w c:\winnt\ServicePackFiles\i386\shell32.dll
  3. 2009-03-24, 00:25 #23
    RallyReal
    RallyReal is offline
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Combofix Cont.

    - 2004-08-04 07:56:45 25,088 ------w c:\winnt\ServicePackFiles\i386\shfolder.dll
    + 2008-04-14 00:12:05 25,088 ------w c:\winnt\ServicePackFiles\i386\shfolder.dll
    - 2004-08-04 07:56:45 68,096 ------w c:\winnt\ServicePackFiles\i386\shgina.dll
    + 2008-04-14 00:12:05 68,096 ------w c:\winnt\ServicePackFiles\i386\shgina.dll
    - 2004-08-04 07:56:45 65,536 ------w c:\winnt\ServicePackFiles\i386\shimeng.dll
    + 2008-04-14 00:12:05 65,024 ------w c:\winnt\ServicePackFiles\i386\shimeng.dll
    - 2004-08-04 07:56:45 438,272 ------w c:\winnt\ServicePackFiles\i386\shimgvw.dll
    + 2008-04-14 00:12:05 438,272 ------w c:\winnt\ServicePackFiles\i386\shimgvw.dll
    - 2004-08-04 07:56:45 473,600 ------w c:\winnt\ServicePackFiles\i386\shlwapi.dll
    + 2008-04-14 00:12:05 474,112 ------w c:\winnt\ServicePackFiles\i386\shlwapi.dll
    - 2004-08-04 07:56:56 42,496 ------w c:\winnt\ServicePackFiles\i386\shmgrate.exe
    + 2008-04-14 00:12:35 45,056 ------w c:\winnt\ServicePackFiles\i386\shmgrate.exe
    - 2004-08-04 07:56:56 77,824 ------w c:\winnt\ServicePackFiles\i386\shrpubw.exe
    + 2008-04-14 00:12:35 77,824 ------w c:\winnt\ServicePackFiles\i386\shrpubw.exe
    - 2004-08-04 07:56:45 27,648 ------w c:\winnt\ServicePackFiles\i386\shscrap.dll
    + 2008-04-14 00:12:05 27,648 ------w c:\winnt\ServicePackFiles\i386\shscrap.dll
    - 2004-08-04 07:56:45 134,656 ------w c:\winnt\ServicePackFiles\i386\shsvcs.dll
    + 2008-04-14 00:12:05 135,168 ------w c:\winnt\ServicePackFiles\i386\shsvcs.dll
    - 2004-08-04 07:56:45 20,536 ------w c:\winnt\ServicePackFiles\i386\shtml.dll
    + 2008-04-14 00:12:05 20,536 ------w c:\winnt\ServicePackFiles\i386\shtml.dll
    - 2004-08-04 07:56:56 16,437 ------w c:\winnt\ServicePackFiles\i386\shtml.exe
    + 2008-04-14 00:12:35 16,437 ------w c:\winnt\ServicePackFiles\i386\shtml.exe
    - 2004-08-04 07:56:56 19,456 ------w c:\winnt\ServicePackFiles\i386\shutdown.exe
    + 2008-04-14 00:12:35 19,456 ------w c:\winnt\ServicePackFiles\i386\shutdown.exe
    - 2004-08-04 07:56:45 13,312 ------w c:\winnt\ServicePackFiles\i386\sigtab.dll
    + 2008-04-14 00:12:05 13,312 ------w c:\winnt\ServicePackFiles\i386\sigtab.dll
    - 2004-08-04 07:56:56 70,144 ------w c:\winnt\ServicePackFiles\i386\sigverif.exe
    + 2008-04-14 00:12:35 70,144 ------w c:\winnt\ServicePackFiles\i386\sigverif.exe
    - 2004-08-04 07:56:45 3,901 ------w c:\winnt\ServicePackFiles\i386\siint5.dll
    + 2008-04-14 00:12:05 3,901 ------w c:\winnt\ServicePackFiles\i386\siint5.dll
    - 2004-08-04 06:07:42 41,088 ------w c:\winnt\ServicePackFiles\i386\sisagp.sys
    + 2008-04-13 18:36:39 40,960 ------w c:\winnt\ServicePackFiles\i386\sisagp.sys
    - 2004-08-04 07:56:56 26,112 ------w c:\winnt\ServicePackFiles\i386\skeys.exe
    + 2008-04-14 00:12:35 26,112 ------w c:\winnt\ServicePackFiles\i386\skeys.exe
    - 2004-08-04 07:56:45 25,088 ------w c:\winnt\ServicePackFiles\i386\slayerxp.dll
    + 2008-04-14 00:12:06 25,088 ------w c:\winnt\ServicePackFiles\i386\slayerxp.dll
    - 2004-08-04 07:56:45 98,304 ------w c:\winnt\ServicePackFiles\i386\slbiop.dll
    + 2008-04-14 00:12:06 98,304 ------w c:\winnt\ServicePackFiles\i386\slbiop.dll
    - 2004-08-04 07:56:45 73,832 ------w c:\winnt\ServicePackFiles\i386\slcoinst.dll
    + 2008-04-14 00:12:06 73,832 ------w c:\winnt\ServicePackFiles\i386\slcoinst.dll
    - 2004-08-04 07:56:45 286,792 ------w c:\winnt\ServicePackFiles\i386\slextspk.dll
    + 2008-04-14 00:12:06 286,792 ------w c:\winnt\ServicePackFiles\i386\slextspk.dll
    - 2004-08-04 07:56:45 188,508 ------w c:\winnt\ServicePackFiles\i386\slgen.dll
    + 2008-04-14 00:12:06 188,508 ------w c:\winnt\ServicePackFiles\i386\slgen.dll
    - 2004-08-04 06:10:16 11,136 ------w c:\winnt\ServicePackFiles\i386\slip.sys
    + 2008-04-13 18:46:23 11,136 ------w c:\winnt\ServicePackFiles\i386\slip.sys
    - 2004-08-04 07:56:56 32,866 ------w c:\winnt\ServicePackFiles\i386\slrundll.exe
    + 2008-04-14 00:12:35 32,866 ------w c:\winnt\ServicePackFiles\i386\slrundll.exe
    - 2004-08-04 07:56:56 73,796 ------w c:\winnt\ServicePackFiles\i386\slserv.exe
    + 2008-04-14 00:12:35 73,796 ------w c:\winnt\ServicePackFiles\i386\slserv.exe
    - 2004-08-04 06:07:36 6,016 ------w c:\winnt\ServicePackFiles\i386\smbali.sys
    + 2008-04-13 18:36:34 5,888 ------w c:\winnt\ServicePackFiles\i386\smbali.sys
    - 2004-08-04 06:07:35 16,128 ------w c:\winnt\ServicePackFiles\i386\smbbatt.sys
    + 2008-04-13 18:36:33 16,000 ------w c:\winnt\ServicePackFiles\i386\smbbatt.sys
    - 2004-08-04 06:07:35 6,912 ------w c:\winnt\ServicePackFiles\i386\smbclass.sys
    + 2008-04-13 18:36:33 6,912 ------w c:\winnt\ServicePackFiles\i386\smbclass.sys
    - 2004-08-04 07:56:56 8,192 ------w c:\winnt\ServicePackFiles\i386\smbinst.exe
    + 2008-04-14 00:12:35 8,192 ------w c:\winnt\ServicePackFiles\i386\smbinst.exe
    - 2004-08-04 07:56:56 236,544 ------w c:\winnt\ServicePackFiles\i386\smi2smir.exe
    + 2008-04-14 00:12:35 236,544 ------w c:\winnt\ServicePackFiles\i386\smi2smir.exe
    - 2004-08-04 07:56:45 363,008 ------w c:\winnt\ServicePackFiles\i386\smlogcfg.dll
    + 2008-04-14 00:12:06 362,496 ------w c:\winnt\ServicePackFiles\i386\smlogcfg.dll
    - 2004-08-04 07:56:56 89,600 ------w c:\winnt\ServicePackFiles\i386\smlogsvc.exe
    + 2008-04-14 00:12:35 89,600 ------w c:\winnt\ServicePackFiles\i386\smlogsvc.exe
    - 2004-08-04 07:56:56 50,688 ------w c:\winnt\ServicePackFiles\i386\smss.exe
    + 2008-04-14 00:12:36 50,688 ------w c:\winnt\ServicePackFiles\i386\smss.exe
    - 2004-08-04 07:56:45 456,704 ------w c:\winnt\ServicePackFiles\i386\smtpsvc.dll
    + 2008-04-14 00:12:06 456,192 ------w c:\winnt\ServicePackFiles\i386\smtpsvc.dll
    - 2004-08-04 07:56:56 131,584 ------w c:\winnt\ServicePackFiles\i386\sndrec32.exe
    + 2008-04-14 00:12:36 131,584 ------w c:\winnt\ServicePackFiles\i386\sndrec32.exe
    - 2004-08-04 07:56:45 34,816 ------w c:\winnt\ServicePackFiles\i386\sniffpol.dll
    + 2008-04-14 00:12:06 34,816 ------w c:\winnt\ServicePackFiles\i386\sniffpol.dll
    - 2004-08-04 07:56:56 32,768 ------w c:\winnt\ServicePackFiles\i386\snmp.exe
    + 2008-04-14 00:12:36 33,280 ------w c:\winnt\ServicePackFiles\i386\snmp.exe
    - 2004-08-04 07:56:45 18,944 ------w c:\winnt\ServicePackFiles\i386\snmpapi.dll
    + 2008-04-14 00:12:06 18,944 ------w c:\winnt\ServicePackFiles\i386\snmpapi.dll
    - 2004-08-04 07:56:45 259,072 ------w c:\winnt\ServicePackFiles\i386\snmpcl.dll
    + 2008-04-14 00:12:06 259,072 ------w c:\winnt\ServicePackFiles\i386\snmpcl.dll
    - 2004-08-04 07:56:45 358,400 ------w c:\winnt\ServicePackFiles\i386\snmpincl.dll
    + 2008-04-14 00:12:06 358,400 ------w c:\winnt\ServicePackFiles\i386\snmpincl.dll
    - 2004-08-04 07:56:45 6,144 ------w c:\winnt\ServicePackFiles\i386\snmpmib.dll
    + 2008-04-14 00:12:06 6,144 ------w c:\winnt\ServicePackFiles\i386\snmpmib.dll
    - 2004-08-04 07:56:45 188,416 ------w c:\winnt\ServicePackFiles\i386\snmpsmir.dll
    + 2008-04-14 00:12:06 188,416 ------w c:\winnt\ServicePackFiles\i386\snmpsmir.dll
    - 2004-08-04 07:56:45 182,272 ------w c:\winnt\ServicePackFiles\i386\snmpsnap.dll
    + 2008-04-14 00:12:06 182,272 ------w c:\winnt\ServicePackFiles\i386\snmpsnap.dll
    - 2004-08-04 07:56:45 40,448 ------w c:\winnt\ServicePackFiles\i386\snmpthrd.dll
    + 2008-04-14 00:12:06 39,936 ------w c:\winnt\ServicePackFiles\i386\snmpthrd.dll
    - 2004-08-04 07:56:56 8,704 ------w c:\winnt\ServicePackFiles\i386\snmptrap.exe
    + 2008-04-14 00:12:36 8,704 ------w c:\winnt\ServicePackFiles\i386\snmptrap.exe
    - 2004-08-04 07:56:45 130,048 ------w c:\winnt\ServicePackFiles\i386\softkbd.dll
    + 2008-04-14 00:12:06 130,048 ------w c:\winnt\ServicePackFiles\i386\softkbd.dll
    - 2004-08-04 06:00:05 7,552 ------w c:\winnt\ServicePackFiles\i386\sonyait.sys
    + 2008-04-13 18:40:52 7,552 ------w c:\winnt\ServicePackFiles\i386\sonyait.sys
    - 2004-08-04 06:09:55 25,472 ------w c:\winnt\ServicePackFiles\i386\sonydcam.sys
    + 2008-04-13 18:46:07 25,344 ------w c:\winnt\ServicePackFiles\i386\sonydcam.sys
    + 2008-04-14 00:12:36 24,576 ------w c:\winnt\ServicePackFiles\i386\sort.exe
    - 2004-08-04 07:56:56 8,192 ------w c:\winnt\ServicePackFiles\i386\spdwnwxp.exe
    + 2008-04-14 00:12:36 7,680 ------w c:\winnt\ServicePackFiles\i386\spdwnwxp.exe
    - 2004-08-04 07:56:29 62,976 ------w c:\winnt\ServicePackFiles\i386\spgrmr.dll
    + 2008-04-13 16:43:18 62,976 ------w c:\winnt\ServicePackFiles\i386\spgrmr.dll
    - 2004-08-04 07:56:57 538,624 ------w c:\winnt\ServicePackFiles\i386\spider.exe
    + 2008-04-14 00:12:36 538,624 ------w c:\winnt\ServicePackFiles\i386\spider.exe
    - 2004-08-04 06:07:47 6,400 ------w c:\winnt\ServicePackFiles\i386\splitter.sys
    + 2008-04-13 18:45:07 6,272 ------w c:\winnt\ServicePackFiles\i386\splitter.sys
    - 2004-08-04 07:56:58 11,776 ------w c:\winnt\ServicePackFiles\i386\spnpinst.exe
    + 2008-04-14 12:42:38 11,264 ------w c:\winnt\ServicePackFiles\i386\spnpinst.exe
    - 2004-08-04 07:56:45 74,752 ------w c:\winnt\ServicePackFiles\i386\spoolss.dll
    + 2008-04-14 00:12:06 75,264 ------w c:\winnt\ServicePackFiles\i386\spoolss.dll
    - 2004-08-04 07:56:57 57,856 ------w c:\winnt\ServicePackFiles\i386\spoolsv.exe
    + 2008-04-14 00:12:36 57,856 ------w c:\winnt\ServicePackFiles\i386\spoolsv.exe
    - 2004-08-04 07:56:29 193,024 ------w c:\winnt\ServicePackFiles\i386\spra041b.dll
    + 2008-04-13 18:35:28 192,512 ------w c:\winnt\ServicePackFiles\i386\spra041b.dll
    - 2004-08-04 07:56:29 192,512 ------w c:\winnt\ServicePackFiles\i386\spra0424.dll
    + 2008-04-13 18:35:28 192,512 ------w c:\winnt\ServicePackFiles\i386\spra0424.dll
    - 2004-08-04 07:56:29 757,248 ------w c:\winnt\ServicePackFiles\i386\sprb041b.dll
    + 2008-04-13 18:38:37 757,248 ------w c:\winnt\ServicePackFiles\i386\sprb041b.dll
    - 2004-08-04 07:56:30 732,160 ------w c:\winnt\ServicePackFiles\i386\sprb0424.dll
    + 2008-04-13 18:38:36 732,160 ------w c:\winnt\ServicePackFiles\i386\sprb0424.dll
    + 2008-04-13 18:40:04 577,536 ------w c:\winnt\ServicePackFiles\i386\sprc041b.dll
    + 2008-04-13 18:40:05 576,512 ------w c:\winnt\ServicePackFiles\i386\sprc0424.dll
    - 2004-08-04 07:56:45 250,880 ------w c:\winnt\ServicePackFiles\i386\sptip.dll
    + 2008-04-14 00:12:06 250,368 ------w c:\winnt\ServicePackFiles\i386\sptip.dll
    - 2004-08-04 07:56:57 21,504 ------w c:\winnt\ServicePackFiles\i386\spupdwxp.exe
    + 2008-04-14 00:12:36 20,992 ------w c:\winnt\ServicePackFiles\i386\spupdwxp.exe
    - 2004-08-04 07:56:45 151,552 ------w c:\winnt\ServicePackFiles\i386\sqldb20.dll
    + 2008-04-14 00:12:06 151,552 ------w c:\winnt\ServicePackFiles\i386\sqldb20.dll
    - 2004-08-04 07:56:45 528,384 ------w c:\winnt\ServicePackFiles\i386\sqloledb.dll
    + 2008-04-14 00:12:06 528,384 ------w c:\winnt\ServicePackFiles\i386\sqloledb.dll
    - 2004-08-04 07:56:45 462,848 ------w c:\winnt\ServicePackFiles\i386\sqlqp20.dll
    + 2008-04-14 00:12:06 462,848 ------w c:\winnt\ServicePackFiles\i386\sqlqp20.dll
    - 2004-08-04 07:56:45 110,592 ------w c:\winnt\ServicePackFiles\i386\sqlse20.dll
    + 2008-04-14 00:12:06 110,592 ------w c:\winnt\ServicePackFiles\i386\sqlse20.dll
    - 2004-08-04 07:56:45 442,368 ------w c:\winnt\ServicePackFiles\i386\sqlsrv32.dll
    + 2008-04-14 00:12:06 442,368 ------w c:\winnt\ServicePackFiles\i386\sqlsrv32.dll
    - 2004-08-04 07:56:45 180,800 ------w c:\winnt\ServicePackFiles\i386\sqlunirl.dll
    + 2008-04-14 00:12:06 180,800 ------w c:\winnt\ServicePackFiles\i386\sqlunirl.dll
    - 2004-08-04 07:56:45 217,088 ------w c:\winnt\ServicePackFiles\i386\sqlxmlx.dll
    + 2008-04-14 00:12:06 217,088 ------w c:\winnt\ServicePackFiles\i386\sqlxmlx.dll
    - 2004-08-04 06:06:25 73,472 ------w c:\winnt\ServicePackFiles\i386\sr.sys
    + 2008-04-13 18:36:52 73,472 ------w c:\winnt\ServicePackFiles\i386\sr.sys
    - 2004-08-04 07:56:45 58,434 ------w c:\winnt\ServicePackFiles\i386\srchctls.dll
    + 2008-04-14 00:12:06 58,434 ------w c:\winnt\ServicePackFiles\i386\srchctls.dll
    - 2004-08-04 07:56:45 725,566 ------w c:\winnt\ServicePackFiles\i386\srchui.dll
    + 2008-04-14 00:12:07 726,078 ------w c:\winnt\ServicePackFiles\i386\srchui.dll
    - 2004-08-04 07:56:45 67,584 ------w c:\winnt\ServicePackFiles\i386\srclient.dll
    + 2008-04-14 00:12:07 67,584 ------w c:\winnt\ServicePackFiles\i386\srclient.dll
    - 2004-08-04 07:56:45 239,104 ------w c:\winnt\ServicePackFiles\i386\srrstr.dll
    + 2008-04-14 00:12:07 239,104 ------w c:\winnt\ServicePackFiles\i386\srrstr.dll
    - 2004-08-04 07:56:45 170,496 ------w c:\winnt\ServicePackFiles\i386\srsvc.dll
    + 2008-04-14 00:12:07 171,008 ------w c:\winnt\ServicePackFiles\i386\srsvc.dll
    - 2004-08-04 06:14:45 336,256 ------w c:\winnt\ServicePackFiles\i386\srv.sys
    + 2008-04-13 19:15:11 334,848 ------w c:\winnt\ServicePackFiles\i386\srv.sys
    - 2004-08-04 07:56:45 96,768 ------w c:\winnt\ServicePackFiles\i386\srvsvc.dll
    + 2008-04-14 00:12:07 96,768 ------w c:\winnt\ServicePackFiles\i386\srvsvc.dll
    - 2004-08-04 07:56:57 704,512 ------w c:\winnt\ServicePackFiles\i386\ss3dfo.scr
    + 2008-04-14 00:12:43 704,512 ------w c:\winnt\ServicePackFiles\i386\ss3dfo.scr
    - 2004-08-04 07:56:57 19,968 ------w c:\winnt\ServicePackFiles\i386\ssbezier.scr
    + 2008-04-14 00:12:43 19,968 ------w c:\winnt\ServicePackFiles\i386\ssbezier.scr
    - 2004-08-04 07:56:45 34,816 ------w c:\winnt\ServicePackFiles\i386\ssdpapi.dll
    + 2008-04-14 00:12:07 34,816 ------w c:\winnt\ServicePackFiles\i386\ssdpapi.dll
    - 2004-08-04 07:56:45 71,680 ------w c:\winnt\ServicePackFiles\i386\ssdpsrv.dll
    + 2008-04-14 00:12:07 71,680 ------w c:\winnt\ServicePackFiles\i386\ssdpsrv.dll
    - 2004-08-04 07:56:57 393,216 ------w c:\winnt\ServicePackFiles\i386\ssflwbox.scr
    + 2008-04-14 00:12:43 393,216 ------w c:\winnt\ServicePackFiles\i386\ssflwbox.scr
    - 2004-08-04 07:56:57 20,992 ------w c:\winnt\ServicePackFiles\i386\ssmarque.scr
    + 2008-04-14 00:12:44 20,992 ------w c:\winnt\ServicePackFiles\i386\ssmarque.scr
    - 2004-08-04 07:56:57 47,104 ------w c:\winnt\ServicePackFiles\i386\ssmypics.scr
    + 2008-04-14 00:12:44 47,104 ------w c:\winnt\ServicePackFiles\i386\ssmypics.scr
    - 2004-08-04 07:56:57 18,944 ------w c:\winnt\ServicePackFiles\i386\ssmyst.scr
    + 2008-04-14 00:12:44 18,944 ------w c:\winnt\ServicePackFiles\i386\ssmyst.scr
    - 2004-08-04 07:56:57 610,304 ------w c:\winnt\ServicePackFiles\i386\sspipes.scr
    + 2008-04-14 00:12:44 610,304 ------w c:\winnt\ServicePackFiles\i386\sspipes.scr
    - 2004-08-04 07:56:57 14,336 ------w c:\winnt\ServicePackFiles\i386\ssstars.scr
    + 2008-04-14 00:12:44 14,336 ------w c:\winnt\ServicePackFiles\i386\ssstars.scr
    - 2004-08-04 07:56:57 679,936 ------w c:\winnt\ServicePackFiles\i386\sstext3d.scr
    + 2008-04-14 00:12:44 679,936 ------w c:\winnt\ServicePackFiles\i386\sstext3d.scr
    - 2004-08-04 07:56:45 33,280 ------w c:\winnt\ServicePackFiles\i386\sstub.dll
    + 2008-04-14 00:12:07 33,280 ------w c:\winnt\ServicePackFiles\i386\sstub.dll
    - 2004-08-04 07:56:45 22,016 ------w c:\winnt\ServicePackFiles\i386\startoc.dll
    + 2008-04-14 00:12:07 26,624 ------w c:\winnt\ServicePackFiles\i386\startoc.dll
    + 2008-04-14 00:12:07 59,392 ------w c:\winnt\ServicePackFiles\i386\stclient.dll
    - 2004-08-04 07:56:45 86,528 ------w c:\winnt\ServicePackFiles\i386\stdprov.dll
    + 2008-04-14 00:12:07 86,528 ------w c:\winnt\ServicePackFiles\i386\stdprov.dll
    - 2004-08-04 07:56:45 67,584 ------w c:\winnt\ServicePackFiles\i386\sti.dll
    + 2008-04-14 00:12:07 68,096 ------w c:\winnt\ServicePackFiles\i386\sti.dll
    - 2004-08-04 07:56:45 136,704 ------w c:\winnt\ServicePackFiles\i386\sti_ci.dll
    + 2008-04-14 00:12:07 136,704 ------w c:\winnt\ServicePackFiles\i386\sti_ci.dll
    - 2004-08-04 07:56:57 14,848 ------w c:\winnt\ServicePackFiles\i386\stimon.exe
    + 2008-04-14 00:12:36 14,848 ------w c:\winnt\ServicePackFiles\i386\stimon.exe
    - 2004-08-04 07:56:45 121,856 ------w c:\winnt\ServicePackFiles\i386\stobject.dll
    + 2008-04-14 00:12:07 121,856 ------w c:\winnt\ServicePackFiles\i386\stobject.dll
    - 2004-08-04 07:56:45 74,752 ------w c:\winnt\ServicePackFiles\i386\storprop.dll
    + 2008-04-14 00:12:07 74,752 ------w c:\winnt\ServicePackFiles\i386\storprop.dll
    - 2004-08-04 06:08:02 48,640 ------w c:\winnt\ServicePackFiles\i386\stream.sys
    + 2008-04-13 18:45:15 49,408 ------w c:\winnt\ServicePackFiles\i386\stream.sys
    - 2004-08-04 06:10:12 15,360 ------w c:\winnt\ServicePackFiles\i386\streamip.sys
    + 2008-04-13 18:46:21 15,232 ------w c:\winnt\ServicePackFiles\i386\streamip.sys
    - 2004-08-04 07:56:45 75,776 ------w c:\winnt\ServicePackFiles\i386\strmfilt.dll
    + 2008-04-14 00:12:07 75,776 ------w c:\winnt\ServicePackFiles\i386\strmfilt.dll
    - 2004-08-04 07:56:57 16,449 ------w c:\winnt\ServicePackFiles\i386\stub_fpsrvadm.exe
    + 2008-04-14 00:12:36 16,449 ------w c:\winnt\ServicePackFiles\i386\stub_fpsrvadm.exe
    - 2004-08-04 07:56:57 65,601 ------w c:\winnt\ServicePackFiles\i386\stub_fpsrvwin.exe
    + 2008-04-14 00:12:36 65,601 ------w c:\winnt\ServicePackFiles\i386\stub_fpsrvwin.exe
    - 2004-08-04 07:56:57 14,336 ------w c:\winnt\ServicePackFiles\i386\svchost.exe
    + 2008-04-14 00:12:36 14,336 ------w c:\winnt\ServicePackFiles\i386\svchost.exe
    - 2004-08-04 05:58:41 4,352 ------w c:\winnt\ServicePackFiles\i386\swenum.sys
    + 2008-04-13 18:39:53 4,352 ------w c:\winnt\ServicePackFiles\i386\swenum.sys
    + 2008-04-13 18:45:09 56,576 ------w c:\winnt\ServicePackFiles\i386\swmidi.sys
    - 2004-08-04 07:56:46 713,216 ------w c:\winnt\ServicePackFiles\i386\sxs.dll
    + 2008-04-14 00:12:07 713,216 ------w c:\winnt\ServicePackFiles\i386\sxs.dll
    - 2004-08-04 07:56:46 57,856 ------w c:\winnt\ServicePackFiles\i386\synceng.dll
    + 2008-04-14 00:12:07 57,856 ------w c:\winnt\ServicePackFiles\i386\synceng.dll
    - 2004-08-04 07:56:46 191,488 ------w c:\winnt\ServicePackFiles\i386\syncui.dll
    + 2008-04-14 00:12:07 191,488 ------w c:\winnt\ServicePackFiles\i386\syncui.dll
    - 2004-08-04 06:15:55 60,800 ------w c:\winnt\ServicePackFiles\i386\sysaudio.sys
    + 2008-04-13 19:15:55 60,800 ------w c:\winnt\ServicePackFiles\i386\sysaudio.sys
    - 2004-08-04 07:56:46 168,960 ------w c:\winnt\ServicePackFiles\i386\sysmod.dll
    + 2008-04-14 00:12:07 193,024 ------w c:\winnt\ServicePackFiles\i386\sysmod.dll
    + 2008-04-14 00:12:07 173,568 ------w c:\winnt\ServicePackFiles\i386\sysmoda.dll
    - 2004-08-04 07:56:57 105,984 ------w c:\winnt\ServicePackFiles\i386\sysocmgr.exe
    + 2008-04-14 00:12:37 106,496 ------w c:\winnt\ServicePackFiles\i386\sysocmgr.exe
    - 2004-08-04 07:56:46 984,576 ------w c:\winnt\ServicePackFiles\i386\syssetup.dll
    + 2008-04-14 00:12:07 990,208 ------w c:\winnt\ServicePackFiles\i386\syssetup.dll
    - 2004-08-04 07:56:46 210,432 ------w c:\winnt\ServicePackFiles\i386\t2embed.dll
    + 2008-04-14 00:12:07 117,760 ------w c:\winnt\ServicePackFiles\i386\t2embed.dll
    - 2004-08-04 05:59:59 14,976 ------w c:\winnt\ServicePackFiles\i386\tape.sys
    + 2008-04-13 18:40:50 14,976 ------w c:\winnt\ServicePackFiles\i386\tape.sys
    - 2004-08-04 07:56:46 858,624 ------w c:\winnt\ServicePackFiles\i386\tapi3.dll
    + 2008-04-14 00:12:07 858,624 ------w c:\winnt\ServicePackFiles\i386\tapi3.dll
    - 2004-08-04 07:56:46 181,760 ------w c:\winnt\ServicePackFiles\i386\tapi32.dll
    + 2008-04-14 00:12:07 181,760 ------w c:\winnt\ServicePackFiles\i386\tapi32.dll
    - 2004-08-04 07:56:46 246,272 ------w c:\winnt\ServicePackFiles\i386\tapisrv.dll
    + 2008-04-14 00:12:07 249,856 ------w c:\winnt\ServicePackFiles\i386\tapisrv.dll
    - 2004-08-04 07:56:57 135,680 ------w c:\winnt\ServicePackFiles\i386\taskmgr.exe
    + 2008-04-14 00:12:37 135,680 ------w c:\winnt\ServicePackFiles\i386\taskmgr.exe
    - 2004-08-04 06:14:40 359,040 ------w c:\winnt\ServicePackFiles\i386\tcpip.sys
    + 2008-04-13 19:20:16 361,344 ------w c:\winnt\ServicePackFiles\i386\tcpip.sys
    - 2004-08-04 06:07:45 223,616 ------w c:\winnt\ServicePackFiles\i386\tcpip6.sys
    + 2008-04-13 19:00:02 225,664 ------w c:\winnt\ServicePackFiles\i386\tcpip6.sys
    - 2004-08-04 07:56:46 14,848 ------w c:\winnt\ServicePackFiles\i386\tcpmib.dll
    + 2008-04-14 00:12:07 14,848 ------w c:\winnt\ServicePackFiles\i386\tcpmib.dll
    - 2004-08-04 07:56:46 45,568 ------w c:\winnt\ServicePackFiles\i386\tcpmon.dll
    + 2008-04-14 00:12:07 45,568 ------w c:\winnt\ServicePackFiles\i386\tcpmon.dll
    - 2004-08-04 07:56:46 45,568 ------w c:\winnt\ServicePackFiles\i386\tcpmonui.dll
    + 2008-04-14 00:12:07 45,568 ------w c:\winnt\ServicePackFiles\i386\tcpmonui.dll
    - 2004-08-04 07:56:57 32,827 ------w c:\winnt\ServicePackFiles\i386\tcptest.exe
    + 2008-04-14 00:12:37 32,827 ------w c:\winnt\ServicePackFiles\i386\tcptest.exe
    - 2004-08-04 07:56:34 16,384 ------w c:\winnt\ServicePackFiles\i386\tcptsat.dll
    + 2007-04-02 16:36:07 16,384 ------w c:\winnt\ServicePackFiles\i386\tcptsat.dll
    - 2004-08-04 06:07:48 18,560 ------w c:\winnt\ServicePackFiles\i386\tdi.sys
    + 2008-04-13 19:00:05 19,072 ------w c:\winnt\ServicePackFiles\i386\tdi.sys
    - 2004-08-04 08:01:07 12,040 ------w c:\winnt\ServicePackFiles\i386\tdpipe.sys
    + 2008-04-14 00:13:20 12,040 ------w c:\winnt\ServicePackFiles\i386\tdpipe.sys
    - 2004-08-04 08:01:07 21,896 ------w c:\winnt\ServicePackFiles\i386\tdtcp.sys
    + 2008-04-14 00:13:21 21,896 ------w c:\winnt\ServicePackFiles\i386\tdtcp.sys
    - 2004-08-04 07:56:57 75,264 ------w c:\winnt\ServicePackFiles\i386\telnet.exe
    + 2008-04-14 00:12:37 75,776 ------w c:\winnt\ServicePackFiles\i386\telnet.exe
    - 2004-08-04 08:01:07 40,840 ------w c:\winnt\ServicePackFiles\i386\termdd.sys
    + 2008-04-14 00:13:20 40,840 ------w c:\winnt\ServicePackFiles\i386\termdd.sys
    - 2004-08-04 07:56:46 358,400 ------w c:\winnt\ServicePackFiles\i386\termmgr.dll
    + 2008-04-14 00:12:07 358,400 ------w c:\winnt\ServicePackFiles\i386\termmgr.dll
    - 2004-08-04 07:56:46 295,424 ------w c:\winnt\ServicePackFiles\i386\termsrv.dll
    + 2008-04-14 00:12:07 295,424 ------w c:\winnt\ServicePackFiles\i386\termsrv.dll
    - 2004-08-04 06:00:04 149,376 ------w c:\winnt\ServicePackFiles\i386\tffsport.sys
    + 2008-04-13 18:40:50 149,376 ------w c:\winnt\ServicePackFiles\i386\tffsport.sys
    - 2004-08-04 07:56:46 385,536 ------w c:\winnt\ServicePackFiles\i386\themeui.dll
    + 2008-04-14 00:12:07 385,536 ------w c:\winnt\ServicePackFiles\i386\themeui.dll
    - 2004-08-04 07:56:57 347,136 ------w c:\winnt\ServicePackFiles\i386\tourstrt.exe
    + 2008-04-14 00:12:38 347,136 ------w c:\winnt\ServicePackFiles\i386\tourstrt.exe
    - 2004-08-04 07:56:57 82,432 ------w c:\winnt\ServicePackFiles\i386\tp4mon.exe
    + 2008-04-14 00:12:38 82,944 ------w c:\winnt\ServicePackFiles\i386\tp4mon.exe
    - 2004-08-04 07:56:57 12,288 ------w c:\winnt\ServicePackFiles\i386\tracert.exe
    + 2008-04-14 00:12:38 12,288 ------w c:\winnt\ServicePackFiles\i386\tracert.exe
    + 2008-04-14 00:12:42 12,800 ------w c:\winnt\ServicePackFiles\i386\tree.com
    - 2004-08-04 07:56:46 153,088 ------w c:\winnt\ServicePackFiles\i386\triedit.dll
    + 2008-04-14 00:12:07 153,088 ------w c:\winnt\ServicePackFiles\i386\triedit.dll
    - 2004-08-04 07:56:46 90,624 ------w c:\winnt\ServicePackFiles\i386\trkwks.dll
    + 2008-04-14 00:12:07 90,112 ------w c:\winnt\ServicePackFiles\i386\trkwks.dll
    + 2008-01-18 15:13:09 2,247 ------w c:\winnt\ServicePackFiles\i386\tscdsbl.bat
    - 2004-08-04 07:56:46 93,696 ------w c:\winnt\ServicePackFiles\i386\tscfgwmi.dll
    + 2008-04-14 00:12:07 93,696 ------w c:\winnt\ServicePackFiles\i386\tscfgwmi.dll
    + 2007-12-12 10:33:51 18,917 ------w c:\winnt\ServicePackFiles\i386\tscinst.vbs
    + 2007-10-30 10:06:46 13,801 ------w c:\winnt\ServicePackFiles\i386\tscuinst.vbs
    + 2008-04-14 00:11:31 25,600 ------w c:\winnt\ServicePackFiles\i386\tscupdc.dll
    - 2004-08-04 08:01:07 12,168 ------w c:\winnt\ServicePackFiles\i386\tsddd.dll
    + 2008-04-14 00:13:21 12,168 ------w c:\winnt\ServicePackFiles\i386\tsddd.dll
    + 2008-04-14 00:12:07 53,248 ------w c:\winnt\ServicePackFiles\i386\tsgqec.dll
    - 2004-08-04 07:56:46 279,040 ------w c:\winnt\ServicePackFiles\i386\tshoot.dll
    + 2008-04-14 00:12:07 279,040 ------w c:\winnt\ServicePackFiles\i386\tshoot.dll
    - 2004-08-04 07:56:46 121,856 ------w c:\winnt\ServicePackFiles\i386\tsoc.dll
    + 2008-04-14 00:12:07 130,048 ------w c:\winnt\ServicePackFiles\i386\tsoc.dll
    + 2008-04-14 00:12:07 50,688 ------w c:\winnt\ServicePackFiles\i386\tspkg.dll
    - 2004-08-04 07:56:46 8,704 ------w c:\winnt\ServicePackFiles\i386\tty.dll
    + 2008-04-14 00:12:07 8,704 ------w c:\winnt\ServicePackFiles\i386\tty.dll
    - 2004-08-04 07:56:34 39,936 ------w c:\winnt\ServicePackFiles\i386\ttyres.dll
    + 2007-04-02 15:31:00 39,936 ------w c:\winnt\ServicePackFiles\i386\ttyres.dll
    - 2004-08-04 07:56:46 16,384 ------w c:\winnt\ServicePackFiles\i386\ttyui.dll
    + 2008-04-14 00:12:07 16,384 ------w c:\winnt\ServicePackFiles\i386\ttyui.dll
    - 2004-08-04 06:03:17 12,416 ------w c:\winnt\ServicePackFiles\i386\tunmp.sys
    + 2008-04-13 18:56:01 12,288 ------w c:\winnt\ServicePackFiles\i386\tunmp.sys
    - 2004-08-04 07:56:46 50,688 ------w c:\winnt\ServicePackFiles\i386\twain_32.dll
    + 2008-04-14 00:12:07 50,688 ------w c:\winnt\ServicePackFiles\i386\twain_32.dll
    - 2004-08-04 07:56:46 44,032 ------w c:\winnt\ServicePackFiles\i386\twext.dll
    + 2008-04-14 00:12:07 57,856 ------w c:\winnt\ServicePackFiles\i386\twext.dll
    - 2004-08-04 07:56:46 101,376 ------w c:\winnt\ServicePackFiles\i386\txflog.dll
    + 2008-04-14 00:12:07 101,376 ------w c:\winnt\ServicePackFiles\i386\txflog.dll
    + 2008-04-14 00:12:38 60,416 ------w c:\winnt\ServicePackFiles\i386\tzchange.exe
    - 2004-08-04 06:07:43 44,672 ------w c:\winnt\ServicePackFiles\i386\uagp35.sys
    + 2008-04-13 18:36:40 44,672 ------w c:\winnt\ServicePackFiles\i386\uagp35.sys
    - 2004-08-04 06:00:31 66,176 ------w c:\winnt\ServicePackFiles\i386\udfs.sys
    + 2008-04-13 18:32:36 66,048 ------w c:\winnt\ServicePackFiles\i386\udfs.sys
    - 2004-08-04 07:56:46 25,600 ------w c:\winnt\ServicePackFiles\i386\udhisapi.dll
    + 2008-04-14 00:12:07 26,624 ------w c:\winnt\ServicePackFiles\i386\udhisapi.dll
    - 2004-08-04 07:56:46 275,456 ------w c:\winnt\ServicePackFiles\i386\ulib.dll
    + 2008-04-14 00:12:07 275,456 ------w c:\winnt\ServicePackFiles\i386\ulib.dll
    - 2004-08-04 07:56:46 35,840 ------w c:\winnt\ServicePackFiles\i386\umandlg.dll
    + 2008-04-14 00:12:07 35,840 ------w c:\winnt\ServicePackFiles\i386\umandlg.dll
    - 2004-08-04 07:56:46 118,272 ------w c:\winnt\ServicePackFiles\i386\umpnpmgr.dll
    + 2008-04-14 00:12:07 123,392 ------w c:\winnt\ServicePackFiles\i386\umpnpmgr.dll
    - 2004-08-04 07:56:46 264,704 ------w c:\winnt\ServicePackFiles\i386\unidrv.dll
    + 2008-04-14 00:12:07 373,248 ------w c:\winnt\ServicePackFiles\i386\unidrv.dll
    - 2004-08-04 07:56:46 197,120 ------w c:\winnt\ServicePackFiles\i386\unidrvui.dll
    + 2008-04-14 00:12:07 744,448 ------w c:\winnt\ServicePackFiles\i386\unidrvui.dll
    - 2004-08-04 07:56:46 74,240 ------w c:\winnt\ServicePackFiles\i386\unimdmat.dll
    + 2008-04-14 00:12:07 74,240 ------w c:\winnt\ServicePackFiles\i386\unimdmat.dll
    - 2004-08-04 07:56:46 13,824 ------w c:\winnt\ServicePackFiles\i386\uniplat.dll
    + 2008-04-14 00:12:07 13,824 ------w c:\winnt\ServicePackFiles\i386\uniplat.dll
    - 2004-08-04 07:56:34 619,520 ------w c:\winnt\ServicePackFiles\i386\unires.dll
    + 2007-05-15 08:08:53 761,344 ------w c:\winnt\ServicePackFiles\i386\unires.dll
    - 2004-08-04 07:56:46 316,416 ------w c:\winnt\ServicePackFiles\i386\untfs.dll
    + 2008-04-14 00:12:07 316,416 ------w c:\winnt\ServicePackFiles\i386\untfs.dll
    - 2004-08-04 05:58:32 209,408 ------w c:\winnt\ServicePackFiles\i386\update.sys
    + 2008-04-13 18:39:46 384,768 ------w c:\winnt\ServicePackFiles\i386\update.sys
    - 2004-08-04 07:56:57 150,528 ------w c:\winnt\ServicePackFiles\i386\uploadm.exe
    + 2008-04-14 00:12:38 150,528 ------w c:\winnt\ServicePackFiles\i386\uploadm.exe
    - 2004-08-04 07:56:46 132,608 ------w c:\winnt\ServicePackFiles\i386\upnp.dll
    + 2008-04-14 00:12:08 133,632 ------w c:\winnt\ServicePackFiles\i386\upnp.dll
    - 2004-08-04 07:56:57 16,896 ------w c:\winnt\ServicePackFiles\i386\upnpcont.exe
    + 2008-04-14 00:12:38 16,896 ------w c:\winnt\ServicePackFiles\i386\upnpcont.exe
    - 2004-08-04 07:56:46 185,344 ------w c:\winnt\ServicePackFiles\i386\upnphost.dll
    + 2008-04-14 00:12:08 185,856 ------w c:\winnt\ServicePackFiles\i386\upnphost.dll
    - 2004-08-04 07:56:46 239,616 ------w c:\winnt\ServicePackFiles\i386\upnpui.dll
    + 2008-04-14 00:12:08 239,616 ------w c:\winnt\ServicePackFiles\i386\upnpui.dll
    - 2004-08-04 07:56:57 18,432 ------w c:\winnt\ServicePackFiles\i386\ups.exe
    + 2008-04-14 00:12:38 18,432 ------w c:\winnt\ServicePackFiles\i386\ups.exe
    - 2004-08-04 07:56:46 37,888 ------w c:\winnt\ServicePackFiles\i386\url.dll
    + 2008-04-14 00:12:08 37,888 ------w c:\winnt\ServicePackFiles\i386\url.dll
    - 2004-08-04 07:56:46 601,088 ------w c:\winnt\ServicePackFiles\i386\urlmon.dll
    + 2008-04-14 00:12:08 619,520 ------w c:\winnt\ServicePackFiles\i386\urlmon.dll
    - 2004-08-04 06:04:32 12,672 ------w c:\winnt\ServicePackFiles\i386\usb8023.sys
    + 2008-04-13 18:56:49 12,800 ------w c:\winnt\ServicePackFiles\i386\usb8023.sys
    - 2004-08-04 06:04:33 12,672 ------w c:\winnt\ServicePackFiles\i386\usb8023x.sys
    + 2008-04-13 18:56:49 12,800 ------w c:\winnt\ServicePackFiles\i386\usb8023x.sys
    - 2004-08-04 06:07:55 59,264 ------w c:\winnt\ServicePackFiles\i386\usbaudio.sys
    + 2008-04-13 18:45:12 60,032 ------w c:\winnt\ServicePackFiles\i386\usbaudio.sys
    + 2008-04-13 18:45:40 25,600 ------w c:\winnt\ServicePackFiles\i386\usbcamd.sys
    + 2008-04-13 18:45:41 25,728 ------w c:\winnt\ServicePackFiles\i386\usbcamd2.sys
    - 2004-08-04 06:08:46 31,616 ------w c:\winnt\ServicePackFiles\i386\usbccgp.sys
    + 2008-04-13 18:45:39 32,128 ------w c:\winnt\ServicePackFiles\i386\usbccgp.sys
    - 2004-08-04 06:08:37 26,624 ------w c:\winnt\ServicePackFiles\i386\usbehci.sys
    + 2008-04-13 18:45:35 30,208 ------w c:\winnt\ServicePackFiles\i386\usbehci.sys
    - 2004-08-04 06:08:42 57,600 ------w c:\winnt\ServicePackFiles\i386\usbhub.sys
    + 2008-04-13 18:45:37 59,520 ------w c:\winnt\ServicePackFiles\i386\usbhub.sys
    - 2004-08-04 06:08:57 16,000 ------w c:\winnt\ServicePackFiles\i386\usbintel.sys
    + 2008-04-13 18:45:43 15,872 ------w c:\winnt\ServicePackFiles\i386\usbintel.sys
    - 2004-08-04 07:56:46 16,896 ------w c:\winnt\ServicePackFiles\i386\usbmon.dll
    + 2008-04-14 00:12:08 16,896 ------w c:\winnt\ServicePackFiles\i386\usbmon.dll
    - 2004-08-04 06:08:36 17,024 ------w c:\winnt\ServicePackFiles\i386\usbohci.sys
    + 2008-04-13 18:45:35 17,152 ------w c:\winnt\ServicePackFiles\i386\usbohci.sys
    - 2004-08-04 06:08:42 142,976 ------w c:\winnt\ServicePackFiles\i386\usbport.sys
    + 2008-04-13 18:45:36 143,872 ------w c:\winnt\ServicePackFiles\i386\usbport.sys
    - 2004-08-04 06:01:24 25,856 ------w c:\winnt\ServicePackFiles\i386\usbprint.sys
    + 2008-04-13 18:47:37 25,856 ------w c:\winnt\ServicePackFiles\i386\usbprint.sys
    - 2004-08-04 05:58:45 15,104 ------w c:\winnt\ServicePackFiles\i386\usbscan.sys
    + 2008-04-13 18:45:34 15,104 ------w c:\winnt\ServicePackFiles\i386\usbscan.sys
    - 2004-08-04 06:08:42 25,600 ------w c:\winnt\ServicePackFiles\i386\usbser.sys
    + 2008-04-13 18:45:36 26,112 ------w c:\winnt\ServicePackFiles\i386\usbser.sys
    - 2004-08-04 06:08:46 26,496 ------w c:\winnt\ServicePackFiles\i386\usbstor.sys
    + 2008-04-13 18:45:38 26,368 ------w c:\winnt\ServicePackFiles\i386\usbstor.sys
    - 2004-08-04 06:08:37 20,480 ------w c:\winnt\ServicePackFiles\i386\usbuhci.sys
    + 2008-04-13 18:45:35 20,608 ------w c:\winnt\ServicePackFiles\i386\usbuhci.sys
    - 2004-08-04 07:56:46 74,240 ------w c:\winnt\ServicePackFiles\i386\usbui.dll
    + 2008-04-14 00:12:08 74,240 ------w c:\winnt\ServicePackFiles\i386\usbui.dll
    - 2004-08-04 06:10:10 78,464 ------w c:\winnt\ServicePackFiles\i386\usbvideo.sys
    + 2008-04-13 18:46:20 121,984 ------w c:\winnt\ServicePackFiles\i386\usbvideo.sys
    - 2004-08-04 07:56:46 577,024 ------w c:\winnt\ServicePackFiles\i386\user32.dll
    + 2008-04-14 00:12:08 578,560 ------w c:\winnt\ServicePackFiles\i386\user32.dll
    - 2004-08-04 07:56:46 723,456 ------w c:\winnt\ServicePackFiles\i386\userenv.dll
    + 2008-04-14 00:12:08 727,040 ------w c:\winnt\ServicePackFiles\i386\userenv.dll
    - 2004-08-04 07:56:57 24,576 ------w c:\winnt\ServicePackFiles\i386\userinit.exe
    + 2008-04-14 00:12:38 26,112 ------w c:\winnt\ServicePackFiles\i386\userinit.exe
    - 2004-08-04 07:56:46 406,528 ------w c:\winnt\ServicePackFiles\i386\usp10.dll
    + 2008-04-14 00:12:08 406,016 ------w c:\winnt\ServicePackFiles\i386\usp10.dll
    - 2004-08-04 07:56:57 50,176 ------w c:\winnt\ServicePackFiles\i386\utilman.exe
    + 2008-04-14 00:12:38 50,176 ------w c:\winnt\ServicePackFiles\i386\utilman.exe
    - 2004-08-04 07:56:46 218,624 ------w c:\winnt\ServicePackFiles\i386\uxtheme.dll
    + 2008-04-14 00:12:08 218,624 ------w c:\winnt\ServicePackFiles\i386\uxtheme.dll
    - 2004-08-04 07:56:46 30,749 ------w c:\winnt\ServicePackFiles\i386\vbajet32.dll
    + 2008-04-14 00:12:08 30,749 ------w c:\winnt\ServicePackFiles\i386\vbajet32.dll
    - 2004-08-04 07:56:46 417,792 ------w c:\winnt\ServicePackFiles\i386\vbscript.dll
    + 2008-04-14 00:12:08 434,176 ------w c:\winnt\ServicePackFiles\i386\vbscript.dll
    - 2004-08-04 07:56:46 11,325 ------w c:\winnt\ServicePackFiles\i386\vchnt5.dll
    + 2008-04-14 00:12:08 11,325 ------w c:\winnt\ServicePackFiles\i386\vchnt5.dll
    - 2004-08-04 07:56:46 26,112 ------w c:\winnt\ServicePackFiles\i386\vdmdbg.dll
    + 2008-04-14 00:12:08 26,112 ------w c:\winnt\ServicePackFiles\i386\vdmdbg.dll
    - 2004-08-04 07:56:46 51,712 ------w c:\winnt\ServicePackFiles\i386\vdmredir.dll
    + 2008-04-14 00:12:08 51,712 ------w c:\winnt\ServicePackFiles\i386\vdmredir.dll
    + 2008-04-14 00:12:38 28,672 ------w c:\winnt\ServicePackFiles\i386\verclsid.exe
    + 2008-04-14 00:12:08 26,624 ------w c:\winnt\ServicePackFiles\i386\verifier.dll
    - 2004-08-04 07:56:46 18,944 ------w c:\winnt\ServicePackFiles\i386\version.dll
    + 2008-04-14 00:12:08 18,944 ------w c:\winnt\ServicePackFiles\i386\version.dll
    - 2004-08-04 07:56:46 53,760 ------w c:\winnt\ServicePackFiles\i386\vfwwdm32.dll
    + 2008-04-14 00:12:08 53,760 ------w c:\winnt\ServicePackFiles\i386\vfwwdm32.dll
    - 2004-08-04 06:07:06 20,992 ------w c:\winnt\ServicePackFiles\i386\vga.sys
    + 2008-04-13 18:44:40 20,992 ------w c:\winnt\ServicePackFiles\i386\vga.sys
    - 2004-08-04 07:56:46 848,384 ------w c:\winnt\ServicePackFiles\i386\vgx.dll
    + 2008-04-14 00:12:08 851,968 ------w c:\winnt\ServicePackFiles\i386\vgx.dll
    - 2004-08-04 06:07:42 42,240 ------w c:\winnt\ServicePackFiles\i386\viaagp.sys
    + 2008-04-13 18:36:40 42,240 ------w c:\winnt\ServicePackFiles\i386\viaagp.sys
    - 2004-08-04 05:59:42 5,376 ------w c:\winnt\ServicePackFiles\i386\viaide.sys
    + 2008-04-13 18:40:31 5,376 ------w c:\winnt\ServicePackFiles\i386\viaide.sys
    - 2004-08-04 06:07:05 79,744 ------w c:\winnt\ServicePackFiles\i386\videoprt.sys
    + 2008-04-13 18:44:40 81,664 ------w c:\winnt\ServicePackFiles\i386\videoprt.sys
    - 2004-08-04 07:56:46 131,584 ------w c:\winnt\ServicePackFiles\i386\viewprov.dll
    + 2008-04-14 00:12:08 131,584 ------w c:\winnt\ServicePackFiles\i386\viewprov.dll
    - 2004-08-04 06:00:16 52,352 ------w c:\winnt\ServicePackFiles\i386\volsnap.sys
    + 2008-04-13 18:41:01 52,352 ------w c:\winnt\ServicePackFiles\i386\volsnap.sys
    - 2004-08-04 07:56:46 430,592 ------w c:\winnt\ServicePackFiles\i386\vssapi.dll
    + 2008-04-14 00:12:08 430,592 ------w c:\winnt\ServicePackFiles\i386\vssapi.dll
    - 2004-08-04 07:56:57 289,792 ------w c:\winnt\ServicePackFiles\i386\vssvc.exe
    + 2008-04-14 00:12:38 289,792 ------w c:\winnt\ServicePackFiles\i386\vssvc.exe
    - 2004-08-04 07:56:46 174,592 ------w c:\winnt\ServicePackFiles\i386\w32time.dll
    + 2008-04-14 00:12:08 175,104 ------w c:\winnt\ServicePackFiles\i386\w32time.dll
    - 2004-08-04 07:56:46 15,872 ------w c:\winnt\ServicePackFiles\i386\w3ssl.dll
    + 2008-04-14 00:12:08 15,872 ------w c:\winnt\ServicePackFiles\i386\w3ssl.dll
    - 2004-08-04 07:56:46 483,840 ------w c:\winnt\ServicePackFiles\i386\w95upgnt.dll
    + 2008-04-14 00:12:08 483,840 ------w c:\winnt\ServicePackFiles\i386\w95upgnt.dll
    - 2004-08-04 07:56:57 46,080 ------w c:\winnt\ServicePackFiles\i386\wab.exe
    + 2008-04-14 00:12:38 46,080 ------w c:\winnt\ServicePackFiles\i386\wab.exe
    - 2004-08-04 07:56:46 504,832 ------w c:\winnt\ServicePackFiles\i386\wab32.dll
    + 2008-04-14 00:12:08 510,976 ------w c:\winnt\ServicePackFiles\i386\wab32.dll
    - 2004-08-04 07:56:34 249,856 ------w c:\winnt\ServicePackFiles\i386\wab32res.dll
    + 2008-04-13 16:21:48 249,856 ------w c:\winnt\ServicePackFiles\i386\wab32res.dll
    - 2004-08-04 07:56:46 32,768 ------w c:\winnt\ServicePackFiles\i386\wabfind.dll
    + 2008-04-14 00:12:08 32,768 ------w c:\winnt\ServicePackFiles\i386\wabfind.dll
    - 2004-08-04 07:56:46 84,992 ------w c:\winnt\ServicePackFiles\i386\wabimp.dll
    + 2008-04-14 00:12:08 85,504 ------w c:\winnt\ServicePackFiles\i386\wabimp.dll
    - 2004-08-04 07:56:57 30,208 ------w c:\winnt\ServicePackFiles\i386\wabmig.exe
    + 2008-04-14 00:12:39 30,208 ------w c:\winnt\ServicePackFiles\i386\wabmig.exe
    - 2004-08-04 06:04:52 13,568 ------w c:\winnt\ServicePackFiles\i386\wacompen.sys
    + 2008-04-13 18:43:55 14,208 ------w c:\winnt\ServicePackFiles\i386\wacompen.sys
    - 2004-08-04 06:04:57 34,560 ------w c:\winnt\ServicePackFiles\i386\wanarp.sys
    + 2008-04-13 18:57:21 34,560 ------w c:\winnt\ServicePackFiles\i386\wanarp.sys
    - 2004-08-04 06:07:32 17,664 ------w c:\winnt\ServicePackFiles\i386\watchdog.sys
    + 2008-04-13 18:44:59 17,664 ------w c:\winnt\ServicePackFiles\i386\watchdog.sys
    + 2008-04-14 00:12:08 215,552 ------w c:\winnt\ServicePackFiles\i386\wavemsp.dll
    - 2004-08-04 07:56:46 196,608 ------w c:\winnt\ServicePackFiles\i386\wbemcntl.dll
    + 2008-04-14 00:12:08 196,608 ------w c:\winnt\ServicePackFiles\i386\wbemcntl.dll
    - 2004-08-04 07:56:46 214,528 ------w c:\winnt\ServicePackFiles\i386\wbemcomn.dll
    + 2008-04-14 00:12:08 214,528 ------w c:\winnt\ServicePackFiles\i386\wbemcomn.dll
    - 2004-08-04 07:56:46 71,680 ------w c:\winnt\ServicePackFiles\i386\wbemcons.dll
    + 2008-04-14 00:12:08 71,680 ------w c:\winnt\ServicePackFiles\i386\wbemcons.dll
    - 2004-08-04 07:56:46 530,944 ------w c:\winnt\ServicePackFiles\i386\wbemcore.dll
    + 2008-04-14 00:12:08 531,456 ------w c:\winnt\ServicePackFiles\i386\wbemcore.dll
    - 2004-08-04 07:56:46 178,176 ------w c:\winnt\ServicePackFiles\i386\wbemdisp.dll
    + 2008-04-14 00:12:08 178,176 ------w c:\winnt\ServicePackFiles\i386\wbemdisp.dll
    - 2004-08-04 07:56:46 273,920 ------w c:\winnt\ServicePackFiles\i386\wbemess.dll
    + 2008-04-14 00:12:08 273,920 ------w c:\winnt\ServicePackFiles\i386\wbemess.dll
    - 2004-08-04 07:56:46 43,008 ------w c:\winnt\ServicePackFiles\i386\wbemperf.dll
    + 2008-04-14 00:12:08 43,008 ------w c:\winnt\ServicePackFiles\i386\wbemperf.dll
    - 2004-08-04 07:56:46 18,944 ------w c:\winnt\ServicePackFiles\i386\wbemprox.dll
    + 2008-04-14 00:12:08 18,944 ------w c:\winnt\ServicePackFiles\i386\wbemprox.dll
    - 2004-08-04 07:56:46 43,520 ------w c:\winnt\ServicePackFiles\i386\wbemsvc.dll
    + 2008-04-14 00:12:08 43,520 ------w c:\winnt\ServicePackFiles\i386\wbemsvc.dll
    - 2004-08-04 07:56:57 116,224 ------w c:\winnt\ServicePackFiles\i386\wbemtest.exe
    + 2008-04-14 00:12:39 116,224 ------w c:\winnt\ServicePackFiles\i386\wbemtest.exe
    - 2004-08-04 07:56:46 197,120 ------w c:\winnt\ServicePackFiles\i386\wbemupgd.dll
    + 2008-04-14 00:12:08 197,120 ------w c:\winnt\ServicePackFiles\i386\wbemupgd.dll
    - 2004-08-04 06:08:46 31,744 ------w c:\winnt\ServicePackFiles\i386\wceusbsh.sys
    + 2008-04-13 18:45:38 31,744 ------w c:\winnt\ServicePackFiles\i386\wceusbsh.sys
    - 2004-08-04 07:56:46 49,152 ------w c:\winnt\ServicePackFiles\i386\wdigest.dll
    + 2008-04-14 00:12:08 49,152 ------w c:\winnt\ServicePackFiles\i386\wdigest.dll
    + 2008-04-14 00:12:45 23,552 ------w c:\winnt\ServicePackFiles\i386\wdmaud.drv
    - 2004-08-04 06:15:04 82,944 ------w c:\winnt\ServicePackFiles\i386\wdmaud.sys
    + 2008-04-13 19:17:18 83,072 ------w c:\winnt\ServicePackFiles\i386\wdmaud.sys
    - 2004-08-04 07:56:46 276,480 ------w c:\winnt\ServicePackFiles\i386\webcheck.dll
    + 2008-04-14 00:12:08 276,480 ------w c:\winnt\ServicePackFiles\i386\webcheck.dll
    - 2004-08-04 07:56:46 67,584 ------w c:\winnt\ServicePackFiles\i386\webclnt.dll
    + 2008-04-14 00:12:08 68,096 ------w c:\winnt\ServicePackFiles\i386\webclnt.dll
    - 2004-08-04 07:56:46 135,680 ------w c:\winnt\ServicePackFiles\i386\webvw.dll
    + 2008-04-14 00:12:08 135,680 ------w c:\winnt\ServicePackFiles\i386\webvw.dll
    - 2004-08-04 07:56:57 65,536 ------w c:\winnt\ServicePackFiles\i386\wextract.exe
    + 2008-04-14 00:12:39 65,024 ------w c:\winnt\ServicePackFiles\i386\wextract.exe
    - 2004-08-04 07:56:57 433,664 ------w c:\winnt\ServicePackFiles\i386\wiaacmgr.exe
    + 2008-04-14 00:12:39 433,664 ------w c:\winnt\ServicePackFiles\i386\wiaacmgr.exe
    - 2004-08-04 07:56:46 463,360 ------w c:\winnt\ServicePackFiles\i386\wiadefui.dll
    + 2008-04-14 00:12:08 463,360 ------w c:\winnt\ServicePackFiles\i386\wiadefui.dll
    - 2004-08-04 07:56:46 124,416 ------w c:\winnt\ServicePackFiles\i386\wiadss.dll
    + 2008-04-14 00:12:08 124,416 ------w c:\winnt\ServicePackFiles\i386\wiadss.dll
    - 2004-08-04 07:56:46 75,776 ------w c:\winnt\ServicePackFiles\i386\wiascr.dll
    + 2008-04-14 00:12:08 75,776 ------w c:\winnt\ServicePackFiles\i386\wiascr.dll
    - 2004-08-04 07:56:46 333,312 ------w c:\winnt\ServicePackFiles\i386\wiaservc.dll
    + 2008-04-14 00:12:08 333,824 ------w c:\winnt\ServicePackFiles\i386\wiaservc.dll
    - 2004-08-04 07:56:46 589,312 ------w c:\winnt\ServicePackFiles\i386\wiashext.dll
    + 2008-04-14 00:12:08 589,312 ------w c:\winnt\ServicePackFiles\i386\wiashext.dll
    - 2004-08-04 07:56:46 111,104 ------w c:\winnt\ServicePackFiles\i386\wiavideo.dll
    + 2008-04-14 00:12:08 111,104 ------w c:\winnt\ServicePackFiles\i386\wiavideo.dll
    + 2008-04-14 00:12:08 712,704 ------w c:\winnt\ServicePackFiles\i386\wic.dll
    + 2008-04-14 00:12:08 346,112 ------w c:\winnt\ServicePackFiles\i386\wicext.dll
    - 2004-08-04 06:17:40 1,835,904 ------w c:\winnt\ServicePackFiles\i386\win32k.sys
    + 2008-04-13 19:30:10 1,845,632 ------w c:\winnt\ServicePackFiles\i386\win32k.sys
    - 2004-08-04 07:56:46 101,888 ------w c:\winnt\ServicePackFiles\i386\win32spl.dll
    + 2008-04-14 00:12:08 102,400 ------w c:\winnt\ServicePackFiles\i386\win32spl.dll
    - 2004-08-04 07:56:35 937,984 ------w c:\winnt\ServicePackFiles\i386\winbrand.dll
    + 2008-04-13 16:48:53 1,647,616 ------w c:\winnt\ServicePackFiles\i386\winbrand.dll
  4. 2009-03-24, 00:26 #24
    RallyReal
    RallyReal is offline
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Combofix Cont.

    - 2004-08-04 07:56:57 283,648 ------w c:\winnt\ServicePackFiles\i386\winhlp32.exe
    + 2008-04-14 00:12:39 283,648 ------w c:\winnt\ServicePackFiles\i386\winhlp32.exe
    - 2004-08-04 07:56:46 351,232 ------w c:\winnt\ServicePackFiles\i386\winhttp.dll
    + 2008-04-14 00:12:08 354,304 ------w c:\winnt\ServicePackFiles\i386\winhttp.dll
    - 2004-08-04 07:56:46 656,384 ------w c:\winnt\ServicePackFiles\i386\wininet.dll
    + 2008-04-14 00:12:08 666,112 ------w c:\winnt\ServicePackFiles\i386\wininet.dll
    - 2004-08-04 07:56:46 32,768 ------w c:\winnt\ServicePackFiles\i386\winipsec.dll
    + 2008-04-14 00:12:09 32,256 ------w c:\winnt\ServicePackFiles\i386\winipsec.dll
    - 2004-08-04 07:56:57 502,272 ------w c:\winnt\ServicePackFiles\i386\winlogon.exe
    + 2008-04-14 00:12:39 507,904 ------w c:\winnt\ServicePackFiles\i386\winlogon.exe
    - 2004-08-04 07:56:46 176,128 ------w c:\winnt\ServicePackFiles\i386\winmm.dll
    + 2008-04-14 00:12:09 176,128 ------w c:\winnt\ServicePackFiles\i386\winmm.dll
    - 2004-08-04 07:56:35 764,928 ------w c:\winnt\ServicePackFiles\i386\winntbbu.dll
    + 2008-04-14 00:11:11 756,224 ------w c:\winnt\ServicePackFiles\i386\winntbbu.dll
    - 2004-08-04 07:56:46 16,896 ------w c:\winnt\ServicePackFiles\i386\winrnr.dll
    + 2008-04-14 00:12:09 16,896 ------w c:\winnt\ServicePackFiles\i386\winrnr.dll
    - 2004-08-04 07:56:46 99,328 ------w c:\winnt\ServicePackFiles\i386\winscard.dll
    + 2008-04-14 00:12:09 99,328 ------w c:\winnt\ServicePackFiles\i386\winscard.dll
    - 2004-08-04 07:56:46 17,408 ------w c:\winnt\ServicePackFiles\i386\winshfhc.dll
    + 2008-04-14 00:12:09 17,408 ------w c:\winnt\ServicePackFiles\i386\winshfhc.dll
    + 2008-04-14 00:12:45 146,432 ------w c:\winnt\ServicePackFiles\i386\winspool.drv
    - 2004-08-04 07:56:46 290,816 ------w c:\winnt\ServicePackFiles\i386\winsrv.dll
    + 2008-04-14 00:12:09 293,376 ------w c:\winnt\ServicePackFiles\i386\winsrv.dll
    - 2004-08-04 07:56:46 53,760 ------w c:\winnt\ServicePackFiles\i386\winsta.dll
    + 2008-04-14 00:12:09 53,760 ------w c:\winnt\ServicePackFiles\i386\winsta.dll
    - 2004-08-04 07:56:46 176,640 ------w c:\winnt\ServicePackFiles\i386\wintrust.dll
    + 2008-04-14 00:12:09 176,640 ------w c:\winnt\ServicePackFiles\i386\wintrust.dll
    - 2004-08-04 07:56:57 5,632 ------w c:\winnt\ServicePackFiles\i386\winver.exe
    + 2008-04-14 00:12:40 5,632 ------w c:\winnt\ServicePackFiles\i386\winver.exe
    - 2004-08-04 07:56:46 132,096 ------w c:\winnt\ServicePackFiles\i386\wkssvc.dll
    + 2008-04-14 00:12:09 132,096 ------w c:\winnt\ServicePackFiles\i386\wkssvc.dll
    + 2008-04-14 00:12:09 69,120 ------w c:\winnt\ServicePackFiles\i386\wlanapi.dll
    - 2004-08-04 07:56:46 172,032 ------w c:\winnt\ServicePackFiles\i386\wldap32.dll
    + 2008-04-14 00:12:09 172,032 ------w c:\winnt\ServicePackFiles\i386\wldap32.dll
    - 2004-08-04 07:56:46 92,672 ------w c:\winnt\ServicePackFiles\i386\wlnotify.dll
    + 2008-04-14 00:12:09 92,672 ------w c:\winnt\ServicePackFiles\i386\wlnotify.dll
    - 2004-08-04 07:56:35 5,632 ------w c:\winnt\ServicePackFiles\i386\wmi.dll
    + 2008-04-14 00:11:15 5,632 ------w c:\winnt\ServicePackFiles\i386\wmi.dll
    - 2004-08-04 06:07:41 8,832 ------w c:\winnt\ServicePackFiles\i386\wmiacpi.sys
    + 2008-04-13 18:36:38 8,832 ------w c:\winnt\ServicePackFiles\i386\wmiacpi.sys
    - 2004-08-04 07:56:57 196,608 ------w c:\winnt\ServicePackFiles\i386\wmiadap.exe
    + 2008-04-14 00:12:40 196,608 ------w c:\winnt\ServicePackFiles\i386\wmiadap.exe
    - 2004-08-04 07:56:35 6,656 ------w c:\winnt\ServicePackFiles\i386\wmiapres.dll
    + 2008-04-13 17:10:20 6,656 ------w c:\winnt\ServicePackFiles\i386\wmiapres.dll
    - 2004-08-04 07:56:46 89,088 ------w c:\winnt\ServicePackFiles\i386\wmiaprpl.dll
    + 2008-04-14 00:12:09 88,576 ------w c:\winnt\ServicePackFiles\i386\wmiaprpl.dll
    - 2004-08-04 07:56:57 126,464 ------w c:\winnt\ServicePackFiles\i386\wmiapsrv.exe
    + 2008-04-14 00:12:40 126,464 ------w c:\winnt\ServicePackFiles\i386\wmiapsrv.exe
    - 2004-08-04 07:56:46 60,928 ------w c:\winnt\ServicePackFiles\i386\wmicookr.dll
    + 2008-04-14 00:12:09 60,928 ------w c:\winnt\ServicePackFiles\i386\wmicookr.dll
    - 2004-08-04 07:56:46 140,800 ------w c:\winnt\ServicePackFiles\i386\wmidcprv.dll
    + 2008-04-14 00:12:09 140,800 ------w c:\winnt\ServicePackFiles\i386\wmidcprv.dll
    - 2004-08-04 07:56:46 156,672 ------w c:\winnt\ServicePackFiles\i386\wmipcima.dll
    + 2008-04-14 00:12:09 156,672 ------w c:\winnt\ServicePackFiles\i386\wmipcima.dll
    - 2004-08-04 07:56:46 132,096 ------w c:\winnt\ServicePackFiles\i386\wmipdskq.dll
    + 2008-04-14 00:12:09 132,096 ------w c:\winnt\ServicePackFiles\i386\wmipdskq.dll
    - 2004-08-04 07:56:46 62,464 ------w c:\winnt\ServicePackFiles\i386\wmipiprt.dll
    + 2008-04-14 00:12:09 61,952 ------w c:\winnt\ServicePackFiles\i386\wmipiprt.dll
    - 2004-08-04 07:56:46 62,976 ------w c:\winnt\ServicePackFiles\i386\wmipjobj.dll
    + 2008-04-14 00:12:09 62,464 ------w c:\winnt\ServicePackFiles\i386\wmipjobj.dll
    - 2004-08-04 07:56:46 144,896 ------w c:\winnt\ServicePackFiles\i386\wmiprov.dll
    + 2008-04-14 00:12:09 144,896 ------w c:\winnt\ServicePackFiles\i386\wmiprov.dll
    - 2004-08-04 07:56:46 437,248 ------w c:\winnt\ServicePackFiles\i386\wmiprvsd.dll
    + 2008-04-14 00:12:09 437,248 ------w c:\winnt\ServicePackFiles\i386\wmiprvsd.dll
    - 2004-08-04 07:56:57 218,112 ------w c:\winnt\ServicePackFiles\i386\wmiprvse.exe
    + 2008-04-14 00:12:40 218,112 ------w c:\winnt\ServicePackFiles\i386\wmiprvse.exe
    - 2004-08-04 07:56:46 41,472 ------w c:\winnt\ServicePackFiles\i386\wmipsess.dll
    + 2008-04-14 00:12:09 41,472 ------w c:\winnt\ServicePackFiles\i386\wmipsess.dll
    - 2004-08-04 07:56:46 144,896 ------w c:\winnt\ServicePackFiles\i386\wmisvc.dll
    + 2008-04-14 00:12:09 144,896 ------w c:\winnt\ServicePackFiles\i386\wmisvc.dll
    - 2004-08-04 07:56:46 95,232 ------w c:\winnt\ServicePackFiles\i386\wmiutils.dll
    + 2008-04-14 00:12:09 95,232 ------w c:\winnt\ServicePackFiles\i386\wmiutils.dll
    - 2004-08-04 07:56:46 167,936 ------w c:\winnt\ServicePackFiles\i386\wmm2ae.dll
    + 2008-04-14 00:12:09 167,936 ------w c:\winnt\ServicePackFiles\i386\wmm2ae.dll
    - 2004-08-04 07:56:46 4,096 ------w c:\winnt\ServicePackFiles\i386\wmm2eres.dll
    + 2008-04-14 00:12:09 4,096 ------w c:\winnt\ServicePackFiles\i386\wmm2eres.dll
    - 2004-08-04 07:56:46 7,680 ------w c:\winnt\ServicePackFiles\i386\wmm2ext.dll
    + 2008-04-14 00:12:09 7,680 ------w c:\winnt\ServicePackFiles\i386\wmm2ext.dll
    - 2004-08-04 07:56:46 402,432 ------w c:\winnt\ServicePackFiles\i386\wmm2filt.dll
    + 2008-04-14 00:12:09 402,432 ------w c:\winnt\ServicePackFiles\i386\wmm2filt.dll
    - 2004-08-04 07:56:46 502,272 ------w c:\winnt\ServicePackFiles\i386\wmm2fxa.dll
    + 2008-04-14 00:12:09 502,272 ------w c:\winnt\ServicePackFiles\i386\wmm2fxa.dll
    - 2004-08-04 07:56:46 325,632 ------w c:\winnt\ServicePackFiles\i386\wmm2fxb.dll
    + 2008-04-14 00:12:09 325,632 ------w c:\winnt\ServicePackFiles\i386\wmm2fxb.dll
    - 2004-08-04 07:56:46 4,256,768 ------w c:\winnt\ServicePackFiles\i386\wmm2res.dll
    + 2008-04-14 00:12:09 4,256,768 ------w c:\winnt\ServicePackFiles\i386\wmm2res.dll
    - 2004-08-04 07:56:46 5,632 ------w c:\winnt\ServicePackFiles\i386\wmm2res2.dll
    + 2008-04-14 00:12:09 5,632 ------w c:\winnt\ServicePackFiles\i386\wmm2res2.dll
    + 2008-04-14 00:12:09 276,992 ------w c:\winnt\ServicePackFiles\i386\wmphoto.dll
    - 2004-08-04 07:56:57 214,528 ------w c:\winnt\ServicePackFiles\i386\wordpad.exe
    + 2008-04-14 00:12:40 214,528 ------w c:\winnt\ServicePackFiles\i386\wordpad.exe
    - 2004-08-04 07:56:46 264,192 ------w c:\winnt\ServicePackFiles\i386\wow32.dll
    + 2008-04-14 00:12:10 264,192 ------w c:\winnt\ServicePackFiles\i386\wow32.dll
    - 2004-08-04 07:56:57 32,256 ------w c:\winnt\ServicePackFiles\i386\wpabaln.exe
    + 2008-04-14 00:12:40 32,256 ------w c:\winnt\ServicePackFiles\i386\wpabaln.exe
    - 2004-08-04 07:56:57 32,256 ------w c:\winnt\ServicePackFiles\i386\wpnpinst.exe
    + 2008-04-14 00:12:41 11,264 ------w c:\winnt\ServicePackFiles\i386\wpnpinst.exe
    - 2004-08-04 07:56:46 82,944 ------w c:\winnt\ServicePackFiles\i386\ws2_32.dll
    + 2008-04-14 00:12:10 82,432 ------w c:\winnt\ServicePackFiles\i386\ws2_32.dll
    - 2004-08-04 07:56:46 19,968 ------w c:\winnt\ServicePackFiles\i386\ws2help.dll
    + 2008-04-14 00:12:10 19,968 ------w c:\winnt\ServicePackFiles\i386\ws2help.dll
    - 2004-08-04 07:56:57 13,824 ------w c:\winnt\ServicePackFiles\i386\wscntfy.exe
    + 2008-04-14 00:12:41 13,824 ------w c:\winnt\ServicePackFiles\i386\wscntfy.exe
    - 2004-08-04 07:56:57 114,688 ------w c:\winnt\ServicePackFiles\i386\wscript.exe
    + 2008-04-14 00:12:41 155,648 ------w c:\winnt\ServicePackFiles\i386\wscript.exe
    - 2004-08-04 07:56:46 81,408 ------w c:\winnt\ServicePackFiles\i386\wscsvc.dll
    + 2008-04-14 00:12:10 80,896 ------w c:\winnt\ServicePackFiles\i386\wscsvc.dll
    - 2004-08-04 07:56:46 108,032 ------w c:\winnt\ServicePackFiles\i386\wshbth.dll
    + 2008-04-14 00:12:10 108,032 ------w c:\winnt\ServicePackFiles\i386\wshbth.dll
    - 2004-08-04 07:56:46 28,672 ------w c:\winnt\ServicePackFiles\i386\wshcon.dll
    + 2008-04-14 00:12:10 36,864 ------w c:\winnt\ServicePackFiles\i386\wshcon.dll
    - 2004-08-04 07:56:46 65,536 ------w c:\winnt\ServicePackFiles\i386\wshext.dll
    + 2008-04-14 00:12:10 90,112 ------w c:\winnt\ServicePackFiles\i386\wshext.dll
    - 2004-08-04 07:56:46 14,336 ------w c:\winnt\ServicePackFiles\i386\wship6.dll
    + 2008-04-14 00:12:10 14,336 ------w c:\winnt\ServicePackFiles\i386\wship6.dll
    - 2004-08-04 07:56:46 8,192 ------w c:\winnt\ServicePackFiles\i386\wshirda.dll
    + 2008-04-14 00:12:10 8,192 ------w c:\winnt\ServicePackFiles\i386\wshirda.dll
    - 2004-08-04 07:56:46 11,776 ------w c:\winnt\ServicePackFiles\i386\wshrm.dll
    + 2008-04-14 00:12:10 11,264 ------w c:\winnt\ServicePackFiles\i386\wshrm.dll
    - 2004-08-04 07:56:46 19,968 ------w c:\winnt\ServicePackFiles\i386\wshtcpip.dll
    + 2008-04-14 00:12:10 19,456 ------w c:\winnt\ServicePackFiles\i386\wshtcpip.dll
    - 2004-08-04 07:56:46 42,496 ------w c:\winnt\ServicePackFiles\i386\wsnmp32.dll
    + 2008-04-14 00:12:10 41,984 ------w c:\winnt\ServicePackFiles\i386\wsnmp32.dll
    - 2004-08-04 07:56:46 22,528 ------w c:\winnt\ServicePackFiles\i386\wsock32.dll
    + 2008-04-14 00:12:10 22,528 ------w c:\winnt\ServicePackFiles\i386\wsock32.dll
    - 2004-08-04 06:10:21 19,328 ------w c:\winnt\ServicePackFiles\i386\wstcodec.sys
    + 2008-04-13 18:46:24 19,200 ------w c:\winnt\ServicePackFiles\i386\wstcodec.sys
    - 2004-08-04 07:56:46 50,688 ------w c:\winnt\ServicePackFiles\i386\wstdecod.dll
    + 2008-04-14 00:12:10 50,688 ------w c:\winnt\ServicePackFiles\i386\wstdecod.dll
    - 2004-08-04 07:56:46 18,432 ------w c:\winnt\ServicePackFiles\i386\wtsapi32.dll
    + 2008-04-14 00:12:10 18,432 ------w c:\winnt\ServicePackFiles\i386\wtsapi32.dll
    - 2004-08-04 07:56:46 430,592 ------w c:\winnt\ServicePackFiles\i386\wuapi.dll
    + 2008-04-14 00:12:10 430,592 ------w c:\winnt\ServicePackFiles\i386\wuapi.dll
    - 2004-08-04 07:56:57 111,104 ------w c:\winnt\ServicePackFiles\i386\wuauclt.exe
    + 2008-04-14 00:12:41 111,104 ------w c:\winnt\ServicePackFiles\i386\wuauclt.exe
    - 2004-08-04 07:56:57 165,888 ------w c:\winnt\ServicePackFiles\i386\wuauclt1.exe
    + 2008-04-14 00:12:41 165,888 ------w c:\winnt\ServicePackFiles\i386\wuauclt1.exe
    - 2004-08-04 07:56:46 1,134,592 ------w c:\winnt\ServicePackFiles\i386\wuaueng.dll
    + 2008-04-14 00:12:11 1,135,616 ------w c:\winnt\ServicePackFiles\i386\wuaueng.dll
    - 2004-08-04 07:56:46 183,296 ------w c:\winnt\ServicePackFiles\i386\wuaueng1.dll
    + 2008-04-14 00:12:11 183,296 ------w c:\winnt\ServicePackFiles\i386\wuaueng1.dll
    - 2004-08-04 07:56:46 6,656 ------w c:\winnt\ServicePackFiles\i386\wuauserv.dll
    + 2008-04-14 00:12:11 6,656 ------w c:\winnt\ServicePackFiles\i386\wuauserv.dll
    - 2004-08-04 07:56:46 112,640 ------w c:\winnt\ServicePackFiles\i386\wucltui.dll
    + 2008-04-14 00:12:11 112,640 ------w c:\winnt\ServicePackFiles\i386\wucltui.dll
    - 2004-08-04 07:56:46 36,864 ------w c:\winnt\ServicePackFiles\i386\wups.dll
    + 2008-04-14 00:12:11 32,256 ------w c:\winnt\ServicePackFiles\i386\wups.dll
    - 2004-08-04 07:56:46 120,320 ------w c:\winnt\ServicePackFiles\i386\wuweb.dll
    + 2008-04-14 00:12:11 120,320 ------w c:\winnt\ServicePackFiles\i386\wuweb.dll
    - 2004-08-04 07:56:46 378,368 ------w c:\winnt\ServicePackFiles\i386\wzcdlg.dll
    + 2008-04-14 00:12:11 383,488 ------w c:\winnt\ServicePackFiles\i386\wzcdlg.dll
    - 2004-08-04 07:56:46 51,712 ------w c:\winnt\ServicePackFiles\i386\wzcsapi.dll
    + 2008-04-14 00:12:11 52,736 ------w c:\winnt\ServicePackFiles\i386\wzcsapi.dll
    - 2004-08-04 07:56:46 359,936 ------w c:\winnt\ServicePackFiles\i386\wzcsvc.dll
    + 2008-04-14 00:12:11 483,840 ------w c:\winnt\ServicePackFiles\i386\wzcsvc.dll
    - 2004-08-04 07:56:46 91,648 ------w c:\winnt\ServicePackFiles\i386\xactsrv.dll
    + 2008-04-14 00:12:11 91,648 ------w c:\winnt\ServicePackFiles\i386\xactsrv.dll
    - 2004-08-04 07:56:57 30,720 ------w c:\winnt\ServicePackFiles\i386\xcopy.exe
    + 2008-04-14 00:12:41 30,720 ------w c:\winnt\ServicePackFiles\i386\xcopy.exe
    + 2008-04-14 00:12:11 121,856 ------w c:\winnt\ServicePackFiles\i386\xmllite.dll
    - 2004-08-04 07:56:46 129,536 ------w c:\winnt\ServicePackFiles\i386\xmlprov.dll
    + 2008-04-14 00:12:11 129,024 ------w c:\winnt\ServicePackFiles\i386\xmlprov.dll
    - 2004-08-04 07:56:46 50,176 ------w c:\winnt\ServicePackFiles\i386\xmlprovi.dll
    + 2008-04-14 00:12:11 50,176 ------w c:\winnt\ServicePackFiles\i386\xmlprovi.dll
    - 2004-08-04 07:56:46 11,776 ------w c:\winnt\ServicePackFiles\i386\xolehlp.dll
    + 2008-04-14 00:12:11 11,776 ------w c:\winnt\ServicePackFiles\i386\xolehlp.dll
    + 2008-04-13 18:53:32 558,080 ------w c:\winnt\ServicePackFiles\i386\xpnetdg.exe
    - 2004-08-04 07:56:36 438,784 ------w c:\winnt\ServicePackFiles\i386\xpob2res.dll
    + 2008-04-13 17:39:29 438,784 ------w c:\winnt\ServicePackFiles\i386\xpob2res.dll
    - 2004-08-04 07:56:36 187,392 ------w c:\winnt\ServicePackFiles\i386\xpsp1res.dll
    + 2008-04-13 17:39:22 187,392 ------w c:\winnt\ServicePackFiles\i386\xpsp1res.dll
    - 2004-08-04 07:56:36 2,897,920 ------w c:\winnt\ServicePackFiles\i386\xpsp2res.dll
    + 2008-04-13 17:39:24 2,897,920 ------w c:\winnt\ServicePackFiles\i386\xpsp2res.dll
    + 2008-04-13 17:39:26 689,152 ------w c:\winnt\ServicePackFiles\i386\xpsp3res.dll
    + 2008-04-14 00:12:11 18,944 ------w c:\winnt\ServicePackFiles\i386\xrxscnui.dll
    - 2004-08-04 07:56:46 116,224 ------w c:\winnt\ServicePackFiles\i386\xrxwiadr.dll
    + 2008-04-14 00:12:11 116,224 ------w c:\winnt\ServicePackFiles\i386\xrxwiadr.dll
    - 2004-08-04 07:56:46 337,920 ------w c:\winnt\ServicePackFiles\i386\zipfldr.dll
    + 2008-04-14 00:12:11 338,432 ------w c:\winnt\ServicePackFiles\i386\zipfldr.dll
    + 2008-04-14 00:11:51 33,792 ------w c:\winnt\ServicePackFiles\ServicePackCache\i386\custsat.dll
    + 2008-04-14 00:11:59 82,944 ------w c:\winnt\ServicePackFiles\ServicePackCache\i386\msgsc.dll
    + 2008-04-13 17:30:28 180,224 ------w c:\winnt\ServicePackFiles\ServicePackCache\i386\msgslang.dll
    + 2008-04-14 00:12:28 1,695,232 ------w c:\winnt\ServicePackFiles\ServicePackCache\i386\msmsgs.exe
    - 2004-08-04 07:56:56 32,866 ------w c:\winnt\slrundll.exe
    + 2008-04-14 00:12:35 32,866 ------w c:\winnt\slrundll.exe
    - 2004-08-04 07:56:43 3,166,208 ----a-w c:\winnt\srchasst\msgr3en.dll
    + 2008-04-14 00:11:59 3,166,208 ----a-w c:\winnt\srchasst\msgr3en.dll
    - 2004-08-04 07:56:45 58,434 ----a-w c:\winnt\srchasst\srchctls.dll
    + 2008-04-14 00:12:06 58,434 ----a-w c:\winnt\srchasst\srchctls.dll
    - 2004-08-04 07:56:45 725,566 ----a-w c:\winnt\srchasst\srchui.dll
    + 2008-04-14 00:12:07 726,078 ----a-w c:\winnt\srchasst\srchui.dll
    + 2000-08-31 15:00:00 161,792 ----a-w c:\winnt\SWREG.exe
    + 2000-08-31 15:00:00 136,704 ----a-w c:\winnt\SWSC.exe
    + 2000-08-31 15:00:00 212,480 ----a-w c:\winnt\SWXCACLS.exe
    + 2003-03-31 12:00:00 2,000 ----a-w c:\winnt\system\KEYBOARD.DRV
    + 2003-03-31 12:00:00 73,376 ----a-w c:\winnt\system\MCIAVI.DRV
    + 2003-03-31 12:00:00 25,264 ----a-w c:\winnt\system\MCISEQ.DRV
    + 2003-03-31 12:00:00 28,160 ----a-w c:\winnt\system\MCIWAVE.DRV
    + 2003-03-31 12:00:00 2,032 ----a-w c:\winnt\system\MOUSE.DRV
    + 2003-03-31 12:00:00 1,744 ----a-w c:\winnt\system\SOUND.DRV
    + 2003-03-31 12:00:00 3,360 ----a-w c:\winnt\system\SYSTEM.DRV
    + 2003-03-31 12:00:00 4,048 ----a-w c:\winnt\system\TIMER.DRV
    + 2003-03-31 12:00:00 2,176 ----a-w c:\winnt\system\VGA.DRV
    + 2003-03-31 12:00:00 13,600 ----a-w c:\winnt\system\WFWNET.DRV
    + 2008-04-14 00:12:45 146,432 ----a-w c:\winnt\system\winspool.drv
    - 2006-08-16 11:58:05 100,352 ----a-w c:\winnt\system32\6to4svc.dll
    + 2008-04-14 00:11:48 100,352 ----a-w c:\winnt\system32\6to4svc.dll
    + 2008-04-14 00:11:48 136,192 ------w c:\winnt\system32\aaclient.dll
    - 2004-08-04 07:56:47 183,808 ----a-w c:\winnt\system32\accwiz.exe
    + 2008-04-14 00:12:11 184,320 ----a-w c:\winnt\system32\accwiz.exe
    - 2004-08-04 07:56:41 114,688 ----a-w c:\winnt\system32\aclui.dll
    + 2008-04-14 00:11:48 115,712 ----a-w c:\winnt\system32\aclui.dll
    - 2004-08-04 07:56:41 194,048 ----a-w c:\winnt\system32\activeds.dll
    + 2008-04-14 00:11:48 193,536 ----a-w c:\winnt\system32\activeds.dll
    - 2004-08-04 07:56:47 4,096 ----a-w c:\winnt\system32\actmovie.exe
    + 2008-04-14 00:12:12 4,096 ----a-w c:\winnt\system32\actmovie.exe
    - 2004-08-04 07:56:41 101,888 ----a-w c:\winnt\system32\actxprxy.dll
    + 2008-04-14 00:11:48 98,304 ----a-w c:\winnt\system32\actxprxy.dll
    - 2004-08-04 07:56:41 175,616 ----a-w c:\winnt\system32\adsldp.dll
    + 2008-04-14 00:11:48 175,616 ----a-w c:\winnt\system32\adsldp.dll
    - 2004-08-04 07:56:41 143,360 ----a-w c:\winnt\system32\adsldpc.dll
    + 2008-04-14 00:11:48 143,360 ----a-w c:\winnt\system32\adsldpc.dll
    - 2004-08-04 07:56:41 68,096 ----a-w c:\winnt\system32\adsmsext.dll
    + 2008-04-14 00:11:48 68,096 ----a-w c:\winnt\system32\adsmsext.dll
    - 2004-08-04 07:56:41 263,680 ----a-w c:\winnt\system32\adsnt.dll
    + 2008-04-14 00:11:48 263,680 ----a-w c:\winnt\system32\adsnt.dll
    - 2004-08-04 07:56:41 616,960 ----a-w c:\winnt\system32\advapi32.dll
    + 2008-04-14 00:11:48 617,472 ----a-w c:\winnt\system32\advapi32.dll
    - 2007-08-20 10:04:34 124,928 ----a-w c:\winnt\system32\advpack.dll
    + 2008-12-20 23:15:11 124,928 ----a-w c:\winnt\system32\advpack.dll
    - 2004-08-04 07:56:47 98,304 ----a-w c:\winnt\system32\ahui.exe
    + 2008-04-14 00:12:12 98,304 ----a-w c:\winnt\system32\ahui.exe
    - 2004-08-04 07:56:47 44,544 ----a-w c:\winnt\system32\alg.exe
    + 2008-04-14 00:12:12 44,544 ----a-w c:\winnt\system32\alg.exe
    - 2004-08-04 07:56:41 17,408 ----a-w c:\winnt\system32\alrsvc.dll
    + 2008-04-14 00:11:49 17,408 ----a-w c:\winnt\system32\alrsvc.dll
    - 2004-08-04 07:56:41 70,656 ----a-w c:\winnt\system32\amstream.dll
    + 2008-04-14 00:11:49 70,656 ----a-w c:\winnt\system32\amstream.dll
    - 2004-08-04 07:56:41 126,976 ----a-w c:\winnt\system32\apphelp.dll
    + 2008-04-14 00:11:49 125,952 ----a-w c:\winnt\system32\apphelp.dll
    - 2004-08-04 07:56:41 65,024 ----a-w c:\winnt\system32\asycfilt.dll
    + 2008-04-14 00:11:49 65,024 ----a-w c:\winnt\system32\asycfilt.dll
    - 2004-08-04 07:56:47 25,088 ----a-w c:\winnt\system32\at.exe
    + 2008-04-14 00:12:12 25,088 ----a-w c:\winnt\system32\at.exe
    - 2004-08-04 07:56:41 229,376 ----a-w c:\winnt\system32\ati2cqag.dll
    + 2008-04-14 00:11:49 229,376 ----a-w c:\winnt\system32\ati2cqag.dll
    - 2004-08-04 07:56:41 377,984 ----a-w c:\winnt\system32\ati2dvaa.dll
    + 2008-04-14 00:11:49 377,984 ----a-w c:\winnt\system32\ati2dvaa.dll
    - 2004-08-04 07:56:41 32,768 ----a-w c:\winnt\system32\ativtmxx.dll
    + 2008-04-14 00:11:50 32,768 ----a-w c:\winnt\system32\ativtmxx.dll
    - 2004-08-04 07:56:41 516,768 ----a-w c:\winnt\system32\ativvaxx.dll
    + 2008-04-14 00:11:50 516,768 ----a-w c:\winnt\system32\ativvaxx.dll
    - 2004-08-04 07:56:41 58,880 ----a-w c:\winnt\system32\atl.dll
    + 2008-04-14 00:11:50 58,880 ----a-w c:\winnt\system32\atl.dll
    - 2004-08-04 07:56:47 11,264 ----a-w c:\winnt\system32\atmadm.exe
    + 2008-04-14 00:12:12 11,264 ----a-w c:\winnt\system32\atmadm.exe
    - 2004-08-04 07:55:59 285,696 ----a-w c:\winnt\system32\atmfd.dll
    + 2008-04-14 00:09:01 285,696 ----a-w c:\winnt\system32\atmfd.dll
    - 2004-08-04 07:56:41 30,208 ----a-w c:\winnt\system32\atmlib.dll
    + 2008-04-14 00:11:50 30,208 ----a-w c:\winnt\system32\atmlib.dll
    + 2004-08-10 06:50:22 77,889 ----a-w c:\winnt\system32\atrc.dll
    - 2003-03-31 12:00:00 11,264 ----a-w c:\winnt\system32\attrib.exe
    + 2008-04-14 00:12:12 12,288 ----a-w c:\winnt\system32\attrib.exe
    - 2004-08-04 07:56:41 42,496 ----a-w c:\winnt\system32\audiosrv.dll
    + 2008-04-14 00:11:50 42,496 ----a-w c:\winnt\system32\audiosrv.dll
    - 2004-08-04 07:56:47 14,336 ----a-w c:\winnt\system32\auditusr.exe
    + 2008-04-14 00:12:12 14,336 ----a-w c:\winnt\system32\auditusr.exe
    + 2002-07-05 14:12:06 27,136 ----a-w c:\winnt\system32\authdvd.dll
    - 2005-03-02 18:09:29 56,832 ----a-w c:\winnt\system32\authz.dll
    + 2008-04-14 00:11:50 62,464 ----a-w c:\winnt\system32\authz.dll
    - 2004-08-04 07:56:47 588,800 ----a-w c:\winnt\system32\autochk.exe
    + 2008-04-14 00:12:12 588,800 ----a-w c:\winnt\system32\autochk.exe
    - 2004-08-04 07:56:47 602,624 ----a-w c:\winnt\system32\autoconv.exe
    + 2008-04-14 00:12:12 602,624 ----a-w c:\winnt\system32\autoconv.exe
    - 2004-08-04 07:56:47 580,608 ----a-w c:\winnt\system32\autofmt.exe
    + 2008-04-14 00:12:13 580,608 ----a-w c:\winnt\system32\autofmt.exe
    - 2004-08-04 07:56:47 11,264 ----a-w c:\winnt\system32\autolfn.exe
    + 2008-04-14 00:12:13 11,264 ----a-w c:\winnt\system32\autolfn.exe
    - 2004-08-04 07:56:41 84,992 ----a-w c:\winnt\system32\avifil32.dll
    + 2008-04-14 00:11:50 84,992 ----a-w c:\winnt\system32\avifil32.dll
    + 2005-10-29 07:49:40 133,120 ------w c:\winnt\system32\axaltocm.dll
    + 2008-04-14 00:11:50 233,472 ------w c:\winnt\system32\azroles.dll
    + 2005-10-29 00:40:16 96,792 ------w c:\winnt\system32\basecsp.dll
    - 2004-08-04 07:56:41 52,736 ----a-w c:\winnt\system32\basesrv.dll
    + 2008-04-14 00:11:50 52,736 ----a-w c:\winnt\system32\basesrv.dll
    - 2004-08-04 07:56:41 28,672 ----a-w c:\winnt\system32\batmeter.dll
    + 2008-04-14 00:11:50 29,184 ----a-w c:\winnt\system32\batmeter.dll
    - 2004-08-04 07:56:41 8,704 ----a-w c:\winnt\system32\batt.dll
    + 2008-04-14 00:11:50 8,704 ----a-w c:\winnt\system32\batt.dll
    + 2005-10-29 07:49:40 25,600 ------w c:\winnt\system32\bcsprsrc.dll
    - 2004-08-04 07:56:41 17,408 ----a-w c:\winnt\system32\bidispl.dll
    + 2008-04-14 00:11:50 17,408 ----a-w c:\winnt\system32\bidispl.dll
    - 2004-07-01 22:08:18 361,984 ----a-w c:\winnt\system32\bits\qmgr.dll
    + 2008-04-14 00:12:03 409,088 ----a-w c:\winnt\system32\bits\qmgr.dll
    - 2004-08-04 07:56:41 8,192 ----a-w c:\winnt\system32\bitsprx2.dll
    + 2008-04-14 00:11:50 8,192 ----a-w c:\winnt\system32\bitsprx2.dll
    - 2004-08-04 07:56:41 7,168 ----a-w c:\winnt\system32\bitsprx3.dll
    + 2008-04-14 00:11:50 7,168 ----a-w c:\winnt\system32\bitsprx3.dll
    + 2008-04-14 00:11:50 7,168 ------w c:\winnt\system32\bitsprx4.dll
    - 2004-08-04 07:56:47 71,680 ----a-w c:\winnt\system32\blastcln.exe
    + 2008-04-14 00:12:13 71,680 ----a-w c:\winnt\system32\blastcln.exe
    - 2004-08-04 07:55:59 63,488 ----a-w c:\winnt\system32\browselc.dll
    + 2008-04-13 17:03:24 63,488 ----a-w c:\winnt\system32\browselc.dll
    - 2004-08-04 07:56:41 77,312 ----a-w c:\winnt\system32\browser.dll
    + 2008-04-14 00:11:50 77,824 ----a-w c:\winnt\system32\browser.dll
    - 2006-09-23 20:12:50 1,022,976 ----a-w c:\winnt\system32\browseui.dll
    + 2008-04-14 00:11:50 1,025,024 ----a-w c:\winnt\system32\browseui.dll
    - 2004-08-04 07:56:41 78,336 ----a-w c:\winnt\system32\browsewm.dll
    + 2008-04-14 00:11:50 78,336 ----a-w c:\winnt\system32\browsewm.dll
    - 2004-08-04 07:56:41 20,992 ----a-w c:\winnt\system32\bthci.dll
    + 2008-04-14 00:11:50 20,992 ----a-w c:\winnt\system32\bthci.dll
    - 2004-08-04 07:56:41 30,208 ----a-w c:\winnt\system32\bthserv.dll
    + 2008-04-14 00:11:50 30,208 ----a-w c:\winnt\system32\bthserv.dll
    - 2004-08-04 07:56:41 50,688 ----a-w c:\winnt\system32\btpanui.dll
    + 2008-04-14 00:11:50 50,688 ----a-w c:\winnt\system32\btpanui.dll
    - 2004-08-04 07:56:41 59,904 ----a-w c:\winnt\system32\cabinet.dll
    + 2008-04-14 00:11:50 60,416 ----a-w c:\winnt\system32\cabinet.dll
    - 2004-08-04 07:56:41 84,480 ----a-w c:\winnt\system32\cabview.dll
    + 2008-04-14 00:11:50 84,480 ----a-w c:\winnt\system32\cabview.dll
    - 2003-03-31 12:00:00 18,432 ----a-w c:\winnt\system32\cacls.exe
    + 2008-04-14 00:12:13 19,968 ----a-w c:\winnt\system32\cacls.exe
    - 2004-08-04 07:56:41 50,688 ----a-w c:\winnt\system32\camocx.dll
    + 2008-04-14 00:11:50 50,688 ----a-w c:\winnt\system32\camocx.dll
    - 2003-03-31 12:00:00 142,848 ----a-w c:\winnt\system32\capesnpn.dll
    + 2008-04-14 00:11:50 150,016 ----a-w c:\winnt\system32\capesnpn.dll
    - 2005-07-26 04:39:42 225,792 ----a-w c:\winnt\system32\catsrv.dll
    + 2008-04-14 00:11:50 226,304 ----a-w c:\winnt\system32\catsrv.dll
    - 2004-08-04 07:56:41 85,504 ----a-w c:\winnt\system32\catsrvps.dll
    + 2008-04-14 00:11:50 85,504 ----a-w c:\winnt\system32\catsrvps.dll
    - 2005-07-26 04:39:43 625,152 ----a-w c:\winnt\system32\catsrvut.dll
    + 2008-04-14 00:11:50 625,664 ----a-w c:\winnt\system32\catsrvut.dll
    - 2006-06-23 11:25:29 151,040 ----a-w c:\winnt\system32\cdfview.dll
    + 2008-04-14 00:11:50 151,040 ----a-w c:\winnt\system32\cdfview.dll
    - 2007-07-31 02:19:20 92,504 ----a-w c:\winnt\system32\cdm.dll
    + 2008-10-16 22:09:44 92,696 ----a-w c:\winnt\system32\cdm.dll
    - 2005-09-10 01:53:41 2,067,968 ----a-w c:\winnt\system32\cdosys.dll
    + 2008-04-14 00:11:50 2,091,520 ----a-w c:\winnt\system32\cdosys.dll
    - 2004-08-04 07:56:41 194,560 ----a-w c:\winnt\system32\certcli.dll
    + 2008-04-14 00:11:50 194,560 ----a-w c:\winnt\system32\certcli.dll
    - 2004-08-04 07:56:41 457,728 ----a-w c:\winnt\system32\certmgr.dll
    + 2008-04-14 00:11:50 457,728 ----a-w c:\winnt\system32\certmgr.dll
    - 2004-08-04 07:56:41 38,912 ----a-w c:\winnt\system32\cfgbkend.dll
    + 2008-04-14 00:11:50 38,912 ----a-w c:\winnt\system32\cfgbkend.dll
    - 2004-08-04 07:56:00 16,896 ----a-w c:\winnt\system32\cfgmgr32.dll
    + 2008-04-14 00:09:05 16,896 ----a-w c:\winnt\system32\cfgmgr32.dll
    - 2003-03-31 12:00:00 109,568 ----a-w c:\winnt\system32\cic.dll
    + 2008-04-14 00:11:50 148,480 ----a-w c:\winnt\system32\cic.dll
    - 2006-06-22 05:06:29 69,120 ----a-w c:\winnt\system32\ciodm.dll
    + 2008-04-14 00:11:50 69,120 ----a-w c:\winnt\system32\ciodm.dll
    - 2004-08-04 07:56:47 5,632 ----a-w c:\winnt\system32\cisvc.exe
    + 2008-04-14 00:12:14 5,632 ----a-w c:\winnt\system32\cisvc.exe
    - 2005-07-26 04:39:43 110,080 ----a-w c:\winnt\system32\clbcatex.dll
    + 2008-04-14 00:11:50 110,592 ----a-w c:\winnt\system32\clbcatex.dll
    - 2005-07-26 04:39:43 498,688 ----a-w c:\winnt\system32\clbcatq.dll
    + 2008-04-14 00:11:50 498,688 ----a-w c:\winnt\system32\clbcatq.dll
    - 2004-08-04 07:56:47 64,000 ----a-w c:\winnt\system32\cleanmgr.exe
    + 2008-04-14 00:12:14 64,000 ----a-w c:\winnt\system32\cleanmgr.exe
    - 2004-08-04 07:56:41 77,824 ----a-w c:\winnt\system32\cliconfg.dll
    + 2008-04-14 00:11:50 77,824 ----a-w c:\winnt\system32\cliconfg.dll
    - 2004-08-04 07:56:47 20,480 ----a-w c:\winnt\system32\cliconfg.exe
    + 2008-04-14 00:12:14 20,480 ----a-w c:\winnt\system32\cliconfg.exe
    - 2004-08-04 07:56:47 102,912 ----a-w c:\winnt\system32\clipbrd.exe
    + 2008-04-14 00:12:14 102,912 ----a-w c:\winnt\system32\clipbrd.exe
    - 2004-08-04 07:56:47 33,280 ----a-w c:\winnt\system32\clipsrv.exe
    + 2008-04-14 00:12:14 33,280 ----a-w c:\winnt\system32\clipsrv.exe
    - 2004-08-04 07:56:41 57,856 ----a-w c:\winnt\system32\clusapi.dll
    + 2008-04-14 00:11:50 58,368 ----a-w c:\winnt\system32\clusapi.dll
    - 2004-08-04 07:56:41 15,872 ----a-w c:\winnt\system32\cmcfg32.dll
    + 2008-04-14 00:11:50 15,872 ----a-w c:\winnt\system32\cmcfg32.dll
    - 2004-08-04 07:56:48 388,608 ----a-w c:\winnt\system32\cmd.exe
    + 2008-04-14 00:12:14 389,120 ----a-w c:\winnt\system32\cmd.exe
    - 2004-08-04 07:56:41 343,040 ----a-w c:\winnt\system32\cmdial32.dll
    + 2008-04-14 00:11:50 344,064 ----a-w c:\winnt\system32\cmdial32.dll
    - 2004-08-04 07:56:48 47,104 ----a-w c:\winnt\system32\cmdl32.exe
    + 2008-04-14 00:12:14 25,600 ----a-w c:\winnt\system32\cmdl32.exe
    - 2004-08-04 07:56:48 39,936 ----a-w c:\winnt\system32\cmmon32.exe
    + 2008-04-14 00:12:15 39,936 ----a-w c:\winnt\system32\cmmon32.exe
    - 2004-08-04 07:56:41 185,344 ----a-w c:\winnt\system32\cmprops.dll
    + 2008-04-14 00:11:50 185,344 ----a-w c:\winnt\system32\cmprops.dll
    - 2004-08-04 07:56:41 13,824 ----a-w c:\winnt\system32\cmsetacl.dll
    + 2008-04-14 00:11:50 13,312 ----a-w c:\winnt\system32\cmsetacl.dll
    - 2004-08-04 07:56:48 63,488 ----a-w c:\winnt\system32\cmstp.exe
    + 2008-04-14 00:12:15 63,488 ----a-w c:\winnt\system32\cmstp.exe
    - 2004-08-04 07:56:41 39,936 ----a-w c:\winnt\system32\cmutil.dll
    + 2008-04-14 00:11:50 39,424 ----a-w c:\winnt\system32\cmutil.dll
    - 2004-08-04 07:56:41 47,104 ----a-w c:\winnt\system32\cnbjmon.dll
    + 2008-04-14 00:11:50 47,104 ----a-w c:\winnt\system32\cnbjmon.dll
    - 2005-07-26 04:39:43 60,416 ----a-w c:\winnt\system32\colbact.dll
    + 2008-04-14 00:11:51 60,416 ----a-w c:\winnt\system32\colbact.dll
    - 2005-07-26 04:39:44 195,072 ----a-w c:\winnt\system32\Com\comadmin.dll
    + 2008-04-14 00:11:51 195,072 ----a-w c:\winnt\system32\Com\comadmin.dll
    - 2004-08-04 07:56:48 9,728 ----a-w c:\winnt\system32\Com\comrepl.exe
    + 2008-04-14 00:12:15 9,728 ----a-w c:\winnt\system32\Com\comrepl.exe
    - 2003-03-31 12:00:00 5,120 ----a-w c:\winnt\system32\Com\comrereg.exe
    + 2008-04-14 00:12:15 6,144 ----a-w c:\winnt\system32\Com\comrereg.exe
    - 2003-03-31 12:00:00 25,600 ----a-w c:\winnt\system32\comaddin.dll
    + 2008-04-14 00:11:51 28,160 ----a-w c:\winnt\system32\comaddin.dll
    - 2006-08-25 15:45:58 617,472 ----a-w c:\winnt\system32\comctl32.dll
    + 2008-04-14 00:11:51 617,472 ----a-w c:\winnt\system32\comctl32.dll
    - 2004-08-04 07:56:41 276,992 ----a-w c:\winnt\system32\comdlg32.dll
    + 2008-04-14 00:11:51 276,992 ----a-w c:\winnt\system32\comdlg32.dll
    + 2003-03-31 12:00:00 10,544 ----a-w c:\winnt\system32\comm.drv
    - 2004-08-04 07:56:41 252,928 ----a-w c:\winnt\system32\compatui.dll
    + 2008-04-14 00:11:51 252,928 ----a-w c:\winnt\system32\compatui.dll
    - 2004-08-04 07:56:41 229,376 ----a-w c:\winnt\system32\compstui.dll
    + 2008-04-14 00:11:51 229,376 ----a-w c:\winnt\system32\compstui.dll
    - 2005-07-26 04:39:44 97,792 ----a-w c:\winnt\system32\comrepl.dll
    + 2008-04-14 00:11:51 97,792 ----a-w c:\winnt\system32\comrepl.dll
    - 2004-08-04 07:56:41 792,064 ----a-w c:\winnt\system32\comres.dll
    + 2008-04-14 00:11:51 792,064 ----a-w c:\winnt\system32\comres.dll
    - 2003-03-31 12:00:00 147,456 ----a-w c:\winnt\system32\comsnap.dll
    + 2008-04-14 00:11:51 167,424 ----a-w c:\winnt\system32\comsnap.dll
    - 2005-07-26 04:39:44 1,267,200 ----a-w c:\winnt\system32\comsvcs.dll
    + 2008-04-14 00:11:51 1,267,200 ----a-w c:\winnt\system32\comsvcs.dll
    - 2005-07-26 04:39:45 540,160 ----a-w c:\winnt\system32\comuid.dll
    + 2008-04-14 00:11:51 539,648 ----a-w c:\winnt\system32\comuid.dll
    - 2004-09-06 00:47:45 16,384 ----a-w c:\winnt\system32\config\systemprofile\Cookies\index.dat
    + 2008-09-28 17:40:30 16,384 ----a-w c:\winnt\system32\config\systemprofile\Cookies\index.dat
    - 2004-09-06 00:47:45 32,768 ----a-w c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-09-28 17:40:30 32,768 ----a-w c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2004-09-06 00:47:45 32,768 ----a-w c:\winnt\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-09-28 17:40:30 32,768 ----a-w c:\winnt\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2003-03-31 12:00:00 345,600 ----a-w c:\winnt\system32\confmsp.dll
    + 2008-04-14 00:11:51 357,888 ----a-w c:\winnt\system32\confmsp.dll
    - 2004-08-04 07:56:48 27,648 ----a-w c:\winnt\system32\conime.exe
    + 2008-04-14 00:12:15 27,648 ----a-w c:\winnt\system32\conime.exe
    + 2004-08-10 06:50:00 65,602 ----a-w c:\winnt\system32\cook.dll
    - 2007-01-09 03:01:14 17,408 ----a-w c:\winnt\system32\corpol.dll
    + 2008-04-14 00:11:51 35,328 ----a-w c:\winnt\system32\corpol.dll
    + 2008-04-14 00:11:51 12,800 ------w c:\winnt\system32\credssp.dll
    - 2004-08-04 07:56:41 163,840 ----a-w c:\winnt\system32\credui.dll
    + 2008-04-14 00:11:51 163,840 ----a-w c:\winnt\system32\credui.dll
    - 2004-08-04 07:56:41 597,504 ----a-w c:\winnt\system32\crypt32.dll
    + 2008-04-14 00:11:51 599,040 ----a-w c:\winnt\system32\crypt32.dll
    - 2004-08-04 07:56:41 74,752 ----a-w c:\winnt\system32\cryptdlg.dll
    + 2008-04-14 00:11:51 74,752 ----a-w c:\winnt\system32\cryptdlg.dll
    - 2004-08-04 07:56:41 33,280 ----a-w c:\winnt\system32\cryptdll.dll
    + 2008-04-14 00:11:51 33,280 ----a-w c:\winnt\system32\cryptdll.dll
    - 2004-08-04 07:56:41 53,760 ----a-w c:\winnt\system32\cryptext.dll
    + 2008-04-14 00:11:51 53,760 ----a-w c:\winnt\system32\cryptext.dll
    - 2004-08-04 07:56:41 63,488 ----a-w c:\winnt\system32\cryptnet.dll
    + 2008-04-14 00:11:51 64,512 ----a-w c:\winnt\system32\cryptnet.dll
    - 2004-08-04 07:56:41 60,416 ----a-w c:\winnt\system32\cryptsvc.dll
    + 2008-04-14 00:11:51 62,464 ----a-w c:\winnt\system32\cryptsvc.dll
    - 2004-08-04 07:56:41 512,512 ----a-w c:\winnt\system32\cryptui.dll
    + 2008-04-14 00:11:51 512,512 ----a-w c:\winnt\system32\cryptui.dll
    - 2004-08-04 07:56:41 101,888 ----a-w c:\winnt\system32\cscdll.dll
    + 2008-04-14 00:11:51 101,888 ----a-w c:\winnt\system32\cscdll.dll
    - 2004-08-04 07:56:48 98,304 ----a-w c:\winnt\system32\cscript.exe
    + 2008-05-07 09:07:23 135,168 ----a-w c:\winnt\system32\cscript.exe
    - 2004-08-04 07:56:41 326,656 ----a-w c:\winnt\system32\cscui.dll
    + 2008-04-14 00:11:51 326,656 ----a-w c:\winnt\system32\cscui.dll
    - 2004-08-04 07:56:41 32,768 ----a-w c:\winnt\system32\csrsrv.dll
    + 2008-04-14 00:11:51 32,256 ----a-w c:\winnt\system32\csrsrv.dll
    - 2004-08-04 07:56:48 6,144 ----a-w c:\winnt\system32\csrss.exe
    + 2008-04-14 00:12:15 6,144 ----a-w c:\winnt\system32\csrss.exe
    - 2004-08-04 07:56:48 15,360 ----a-w c:\winnt\system32\ctfmon.exe
    + 2008-04-14 00:12:16 15,360 ----a-w c:\winnt\system32\ctfmon.exe
    - 2004-08-04 07:56:41 1,179,648 ----a-w c:\winnt\system32\d3d8.dll
    + 2008-04-14 00:11:51 1,179,648 ----a-w c:\winnt\system32\d3d8.dll
    - 2004-08-04 07:56:41 8,192 ----a-w c:\winnt\system32\d3d8thk.dll
    + 2008-04-14 00:11:51 8,192 ----a-w c:\winnt\system32\d3d8thk.dll
    - 2004-08-04 07:56:41 1,689,088 ----a-w c:\winnt\system32\d3d9.dll
    + 2008-04-14 00:11:51 1,689,088 ----a-w c:\winnt\system32\d3d9.dll
    - 2004-08-04 07:56:41 825,344 ----a-w c:\winnt\system32\d3dim700.dll
    + 2008-04-14 00:11:51 824,320 ----a-w c:\winnt\system32\d3dim700.dll
    - 2006-06-23 11:25:29 1,054,208 ----a-w c:\winnt\system32\danim.dll
    + 2008-04-14 00:11:51 1,054,208 ----a-w c:\winnt\system32\danim.dll
    - 2004-08-04 07:56:42 54,272 ----a-w c:\winnt\system32\dataclen.dll
    + 2008-04-14 00:11:51 54,272 ----a-w c:\winnt\system32\dataclen.dll
    - 2003-03-31 12:00:00 152,064 ----a-w c:\winnt\system32\datime.dll
    + 2008-04-14 00:11:51 165,376 ----a-w c:\winnt\system32\datime.dll
    - 2004-08-04 07:56:42 24,576 ----a-w c:\winnt\system32\davclnt.dll
    + 2008-04-14 00:11:51 25,088 ----a-w c:\winnt\system32\davclnt.dll
    - 2004-08-04 07:56:42 640,000 ----a-w c:\winnt\system32\dbghelp.dll
    + 2008-04-14 00:11:51 640,000 ----a-w c:\winnt\system32\dbghelp.dll
    - 2004-08-04 07:56:42 24,576 ----a-w c:\winnt\system32\dbmsrpcn.dll
    + 2008-04-14 00:11:51 24,576 ----a-w c:\winnt\system32\dbmsrpcn.dll
    - 2004-08-04 07:56:42 110,592 ----a-w c:\winnt\system32\dbnetlib.dll
    + 2008-04-14 00:11:51 110,592 ----a-w c:\winnt\system32\dbnetlib.dll
    - 2004-08-04 07:56:42 28,672 ----a-w c:\winnt\system32\dbnmpntw.dll
    + 2008-04-14 00:11:51 28,672 ----a-w c:\winnt\system32\dbnmpntw.dll
    + 2008-04-14 00:25:26 1,804 ----a-w c:\winnt\system32\dcache.bin
    - 2004-08-04 07:56:42 8,704 ----a-w c:\winnt\system32\dciman32.dll
    + 2008-04-14 00:11:51 8,704 ----a-w c:\winnt\system32\dciman32.dll
    - 2003-03-31 12:00:00 5,120 ----a-w c:\winnt\system32\dcomcnfg.exe
    + 2008-04-14 00:12:16 6,144 ----a-w c:\winnt\system32\dcomcnfg.exe
    - 2004-08-04 07:56:48 30,208 ----a-w c:\winnt\system32\ddeshare.exe
    + 2008-04-14 00:12:16 30,208 ----a-w c:\winnt\system32\ddeshare.exe
    - 2004-08-04 07:56:42 266,240 ----a-w c:\winnt\system32\ddraw.dll
    + 2008-04-14 00:11:51 279,552 ----a-w c:\winnt\system32\ddraw.dll
    - 2004-08-04 07:56:42 27,136 ----a-w c:\winnt\system32\ddrawex.dll
    + 2008-04-14 00:11:51 27,136 ----a-w c:\winnt\system32\ddrawex.dll
    - 2004-08-04 07:56:48 25,088 ----a-w c:\winnt\system32\defrag.exe
    + 2008-04-14 00:12:16 25,088 ----a-w c:\winnt\system32\defrag.exe
    + 2009-03-10 21:07:38 410,984 ----a-w c:\winnt\system32\deploytk.dll
    - 2004-08-04 07:56:42 59,904 ----a-w c:\winnt\system32\devenum.dll
    + 2008-04-14 00:11:51 59,904 ----a-w c:\winnt\system32\devenum.dll
    - 2004-08-04 07:56:42 282,624 ----a-w c:\winnt\system32\devmgr.dll
    + 2008-04-14 00:11:51 282,624 ----a-w c:\winnt\system32\devmgr.dll
    - 2004-08-04 07:56:48 82,432 ----a-w c:\winnt\system32\dfrgfat.exe
    + 2008-04-14 00:12:16 82,944 ----a-w c:\winnt\system32\dfrgfat.exe
    - 2004-08-04 07:56:48 104,960 ----a-w c:\winnt\system32\dfrgntfs.exe
    + 2008-04-14 00:12:16 105,472 ----a-w c:\winnt\system32\dfrgntfs.exe
    - 2004-08-04 07:56:42 38,912 ----a-w c:\winnt\system32\dfrgsnap.dll
    + 2008-04-14 00:11:51 39,424 ----a-w c:\winnt\system32\dfrgsnap.dll
    - 2004-08-04 07:56:42 123,904 ----a-w c:\winnt\system32\dfrgui.dll
    + 2008-04-14 00:11:51 124,416 ----a-w c:\winnt\system32\dfrgui.dll
    - 2005-09-23 15:28:38 83,456 ----a-w c:\winnt\system32\dfshim.dll
    + 2007-10-24 09:47:28 96,760 ----a-w c:\winnt\system32\dfshim.dll
    - 2004-08-04 07:56:42 28,672 ----a-w c:\winnt\system32\dfsshlex.dll
    + 2008-04-14 00:11:51 28,672 ----a-w c:\winnt\system32\dfsshlex.dll
    - 2004-08-04 07:56:42 111,104 ----a-w c:\winnt\system32\dgnet.dll
    + 2008-04-14 00:11:51 111,104 ----a-w c:\winnt\system32\dgnet.dll
    - 2006-05-19 12:59:41 111,616 ----a-w c:\winnt\system32\dhcpcsvc.dll
    + 2008-04-14 00:11:51 126,976 ----a-w c:\winnt\system32\dhcpcsvc.dll
    - 2003-03-31 12:00:00 370,176 ----a-w c:\winnt\system32\dhcpmon.dll
    + 2008-04-14 00:11:52 379,904 ----a-w c:\winnt\system32\dhcpmon.dll
    + 2008-04-14 00:11:52 48,640 ------w c:\winnt\system32\dhcpqec.dll
    - 2004-08-04 07:56:48 85,504 ----a-w c:\winnt\system32\diantz.exe
    + 2008-04-14 00:12:17 87,040 ----a-w c:\winnt\system32\diantz.exe
    - 2004-08-04 07:56:42 68,608 ----a-w c:\winnt\system32\digest.dll
    + 2008-04-14 00:11:52 68,608 ----a-w c:\winnt\system32\digest.dll
    + 2008-04-14 00:11:52 19,456 ------w c:\winnt\system32\dimsntfy.dll
    + 2008-04-14 00:11:52 39,936 ------w c:\winnt\system32\dimsroam.dll
    - 2004-08-04 07:56:42 159,232 ----a-w c:\winnt\system32\dinput.dll
    + 2008-04-14 00:11:52 158,720 ----a-w c:\winnt\system32\dinput.dll
    - 2004-08-04 07:56:42 181,760 ----a-w c:\winnt\system32\dinput8.dll
    + 2008-04-14 00:11:52 181,760 ----a-w c:\winnt\system32\dinput8.dll
    - 2003-03-31 12:00:00 1,501,696 ----a-w c:\winnt\system32\diskcopy.dll
    + 2008-04-14 00:11:52 1,504,256 ----a-w c:\winnt\system32\diskcopy.dll
    - 2004-08-04 07:56:48 163,840 ----a-w c:\winnt\system32\diskpart.exe
    + 2008-04-14 00:12:17 163,840 ----a-w c:\winnt\system32\diskpart.exe
    - 2003-03-31 12:00:00 45,083 ----a-w c:\winnt\system32\dispex.dll
    + 2008-04-14 00:11:52 32,768 ----a-w c:\winnt\system32\dispex.dll
    - 2007-09-17 18:22:58 739,840 ----a-w c:\winnt\system32\DivX.dll
    + 2008-05-30 23:22:46 683,520 ----a-w c:\winnt\system32\DivX.dll
    - 2007-09-17 18:23:00 823,296 ----a-w c:\winnt\system32\divx_xx07.dll
    + 2008-05-30 23:22:48 823,296 ----a-w c:\winnt\system32\divx_xx07.dll
    + 2008-05-30 23:22:46 815,104 ----a-w c:\winnt\system32\divx_xx0a.dll
    - 2007-09-17 18:23:00 823,296 ----a-w c:\winnt\system32\divx_xx0c.dll
    + 2008-05-30 23:22:48 823,296 ----a-w c:\winnt\system32\divx_xx0c.dll
    - 2007-09-17 18:22:58 802,816 ----a-w c:\winnt\system32\divx_xx11.dll
    + 2008-05-30 23:22:48 802,816 ----a-w c:\winnt\system32\divx_xx11.dll
    - 2007-09-11 23:14:30 156,992 ----a-w c:\winnt\system32\DivXCodecVersionChecker.exe
    + 2008-05-22 22:19:12 161,096 ----a-w c:\winnt\system32\DivXCodecVersionChecker.exe
    - 2007-08-15 22:33:18 524,288 ----a-w c:\winnt\system32\DivXsm.exe
    + 2008-05-22 22:22:22 524,288 ----a-w c:\winnt\system32\DivXsm.exe
    - 2007-08-15 22:30:26 12,288 ----a-w c:\winnt\system32\DivXWMPExtType.dll
    + 2008-05-22 22:18:54 12,288 ----a-w c:\winnt\system32\DivXWMPExtType.dll
    - 2007-08-20 10:04:34 124,928 ------w c:\winnt\system32\dllcache\advpack.dll
    + 2008-12-20 23:15:11 124,928 ------w c:\winnt\system32\dllcache\advpack.dll
    + 2008-08-14 10:04:36 138,496 ------w c:\winnt\system32\dllcache\afd.sys
    + 2008-06-13 11:05:51 272,128 ------w c:\winnt\system32\dllcache\bthport.sys
    - 2007-07-31 02:19:20 92,504 ----a-w c:\winnt\system32\dllcache\cdm.dll
    + 2008-10-16 22:09:44 92,696 ----a-w c:\winnt\system32\dllcache\cdm.dll
    + 2008-05-07 09:07:23 135,168 ------w c:\winnt\system32\dllcache\cscript.exe
    + 2008-03-25 04:50:25 554,008 ------w c:\winnt\system32\dllcache\dao360.dll
    - 2006-06-26 17:37:10 148,480 ------w c:\winnt\system32\dllcache\dnsapi.dll
    + 2008-06-20 17:46:57 147,968 ------w c:\winnt\system32\dllcache\dnsapi.dll
    - 2006-08-22 12:05:26 498,742 ------w c:\winnt\system32\dllcache\dxmasf.dll
    + 2008-04-14 00:11:52 498,742 ------w c:\winnt\system32\dllcache\dxmasf.dll
    - 2006-10-17 19:58:06 346,624 ----a-w c:\winnt\system32\dllcache\dxtmsft.dll
    + 2008-12-20 23:15:12 347,136 ----a-w c:\winnt\system32\dllcache\dxtmsft.dll
    - 2007-08-20 10:04:34 214,528 ----a-w c:\winnt\system32\dllcache\dxtrans.dll
    + 2008-12-20 23:15:13 214,528 ----a-w c:\winnt\system32\dllcache\dxtrans.dll
    + 2008-07-07 20:26:58 253,952 ------w c:\winnt\system32\dllcache\es.dll
    - 2007-08-20 10:04:34 132,608 ----a-w c:\winnt\system32\dllcache\extmgr.dll
    + 2008-12-20 23:15:13 133,120 ----a-w c:\winnt\system32\dllcache\extmgr.dll
    + 2007-03-23 04:24:58 28,160 ------w c:\winnt\system32\dllcache\FilterPipelinePrintProc.dll
  5. 2009-03-24, 00:26 #25
    RallyReal
    RallyReal is offline
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Combofix Cont.

    - 2007-06-19 13:31:19 282,112 ------w c:\winnt\system32\dllcache\gdi32.dll
    + 2008-10-23 12:36:14 286,720 ------w c:\winnt\system32\dllcache\gdi32.dll
    - 2007-08-20 10:04:34 63,488 ------w c:\winnt\system32\dllcache\icardie.dll
    + 2008-12-20 23:15:13 63,488 ------w c:\winnt\system32\dllcache\icardie.dll
    - 2007-08-17 10:20:54 63,488 ------w c:\winnt\system32\dllcache\ie4uinit.exe
    + 2008-12-19 09:10:15 70,656 ------w c:\winnt\system32\dllcache\ie4uinit.exe
    - 2007-08-20 10:04:34 153,088 ------w c:\winnt\system32\dllcache\ieakeng.dll
    + 2008-12-20 23:15:14 153,088 ------w c:\winnt\system32\dllcache\ieakeng.dll
    - 2007-08-20 10:04:35 230,400 ------w c:\winnt\system32\dllcache\ieaksie.dll
    + 2008-12-20 23:15:14 230,400 ------w c:\winnt\system32\dllcache\ieaksie.dll
    - 2007-08-17 07:34:25 161,792 ----a-w c:\winnt\system32\dllcache\ieakui.dll
    + 2008-12-19 05:23:56 161,792 ----a-w c:\winnt\system32\dllcache\ieakui.dll
    - 2007-08-20 10:04:35 383,488 ------w c:\winnt\system32\dllcache\ieapfltr.dll
    + 2008-12-20 23:15:15 383,488 ------w c:\winnt\system32\dllcache\ieapfltr.dll
    - 2007-08-20 10:04:35 384,512 ------w c:\winnt\system32\dllcache\iedkcs32.dll
    + 2008-12-20 23:15:16 384,512 ------w c:\winnt\system32\dllcache\iedkcs32.dll
    - 2007-08-20 10:04:37 6,058,496 ------w c:\winnt\system32\dllcache\ieframe.dll
    + 2008-12-20 23:15:21 6,066,688 ------w c:\winnt\system32\dllcache\ieframe.dll
    - 2007-08-20 10:04:38 44,544 ------w c:\winnt\system32\dllcache\iernonce.dll
    + 2008-12-20 23:15:21 44,544 ------w c:\winnt\system32\dllcache\iernonce.dll
    - 2007-08-20 10:04:38 267,776 ------w c:\winnt\system32\dllcache\iertutil.dll
    + 2008-12-20 23:15:22 267,776 ------w c:\winnt\system32\dllcache\iertutil.dll
    - 2007-08-17 10:20:54 13,824 ------w c:\winnt\system32\dllcache\ieudinit.exe
    + 2008-12-19 09:10:15 13,824 ------w c:\winnt\system32\dllcache\ieudinit.exe
    - 2007-08-17 10:21:21 625,152 ------w c:\winnt\system32\dllcache\iexplore.exe
    + 2008-12-19 05:25:25 634,024 ------w c:\winnt\system32\dllcache\iexplore.exe
    - 2007-08-21 06:15:44 683,520 ------w c:\winnt\system32\dllcache\inetcomm.dll
    + 2008-04-11 19:04:26 691,712 ------w c:\winnt\system32\dllcache\inetcomm.dll
    - 2006-10-17 20:00:00 491,520 ----a-w c:\winnt\system32\dllcache\jscript.dll
    + 2008-05-09 10:53:39 512,000 ------w c:\winnt\system32\dllcache\jscript.dll
    - 2007-08-20 10:04:39 27,648 ----a-w c:\winnt\system32\dllcache\jsproxy.dll
    + 2008-12-20 23:15:23 27,648 ----a-w c:\winnt\system32\dllcache\jsproxy.dll
    + 2003-03-31 12:00:00 2,000 ----a-w c:\winnt\system32\dllcache\keyboard.drv
    - 2006-10-19 04:03:58 100,864 ----a-w c:\winnt\system32\dllcache\logagent.exe
    + 2008-06-18 09:09:22 100,864 ----a-w c:\winnt\system32\dllcache\logagent.exe
    + 2003-03-31 07:00:00 2,560 ----a-w c:\winnt\system32\dllcache\lz32.dll
    + 2003-03-31 12:00:00 73,376 ----a-w c:\winnt\system32\dllcache\mciavi.drv
    + 2003-03-31 12:00:00 25,264 ----a-w c:\winnt\system32\dllcache\mciseq.drv
    + 2003-03-31 12:00:00 28,160 ----a-w c:\winnt\system32\dllcache\mciwave.drv
    + 2003-03-31 12:00:00 2,032 ----a-w c:\winnt\system32\dllcache\mouse.drv
    - 2006-05-05 09:41:45 453,120 ------w c:\winnt\system32\dllcache\mrxsmb.sys
    + 2008-10-24 11:21:09 455,296 ------w c:\winnt\system32\dllcache\mrxsmb.sys
    + 2008-05-01 14:33:02 331,776 ------w c:\winnt\system32\dllcache\msadce.dll
    + 2008-06-24 16:43:16 74,240 ------w c:\winnt\system32\dllcache\mscms.dll
    + 2008-03-25 04:50:28 518,944 ------w c:\winnt\system32\dllcache\msexch40.dll
    + 2008-03-25 04:50:30 326,432 ------w c:\winnt\system32\dllcache\msexcl40.dll
    - 2007-08-20 10:04:39 459,264 ------w c:\winnt\system32\dllcache\msfeeds.dll
    + 2008-12-20 23:15:23 459,264 ------w c:\winnt\system32\dllcache\msfeeds.dll
    - 2007-08-20 10:04:39 52,224 ------w c:\winnt\system32\dllcache\msfeedsbs.dll
    + 2008-12-20 23:15:24 52,224 ------w c:\winnt\system32\dllcache\msfeedsbs.dll
    - 2007-08-20 10:04:41 3,584,512 ----a-w c:\winnt\system32\dllcache\mshtml.dll
    + 2009-01-17 05:35:14 3,594,752 ----a-w c:\winnt\system32\dllcache\mshtml.dll
    - 2007-08-20 10:04:41 477,696 ----a-w c:\winnt\system32\dllcache\mshtmled.dll
    + 2008-12-20 23:15:30 477,696 ----a-w c:\winnt\system32\dllcache\mshtmled.dll
    + 2008-03-25 04:50:34 1,516,568 ------w c:\winnt\system32\dllcache\msjet40.dll
    - 2004-03-01 18:52:15 358,976 ----a-w c:\winnt\system32\dllcache\msjetol1.dll
    + 2008-03-25 04:50:40 355,112 ----a-w c:\winnt\system32\dllcache\msjetol1.dll
    + 2008-03-25 04:50:42 60,192 ------w c:\winnt\system32\dllcache\msjter40.dll
    + 2008-03-25 04:50:42 248,608 ------w c:\winnt\system32\dllcache\msjtes40.dll
    + 2008-03-25 04:50:44 219,936 ------w c:\winnt\system32\dllcache\msltus40.dll
    + 2008-03-25 04:50:45 355,104 ------w c:\winnt\system32\dllcache\mspbde40.dll
    - 2007-08-20 10:04:41 193,024 ----a-w c:\winnt\system32\dllcache\msrating.dll
    + 2008-12-20 23:15:31 193,024 ----a-w c:\winnt\system32\dllcache\msrating.dll
    + 2008-03-25 04:50:47 432,928 ------w c:\winnt\system32\dllcache\msrd2x40.dll
    + 2008-03-25 04:50:49 322,336 ------w c:\winnt\system32\dllcache\msrd3x40.dll
    + 2008-03-25 04:50:52 559,904 ------w c:\winnt\system32\dllcache\msrepl40.dll
    + 2008-03-25 04:50:55 264,992 ------w c:\winnt\system32\dllcache\mstext40.dll
    - 2007-08-20 10:04:42 671,232 ----a-w c:\winnt\system32\dllcache\mstime.dll
    + 2008-12-20 23:15:32 671,232 ----a-w c:\winnt\system32\dllcache\mstime.dll
    + 2008-03-25 04:50:57 838,432 ------w c:\winnt\system32\dllcache\mswdat10.dll
    + 2008-06-20 17:46:57 245,248 ------w c:\winnt\system32\dllcache\mswsock.dll
    + 2008-03-25 04:50:58 621,344 ------w c:\winnt\system32\dllcache\mswstr10.dll
    + 2008-03-25 04:50:58 355,104 ------w c:\winnt\system32\dllcache\msxbde40.dll
    - 2007-06-26 06:08:16 1,104,896 ------w c:\winnt\system32\dllcache\msxml3.dll
    + 2008-09-04 17:15:04 1,106,944 ------w c:\winnt\system32\dllcache\msxml3.dll
    + 2008-09-10 01:14:56 1,307,648 ------w c:\winnt\system32\dllcache\msxml6.dll
    + 2008-04-13 17:27:18 79,872 ------w c:\winnt\system32\dllcache\msxml6r.dll
    - 2006-08-17 12:28:27 332,288 ------w c:\winnt\system32\dllcache\netapi32.dll
    + 2008-10-15 16:34:24 337,408 ------w c:\winnt\system32\dllcache\netapi32.dll
    - 2007-02-28 09:08:48 2,136,064 ------w c:\winnt\system32\dllcache\ntkrnlmp.exe
    + 2008-08-14 10:09:26 2,145,280 ------w c:\winnt\system32\dllcache\ntkrnlmp.exe
    - 2007-02-28 08:38:55 2,057,600 ------w c:\winnt\system32\dllcache\ntkrnlpa.exe
    + 2008-08-14 09:33:16 2,066,048 ------w c:\winnt\system32\dllcache\ntkrnlpa.exe
    - 2007-02-28 08:38:57 2,015,744 ------w c:\winnt\system32\dllcache\ntkrpamp.exe
    + 2008-08-14 09:33:16 2,023,936 ------w c:\winnt\system32\dllcache\ntkrpamp.exe
    - 2007-02-28 09:10:57 2,180,352 ------w c:\winnt\system32\dllcache\ntoskrnl.exe
    + 2008-08-14 10:11:02 2,189,184 ------w c:\winnt\system32\dllcache\ntoskrnl.exe
    + 2003-03-31 12:00:00 2,944 ----a-w c:\winnt\system32\dllcache\null.sys
    - 2007-08-20 10:04:42 102,400 ------w c:\winnt\system32\dllcache\occache.dll
    + 2008-12-20 23:15:38 102,912 ------w c:\winnt\system32\dllcache\occache.dll
    - 2006-10-17 19:58:08 44,544 ----a-w c:\winnt\system32\dllcache\pngfilt.dll
    + 2008-12-20 23:15:38 44,544 ----a-w c:\winnt\system32\dllcache\pngfilt.dll
    + 2007-03-23 04:25:42 677,376 ------w c:\winnt\system32\dllcache\PrintFilterPipelineSvc.exe
    + 2008-05-07 05:12:40 1,288,192 ------w c:\winnt\system32\dllcache\quartz.dll
    - 2006-07-13 08:48:58 202,240 ----a-w c:\winnt\system32\dllcache\rmcast.sys
    + 2008-05-08 14:02:52 203,136 ------w c:\winnt\system32\dllcache\rmcast.sys
    - 2007-04-25 14:21:15 144,896 ------w c:\winnt\system32\dllcache\schannel.dll
    + 2008-12-05 06:54:55 144,896 ------w c:\winnt\system32\dllcache\schannel.dll
    + 2008-05-09 10:53:39 180,224 ------w c:\winnt\system32\dllcache\scrobj.dll
    + 2008-05-09 10:53:40 172,032 ------w c:\winnt\system32\dllcache\scrrun.dll
    - 2007-10-26 03:34:01 8,460,288 ----a-w c:\winnt\system32\dllcache\shell32.dll
    + 2008-06-17 19:02:19 8,461,312 ------w c:\winnt\system32\dllcache\shell32.dll
    + 2003-03-31 12:00:00 1,744 ----a-w c:\winnt\system32\dllcache\sound.drv
    - 2006-08-14 10:34:41 332,928 ------w c:\winnt\system32\dllcache\srv.sys
    + 2008-12-11 10:57:09 333,952 ------w c:\winnt\system32\dllcache\srv.sys
    - 2006-08-21 17:52:08 246,814 ------w c:\winnt\system32\dllcache\strmdll.dll
    + 2008-10-03 10:02:42 247,326 ------w c:\winnt\system32\dllcache\strmdll.dll
    + 2009-03-20 07:52:37 14,336 ----a-w c:\winnt\system32\dllcache\svchost.exe
    + 2003-03-31 12:00:00 3,360 ----a-w c:\winnt\system32\dllcache\system.drv
    - 2006-04-20 11:51:50 359,808 ------w c:\winnt\system32\dllcache\tcpip.sys
    + 2008-06-20 11:51:12 361,600 ------w c:\winnt\system32\dllcache\tcpip.sys
    - 2006-08-16 09:37:30 225,664 ------w c:\winnt\system32\dllcache\tcpip6.sys
    + 2008-06-20 11:08:27 225,856 ------w c:\winnt\system32\dllcache\tcpip6.sys
    + 2003-03-31 12:00:00 4,048 ----a-w c:\winnt\system32\dllcache\timer.drv
    - 2007-08-20 10:04:42 105,984 ------w c:\winnt\system32\dllcache\url.dll
    + 2008-12-20 23:15:39 105,984 ------w c:\winnt\system32\dllcache\url.dll
    - 2007-08-20 10:04:42 1,152,000 ----a-w c:\winnt\system32\dllcache\urlmon.dll
    + 2008-12-20 23:15:40 1,160,192 ----a-w c:\winnt\system32\dllcache\urlmon.dll
    + 2004-08-04 07:56:57 24,576 ----a-w c:\winnt\system32\dllcache\userinit.exe
    - 2006-10-17 20:33:40 413,696 ------w c:\winnt\system32\dllcache\vbscript.dll
    + 2008-05-09 10:53:40 430,080 ------w c:\winnt\system32\dllcache\vbscript.dll
    + 2003-03-31 12:00:00 2,176 ----a-w c:\winnt\system32\dllcache\vga.drv
    - 2007-08-20 10:04:42 232,960 ------w c:\winnt\system32\dllcache\webcheck.dll
    + 2008-12-20 23:15:40 233,472 ------w c:\winnt\system32\dllcache\webcheck.dll
    + 2003-03-31 12:00:00 13,600 ----a-w c:\winnt\system32\dllcache\wfwnet.drv
    - 2007-03-08 13:47:48 1,843,584 ------w c:\winnt\system32\dllcache\win32k.sys
    + 2009-02-09 11:13:27 1,846,784 ------w c:\winnt\system32\dllcache\win32k.sys
    - 2007-08-20 10:04:43 824,832 ----a-w c:\winnt\system32\dllcache\wininet.dll
    + 2008-12-20 23:15:41 826,368 ----a-w c:\winnt\system32\dllcache\wininet.dll
    + 2003-03-31 12:00:00 2,864 ----a-w c:\winnt\system32\dllcache\winsock.dll
    + 2003-03-31 12:00:00 2,112 ----a-w c:\winnt\system32\dllcache\winspool.exe
    - 2006-10-19 05:47:18 222,208 ----a-w c:\winnt\system32\dllcache\WMASF.dll
    + 2007-10-28 01:40:30 222,720 ----a-w c:\winnt\system32\dllcache\wmasf.dll
    - 2006-10-19 05:47:20 937,984 ----a-w c:\winnt\system32\dllcache\WMNetMgr.dll
    + 2008-06-18 13:03:08 938,496 ----a-w c:\winnt\system32\dllcache\WMNetmgr.dll
    - 2007-06-12 06:51:12 10,834,944 ----a-w c:\winnt\system32\dllcache\wmp.dll
    + 2008-11-12 01:34:42 10,838,016 ----a-w c:\winnt\system32\dllcache\wmp.dll
    - 2006-10-19 05:47:22 2,450,944 ----a-w c:\winnt\system32\dllcache\wmvcore.dll
    + 2008-06-18 13:03:14 2,458,112 ----a-w c:\winnt\system32\dllcache\WMVCore.dll
    + 2003-03-31 12:00:00 2,736 ----a-w c:\winnt\system32\dllcache\wowdeb.exe
    + 2008-05-08 11:24:44 155,648 ------w c:\winnt\system32\dllcache\wscript.exe
    + 2008-05-09 10:53:40 90,112 ------w c:\winnt\system32\dllcache\wshext.dll
    - 2007-07-31 02:19:36 549,720 ----a-w c:\winnt\system32\dllcache\wuapi.dll
    + 2008-10-16 22:12:20 561,688 ----a-w c:\winnt\system32\dllcache\wuapi.dll
    - 2007-07-31 02:19:16 53,080 ----a-w c:\winnt\system32\dllcache\wuauclt.exe
    + 2008-10-16 22:09:44 51,224 ----a-w c:\winnt\system32\dllcache\wuauclt.exe
    - 2007-07-31 02:19:42 1,712,984 ----a-w c:\winnt\system32\dllcache\wuaueng.dll
    + 2008-10-16 22:13:40 1,809,944 ----a-w c:\winnt\system32\dllcache\wuaueng.dll
    - 2007-07-31 02:19:32 325,976 ----a-w c:\winnt\system32\dllcache\wucltui.dll
    + 2008-10-16 22:12:22 323,608 ----a-w c:\winnt\system32\dllcache\wucltui.dll
    - 2007-07-31 02:18:40 33,624 ----a-w c:\winnt\system32\dllcache\wups.dll
    + 2008-10-16 22:08:58 34,328 ----a-w c:\winnt\system32\dllcache\wups.dll
    - 2007-07-31 02:19:28 203,096 ----a-w c:\winnt\system32\dllcache\wuweb.dll
    + 2008-10-16 22:13:40 202,776 ----a-w c:\winnt\system32\dllcache\wuweb.dll
    + 2007-03-23 14:07:54 583,504 ------w c:\winnt\system32\dllcache\XPSSHHDR.dll
    + 2007-03-23 14:07:56 1,683,280 ------w c:\winnt\system32\dllcache\XpsSvcs.dll
    - 2004-08-04 07:56:48 5,120 ----a-w c:\winnt\system32\dllhost.exe
    + 2008-04-14 00:12:17 5,120 ----a-w c:\winnt\system32\dllhost.exe
    - 2004-08-04 07:56:48 224,768 ----a-w c:\winnt\system32\dmadmin.exe
    + 2008-04-14 00:12:17 224,768 ----a-w c:\winnt\system32\dmadmin.exe
    - 2004-08-04 07:56:42 28,672 ----a-w c:\winnt\system32\dmband.dll
    + 2008-04-14 00:11:52 28,672 ----a-w c:\winnt\system32\dmband.dll
    - 2004-08-04 07:56:42 61,440 ----a-w c:\winnt\system32\dmcompos.dll
    + 2008-04-14 00:11:52 61,440 ----a-w c:\winnt\system32\dmcompos.dll
    - 2003-03-31 12:00:00 273,920 ----a-w c:\winnt\system32\dmdlgs.dll
    + 2008-04-14 00:11:52 285,184 ----a-w c:\winnt\system32\dmdlgs.dll
    - 2004-08-04 07:56:42 200,704 ----a-w c:\winnt\system32\dmdskmgr.dll
    + 2008-04-14 00:11:52 200,704 ----a-w c:\winnt\system32\dmdskmgr.dll
    - 2004-08-04 07:56:42 181,248 ----a-w c:\winnt\system32\dmime.dll
    + 2008-04-14 00:11:52 181,248 ----a-w c:\winnt\system32\dmime.dll
    - 2004-08-04 07:56:42 35,840 ----a-w c:\winnt\system32\dmloader.dll
    + 2008-04-14 00:11:52 35,840 ----a-w c:\winnt\system32\dmloader.dll
    - 2004-08-04 07:56:48 15,872 ----a-w c:\winnt\system32\dmremote.exe
    + 2008-04-14 00:12:17 15,872 ----a-w c:\winnt\system32\dmremote.exe
    - 2004-08-04 07:56:42 82,432 ----a-w c:\winnt\system32\dmscript.dll
    + 2008-04-14 00:11:52 82,432 ----a-w c:\winnt\system32\dmscript.dll
    - 2004-08-04 07:56:42 23,552 ----a-w c:\winnt\system32\dmserver.dll
    + 2008-04-14 00:11:52 23,552 ----a-w c:\winnt\system32\dmserver.dll
    - 2004-08-04 07:56:42 105,984 ----a-w c:\winnt\system32\dmstyle.dll
    + 2008-04-14 00:11:52 105,984 ----a-w c:\winnt\system32\dmstyle.dll
    - 2004-08-04 07:56:42 103,424 ----a-w c:\winnt\system32\dmsynth.dll
    + 2008-04-14 00:11:52 103,424 ----a-w c:\winnt\system32\dmsynth.dll
    - 2004-08-04 07:56:42 104,448 ----a-w c:\winnt\system32\dmusic.dll
    + 2008-04-14 00:11:52 104,448 ----a-w c:\winnt\system32\dmusic.dll
    - 2004-08-04 07:56:42 52,224 ----a-w c:\winnt\system32\dmutil.dll
    + 2008-04-14 00:11:52 52,224 ----a-w c:\winnt\system32\dmutil.dll
    + 2008-08-29 17:18:58 87,336 ----a-w c:\winnt\system32\dns-sd.exe
    - 2006-06-26 17:37:10 148,480 ----a-w c:\winnt\system32\dnsapi.dll
    + 2008-06-20 17:46:57 147,968 ----a-w c:\winnt\system32\dnsapi.dll
    - 2004-08-04 07:56:42 45,568 ----a-w c:\winnt\system32\dnsrslvr.dll
    + 2008-04-14 00:11:52 45,568 ----a-w c:\winnt\system32\dnsrslvr.dll
    + 2008-08-29 16:53:50 61,440 ----a-w c:\winnt\system32\dnssd.dll
    - 2004-08-04 07:56:42 48,128 ----a-w c:\winnt\system32\docprop2.dll
    + 2008-04-14 00:11:52 48,128 ----a-w c:\winnt\system32\docprop2.dll
    + 2008-04-14 00:11:52 26,112 ------w c:\winnt\system32\dot3api.dll
    + 2008-04-14 00:11:52 57,856 ------w c:\winnt\system32\dot3cfg.dll
    + 2008-04-14 00:11:52 9,216 ------w c:\winnt\system32\dot3dlg.dll
    + 2008-04-14 00:11:52 39,936 ------w c:\winnt\system32\dot3gpclnt.dll
    + 2008-04-14 00:11:52 56,320 ------w c:\winnt\system32\dot3msm.dll
    + 2008-04-14 00:11:52 132,096 ------w c:\winnt\system32\dot3svc.dll
    + 2008-04-14 00:11:52 650,752 ------w c:\winnt\system32\dot3ui.dll
    - 2004-08-04 06:13:53 97,280 ----a-w c:\winnt\system32\dpcdll.dll
    + 2008-04-13 21:00:49 103,424 ----a-w c:\winnt\system32\dpcdll.dll
    - 2007-08-21 00:26:52 81,920 ----a-w c:\winnt\system32\dpl100.dll
    + 2008-05-22 22:19:46 81,920 ----a-w c:\winnt\system32\dpl100.dll
    - 2004-08-04 07:56:48 30,208 ----a-w c:\winnt\system32\dplaysvr.exe
    + 2008-04-14 00:12:17 29,696 ----a-w c:\winnt\system32\dplaysvr.exe
    - 2004-08-04 07:56:42 229,888 ----a-w c:\winnt\system32\dplayx.dll
    + 2008-04-14 00:11:52 229,888 ----a-w c:\winnt\system32\dplayx.dll
    - 2004-08-04 07:56:42 23,552 ----a-w c:\winnt\system32\dpmodemx.dll
    + 2008-04-14 00:11:52 23,552 ----a-w c:\winnt\system32\dpmodemx.dll
    - 2004-08-04 07:56:03 3,584 ----a-w c:\winnt\system32\dpnaddr.dll
    + 2008-04-14 00:09:19 3,072 ----a-w c:\winnt\system32\dpnaddr.dll
    - 2004-08-04 07:56:42 375,296 ----a-w c:\winnt\system32\dpnet.dll
    + 2008-04-14 00:11:52 375,296 ----a-w c:\winnt\system32\dpnet.dll
    - 2004-08-04 07:56:42 35,328 ----a-w c:\winnt\system32\dpnhpast.dll
    + 2008-04-14 00:11:52 35,328 ----a-w c:\winnt\system32\dpnhpast.dll
    - 2004-08-04 07:56:42 60,928 ----a-w c:\winnt\system32\dpnhupnp.dll
    + 2008-04-14 00:11:52 60,928 ----a-w c:\winnt\system32\dpnhupnp.dll
    - 2004-08-04 07:56:03 3,584 ----a-w c:\winnt\system32\dpnlobby.dll
    + 2008-04-14 00:09:20 3,072 ----a-w c:\winnt\system32\dpnlobby.dll
    - 2004-08-04 07:56:48 18,432 ----a-w c:\winnt\system32\dpnsvr.exe
    + 2008-04-14 00:12:17 17,920 ----a-w c:\winnt\system32\dpnsvr.exe
    - 2007-08-15 22:31:00 294,912 ----a-w c:\winnt\system32\dpu10.dll
    + 2008-05-30 23:22:54 294,912 ----a-w c:\winnt\system32\dpu10.dll
    - 2007-08-15 22:31:00 294,912 ----a-w c:\winnt\system32\dpu11.dll
    + 2008-05-30 23:22:54 294,912 ----a-w c:\winnt\system32\dpu11.dll
    - 2007-08-15 22:31:00 53,248 ----a-w c:\winnt\system32\dpuGUI10.dll
    + 2008-05-30 23:22:58 53,248 ----a-w c:\winnt\system32\dpuGUI10.dll
    - 2007-08-15 22:31:00 593,920 ----a-w c:\winnt\system32\dpuGUI11.dll
    + 2008-05-30 23:22:54 593,920 ----a-w c:\winnt\system32\dpuGUI11.dll
    - 2007-08-15 22:31:00 344,064 ----a-w c:\winnt\system32\dpus11.dll
    + 2008-05-30 23:22:54 344,064 ----a-w c:\winnt\system32\dpus11.dll
    - 2007-08-15 22:31:00 57,344 ----a-w c:\winnt\system32\dpv11.dll
    + 2008-05-30 23:22:54 57,344 ----a-w c:\winnt\system32\dpv11.dll
    - 2004-08-04 07:56:42 21,504 ----a-w c:\winnt\system32\dpvacm.dll
    + 2008-04-14 00:11:52 21,504 ----a-w c:\winnt\system32\dpvacm.dll
    - 2004-08-04 07:56:42 212,480 ----a-w c:\winnt\system32\dpvoice.dll
    + 2008-04-14 00:11:52 212,480 ----a-w c:\winnt\system32\dpvoice.dll
    - 2004-08-04 07:56:48 83,456 ----a-w c:\winnt\system32\dpvsetup.exe
    + 2008-04-14 00:12:18 83,456 ----a-w c:\winnt\system32\dpvsetup.exe
    - 2004-08-04 07:56:42 116,736 ----a-w c:\winnt\system32\dpvvox.dll
    + 2008-04-14 00:11:52 116,736 ----a-w c:\winnt\system32\dpvvox.dll
    - 2004-08-04 07:56:42 57,344 ----a-w c:\winnt\system32\dpwsockx.dll
    + 2008-04-14 00:11:52 57,344 ----a-w c:\winnt\system32\dpwsockx.dll
    - 2004-08-04 06:10:06 53,248 ----a-w c:\winnt\system32\drivers\1394bus.sys
    + 2008-04-13 18:46:18 53,376 ----a-w c:\winnt\system32\drivers\1394bus.sys
    - 2004-08-04 06:07:38 187,776 ----a-w c:\winnt\system32\drivers\acpi.sys
    + 2008-04-13 18:36:35 187,776 ----a-w c:\winnt\system32\drivers\acpi.sys
    - 2004-08-04 07:56:41 4,255 ----a-w c:\winnt\system32\drivers\adv01nt5.dll
    + 2008-04-14 00:11:48 4,255 ----a-w c:\winnt\system32\drivers\adv01nt5.dll
    - 2004-08-04 07:56:41 3,967 ----a-w c:\winnt\system32\drivers\adv02nt5.dll
    + 2008-04-14 00:11:48 3,967 ----a-w c:\winnt\system32\drivers\adv02nt5.dll
    - 2004-08-04 07:56:41 3,615 ----a-w c:\winnt\system32\drivers\adv05nt5.dll
    + 2008-04-14 00:11:48 3,615 ----a-w c:\winnt\system32\drivers\adv05nt5.dll
    - 2004-08-04 07:56:41 3,647 ----a-w c:\winnt\system32\drivers\adv07nt5.dll
    + 2008-04-14 00:11:48 3,647 ----a-w c:\winnt\system32\drivers\adv07nt5.dll
    - 2004-08-04 07:56:41 3,135 ----a-w c:\winnt\system32\drivers\adv08nt5.dll
    + 2008-04-14 00:11:48 3,135 ----a-w c:\winnt\system32\drivers\adv08nt5.dll
    - 2004-08-04 07:56:41 3,711 ----a-w c:\winnt\system32\drivers\adv09nt5.dll
    + 2008-04-14 00:11:48 3,711 ----a-w c:\winnt\system32\drivers\adv09nt5.dll
    - 2004-08-04 07:56:41 3,775 ----a-w c:\winnt\system32\drivers\adv11nt5.dll
    + 2008-04-14 00:11:48 3,775 ----a-w c:\winnt\system32\drivers\adv11nt5.dll
    - 2006-02-15 00:22:26 142,464 ----a-w c:\winnt\system32\drivers\aec.sys
    + 2008-04-13 16:39:23 142,592 ----a-w c:\winnt\system32\drivers\aec.sys
    - 2004-08-04 06:14:14 138,496 ----a-w c:\winnt\system32\drivers\afd.sys
    + 2008-08-14 10:04:36 138,496 ----a-w c:\winnt\system32\drivers\afd.sys
    - 2004-08-04 06:07:41 42,368 ----a-w c:\winnt\system32\drivers\agp440.sys
    + 2008-04-13 18:36:38 42,368 ----a-w c:\winnt\system32\drivers\agp440.sys
    - 2004-08-04 06:07:42 44,928 ----a-w c:\winnt\system32\drivers\agpcpq.sys
    + 2008-04-13 18:36:39 44,928 ----a-w c:\winnt\system32\drivers\agpcpq.sys
    - 2004-08-04 06:07:41 42,752 ----a-w c:\winnt\system32\drivers\alim1541.sys
    + 2008-04-13 18:36:38 42,752 ----a-w c:\winnt\system32\drivers\alim1541.sys
    - 2004-08-04 06:07:42 43,008 ----a-w c:\winnt\system32\drivers\amdagp.sys
    + 2008-04-13 18:36:39 43,008 ----a-w c:\winnt\system32\drivers\amdagp.sys
    - 2004-08-04 05:59:19 36,992 ----a-w c:\winnt\system32\drivers\amdk6.sys
    + 2008-04-13 18:31:32 37,376 ----a-w c:\winnt\system32\drivers\amdk6.sys
    - 2004-08-04 05:59:20 37,376 ----a-w c:\winnt\system32\drivers\amdk7.sys
    + 2008-04-13 18:31:33 37,760 ----a-w c:\winnt\system32\drivers\amdk7.sys
    - 2004-08-04 05:58:29 60,800 ----a-w c:\winnt\system32\drivers\arp1394.sys
    + 2008-04-13 18:51:25 60,800 ----a-w c:\winnt\system32\drivers\arp1394.sys
    - 2004-08-04 06:05:03 14,336 ----a-w c:\winnt\system32\drivers\asyncmac.sys
    + 2008-04-13 18:57:27 14,336 ----a-w c:\winnt\system32\drivers\asyncmac.sys
    - 2004-08-04 05:59:42 95,360 ----a-w c:\winnt\system32\drivers\atapi.sys
    + 2008-04-13 18:40:30 96,512 ----a-w c:\winnt\system32\drivers\atapi.sys
    - 2004-08-04 05:58:30 59,904 ----a-w c:\winnt\system32\drivers\atmarpc.sys
    + 2008-04-13 18:51:25 59,904 ----a-w c:\winnt\system32\drivers\atmarpc.sys
    - 2004-08-04 05:58:34 55,936 ----a-w c:\winnt\system32\drivers\atmlane.sys
    + 2008-04-13 18:51:30 55,808 ----a-w c:\winnt\system32\drivers\atmlane.sys
    - 2004-08-04 07:56:41 21,183 ----a-w c:\winnt\system32\drivers\atv01nt5.dll
    + 2008-04-14 00:11:50 21,183 ----a-w c:\winnt\system32\drivers\atv01nt5.dll
    - 2004-08-04 07:56:41 11,359 ----a-w c:\winnt\system32\drivers\atv02nt5.dll
    + 2008-04-14 00:11:50 11,359 ----a-w c:\winnt\system32\drivers\atv02nt5.dll
    - 2004-08-04 07:56:41 25,471 ----a-w c:\winnt\system32\drivers\atv04nt5.dll
    + 2008-04-14 00:11:50 25,471 ----a-w c:\winnt\system32\drivers\atv04nt5.dll
    - 2004-08-04 07:56:41 14,143 ----a-w c:\winnt\system32\drivers\atv06nt5.dll
    + 2008-04-14 00:11:50 14,143 ----a-w c:\winnt\system32\drivers\atv06nt5.dll
    - 2004-08-04 07:56:41 17,279 ----a-w c:\winnt\system32\drivers\atv10nt5.dll
    + 2008-04-14 00:11:50 17,279 ----a-w c:\winnt\system32\drivers\atv10nt5.dll
    - 2001-08-17 19:57:54 14,080 ----a-w c:\winnt\system32\drivers\battc.sys
    + 2008-04-13 18:36:32 14,208 ----a-w c:\winnt\system32\drivers\battc.sys
    - 2004-08-04 06:10:12 11,776 ----a-w c:\winnt\system32\drivers\bdasup.sys
    + 2008-04-13 18:46:21 11,776 ----a-w c:\winnt\system32\drivers\bdasup.sys
    - 2004-08-04 05:59:57 71,552 ----a-w c:\winnt\system32\drivers\bridge.sys
    + 2008-04-13 18:53:23 71,552 ----a-w c:\winnt\system32\drivers\bridge.sys
    - 2004-08-04 06:10:38 17,024 ----a-w c:\winnt\system32\drivers\bthenum.sys
    + 2008-04-13 18:46:33 17,024 ----a-w c:\winnt\system32\drivers\bthenum.sys
    - 2004-08-04 06:10:38 38,016 ----a-w c:\winnt\system32\drivers\bthmodem.sys
    + 2008-04-13 18:46:33 37,888 ----a-w c:\winnt\system32\drivers\bthmodem.sys
    - 2004-08-04 05:58:38 100,992 ----a-w c:\winnt\system32\drivers\bthpan.sys
    + 2008-04-13 18:51:34 101,120 ----a-w c:\winnt\system32\drivers\bthpan.sys
    - 2004-08-04 06:10:37 274,304 ----a-w c:\winnt\system32\drivers\bthport.sys
    + 2008-06-13 11:05:51 272,128 ----a-w c:\winnt\system32\drivers\bthport.sys
    - 2004-08-04 06:10:37 35,456 ----a-w c:\winnt\system32\drivers\bthprint.sys
    + 2008-04-13 18:46:31 36,480 ----a-w c:\winnt\system32\drivers\bthprint.sys
    - 2004-08-04 06:10:34 18,944 ----a-w c:\winnt\system32\drivers\bthusb.sys
    + 2008-04-13 18:46:29 18,944 ----a-w c:\winnt\system32\drivers\bthusb.sys
    - 2004-08-04 06:10:16 17,024 ----a-w c:\winnt\system32\drivers\ccdecode.sys
    + 2008-04-13 18:46:23 17,024 ----a-w c:\winnt\system32\drivers\ccdecode.sys
    - 2004-08-04 06:14:10 63,744 ----a-w c:\winnt\system32\drivers\cdfs.sys
    + 2008-04-13 19:14:21 63,744 ----a-w c:\winnt\system32\drivers\cdfs.sys
    + 2007-01-26 01:19:00 2,432 ----a-w c:\winnt\system32\drivers\cdr4_xp.sys
    + 2007-01-26 01:19:00 2,560 ----a-w c:\winnt\system32\drivers\cdralw2k.sys
    - 2004-08-04 05:59:52 49,536 ----a-w c:\winnt\system32\drivers\cdrom.sys
    + 2008-04-13 18:40:46 62,976 ----a-w c:\winnt\system32\drivers\cdrom.sys
    - 2004-08-04 07:56:41 15,423 ----a-w c:\winnt\system32\drivers\ch7xxnt5.dll
    + 2008-04-14 00:11:50 15,423 ----a-w c:\winnt\system32\drivers\ch7xxnt5.dll
    - 2004-08-04 06:14:26 49,664 ----a-w c:\winnt\system32\drivers\classpnp.sys
    + 2008-04-13 19:16:22 49,536 ----a-w c:\winnt\system32\drivers\classpnp.sys
    - 2004-08-04 06:07:39 14,080 ----a-w c:\winnt\system32\drivers\cmbatt.sys
    + 2008-04-13 18:36:37 13,952 ----a-w c:\winnt\system32\drivers\cmbatt.sys
    - 2007-05-29 20:55:35 22,112 ----a-r c:\winnt\system32\drivers\COH_Mon.sys
    + 2008-07-31 00:42:12 23,888 ----a-w c:\winnt\system32\drivers\COH_Mon.sys
    - 2001-08-17 19:58:00 9,344 ----a-w c:\winnt\system32\drivers\compbatt.sys
    + 2008-04-13 18:36:37 10,240 ----a-w c:\winnt\system32\drivers\compbatt.sys
    - 2004-08-04 05:59:20 36,480 ----a-w c:\winnt\system32\drivers\crusoe.sys
    + 2008-04-13 18:31:32 36,736 ----a-w c:\winnt\system32\drivers\crusoe.sys
    - 2004-08-04 05:59:54 36,352 ----a-w c:\winnt\system32\drivers\disk.sys
    + 2008-04-13 18:40:47 36,352 ----a-w c:\winnt\system32\drivers\disk.sys
    - 2004-08-04 05:59:52 14,208 ----a-w c:\winnt\system32\drivers\diskdump.sys
    + 2008-04-13 18:40:44 14,208 ----a-w c:\winnt\system32\drivers\diskdump.sys
    - 2004-08-04 06:07:17 799,744 ----a-w c:\winnt\system32\drivers\dmboot.sys
    + 2008-04-13 18:44:48 799,744 ----a-w c:\winnt\system32\drivers\dmboot.sys
    - 2004-08-04 06:07:16 153,344 ----a-w c:\winnt\system32\drivers\dmio.sys
    + 2008-04-13 18:44:46 153,344 ----a-w c:\winnt\system32\drivers\dmio.sys
    - 2004-08-04 06:07:38 52,864 ----a-w c:\winnt\system32\drivers\dmusic.sys
    + 2008-04-13 18:45:01 52,864 ----a-w c:\winnt\system32\drivers\dmusic.sys
    - 2004-08-04 06:07:58 60,288 ----a-w c:\winnt\system32\drivers\drmk.sys
    + 2008-04-13 18:45:14 60,160 ----a-w c:\winnt\system32\drivers\drmk.sys
    + 2008-04-13 18:45:13 2,944 ----a-w c:\winnt\system32\drivers\drmkaud.sys
    - 2004-08-04 06:00:54 71,040 ----a-w c:\winnt\system32\drivers\dxg.sys
    + 2008-04-13 18:38:29 71,168 ----a-w c:\winnt\system32\drivers\dxg.sys
    - 2004-08-04 06:14:16 143,360 ----a-w c:\winnt\system32\drivers\fastfat.sys
    + 2008-04-13 19:14:29 143,744 ----a-w c:\winnt\system32\drivers\fastfat.sys
    - 2004-08-04 05:59:27 27,392 ----a-w c:\winnt\system32\drivers\fdc.sys
    + 2008-04-13 18:40:25 27,392 ----a-w c:\winnt\system32\drivers\fdc.sys
    - 2003-03-31 12:00:00 34,944 ----a-w c:\winnt\system32\drivers\fips.sys
    + 2008-04-13 18:33:28 44,544 ----a-w c:\winnt\system32\drivers\fips.sys
    - 2004-08-04 05:59:27 20,480 ----a-w c:\winnt\system32\drivers\flpydisk.sys
    + 2008-04-13 18:40:25 20,480 ----a-w c:\winnt\system32\drivers\flpydisk.sys
    - 2006-08-21 09:14:58 128,896 ----a-w c:\winnt\system32\drivers\fltmgr.sys
    + 2008-04-13 18:32:59 129,792 ----a-w c:\winnt\system32\drivers\fltmgr.sys
    - 2004-08-04 06:07:43 46,464 ----a-w c:\winnt\system32\drivers\gagp30kx.sys
    + 2008-04-13 18:36:40 46,464 ----a-w c:\winnt\system32\drivers\gagp30kx.sys
    - 2006-09-19 19:44:04 15,664 ----a-w c:\winnt\system32\drivers\GEARAspiWDM.sys
    + 2008-04-17 20:12:54 15,464 ----a-w c:\winnt\system32\drivers\GEARAspiWDM.sys
    + 2008-04-13 16:36:05 144,384 ------w c:\winnt\system32\drivers\hdaudbus.sys
    - 2004-08-04 06:10:36 25,600 ----a-w c:\winnt\system32\drivers\hidbth.sys
    + 2008-04-13 18:46:30 25,600 ----a-w c:\winnt\system32\drivers\hidbth.sys
    - 2004-08-04 06:08:19 36,224 ----a-w c:\winnt\system32\drivers\hidclass.sys
    + 2008-04-13 18:45:26 36,864 ----a-w c:\winnt\system32\drivers\hidclass.sys
    - 2004-08-04 06:08:18 15,104 ----a-w c:\winnt\system32\drivers\hidir.sys
    + 2008-04-13 18:45:26 19,200 ----a-w c:\winnt\system32\drivers\hidir.sys
    - 2004-08-04 06:08:16 24,960 ----a-w c:\winnt\system32\drivers\hidparse.sys
    + 2008-04-13 18:45:22 24,960 ----a-w c:\winnt\system32\drivers\hidparse.sys
    + 2008-04-13 18:45:27 10,368 ----a-w c:\winnt\system32\drivers\hidusb.sys
    - 2006-03-17 00:33:10 262,784 ----a-w c:\winnt\system32\drivers\http.sys
    + 2008-04-13 18:53:53 264,832 ----a-w c:\winnt\system32\drivers\http.sys
    - 2004-08-04 06:14:36 52,736 ----a-w c:\winnt\system32\drivers\i8042prt.sys
    + 2008-04-13 19:18:00 52,480 ----a-w c:\winnt\system32\drivers\i8042prt.sys
    - 2004-08-04 06:00:15 41,856 ----a-w c:\winnt\system32\drivers\imapi.sys
    + 2008-04-13 18:40:58 42,112 ----a-w c:\winnt\system32\drivers\imapi.sys
    - 2004-08-04 05:59:41 5,504 ----a-w c:\winnt\system32\drivers\intelide.sys
    + 2008-04-13 18:40:29 5,504 ----a-w c:\winnt\system32\drivers\intelide.sys
    - 2004-08-04 05:59:19 36,096 ----a-w c:\winnt\system32\drivers\intelppm.sys
    + 2008-04-13 18:31:32 36,352 ----a-w c:\winnt\system32\drivers\intelppm.sys
    - 2004-08-04 06:00:06 29,056 ----a-w c:\winnt\system32\drivers\ip6fw.sys
    + 2008-04-13 18:53:34 36,608 ----a-w c:\winnt\system32\drivers\ip6fw.sys
    - 2004-08-04 06:04:45 20,992 ----a-w c:\winnt\system32\drivers\ipinip.sys
    + 2008-04-13 18:57:07 20,864 ----a-w c:\winnt\system32\drivers\ipinip.sys
    - 2004-09-29 22:28:37 134,912 ----a-w c:\winnt\system32\drivers\ipnat.sys
    + 2008-04-13 18:57:15 152,832 ----a-w c:\winnt\system32\drivers\ipnat.sys
    - 2004-08-04 06:14:28 74,752 ----a-w c:\winnt\system32\drivers\ipsec.sys
    + 2008-04-13 19:19:42 75,264 ----a-w c:\winnt\system32\drivers\ipsec.sys
    - 2004-08-04 06:00:46 11,264 ----a-w c:\winnt\system32\drivers\irenum.sys
    + 2008-04-13 18:54:28 11,264 ----a-w c:\winnt\system32\drivers\irenum.sys
    - 2001-08-17 19:58:02 35,840 ----a-w c:\winnt\system32\drivers\isapnp.sys
    + 2008-04-13 18:36:41 37,248 ----a-w c:\winnt\system32\drivers\isapnp.sys
    - 2004-08-04 05:58:32 24,576 ----a-w c:\winnt\system32\drivers\kbdclass.sys
    + 2008-04-13 18:39:47 24,576 ----a-w c:\winnt\system32\drivers\kbdclass.sys
    - 2006-06-14 08:47:45 172,416 ----a-w c:\winnt\system32\drivers\kmixer.sys
    + 2008-04-13 18:45:09 172,416 ----a-w c:\winnt\system32\drivers\kmixer.sys
    - 2004-08-04 06:15:21 140,928 ----a-w c:\winnt\system32\drivers\ks.sys
    + 2008-04-13 19:16:36 141,056 ----a-w c:\winnt\system32\drivers\ks.sys
    - 2004-08-04 05:59:47 92,032 ----a-w c:\winnt\system32\drivers\ksecdd.sys
    + 2008-04-13 18:31:43 92,288 ----a-w c:\winnt\system32\drivers\ksecdd.sys
    - 2004-08-04 06:07:44 63,744 ----a-w c:\winnt\system32\drivers\mf.sys
    + 2008-04-13 18:36:41 63,744 ----a-w c:\winnt\system32\drivers\mf.sys
    - 2004-08-04 06:08:05 30,080 ----a-w c:\winnt\system32\drivers\modem.sys
    + 2008-04-13 19:00:19 30,080 ----a-w c:\winnt\system32\drivers\modem.sys
    - 2004-08-04 05:58:32 23,040 ----a-w c:\winnt\system32\drivers\mouclass.sys
    + 2008-04-13 18:39:47 23,040 ----a-w c:\winnt\system32\drivers\mouclass.sys
    + 2001-08-17 20:48:00 12,160 ----a-w c:\winnt\system32\drivers\mouhid.sys
    - 2004-08-04 05:58:30 42,240 ----a-w c:\winnt\system32\drivers\mountmgr.sys
    + 2008-04-13 18:39:46 42,368 ----a-w c:\winnt\system32\drivers\mountmgr.sys
    - 2004-08-04 06:10:12 15,360 ----a-w c:\winnt\system32\drivers\mpe.sys
    + 2008-04-13 18:46:22 15,232 ----a-w c:\winnt\system32\drivers\mpe.sys
    - 2004-08-04 06:00:56 181,248 ----a-w c:\winnt\system32\drivers\mrxdav.sys
    + 2008-04-13 18:32:44 180,608 ----a-w c:\winnt\system32\drivers\mrxdav.sys
    - 2006-05-05 09:41:45 453,120 ----a-w c:\winnt\system32\drivers\mrxsmb.sys
    + 2008-10-24 11:21:09 455,296 ----a-w c:\winnt\system32\drivers\mrxsmb.sys
    - 2004-08-04 06:09:58 51,328 ----a-w c:\winnt\system32\drivers\msdv.sys
    + 2008-04-13 18:46:09 51,200 ----a-w c:\winnt\system32\drivers\msdv.sys
    - 2004-08-04 06:00:41 19,072 ----a-w c:\winnt\system32\drivers\msfs.sys
    + 2008-04-13 18:32:39 19,072 ----a-w c:\winnt\system32\drivers\msfs.sys
    - 2004-08-04 06:04:12 35,072 ----a-w c:\winnt\system32\drivers\msgpc.sys
    + 2008-04-13 18:56:32 35,072 ----a-w c:\winnt\system32\drivers\msgpc.sys
    - 2004-08-04 05:58:41 7,552 ----a-w c:\winnt\system32\drivers\mskssrv.sys
    + 2008-04-13 18:39:52 7,552 ----a-w c:\winnt\system32\drivers\mskssrv.sys
    - 2004-08-04 05:58:38 5,376 ----a-w c:\winnt\system32\drivers\mspclock.sys
    + 2008-04-13 18:39:50 5,376 ----a-w c:\winnt\system32\drivers\mspclock.sys
    - 2004-08-04 05:58:40 4,992 ----a-w c:\winnt\system32\drivers\mspqm.sys
    + 2008-04-13 18:39:51 4,992 ----a-w c:\winnt\system32\drivers\mspqm.sys
    - 2004-08-04 06:07:47 15,488 ----a-w c:\winnt\system32\drivers\mssmbios.sys
    + 2008-04-13 18:36:46 15,488 ----a-w c:\winnt\system32\drivers\mssmbios.sys
    - 2004-08-04 05:58:38 5,504 ----a-w c:\winnt\system32\drivers\mstee.sys
    + 2008-04-13 18:39:50 5,504 ----a-w c:\winnt\system32\drivers\mstee.sys
    - 2004-08-04 06:15:20 107,904 ----a-w c:\winnt\system32\drivers\mup.sys
    + 2008-04-13 19:17:05 105,344 ----a-w c:\winnt\system32\drivers\mup.sys
    - 2004-08-04 06:04:51 12,672 ----a-w c:\winnt\system32\drivers\mutohpen.sys
    + 2008-04-13 18:43:55 12,672 ----a-w c:\winnt\system32\drivers\mutohpen.sys
    - 2004-08-04 06:10:28 85,376 ----a-w c:\winnt\system32\drivers\nabtsfec.sys
    + 2008-04-13 18:46:25 85,248 ----a-w c:\winnt\system32\drivers\nabtsfec.sys
    - 2004-08-04 06:14:28 182,912 ----a-w c:\winnt\system32\drivers\ndis.sys
    + 2008-04-13 19:20:37 182,656 ----a-w c:\winnt\system32\drivers\ndis.sys
    - 2004-08-04 06:10:12 10,880 ----a-w c:\winnt\system32\drivers\ndisip.sys
    + 2008-04-13 18:46:22 10,880 ----a-w c:\winnt\system32\drivers\ndisip.sys
    - 2003-03-31 12:00:00 9,600 ----a-w c:\winnt\system32\drivers\ndistapi.sys
    + 2008-04-13 18:57:27 10,112 ----a-w c:\winnt\system32\drivers\ndistapi.sys
    - 2004-08-04 06:03:12 12,928 ----a-w c:\winnt\system32\drivers\ndisuio.sys
    + 2008-04-13 18:55:58 14,592 ----a-w c:\winnt\system32\drivers\ndisuio.sys
    - 2004-08-04 06:14:31 91,776 ----a-w c:\winnt\system32\drivers\ndiswan.sys
    + 2008-04-13 19:20:42 91,520 ----a-w c:\winnt\system32\drivers\ndiswan.sys
    - 2003-03-31 12:00:00 38,016 ----a-w c:\winnt\system32\drivers\ndproxy.sys
    + 2008-04-13 18:57:29 40,576 ----a-w c:\winnt\system32\drivers\ndproxy.sys
    - 2004-08-04 06:03:21 34,560 ----a-w c:\winnt\system32\drivers\netbios.sys
    + 2008-04-13 18:56:02 34,688 ----a-w c:\winnt\system32\drivers\netbios.sys
    - 2004-08-04 06:14:37 162,816 ----a-w c:\winnt\system32\drivers\netbt.sys
    + 2008-04-13 19:21:00 162,816 ----a-w c:\winnt\system32\drivers\netbt.sys
    - 2004-08-04 05:58:29 61,824 ----a-w c:\winnt\system32\drivers\nic1394.sys
    + 2008-04-13 18:51:25 61,824 ----a-w c:\winnt\system32\drivers\nic1394.sys
    - 2004-08-04 05:59:50 40,320 ----a-w c:\winnt\system32\drivers\nmnt.sys
    + 2008-04-13 18:53:09 40,320 ----a-w c:\winnt\system32\drivers\nmnt.sys
    - 2004-08-04 06:00:43 30,848 ----a-w c:\winnt\system32\drivers\npfs.sys
    + 2008-04-13 18:32:39 30,848 ----a-w c:\winnt\system32\drivers\npfs.sys
    - 2007-02-09 11:10:35 574,464 ----a-w c:\winnt\system32\drivers\ntfs.sys
    + 2008-04-13 19:15:53 574,976 ----a-w c:\winnt\system32\drivers\ntfs.sys
    + 2003-03-31 12:00:00 2,944 ----a-w c:\winnt\system32\drivers\null.sys
    - 2004-08-04 06:03:35 88,448 ----a-w c:\winnt\system32\drivers\nwlnkipx.sys
    + 2008-04-13 18:56:06 88,320 ----a-w c:\winnt\system32\drivers\nwlnkipx.sys
    - 2004-08-04 06:10:08 61,056 ----a-w c:\winnt\system32\drivers\ohci1394.sys
    + 2008-04-13 18:46:18 61,696 ----a-w c:\winnt\system32\drivers\ohci1394.sys
    + 2001-08-17 21:05:12 48,000 ----a-w c:\winnt\system32\drivers\OVCam2.sys
    + 2001-08-17 21:05:16 28,032 ----a-w c:\winnt\system32\drivers\OVCD.sys
    + 2001-08-17 21:05:12 351,616 ----a-w c:\winnt\system32\drivers\OVCodek2.sys
    - 2004-08-04 05:59:19 42,496 ----a-w c:\winnt\system32\drivers\p3.sys
    + 2008-04-13 18:31:31 42,752 ----a-w c:\winnt\system32\drivers\p3.sys
    - 2004-08-04 05:59:06 80,128 ----a-w c:\winnt\system32\drivers\parport.sys
    + 2008-04-13 18:40:10 80,128 ----a-w c:\winnt\system32\drivers\parport.sys
    - 2003-03-31 12:00:00 18,688 ----a-w c:\winnt\system32\drivers\partmgr.sys
    + 2008-04-13 18:40:49 19,712 ----a-w c:\winnt\system32\drivers\partmgr.sys
    - 2004-08-04 06:07:46 68,224 ----a-w c:\winnt\system32\drivers\pci.sys
    + 2008-04-13 18:36:44 68,224 ----a-w c:\winnt\system32\drivers\pci.sys
    - 2004-08-04 05:59:41 25,088 ----a-w c:\winnt\system32\drivers\pciidex.sys
    + 2008-04-13 18:40:29 24,960 ----a-w c:\winnt\system32\drivers\pciidex.sys
    - 2004-08-04 06:07:46 119,936 ----a-w c:\winnt\system32\drivers\pcmcia.sys
    + 2008-04-13 18:36:43 120,192 ----a-w c:\winnt\system32\drivers\pcmcia.sys
    - 2004-08-04 06:15:49 145,792 ----a-w c:\winnt\system32\drivers\portcls.sys
    + 2008-04-13 19:19:41 146,048 ----a-w c:\winnt\system32\drivers\portcls.sys
    - 2004-08-04 05:59:17 35,328 ----a-w c:\winnt\system32\drivers\processr.sys
    + 2008-04-13 18:31:30 35,840 ----a-w c:\winnt\system32\drivers\processr.sys
    - 2004-08-04 06:04:19 69,120 ----a-w c:\winnt\system32\drivers\psched.sys
    + 2008-04-13 18:56:38 69,120 ----a-w c:\winnt\system32\drivers\psched.sys
    - 2004-08-04 06:14:22 51,328 ----a-w c:\winnt\system32\drivers\rasl2tp.sys
    + 2008-04-13 19:19:43 51,328 ----a-w c:\winnt\system32\drivers\rasl2tp.sys
    - 2004-08-04 06:05:07 41,472 ----a-w c:\winnt\system32\drivers\raspppoe.sys
    + 2008-04-13 18:57:32 41,472 ----a-w c:\winnt\system32\drivers\raspppoe.sys
    - 2004-08-04 06:14:26 48,384 ----a-w c:\winnt\system32\drivers\raspptp.sys
    + 2008-04-13 19:19:48 48,384 ----a-w c:\winnt\system32\drivers\raspptp.sys
    - 2006-05-05 09:47:57 174,592 ----a-w c:\winnt\system32\drivers\rdbss.sys
    + 2008-04-13 19:28:39 175,744 ----a-w c:\winnt\system32\drivers\rdbss.sys
    - 2004-08-04 06:01:15 196,864 ----a-w c:\winnt\system32\drivers\rdpdr.sys
    + 2008-04-13 18:32:51 196,224 ----a-w c:\winnt\system32\drivers\rdpdr.sys
    - 2005-06-10 04:09:46 139,528 ----a-w c:\winnt\system32\drivers\rdpwd.sys
    + 2008-04-14 00:13:22 139,656 ----a-w c:\winnt\system32\drivers\rdpwd.sys
    - 2004-08-04 05:59:37 57,472 ----a-w c:\winnt\system32\drivers\redbook.sys
    + 2008-04-13 18:40:27 57,600 ----a-w c:\winnt\system32\drivers\redbook.sys
    - 2004-08-04 06:10:39 59,648 ----a-w c:\winnt\system32\drivers\rfcomm.sys
    + 2008-04-13 18:46:32 59,136 ----a-w c:\winnt\system32\drivers\rfcomm.sys
    - 2006-07-13 08:48:58 202,240 ----a-w c:\winnt\system32\drivers\rmcast.sys
    + 2008-05-08 14:02:52 203,136 ----a-w c:\winnt\system32\drivers\rmcast.sys
    - 2004-08-04 06:04:31 30,080 ----a-w c:\winnt\system32\drivers\rndismp.sys
    + 2008-04-13 18:56:49 30,592 ----a-w c:\winnt\system32\drivers\rndismp.sys
    - 2004-08-04 06:04:31 30,080 ----a-w c:\winnt\system32\drivers\rndismpx.sys
    + 2008-04-13 18:56:49 30,592 ----a-w c:\winnt\system32\drivers\rndismpx.sys
    - 2004-08-04 05:59:41 96,256 ----a-w c:\winnt\system32\drivers\scsiport.sys
    + 2008-04-13 18:40:30 96,384 ----a-w c:\winnt\system32\drivers\scsiport.sys
    - 2004-08-04 06:07:47 67,584 ----a-w c:\winnt\system32\drivers\sdbus.sys
    + 2008-04-13 18:36:44 79,232 ----a-w c:\winnt\system32\drivers\sdbus.sys
    - 2005-05-30 23:17:44 12,400 ----a-w c:\winnt\system32\drivers\secdrv.sys
    + 2007-11-13 10:25:53 20,480 ----a-w c:\winnt\system32\drivers\secdrv.sys
    - 2004-08-04 05:59:07 15,488 ----a-w c:\winnt\system32\drivers\serenum.sys
    + 2008-04-13 18:40:12 15,744 ----a-w c:\winnt\system32\drivers\serenum.sys
    - 2004-08-04 06:15:52 64,896 ----a-w c:\winnt\system32\drivers\serial.sys
    + 2008-04-13 19:15:45 64,512 ----a-w c:\winnt\system32\drivers\serial.sys
    - 2004-08-04 05:59:54 11,136 ----a-w c:\winnt\system32\drivers\sffdisk.sys
    + 2008-04-13 18:40:47 11,904 ----a-w c:\winnt\system32\drivers\sffdisk.sys
    + 2008-04-13 18:40:48 10,240 ------w c:\winnt\system32\drivers\sffp_mmc.sys
    - 2004-08-04 05:59:54 10,240 ----a-w c:\winnt\system32\drivers\sffp_sd.sys
    + 2008-04-13 18:40:47 11,008 ----a-w c:\winnt\system32\drivers\sffp_sd.sys
    - 2004-08-04 05:59:54 11,392 ----a-w c:\winnt\system32\drivers\sfloppy.sys
    + 2008-04-13 18:40:48 11,392 ----a-w c:\winnt\system32\drivers\sfloppy.sys
    - 2004-08-04 07:56:45 3,901 ----a-w c:\winnt\system32\drivers\siint5.dll
    + 2008-04-14 00:12:05 3,901 ----a-w c:\winnt\system32\drivers\siint5.dll
    - 2004-08-04 06:07:42 41,088 ----a-w c:\winnt\system32\drivers\sisagp.sys
    + 2008-04-13 18:36:39 40,960 ----a-w c:\winnt\system32\drivers\sisagp.sys
    - 2004-08-04 06:10:16 11,136 ----a-w c:\winnt\system32\drivers\slip.sys
    + 2008-04-13 18:46:23 11,136 ----a-w c:\winnt\system32\drivers\slip.sys
    - 2004-08-04 06:07:36 6,016 ----a-w c:\winnt\system32\drivers\smbali.sys
    + 2008-04-13 18:36:34 5,888 ----a-w c:\winnt\system32\drivers\smbali.sys
    - 2004-08-04 06:09:55 25,472 ----a-w c:\winnt\system32\drivers\sonydcam.sys
    + 2008-04-13 18:46:07 25,344 ----a-w c:\winnt\system32\drivers\sonydcam.sys
    - 2006-06-14 08:47:46 6,400 ----a-w c:\winnt\system32\drivers\splitter.sys
    + 2008-04-13 18:45:07 6,272 ----a-w c:\winnt\system32\drivers\splitter.sys
    - 2004-08-04 06:06:25 73,472 ----a-w c:\winnt\system32\drivers\sr.sys
    + 2008-04-13 18:36:52 73,472 ----a-w c:\winnt\system32\drivers\sr.sys
    - 2007-09-18 21:43:36 278,576 ----a-w c:\winnt\system32\drivers\srtsp.sys
    + 2007-12-01 07:57:12 279,088 ----a-w c:\winnt\system32\drivers\srtsp.sys
    - 2007-09-18 21:43:36 317,616 ----a-w c:\winnt\system32\drivers\srtspl.sys
    + 2007-12-01 07:57:12 317,616 ----a-w c:\winnt\system32\drivers\srtspl.sys
    - 2007-09-18 21:43:36 43,696 ----a-w c:\winnt\system32\drivers\srtspx.sys
    + 2007-12-01 07:57:12 43,696 ----a-w c:\winnt\system32\drivers\srtspx.sys
    - 2006-08-14 10:34:41 332,928 ----a-w c:\winnt\system32\drivers\srv.sys
    + 2008-12-11 10:57:09 333,952 ----a-w c:\winnt\system32\drivers\srv.sys
    - 2004-08-04 06:08:02 48,640 ----a-w c:\winnt\system32\drivers\stream.sys
    + 2008-04-13 18:45:15 49,408 ----a-w c:\winnt\system32\drivers\stream.sys
    - 2004-08-04 06:10:12 15,360 ----a-w c:\winnt\system32\drivers\streamip.sys
    + 2008-04-13 18:46:21 15,232 ----a-w c:\winnt\system32\drivers\streamip.sys
    - 2004-08-04 05:58:41 4,352 ----a-w c:\winnt\system32\drivers\swenum.sys
    + 2008-04-13 18:39:53 4,352 ----a-w c:\winnt\system32\drivers\swenum.sys
    - 2001-08-17 20:00:52 54,272 ----a-w c:\winnt\system32\drivers\swmidi.sys
    + 2008-04-13 18:45:09 56,576 ----a-w c:\winnt\system32\drivers\swmidi.sys
    - 2004-08-04 06:15:55 60,800 ----a-w c:\winnt\system32\drivers\sysaudio.sys
    + 2008-04-13 19:15:55 60,800 ----a-w c:\winnt\system32\drivers\sysaudio.sys
    - 2004-08-04 05:59:59 14,976 ----a-w c:\winnt\system32\drivers\tape.sys
    + 2008-04-13 18:40:50 14,976 ----a-w c:\winnt\system32\drivers\tape.sys
    - 2006-04-20 11:51:50 359,808 ----a-w c:\winnt\system32\drivers\tcpip.sys
    + 2008-06-20 11:51:12 361,600 ----a-w c:\winnt\system32\drivers\tcpip.sys
    - 2006-08-16 09:37:30 225,664 ----a-w c:\winnt\system32\drivers\tcpip6.sys
    + 2008-06-20 11:08:27 225,856 ----a-w c:\winnt\system32\drivers\tcpip6.sys
    - 2004-08-04 06:07:48 18,560 ----a-w c:\winnt\system32\drivers\tdi.sys
    + 2008-04-13 19:00:05 19,072 ----a-w c:\winnt\system32\drivers\tdi.sys
    - 2004-08-04 08:01:07 12,040 ----a-w c:\winnt\system32\drivers\tdpipe.sys
    + 2008-04-14 00:13:20 12,040 ----a-w c:\winnt\system32\drivers\tdpipe.sys
    - 2004-08-04 08:01:07 21,896 ----a-w c:\winnt\system32\drivers\tdtcp.sys
    + 2008-04-14 00:13:21 21,896 ----a-w c:\winnt\system32\drivers\tdtcp.sys
    - 2004-08-04 08:01:07 40,840 ----a-w c:\winnt\system32\drivers\termdd.sys
    + 2008-04-14 00:13:20 40,840 ----a-w c:\winnt\system32\drivers\termdd.sys
    - 2004-08-04 06:03:17 12,416 ----a-w c:\winnt\system32\drivers\tunmp.sys
    + 2008-04-13 18:56:01 12,288 ----a-w c:\winnt\system32\drivers\tunmp.sys
    - 2004-08-04 06:07:43 44,672 ----a-w c:\winnt\system32\drivers\uagp35.sys
    + 2008-04-13 18:36:40 44,672 ----a-w c:\winnt\system32\drivers\uagp35.sys
    - 2004-08-04 06:00:31 66,176 ----a-w c:\winnt\system32\drivers\udfs.sys
    + 2008-04-13 18:32:36 66,048 ----a-w c:\winnt\system32\drivers\udfs.sys
    - 2007-04-23 10:32:54 364,160 ----a-w c:\winnt\system32\drivers\update.sys
    + 2008-04-13 18:39:46 384,768 ----a-w c:\winnt\system32\drivers\update.sys
    - 2004-08-04 06:04:32 12,672 ----a-w c:\winnt\system32\drivers\usb8023.sys
    + 2008-04-13 18:56:49 12,800 ----a-w c:\winnt\system32\drivers\usb8023.sys
    - 2004-08-04 06:04:33 12,672 ----a-w c:\winnt\system32\drivers\usb8023x.sys
    + 2008-04-13 18:56:49 12,800 ----a-w c:\winnt\system32\drivers\usb8023x.sys
    + 2008-04-13 18:45:12 60,032 ----a-w c:\winnt\system32\drivers\usbaudio.sys
    - 2003-03-31 12:00:00 23,808 ----a-w c:\winnt\system32\drivers\usbcamd.sys
    + 2008-04-13 18:45:40 25,600 ----a-w c:\winnt\system32\drivers\usbcamd.sys
    - 2003-03-31 12:00:00 23,936 ----a-w c:\winnt\system32\drivers\usbcamd2.sys
    + 2008-04-13 18:45:41 25,728 ----a-w c:\winnt\system32\drivers\usbcamd2.sys
    + 2008-04-13 18:45:39 32,128 ----a-w c:\winnt\system32\drivers\usbccgp.sys
    - 2004-08-04 06:08:37 26,624 ----a-w c:\winnt\system32\drivers\usbehci.sys
    + 2008-04-13 18:45:35 30,208 ----a-w c:\winnt\system32\drivers\usbehci.sys
    - 2004-08-04 06:08:42 57,600 ----a-w c:\winnt\system32\drivers\usbhub.sys
    + 2008-04-13 18:45:37 59,520 ----a-w c:\winnt\system32\drivers\usbhub.sys
    - 2004-08-04 06:08:57 16,000 ----a-w c:\winnt\system32\drivers\usbintel.sys
    + 2008-04-13 18:45:43 15,872 ----a-w c:\winnt\system32\drivers\usbintel.sys
    - 2004-08-04 06:08:42 142,976 ----a-w c:\winnt\system32\drivers\usbport.sys
    + 2008-04-13 18:45:36 143,872 ----a-w c:\winnt\system32\drivers\usbport.sys
    - 2004-08-04 06:01:24 25,856 ----a-w c:\winnt\system32\drivers\usbprint.sys
    + 2008-04-13 18:47:37 25,856 ----a-w c:\winnt\system32\drivers\usbprint.sys
    - 2004-08-04 06:58:46 15,104 ----a-w c:\winnt\system32\drivers\usbscan.sys
    + 2008-04-13 18:45:34 15,104 ----a-w c:\winnt\system32\drivers\usbscan.sys
    - 2004-08-04 06:08:46 26,496 ----a-w c:\winnt\system32\drivers\usbstor.sys
    + 2008-04-13 18:45:38 26,368 ----a-w c:\winnt\system32\drivers\usbstor.sys
    - 2004-08-04 06:08:37 20,480 ----a-w c:\winnt\system32\drivers\usbuhci.sys
    + 2008-04-13 18:45:35 20,608 ----a-w c:\winnt\system32\drivers\usbuhci.sys
    - 2004-08-04 06:10:10 78,464 ----a-w c:\winnt\system32\drivers\usbvideo.sys
    + 2008-04-13 18:46:20 121,984 ----a-w c:\winnt\system32\drivers\usbvideo.sys
    - 2004-08-04 07:56:46 11,325 ----a-w c:\winnt\system32\drivers\vchnt5.dll
    + 2008-04-14 00:12:08 11,325 ----a-w c:\winnt\system32\drivers\vchnt5.dll
    - 2004-08-04 06:07:06 20,992 ----a-w c:\winnt\system32\drivers\vga.sys
    + 2008-04-13 18:44:40 20,992 ----a-w c:\winnt\system32\drivers\vga.sys
    - 2004-08-04 06:07:42 42,240 ----a-w c:\winnt\system32\drivers\viaagp.sys
    + 2008-04-13 18:36:40 42,240 ----a-w c:\winnt\system32\drivers\viaagp.sys
    - 2004-08-04 05:59:42 5,376 ----a-w c:\winnt\system32\drivers\viaide.sys
    + 2008-04-13 18:40:31 5,376 ----a-w c:\winnt\system32\drivers\viaide.sys
    - 2004-08-04 06:07:05 79,744 ----a-w c:\winnt\system32\drivers\videoprt.sys
    + 2008-04-13 18:44:40 81,664 ----a-w c:\winnt\system32\drivers\videoprt.sys
    - 2004-08-04 06:00:16 52,352 ----a-w c:\winnt\system32\drivers\volsnap.sys
    + 2008-04-13 18:41:01 52,352 ----a-w c:\winnt\system32\drivers\volsnap.sys
    - 2004-08-04 06:04:52 13,568 ----a-w c:\winnt\system32\drivers\wacompen.sys
    + 2008-04-13 18:43:55 14,208 ----a-w c:\winnt\system32\drivers\wacompen.sys
    - 2004-08-04 06:04:57 34,560 ----a-w c:\winnt\system32\drivers\wanarp.sys
    + 2008-04-13 18:57:21 34,560 ----a-w c:\winnt\system32\drivers\wanarp.sys
    - 2006-06-14 09:00:45 82,944 ----a-w c:\winnt\system32\drivers\wdmaud.sys
    + 2008-04-13 19:17:18 83,072 ----a-w c:\winnt\system32\drivers\wdmaud.sys
    - 2004-08-04 06:10:21 19,328 ----a-w c:\winnt\system32\drivers\wstcodec.sys
    + 2008-04-13 18:46:24 19,200 ----a-w c:\winnt\system32\drivers\wstcodec.sys
    - 2004-08-04 07:56:42 14,336 ----a-w c:\winnt\system32\drprov.dll
    + 2008-04-14 00:11:52 14,336 ----a-w c:\winnt\system32\drprov.dll
    + 2004-08-10 06:50:48 102,464 ----a-w c:\winnt\system32\drv1.dll
    + 2004-08-10 06:51:08 176,195 ----a-w c:\winnt\system32\drv2.dll
    + 2004-11-24 19:25:52 335,872 ----a-w c:\winnt\system32\drvc.dll
    + 2008-04-17 20:12:54 107,368 -c--a-w c:\winnt\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
    + 2008-04-17 20:12:54 15,464 -c--a-w c:\winnt\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
    + 2008-10-01 20:01:28 32,000 -c--a-w c:\winnt\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
    - 2004-08-04 07:56:42 16,384 ----a-w c:\winnt\system32\ds32gt.dll
    + 2008-04-14 00:11:52 16,384 ----a-w c:\winnt\system32\ds32gt.dll
    - 2004-08-04 07:56:42 181,760 ----a-w c:\winnt\system32\dsdmo.dll
    + 2008-04-14 00:11:52 181,248 ----a-w c:\winnt\system32\dsdmo.dll
    - 2004-08-04 07:56:42 71,680 ----a-w c:\winnt\system32\dsdmoprp.dll
    + 2008-04-14 00:11:52 71,680 ----a-w c:\winnt\system32\dsdmoprp.dll
    - 2004-08-04 07:56:42 92,672 ----a-w c:\winnt\system32\dskquota.dll
    + 2008-04-14 00:11:52 92,672 ----a-w c:\winnt\system32\dskquota.dll
    - 2003-03-31 12:00:00 144,384 ----a-w c:\winnt\system32\dskquoui.dll
    + 2008-04-14 00:11:52 155,648 ----a-w c:\winnt\system32\dskquoui.dll
    - 2004-08-04 07:56:42 367,616 ----a-w c:\winnt\system32\dsound.dll
    + 2008-04-14 00:11:52 367,616 ----a-w c:\winnt\system32\dsound.dll
    - 2004-08-04 07:56:42 1,294,336 ----a-w c:\winnt\system32\dsound3d.dll
    + 2008-04-14 00:11:52 1,293,824 ----a-w c:\winnt\system32\dsound3d.dll
    - 2004-08-04 07:56:42 142,336 ----a-w c:\winnt\system32\dsprop.dll
    + 2008-04-14 00:11:52 142,848 ----a-w c:\winnt\system32\dsprop.dll
    - 2004-08-04 07:56:04 4,096 ----a-w c:\winnt\system32\dsprpres.dll
    + 2008-04-13 17:09:30 4,096 ----a-w c:\winnt\system32\dsprpres.dll
    - 2004-08-04 07:56:42 239,104 ----a-w c:\winnt\system32\dsquery.dll
    + 2008-04-14 00:11:52 239,104 ----a-w c:\winnt\system32\dsquery.dll
    - 2004-08-04 07:56:42 51,200 ----a-w c:\winnt\system32\dssec.dll
    + 2008-04-14 00:11:52 51,200 ----a-w c:\winnt\system32\dssec.dll
    - 2004-08-04 05:31:43 137,216 ----a-w c:\winnt\system32\dssenh.dll
    + 2008-04-13 17:37:57 138,752 ----a-w c:\winnt\system32\dssenh.dll
    - 2004-08-04 07:56:42 113,152 ----a-w c:\winnt\system32\dsuiext.dll
    + 2008-04-14 00:11:52 113,152 ----a-w c:\winnt\system32\dsuiext.dll
    - 2004-08-04 07:56:42 19,456 ----a-w c:\winnt\system32\dswave.dll
    + 2008-04-14 00:11:52 19,456 ----a-w c:\winnt\system32\dswave.dll
    - 2007-08-21 00:26:52 196,608 ----a-w c:\winnt\system32\dtu100.dll
    + 2008-05-22 22:19:46 196,608 ----a-w c:\winnt\system32\dtu100.dll
    - 2004-08-04 07:56:48 10,752 ----a-w c:\winnt\system32\dumprep.exe
    + 2008-04-14 00:12:18 10,752 ----a-w c:\winnt\system32\dumprep.exe
    - 2004-08-04 07:56:42 304,128 ----a-w c:\winnt\system32\duser.dll
    + 2008-04-14 00:11:52 304,128 ----a-w c:\winnt\system32\duser.dll
    - 2004-08-04 07:56:48 17,920 ----a-w c:\winnt\system32\dvdupgrd.exe
    + 2008-04-14 00:12:18 17,920 ----a-w c:\winnt\system32\dvdupgrd.exe
    + 1998-10-15 21:51:28 136,192 ----a-w c:\winnt\system32\dwspy32.dll
    + 1998-10-09 17:02:22 75,776 ----a-w c:\winnt\system32\DWSPY36.dll
    - 2004-08-04 07:56:48 180,224 ----a-w c:\winnt\system32\dwwin.exe
    + 2008-04-14 00:12:18 180,224 ----a-w c:\winnt\system32\dwwin.exe
    - 2004-08-04 07:56:42 619,008 ----a-w c:\winnt\system32\dx7vb.dll
    + 2008-04-14 00:11:52 619,008 ----a-w c:\winnt\system32\dx7vb.dll
    - 2004-08-04 07:56:42 1,227,264 ----a-w c:\winnt\system32\dx8vb.dll
    + 2008-04-14 00:11:52 1,227,264 ----a-w c:\winnt\system32\dx8vb.dll
    - 2004-08-04 07:56:48 1,298,432 ----a-w c:\winnt\system32\dxdiag.exe
    + 2008-04-14 00:12:18 1,298,432 ----a-w c:\winnt\system32\dxdiag.exe
    - 2004-08-04 07:56:42 2,113,536 ----a-w c:\winnt\system32\dxdiagn.dll
    + 2008-04-14 00:11:52 2,113,536 ----a-w c:\winnt\system32\dxdiagn.dll
    - 2006-08-22 12:05:26 498,742 ----a-w c:\winnt\system32\dxmasf.dll
    + 2008-04-14 00:11:52 498,742 ----a-w c:\winnt\system32\dxmasf.dll
    - 2006-10-17 19:58:06 346,624 ----a-w c:\winnt\system32\dxtmsft.dll
    + 2008-12-20 23:15:12 347,136 ----a-w c:\winnt\system32\dxtmsft.dll
    - 2007-08-20 10:04:34 214,528 ----a-w c:\winnt\system32\dxtrans.dll
    + 2008-12-20 23:15:13 214,528 ----a-w c:\winnt\system32\dxtrans.dll
    + 2007-10-09 21:03:00 73,752 ----a-w c:\winnt\system32\dxva2.dll
    + 2008-04-14 00:11:52 30,720 ------w c:\winnt\system32\eapolqec.dll
    + 2008-04-14 00:11:52 184,832 ------w c:\winnt\system32\eapp3hst.dll
    + 2008-04-14 00:11:52 126,976 ------w c:\winnt\system32\eappcfg.dll
    + 2008-04-14 00:11:52 94,208 ------w c:\winnt\system32\eappgnui.dll
    + 2008-04-14 00:11:52 180,224 ------w c:\winnt\system32\eapphost.dll
    + 2008-04-14 00:11:52 40,960 ------w c:\winnt\system32\eappprxy.dll
    + 2008-04-14 00:11:52 59,392 ------w c:\winnt\system32\eapqec.dll
    + 2008-04-14 00:11:52 33,792 ------w c:\winnt\system32\eapsvc.dll
    - 2004-08-04 07:56:42 183,296 ----a-w c:\winnt\system32\els.dll
    + 2008-04-14 00:11:53 183,296 ----a-w c:\winnt\system32\els.dll
    + 2008-04-14 00:11:57 28,672 ------w c:\winnt\system32\en\microsoft.managementconsole.resources.dll
    + 2008-04-14 00:11:57 40,960 ------w c:\winnt\system32\en\mmcex.resources.dll
    + 2008-04-14 00:11:57 6,656 ------w c:\winnt\system32\en\mmcfxcommon.resources.dll
    - 2004-08-04 07:56:42 20,480 ----a-w c:\winnt\system32\encapi.dll
    + 2008-04-14 00:11:53 20,480 ----a-w c:\winnt\system32\encapi.dll
    - 2004-08-04 07:56:42 186,368 ----a-w c:\winnt\system32\encdec.dll
    + 2008-04-14 00:11:53 186,880 ----a-w c:\winnt\system32\encdec.dll
    - 2004-08-04 07:56:42 23,040 ----a-w c:\winnt\system32\ersvc.dll
    + 2008-04-14 00:11:53 23,040 ----a-w c:\winnt\system32\ersvc.dll
    - 2005-07-26 04:39:45 243,200 ----a-w c:\winnt\system32\es.dll
    + 2008-07-07 20:26:58 253,952 ----a-w c:\winnt\system32\es.dll
    - 2005-10-20 22:20:03 1,082,368 ----a-w c:\winnt\system32\esent.dll
    + 2008-04-14 00:11:53 1,082,368 ----a-w c:\winnt\system32\esent.dll
  6. 2009-03-24, 00:27 #26
    RallyReal
    RallyReal is offline
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Combofix Cont.

    - 2004-08-04 07:56:49 193,024 ----a-w c:\winnt\system32\eudcedit.exe
    + 2008-04-14 00:12:19 193,024 ----a-w c:\winnt\system32\eudcedit.exe
    - 2004-08-04 07:56:42 55,808 ----a-w c:\winnt\system32\eventlog.dll
    + 2008-04-14 00:11:53 56,320 ----a-w c:\winnt\system32\eventlog.dll
    + 2007-10-09 21:03:12 493,080 ----a-w c:\winnt\system32\evr.dll
    - 2004-08-04 07:56:42 380,957 ----a-w c:\winnt\system32\expsrv.dll
    + 2008-04-14 00:11:53 380,445 ----a-w c:\winnt\system32\expsrv.dll
    - 2007-08-20 10:04:34 132,608 ----a-w c:\winnt\system32\extmgr.dll
    + 2008-12-20 23:15:13 133,120 ----a-w c:\winnt\system32\extmgr.dll
    - 2004-08-04 07:56:49 45,568 ----a-w c:\winnt\system32\extrac32.exe
    + 2008-04-14 00:12:19 24,064 ----a-w c:\winnt\system32\extrac32.exe
    - 2003-03-31 12:00:00 121,856 ----a-w c:\winnt\system32\exts.dll
    + 2008-04-14 00:11:53 125,952 ----a-w c:\winnt\system32\exts.dll
    - 2004-08-04 07:56:42 80,384 ----a-w c:\winnt\system32\faultrep.dll
    + 2008-04-14 00:11:53 80,384 ----a-w c:\winnt\system32\faultrep.dll
    - 2004-08-04 07:56:49 20,992 ----a-w c:\winnt\system32\faxpatch.exe
    + 2008-04-14 00:12:20 20,992 ----a-w c:\winnt\system32\faxpatch.exe
    - 2004-08-04 07:56:42 21,504 ----a-w c:\winnt\system32\feclient.dll
    + 2008-04-14 00:11:53 21,504 ----a-w c:\winnt\system32\feclient.dll
    + 2004-10-03 17:50:54 129,024 ----a-w c:\winnt\system32\ff_mpeg2enc.dll
    + 2007-06-12 11:21:26 208,896 ----a-w c:\winnt\system32\ff_theora.dll
    + 2007-01-09 17:05:50 26,112 ----a-w c:\winnt\system32\ff_wmv9.dll
    + 2007-07-01 10:59:22 517,632 ----a-w c:\winnt\system32\ff_x264.dll
    - 2004-08-04 07:56:42 337,920 ----a-w c:\winnt\system32\filemgmt.dll
    + 2008-04-14 00:11:53 337,920 ----a-w c:\winnt\system32\filemgmt.dll
    - 2004-08-04 07:56:49 27,136 ----a-w c:\winnt\system32\findstr.exe
    + 2008-04-14 00:12:20 27,136 ----a-w c:\winnt\system32\findstr.exe
    - 2004-08-04 07:56:42 87,552 ----a-w c:\winnt\system32\fldrclnr.dll
    + 2008-04-14 00:11:53 87,552 ----a-w c:\winnt\system32\fldrclnr.dll
    - 2006-08-21 12:21:06 16,896 ----a-w c:\winnt\system32\fltlib.dll
    + 2008-04-14 00:11:53 16,896 ----a-w c:\winnt\system32\fltlib.dll
    - 2006-08-21 09:14:58 23,040 ----a-w c:\winnt\system32\fltmc.exe
    + 2008-04-14 00:12:20 23,040 ----a-w c:\winnt\system32\fltmc.exe
    - 2007-04-19 01:39:45 200,144 ----a-w c:\winnt\system32\FNTCACHE.DAT
    + 2009-03-16 00:08:15 209,696 ----a-w c:\winnt\system32\FNTCACHE.DAT
    - 2004-08-04 07:56:42 382,976 ----a-w c:\winnt\system32\fontext.dll
    + 2008-04-14 00:11:53 382,976 ----a-w c:\winnt\system32\fontext.dll
    - 2005-10-17 21:14:45 80,896 ----a-w c:\winnt\system32\fontsub.dll
    + 2008-04-14 00:11:53 80,896 ----a-w c:\winnt\system32\fontsub.dll
    - 2004-08-04 07:56:49 20,992 ----a-w c:\winnt\system32\fontview.exe
    + 2008-04-14 00:12:20 20,992 ----a-w c:\winnt\system32\fontview.exe
    - 2003-03-31 12:00:00 7,168 ----a-w c:\winnt\system32\forcedos.exe
    + 2008-04-14 00:12:20 7,680 ----a-w c:\winnt\system32\forcedos.exe
    - 2003-03-31 12:00:00 25,600 ----a-w c:\winnt\system32\format.com
    + 2008-04-14 00:12:42 29,696 ----a-w c:\winnt\system32\format.com
    - 2007-09-19 20:04:48 188,416 ----a-w c:\winnt\system32\FPKPM.dll
    + 2008-02-09 06:02:15 188,416 ----a-w c:\winnt\system32\FPKPM.dll
    - 2007-09-19 20:04:40 1,941,504 ----a-w c:\winnt\system32\FPKPMSV.exe
    + 2008-02-09 06:02:09 1,941,504 ----a-w c:\winnt\system32\FPKPMSV.exe
    - 2004-08-04 07:56:06 9,344 ----a-w c:\winnt\system32\framebuf.dll
    + 2008-04-14 00:09:33 9,344 ----a-w c:\winnt\system32\framebuf.dll
    - 2004-08-04 07:56:49 193,024 ----a-w c:\winnt\system32\fsquirt.exe
    + 2008-04-14 00:12:20 193,024 ----a-w c:\winnt\system32\fsquirt.exe
    - 2004-08-04 07:56:49 42,496 ----a-w c:\winnt\system32\ftp.exe
    + 2008-04-14 00:12:20 42,496 ----a-w c:\winnt\system32\ftp.exe
    - 2004-08-04 07:56:42 60,416 ----a-w c:\winnt\system32\fwcfg.dll
    + 2008-04-14 00:11:53 60,416 ----a-w c:\winnt\system32\fwcfg.dll
    - 2004-08-04 07:56:42 452,096 ----a-w c:\winnt\system32\fxsapi.dll
    + 2008-04-14 00:11:53 451,584 ----a-w c:\winnt\system32\fxsapi.dll
    - 2004-08-04 07:56:49 143,360 ----a-w c:\winnt\system32\fxsclnt.exe
    + 2008-04-14 00:12:21 142,848 ----a-w c:\winnt\system32\fxsclnt.exe
    - 2004-08-04 07:56:42 72,192 ----a-w c:\winnt\system32\fxscom.dll
    + 2008-04-14 00:11:54 72,192 ----a-w c:\winnt\system32\fxscom.dll
    - 2004-08-04 07:56:42 285,184 ----a-w c:\winnt\system32\fxscomex.dll
    + 2008-04-14 00:11:54 285,184 ----a-w c:\winnt\system32\fxscomex.dll
    - 2004-08-04 07:56:49 229,376 ----a-w c:\winnt\system32\fxscover.exe
    + 2008-04-14 00:12:21 229,376 ----a-w c:\winnt\system32\fxscover.exe
    - 2004-08-04 07:56:42 27,136 ----a-w c:\winnt\system32\fxsdrv.dll
    + 2008-04-14 00:11:54 26,624 ----a-w c:\winnt\system32\fxsdrv.dll
    - 2004-08-04 07:56:42 55,296 ----a-w c:\winnt\system32\fxsevent.dll
    + 2008-04-14 00:11:54 55,296 ----a-w c:\winnt\system32\fxsevent.dll
    - 2004-08-04 07:56:42 23,552 ----a-w c:\winnt\system32\fxsext32.dll
    + 2008-04-14 00:11:54 23,552 ----a-w c:\winnt\system32\fxsext32.dll
    - 2004-08-04 07:56:42 23,552 ----a-w c:\winnt\system32\fxsmon.dll
    + 2008-04-14 00:11:54 23,552 ----a-w c:\winnt\system32\fxsmon.dll
    - 2004-08-04 07:56:42 8,704 ----a-w c:\winnt\system32\fxsperf.dll
    + 2008-04-14 00:11:54 8,704 ----a-w c:\winnt\system32\fxsperf.dll
    - 2004-08-04 07:56:06 6,656 ----a-w c:\winnt\system32\fxsres.dll
    + 2008-04-14 00:09:33 6,656 ----a-w c:\winnt\system32\fxsres.dll
    - 2004-08-04 07:56:42 562,176 ----a-w c:\winnt\system32\fxsst.dll
    + 2008-04-14 00:11:54 562,176 ----a-w c:\winnt\system32\fxsst.dll
    - 2004-08-04 07:56:49 267,776 ----a-w c:\winnt\system32\fxssvc.exe
    + 2008-04-14 00:12:21 267,776 ----a-w c:\winnt\system32\fxssvc.exe
    - 2004-08-04 07:56:42 246,272 ----a-w c:\winnt\system32\fxst30.dll
    + 2008-04-14 00:11:54 246,272 ----a-w c:\winnt\system32\fxst30.dll
    - 2004-08-04 07:56:42 397,312 ----a-w c:\winnt\system32\fxstiff.dll
    + 2008-04-14 00:11:54 397,312 ----a-w c:\winnt\system32\fxstiff.dll
    - 2004-08-04 07:56:42 154,112 ----a-w c:\winnt\system32\fxsui.dll
    + 2008-04-14 00:11:54 154,112 ----a-w c:\winnt\system32\fxsui.dll
    - 2004-08-04 07:56:42 192,512 ----a-w c:\winnt\system32\fxswzrd.dll
    + 2008-04-14 00:11:54 192,512 ----a-w c:\winnt\system32\fxswzrd.dll
    - 2004-08-04 07:56:42 400,384 ----a-w c:\winnt\system32\fxsxp32.dll
    + 2008-04-14 00:11:54 400,384 ----a-w c:\winnt\system32\fxsxp32.dll
    - 2007-06-19 13:31:19 282,112 ----a-w c:\winnt\system32\gdi32.dll
    + 2008-10-23 12:36:14 286,720 ----a-w c:\winnt\system32\gdi32.dll
    - 2006-10-04 00:47:52 109,360 ----a-w c:\winnt\system32\GEARAspi.dll
    + 2008-04-17 20:12:54 107,368 ----a-w c:\winnt\system32\GEARAspi.dll
    - 2004-08-04 07:56:42 122,880 ----a-w c:\winnt\system32\glu32.dll
    + 2008-04-14 00:11:54 122,880 ----a-w c:\winnt\system32\glu32.dll
    - 2004-08-04 07:56:07 9,728 ----a-w c:\winnt\system32\gpkrsrc.dll
    + 2006-12-31 01:26:44 9,728 ----a-w c:\winnt\system32\gpkrsrc.dll
    - 2004-08-04 07:56:49 39,424 ----a-w c:\winnt\system32\grpconv.exe
    + 2008-04-14 00:12:21 39,424 ----a-w c:\winnt\system32\grpconv.exe
    - 2004-08-04 07:56:42 614,912 ----a-w c:\winnt\system32\h323msp.dll
    + 2008-04-14 00:11:54 614,912 ----a-w c:\winnt\system32\h323msp.dll
    - 2004-08-04 05:59:12 134,400 ----a-w c:\winnt\system32\HAL.DLL
    + 2008-04-13 18:31:28 134,400 ----a-w c:\winnt\system32\HAL.DLL
    - 2004-08-04 07:56:42 7,168 ----a-w c:\winnt\system32\hccoin.dll
    + 2008-04-14 00:11:54 7,168 ----a-w c:\winnt\system32\hccoin.dll
    - 2003-03-31 12:00:00 14,848 ----a-w c:\winnt\system32\help.exe
    + 2008-04-14 00:12:21 15,872 ----a-w c:\winnt\system32\help.exe
    + 2001-12-01 11:25:52 446,464 ----a-w c:\winnt\system32\HHActiveX.dll
    - 2005-05-27 02:04:27 41,472 ----a-w c:\winnt\system32\hhsetup.dll
    + 2008-04-14 00:11:54 41,472 ----a-w c:\winnt\system32\hhsetup.dll
    - 2004-08-04 07:56:42 20,992 ----a-w c:\winnt\system32\hid.dll
    + 2008-04-14 00:11:54 20,992 ----a-w c:\winnt\system32\hid.dll
    + 2008-04-14 00:11:54 21,504 ----a-w c:\winnt\system32\hidserv.dll
    - 2006-07-21 08:24:43 72,704 ----a-w c:\winnt\system32\hlink.dll
    + 2008-04-14 00:11:54 72,704 ----a-w c:\winnt\system32\hlink.dll
    - 2004-08-04 07:56:42 344,064 ----a-w c:\winnt\system32\hnetcfg.dll
    + 2008-04-14 00:11:54 344,064 ----a-w c:\winnt\system32\hnetcfg.dll
    - 2004-08-04 07:56:42 330,752 ----a-w c:\winnt\system32\hnetwiz.dll
    + 2008-04-14 00:11:54 330,752 ----a-w c:\winnt\system32\hnetwiz.dll
    - 2004-08-04 07:56:42 144,896 ----a-w c:\winnt\system32\hotplug.dll
    + 2008-04-14 00:11:54 144,896 ----a-w c:\winnt\system32\hotplug.dll
    - 2004-08-04 07:56:42 32,285 ----a-w c:\winnt\system32\hsfcisp2.dll
    + 2008-04-14 00:11:54 32,285 ----a-w c:\winnt\system32\hsfcisp2.dll
    - 2004-08-04 07:56:42 24,576 ----a-w c:\winnt\system32\httpapi.dll
    + 2008-04-14 00:11:54 24,576 ----a-w c:\winnt\system32\httpapi.dll
    - 2004-08-04 07:56:42 41,984 ----a-w c:\winnt\system32\htui.dll
    + 2008-04-14 00:11:54 41,984 ----a-w c:\winnt\system32\htui.dll
    + 2004-08-10 06:52:54 241,723 ----a-w c:\winnt\system32\hxltcolor.dll
    - 2004-11-17 17:41:24 347,136 ----a-w c:\winnt\system32\hypertrm.dll
    + 2008-04-14 00:11:54 347,136 ----a-w c:\winnt\system32\hypertrm.dll
    - 2004-08-04 07:56:42 119,808 ----a-w c:\winnt\system32\iasrad.dll
    + 2008-04-14 00:11:54 119,808 ----a-w c:\winnt\system32\iasrad.dll
    - 2004-08-04 07:56:42 11,264 ----a-w c:\winnt\system32\icaapi.dll
    + 2008-04-14 00:11:54 11,264 ----a-w c:\winnt\system32\icaapi.dll
    + 2007-10-11 17:55:10 579,584 ----a-w c:\winnt\system32\icardagt.exe
    - 2007-08-20 10:04:34 63,488 ----a-w c:\winnt\system32\icardie.dll
    + 2008-12-20 23:15:13 63,488 ----a-w c:\winnt\system32\icardie.dll
    + 2007-10-11 17:55:10 11,776 ----a-w c:\winnt\system32\icardres.dll
    - 2004-08-04 07:56:42 80,384 ----a-w c:\winnt\system32\iccvid.dll
    + 2008-04-14 00:11:54 80,384 ----a-w c:\winnt\system32\iccvid.dll
    - 2005-06-29 01:46:00 254,976 ----a-w c:\winnt\system32\icm32.dll
    + 2008-04-14 00:11:54 254,976 ----a-w c:\winnt\system32\icm32.dll
    - 2004-08-04 07:56:07 3,584 ----a-w c:\winnt\system32\icmp.dll
    + 2008-04-14 00:09:40 3,584 ----a-w c:\winnt\system32\icmp.dll
    - 2004-08-04 07:56:42 73,728 ----a-w c:\winnt\system32\icwdial.dll
    + 2008-04-14 00:11:54 73,728 ----a-w c:\winnt\system32\icwdial.dll
    - 2004-08-04 07:56:42 65,536 ----a-w c:\winnt\system32\icwphbk.dll
    + 2008-04-14 00:11:54 65,536 ----a-w c:\winnt\system32\icwphbk.dll
    - 2004-08-04 07:56:42 120,832 ----a-w c:\winnt\system32\idq.dll
    + 2008-04-14 00:11:54 120,832 ----a-w c:\winnt\system32\idq.dll
    - 2007-08-17 10:20:54 63,488 ----a-w c:\winnt\system32\ie4uinit.exe
    + 2008-12-19 09:10:15 70,656 ----a-w c:\winnt\system32\ie4uinit.exe
    - 2007-08-20 10:04:34 153,088 ----a-w c:\winnt\system32\ieakeng.dll
    + 2008-12-20 23:15:14 153,088 ----a-w c:\winnt\system32\ieakeng.dll
    - 2007-08-20 10:04:35 230,400 ----a-w c:\winnt\system32\ieaksie.dll
    + 2008-12-20 23:15:14 230,400 ----a-w c:\winnt\system32\ieaksie.dll
    - 2007-08-17 07:34:25 161,792 ----a-w c:\winnt\system32\ieakui.dll
    + 2008-12-19 05:23:56 161,792 ----a-w c:\winnt\system32\ieakui.dll
    - 2007-08-20 10:04:35 383,488 ----a-w c:\winnt\system32\ieapfltr.dll
    + 2008-12-20 23:15:15 383,488 ----a-w c:\winnt\system32\ieapfltr.dll
    - 2007-08-20 10:04:35 384,512 ----a-w c:\winnt\system32\iedkcs32.dll
    + 2008-12-20 23:15:16 384,512 ----a-w c:\winnt\system32\iedkcs32.dll
    - 2006-10-17 20:06:00 78,336 ----a-w c:\winnt\system32\ieencode.dll
    + 2008-04-14 00:11:54 81,920 ----a-w c:\winnt\system32\ieencode.dll
    - 2007-08-20 10:04:37 6,058,496 ----a-w c:\winnt\system32\ieframe.dll
    + 2008-12-20 23:15:21 6,066,688 ----a-w c:\winnt\system32\ieframe.dll
    - 2007-08-20 10:04:38 44,544 ----a-w c:\winnt\system32\iernonce.dll
    + 2008-12-20 23:15:21 44,544 ----a-w c:\winnt\system32\iernonce.dll
    - 2007-08-20 10:04:38 267,776 ----a-w c:\winnt\system32\iertutil.dll
    + 2008-12-20 23:15:22 267,776 ----a-w c:\winnt\system32\iertutil.dll
    - 2007-08-17 10:20:54 13,824 ----a-w c:\winnt\system32\ieudinit.exe
    + 2008-12-19 09:10:15 13,824 ----a-w c:\winnt\system32\ieudinit.exe
    - 2004-08-04 07:56:50 114,688 ----a-w c:\winnt\system32\iexpress.exe
    + 2008-04-14 00:12:22 114,688 ----a-w c:\winnt\system32\iexpress.exe
    - 2004-08-04 07:56:42 135,680 ----a-w c:\winnt\system32\ifmon.dll
    + 2008-04-14 00:11:54 135,680 ----a-w c:\winnt\system32\ifmon.dll
    + 2005-10-29 07:49:40 151,552 ------w c:\winnt\system32\ifxcardm.dll
    - 2004-08-04 07:56:42 8,192 ----a-w c:\winnt\system32\igmpagnt.dll
    + 2008-04-14 00:11:54 8,192 ----a-w c:\winnt\system32\igmpagnt.dll
    - 2004-08-04 07:56:42 81,920 ----a-w c:\winnt\system32\ils.dll
    + 2008-04-14 00:11:54 81,920 ----a-w c:\winnt\system32\ils.dll
    - 2004-08-04 07:56:42 144,384 ----a-w c:\winnt\system32\imagehlp.dll
    + 2008-04-14 00:11:54 144,384 ------w c:\winnt\system32\imagehlp.dll
    - 2004-08-04 07:56:50 150,016 ----a-w c:\winnt\system32\imapi.exe
    + 2008-04-14 00:12:22 150,528 ----a-w c:\winnt\system32\imapi.exe
    - 2004-08-04 07:56:42 36,921 ----a-w c:\winnt\system32\imeshare.dll
    + 2008-04-14 00:11:54 36,921 ------w c:\winnt\system32\imeshare.dll
    + 2002-03-14 21:46:04 339,968 ----a-w c:\winnt\system32\imgman32.dll
    + 2002-03-19 18:39:16 98,345 ----a-w c:\winnt\system32\imhost32.dll
    - 2004-08-04 07:56:42 110,080 ----a-w c:\winnt\system32\imm32.dll
    + 2008-04-14 00:11:54 110,080 ------w c:\winnt\system32\imm32.dll
    - 2004-08-04 07:56:42 274,432 ----a-w c:\winnt\system32\inetcfg.dll
    + 2008-04-14 00:11:54 274,432 ----a-w c:\winnt\system32\inetcfg.dll
    - 2007-08-21 06:15:44 683,520 ----a-w c:\winnt\system32\inetcomm.dll
    + 2008-04-11 19:04:26 691,712 ----a-w c:\winnt\system32\inetcomm.dll
    - 2004-08-04 07:56:42 33,280 ----a-w c:\winnt\system32\inetmib1.dll
    + 2008-04-14 00:11:55 32,768 ----a-w c:\winnt\system32\inetmib1.dll
    - 2004-08-04 07:56:42 75,264 ----a-w c:\winnt\system32\inetpp.dll
    + 2008-04-14 00:11:55 75,264 ----a-w c:\winnt\system32\inetpp.dll
    - 2004-08-04 07:56:42 15,872 ----a-w c:\winnt\system32\inetppui.dll
    + 2008-04-14 00:11:55 15,872 ----a-w c:\winnt\system32\inetppui.dll
    - 2004-08-04 07:56:08 48,128 ----a-w c:\winnt\system32\inetres.dll
    + 2008-04-13 16:22:12 48,128 ----a-w c:\winnt\system32\inetres.dll
    - 1999-09-01 18:04:42 49,152 ----a-w c:\winnt\system32\inetwh32.dll
    + 2000-08-05 00:25:30 49,152 ----a-w c:\winnt\system32\inetwh32.dll
    + 2007-10-11 17:55:10 88,576 ----a-w c:\winnt\system32\infocardapi.dll
    + 2008-04-14 00:12:38 26,112 ----a-w c:\winnt\system32\init32.exe
    - 2004-08-04 07:56:42 147,456 ----a-w c:\winnt\system32\initpki.dll
    + 2008-04-14 00:11:55 147,456 ----a-w c:\winnt\system32\initpki.dll
    - 2004-08-04 07:56:42 123,392 ----a-w c:\winnt\system32\input.dll
    + 2008-04-14 00:11:55 123,392 ----a-w c:\winnt\system32\input.dll
    - 2004-08-04 07:56:50 55,808 ----a-w c:\winnt\system32\ipconfig.exe
    + 2008-04-14 00:12:22 55,808 ----a-w c:\winnt\system32\ipconfig.exe
    - 2006-05-19 12:59:41 94,720 ----a-w c:\winnt\system32\iphlpapi.dll
    + 2008-04-14 00:11:55 94,720 ----a-w c:\winnt\system32\iphlpapi.dll
    - 2003-03-31 12:00:00 154,112 ----a-w c:\winnt\system32\ipmontr.dll
    + 2008-04-14 00:11:55 161,280 ----a-w c:\winnt\system32\ipmontr.dll
    - 2004-08-04 07:56:42 331,264 ----a-w c:\winnt\system32\ipnathlp.dll
    + 2008-04-14 00:11:55 331,264 ----a-w c:\winnt\system32\ipnathlp.dll
    - 2004-08-04 07:56:42 330,752 ----a-w c:\winnt\system32\ippromon.dll
    + 2008-04-14 00:11:55 330,752 ----a-w c:\winnt\system32\ippromon.dll
    - 2003-03-31 12:00:00 169,984 ----a-w c:\winnt\system32\iprtrmgr.dll
    + 2008-04-14 00:11:55 177,152 ----a-w c:\winnt\system32\iprtrmgr.dll
    - 2004-08-04 07:56:42 349,696 ----a-w c:\winnt\system32\ipsecsnp.dll
    + 2008-04-14 00:11:55 349,696 ----a-w c:\winnt\system32\ipsecsnp.dll
    - 2004-08-04 07:56:42 182,784 ----a-w c:\winnt\system32\ipsecsvc.dll
    + 2008-04-14 00:11:55 183,808 ----a-w c:\winnt\system32\ipsecsvc.dll
    - 2004-08-04 07:56:42 384,000 ----a-w c:\winnt\system32\ipsmsnap.dll
    + 2008-04-14 00:11:55 384,000 ----a-w c:\winnt\system32\ipsmsnap.dll
    - 2004-08-04 07:56:50 53,248 ----a-w c:\winnt\system32\ipv6.exe
    + 2008-04-14 00:12:23 53,248 ----a-w c:\winnt\system32\ipv6.exe
    - 2004-08-04 07:56:42 59,904 ----a-w c:\winnt\system32\ipv6mon.dll
    + 2008-04-14 00:11:55 59,904 ----a-w c:\winnt\system32\ipv6mon.dll
    - 2004-08-04 07:56:50 23,552 ----a-w c:\winnt\system32\ipxroute.exe
    + 2008-04-14 00:12:23 23,552 ----a-w c:\winnt\system32\ipxroute.exe
    - 2003-03-31 12:00:00 20,992 ----a-w c:\winnt\system32\ipxwan.dll
    + 2008-04-14 00:11:55 22,016 ----a-w c:\winnt\system32\ipxwan.dll
    - 2004-08-04 07:56:42 120,320 ----a-w c:\winnt\system32\ir41_qc.dll
    + 2008-04-14 00:11:55 120,320 ----a-w c:\winnt\system32\ir41_qc.dll
    - 2004-08-04 07:56:42 338,432 ----a-w c:\winnt\system32\ir41_qcx.dll
    + 2008-04-14 00:11:55 338,432 ----a-w c:\winnt\system32\ir41_qcx.dll
    - 2004-08-04 07:56:42 200,192 ----a-w c:\winnt\system32\ir50_qc.dll
    + 2008-04-14 00:11:55 200,192 ----a-w c:\winnt\system32\ir50_qc.dll
    - 2004-08-04 07:56:42 183,808 ----a-w c:\winnt\system32\ir50_qcx.dll
    + 2008-04-14 00:11:55 183,808 ----a-w c:\winnt\system32\ir50_qcx.dll
    - 2004-08-04 07:56:42 81,920 ----a-w c:\winnt\system32\isign32.dll
    + 2008-04-14 00:11:55 81,920 ----a-w c:\winnt\system32\isign32.dll
    - 2004-08-04 07:56:42 32,768 ----a-w c:\winnt\system32\isrdbg32.dll
    + 2008-04-14 00:11:55 32,768 ----a-w c:\winnt\system32\isrdbg32.dll
    - 2005-05-27 02:04:27 155,136 ----a-w c:\winnt\system32\itircl.dll
    + 2008-04-14 00:11:55 155,136 ----a-w c:\winnt\system32\itircl.dll
    - 2005-05-27 02:04:27 137,216 ----a-w c:\winnt\system32\itss.dll
    + 2008-04-14 00:11:55 138,240 ----a-w c:\winnt\system32\itss.dll
    - 2004-08-04 07:56:42 54,272 ----a-w c:\winnt\system32\ixsso.dll
    + 2008-04-14 00:11:55 54,272 ----a-w c:\winnt\system32\ixsso.dll
    - 2004-08-04 07:56:42 47,616 ----a-w c:\winnt\system32\iyuv_32.dll
    + 2008-04-14 00:11:55 47,616 ----a-w c:\winnt\system32\iyuv_32.dll
    - 2007-09-25 06:30:28 135,168 ----a-w c:\winnt\system32\java.exe
    + 2009-03-10 21:07:38 144,792 ----a-w c:\winnt\system32\java.exe
    - 2007-09-25 06:30:30 135,168 ----a-w c:\winnt\system32\javaw.exe
    + 2009-03-10 21:07:38 144,792 ----a-w c:\winnt\system32\javaw.exe
    - 2007-09-25 07:31:42 139,264 ----a-w c:\winnt\system32\javaws.exe
    + 2009-03-10 21:07:38 148,888 ----a-w c:\winnt\system32\javaws.exe
    - 2006-06-01 18:47:07 163,840 ----a-w c:\winnt\system32\jgdw400.dll
    + 2008-04-14 00:11:55 163,840 ----a-w c:\winnt\system32\jgdw400.dll
    - 2006-06-01 18:47:07 27,648 ----a-w c:\winnt\system32\jgpl400.dll
    + 2008-04-14 00:11:55 27,648 ----a-w c:\winnt\system32\jgpl400.dll
    - 2006-10-17 20:00:00 491,520 ----a-w c:\winnt\system32\jscript.dll
    + 2008-05-09 10:53:39 512,000 ----a-w c:\winnt\system32\jscript.dll
    - 2007-08-20 10:04:39 27,648 ----a-w c:\winnt\system32\jsproxy.dll
    + 2008-12-20 23:15:23 27,648 ----a-w c:\winnt\system32\jsproxy.dll
    - 2001-08-17 22:55:56 6,144 ----a-w c:\winnt\system32\kbd106.dll
    + 2008-04-14 00:09:55 6,144 ----a-w c:\winnt\system32\kbd106.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\system32\kbdbhc.dll
    - 2004-08-04 07:56:10 7,168 ----a-w c:\winnt\system32\kbdfi1.dll
    + 2008-04-14 00:09:55 7,168 ----a-w c:\winnt\system32\kbdfi1.dll
    - 2004-08-04 07:56:10 6,144 ----a-w c:\winnt\system32\kbdinbe1.dll
    + 2008-04-14 00:09:55 6,144 ----a-w c:\winnt\system32\kbdinbe1.dll
    - 2004-08-04 07:56:10 6,656 ----a-w c:\winnt\system32\kbdinben.dll
    + 2008-04-14 00:09:55 6,144 ----a-w c:\winnt\system32\kbdinben.dll
    - 2004-08-04 07:56:10 6,656 ----a-w c:\winnt\system32\kbdinmal.dll
    + 2008-04-14 00:09:55 6,656 ----a-w c:\winnt\system32\kbdinmal.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\system32\kbdiultn.dll
    - 2004-08-04 07:56:10 5,632 ----a-w c:\winnt\system32\kbdmaori.dll
    + 2008-04-14 00:09:55 5,632 ----a-w c:\winnt\system32\kbdmaori.dll
    - 2004-08-04 07:56:10 6,144 ----a-w c:\winnt\system32\kbdmlt47.dll
    + 2008-04-14 00:09:55 6,144 ----a-w c:\winnt\system32\kbdmlt47.dll
    - 2004-08-04 07:56:10 6,144 ----a-w c:\winnt\system32\kbdmlt48.dll
    + 2008-04-14 00:09:55 6,144 ----a-w c:\winnt\system32\kbdmlt48.dll
    - 2003-03-31 12:00:00 7,168 ----a-w c:\winnt\system32\kbdnec.dll
    + 2008-04-14 00:09:55 7,168 ----a-w c:\winnt\system32\kbdnec.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\system32\kbdnepr.dll
    - 2004-08-04 07:56:10 7,168 ----a-w c:\winnt\system32\kbdno1.dll
    + 2008-04-14 00:09:55 7,168 ----a-w c:\winnt\system32\kbdno1.dll
    + 2008-04-14 00:09:55 6,144 ------w c:\winnt\system32\kbdpash.dll
    - 2004-08-04 07:56:10 7,680 ----a-w c:\winnt\system32\kbdsmsfi.dll
    + 2008-04-14 00:09:55 7,680 ----a-w c:\winnt\system32\kbdsmsfi.dll
    - 2004-08-04 07:56:10 7,680 ----a-w c:\winnt\system32\kbdsmsno.dll
    + 2008-04-14 00:09:55 7,680 ----a-w c:\winnt\system32\kbdsmsno.dll
    - 2004-08-04 07:56:10 7,168 ----a-w c:\winnt\system32\kbdukx.dll
    + 2008-04-14 00:09:55 7,168 ----a-w c:\winnt\system32\kbdukx.dll
    - 2004-08-04 05:59:23 7,424 ----a-w c:\winnt\system32\kd1394.dll
    + 2008-04-13 18:31:35 7,424 ----a-w c:\winnt\system32\kd1394.dll
    - 2005-06-15 17:49:30 295,936 ----a-w c:\winnt\system32\kerberos.dll
    + 2008-04-14 00:11:56 299,520 ----a-w c:\winnt\system32\kerberos.dll
    - 2007-04-16 15:52:53 984,576 ----a-w c:\winnt\system32\kernel32.dll
    + 2008-04-14 00:11:56 989,696 ----a-w c:\winnt\system32\kernel32.dll
    + 2003-03-31 12:00:00 2,000 ----a-w c:\winnt\system32\keyboard.drv
    - 2004-08-04 07:56:42 150,528 ----a-w c:\winnt\system32\keymgr.dll
    + 2008-04-14 00:11:56 150,528 ----a-w c:\winnt\system32\keymgr.dll
    + 2008-04-14 00:11:56 61,440 ------w c:\winnt\system32\kmsvc.dll
    - 2004-08-04 07:56:42 4,096 ----a-w c:\winnt\system32\ksuser.dll
    + 2008-04-14 00:11:56 4,096 ----a-w c:\winnt\system32\ksuser.dll
    + 2008-04-14 00:11:56 37,376 ------w c:\winnt\system32\l2gpstore.dll
    + 2003-03-31 12:00:00 221,600 ----a-w c:\winnt\system32\lanman.drv
    + 1997-07-29 21:13:46 41,472 ----a-w c:\winnt\system32\ldeei.dll
    - 2007-02-16 02:01:04 1,476,992 ----a-w c:\winnt\system32\LegitCheckControl.dll
    + 2007-10-11 22:12:48 1,468,968 ----a-w c:\winnt\system32\LegitCheckControl.DLL
    + 1997-10-09 19:08:26 79,872 ----a-w c:\winnt\system32\lex_psu.exe
    + 2000-09-18 21:43:46 177,152 ----a-w c:\winnt\system32\lex2kusb.dll
    + 2000-09-14 23:08:12 135,168 ----a-w c:\winnt\system32\LexBce.dll
    + 2000-09-14 23:08:52 287,744 ----a-w c:\winnt\system32\LexBceS.exe
    + 2000-09-18 21:44:46 190,976 ----a-w c:\winnt\system32\lexlmpm.dll
    + 2000-09-18 21:43:00 201,728 ----a-w c:\winnt\system32\Lexp2p32.dll
    + 2000-09-14 23:05:58 169,984 ----a-w c:\winnt\system32\Lexpps.exe
    + 2000-09-14 23:56:32 48,640 ----a-w c:\winnt\system32\Lexunst1.exe
    + 2007-07-01 11:12:14 3,145,728 ----a-w c:\winnt\system32\libavcodec.dll
    - 2007-08-15 22:33:06 1,044,480 ----a-w c:\winnt\system32\libdivx.dll
    + 2008-05-22 22:20:42 1,044,480 ----a-w c:\winnt\system32\libdivx.dll
    + 2007-06-17 11:43:56 405,504 ----a-w c:\winnt\system32\libmplayer.dll
    - 2004-08-04 07:56:44 423,936 ----a-w c:\winnt\system32\licdll.dll
    + 2008-04-14 12:41:58 423,936 ----a-w c:\winnt\system32\licdll.dll
    - 2004-08-04 07:56:42 58,880 ----a-w c:\winnt\system32\licwmi.dll
    + 2008-04-14 00:11:56 58,880 ----a-w c:\winnt\system32\licwmi.dll
    - 2005-09-01 01:41:53 19,968 ----a-w c:\winnt\system32\linkinfo.dll
    + 2008-04-14 00:11:56 19,968 ----a-w c:\winnt\system32\linkinfo.dll
    - 2004-08-04 07:56:42 13,824 ----a-w c:\winnt\system32\lmhsvc.dll
    + 2008-04-14 00:11:56 13,824 ----a-w c:\winnt\system32\lmhsvc.dll
    - 2004-08-04 07:56:42 399,872 ----a-w c:\winnt\system32\lmrt.dll
    + 2008-04-14 00:11:56 399,872 ----a-w c:\winnt\system32\lmrt.dll
    - 2004-08-04 07:56:42 97,280 ----a-w c:\winnt\system32\loadperf.dll
    + 2008-04-14 00:11:56 97,280 ----a-w c:\winnt\system32\loadperf.dll
    - 2004-08-04 07:56:42 221,696 ----a-w c:\winnt\system32\localsec.dll
    + 2008-04-14 00:11:56 221,696 ----a-w c:\winnt\system32\localsec.dll
    - 2004-08-04 07:56:42 341,504 ----a-w c:\winnt\system32\localspl.dll
    + 2008-04-14 00:11:56 343,040 ----a-w c:\winnt\system32\localspl.dll
    - 2004-08-04 07:56:42 11,776 ----a-w c:\winnt\system32\localui.dll
    + 2008-04-14 00:11:56 11,776 ----a-w c:\winnt\system32\localui.dll
    - 2004-08-04 07:56:50 75,264 ----a-w c:\winnt\system32\locator.exe
    + 2008-04-14 00:12:24 75,264 ----a-w c:\winnt\system32\locator.exe
    - 2006-10-19 04:03:58 100,864 ----a-w c:\winnt\system32\logagent.exe
    + 2008-06-18 09:09:22 100,864 ----a-w c:\winnt\system32\logagent.exe
    - 2004-08-04 07:56:50 59,392 ----a-w c:\winnt\system32\logman.exe
    + 2008-04-14 00:12:24 59,392 ----a-w c:\winnt\system32\logman.exe
    - 2004-08-04 07:56:57 220,672 ----a-w c:\winnt\system32\logon.scr
    + 2008-04-14 00:12:43 220,672 ----a-w c:\winnt\system32\logon.scr
    - 2004-08-04 07:56:50 514,560 ----a-w c:\winnt\system32\logonui.exe
    + 2008-04-14 00:12:24 514,560 ----a-w c:\winnt\system32\logonui.exe
    - 2004-08-04 07:56:42 22,016 ----a-w c:\winnt\system32\lpk.dll
    + 2008-04-14 00:11:56 22,016 ----a-w c:\winnt\system32\lpk.dll
    - 2004-08-04 07:56:42 10,240 ----a-w c:\winnt\system32\lprhelp.dll
    + 2008-04-14 00:11:56 10,240 ----a-w c:\winnt\system32\lprhelp.dll
    - 2006-08-17 12:28:27 721,920 ----a-w c:\winnt\system32\lsasrv.dll
    + 2008-04-14 00:11:56 728,064 ----a-w c:\winnt\system32\lsasrv.dll
    - 2004-08-04 07:56:50 13,312 ----a-w c:\winnt\system32\lsass.exe
    + 2008-04-14 00:12:24 13,312 ----a-w c:\winnt\system32\lsass.exe
    + 2001-08-18 05:36:18 176,640 ----a-w c:\winnt\system32\LXAASUI.DLL
    + 2003-03-31 12:00:00 2,560 ----a-w c:\winnt\system32\lz32.dll
    - 2007-05-02 19:32:04 182,512 ----a-w c:\winnt\system32\Macromed\Director\SwDir.dll
    + 2008-01-07 19:26:46 181,672 ----a-w c:\winnt\system32\Macromed\Director\SwDir.dll
    + 2008-10-05 03:16:26 235,936 ----a-r c:\winnt\system32\Macromed\Flash\FlashUtil10a.exe
    - 2007-06-11 20:34:34 2,115,816 ----a-w c:\winnt\system32\Macromed\Flash\NPSWF32.dll
    + 2009-02-03 02:15:28 3,771,296 ----a-w c:\winnt\system32\Macromed\Flash\NPSWF32.dll
    - 2007-06-11 20:34:40 190,696 ----a-w c:\winnt\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    + 2009-02-03 02:15:30 240,544 ----a-w c:\winnt\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
    - 2007-11-14 07:55:14 48,238 ----a-w c:\winnt\system32\Macromed\Flash\uninstall_activeX.exe
    + 2009-02-22 08:17:20 89,102 ----a-w c:\winnt\system32\Macromed\Flash\uninstall_activeX.exe
    - 2007-11-30 08:04:35 45,218 ----a-w c:\winnt\system32\Macromed\Flash\uninstall_plugin.exe
    + 2009-03-16 00:10:07 84,661 ----a-w c:\winnt\system32\Macromed\Flash\uninstall_plugin.exe
    - 2007-05-01 00:11:28 585,728 ----a-w c:\winnt\system32\Macromed\Shockwave 10\Control.dll
    + 2008-01-04 02:19:34 581,632 ----a-w c:\winnt\system32\Macromed\Shockwave 10\Control.dll
    - 2007-04-30 23:08:40 1,490,944 ----a-w c:\winnt\system32\Macromed\Shockwave 10\dirapi.dll
    + 2008-01-04 02:01:46 1,490,944 ----a-w c:\winnt\system32\Macromed\Shockwave 10\dirapi.dll
    - 2007-04-30 23:30:38 24,576 ----a-w c:\winnt\system32\Macromed\Shockwave 10\DynaPlayer.dll
    + 2008-01-04 02:20:14 24,576 ----a-w c:\winnt\system32\Macromed\Shockwave 10\DynaPlayer.dll
    - 2007-04-30 23:47:02 1,089,024 ----a-w c:\winnt\system32\Macromed\Shockwave 10\gi.dll
    + 2008-01-04 02:39:06 1,113,600 ----a-w c:\winnt\system32\Macromed\Shockwave 10\gi.dll
    - 2007-04-30 22:47:42 52,288 ----a-w c:\winnt\system32\Macromed\Shockwave 10\gtapi.dll
    + 2008-01-04 01:46:46 52,288 ----a-w c:\winnt\system32\Macromed\Shockwave 10\gtapi.dll
    - 2007-04-30 23:05:32 606,208 ----a-w c:\winnt\system32\Macromed\Shockwave 10\iml32.dll
    + 2008-01-04 01:59:14 606,208 ----a-w c:\winnt\system32\Macromed\Shockwave 10\iml32.dll
    - 2007-05-01 00:11:22 339,968 ----a-w c:\winnt\system32\Macromed\Shockwave 10\Plugin.dll
    + 2008-01-04 02:18:56 339,968 ----a-w c:\winnt\system32\Macromed\Shockwave 10\Plugin.dll
    - 2007-05-01 00:11:24 483,328 ----a-w c:\winnt\system32\Macromed\Shockwave 10\PluginPing.dll
    + 2008-01-04 02:19:06 475,136 ----a-w c:\winnt\system32\Macromed\Shockwave 10\PluginPing.dll
    - 2007-05-01 00:11:30 180,224 ----a-w c:\winnt\system32\Macromed\Shockwave 10\Proj.dll
    + 2008-01-04 02:11:48 180,224 ----a-w c:\winnt\system32\Macromed\Shockwave 10\Proj.dll
    + 2008-01-07 19:26:28 390,568 ----a-w c:\winnt\system32\Macromed\Shockwave 10\SwHelper_1030024.exe
    - 2007-04-30 23:33:00 77,824 ----a-w c:\winnt\system32\Macromed\Shockwave 10\SwInit.exe
    + 2008-01-04 02:22:06 77,824 ----a-w c:\winnt\system32\Macromed\Shockwave 10\SwInit.exe
    - 2007-04-30 23:29:00 86,016 ----a-w c:\winnt\system32\Macromed\Shockwave 10\SwMenu.dll
    + 2008-01-04 02:18:50 86,016 ----a-w c:\winnt\system32\Macromed\Shockwave 10\SwMenu.dll
    - 2007-04-30 23:33:00 98,304 ----a-w c:\winnt\system32\Macromed\Shockwave 10\SwOnce.dll
    + 2008-01-04 02:22:08 98,304 ----a-w c:\winnt\system32\Macromed\Shockwave 10\SwOnce.dll
    + 2008-01-04 01:46:44 50,808 ----a-w c:\winnt\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
    - 1999-06-25 17:55:30 149,504 ----a-w c:\winnt\system32\Macromed\Shockwave 10\UNWISE.EXE
    + 1999-06-25 18:55:30 149,504 ----a-w c:\winnt\system32\Macromed\Shockwave 10\UNWISE.EXE
    - 2004-08-04 07:56:50 72,704 ----a-w c:\winnt\system32\magnify.exe
    + 2008-04-14 00:12:24 72,704 ----a-w c:\winnt\system32\magnify.exe
    - 2004-08-04 07:56:50 85,504 ----a-w c:\winnt\system32\makecab.exe
    + 2008-04-14 00:12:25 57,344 ----a-w c:\winnt\system32\makecab.exe
    - 2004-08-04 07:56:42 14,848 ----a-w c:\winnt\system32\mcastmib.dll
    + 2008-04-14 00:11:56 14,336 ----a-w c:\winnt\system32\mcastmib.dll
    + 2003-03-31 12:00:00 73,376 ----a-w c:\winnt\system32\mciavi.drv
    - 2004-08-04 07:56:42 84,480 ----a-w c:\winnt\system32\mciavi32.dll
    + 2008-04-14 00:11:56 84,480 ----a-w c:\winnt\system32\mciavi32.dll
    - 2004-08-04 07:56:42 35,328 ----a-w c:\winnt\system32\mciqtz32.dll
    + 2008-04-14 00:11:56 35,328 ----a-w c:\winnt\system32\mciqtz32.dll
    - 2004-08-04 07:56:42 23,040 ----a-w c:\winnt\system32\mciseq.dll
    + 2008-04-14 00:11:56 23,040 ----a-w c:\winnt\system32\mciseq.dll
    + 2003-03-31 12:00:00 25,264 ----a-w c:\winnt\system32\mciseq.drv
    - 2004-08-04 07:56:42 23,552 ----a-w c:\winnt\system32\mciwave.dll
    + 2008-04-14 00:11:56 23,552 ----a-w c:\winnt\system32\mciwave.dll
    + 2003-03-31 12:00:00 28,160 ----a-w c:\winnt\system32\mciwave.drv
    - 2004-08-04 07:56:42 118,272 ----a-w c:\winnt\system32\mdminst.dll
    + 2008-04-14 00:11:56 118,272 ----a-w c:\winnt\system32\mdminst.dll
    - 2004-08-04 07:56:42 86,016 ----a-w c:\winnt\system32\mdmxsdk.dll
    + 2008-04-14 00:11:56 86,016 ----a-w c:\winnt\system32\mdmxsdk.dll
    - 2007-03-08 15:36:28 40,960 ----a-w c:\winnt\system32\mf3216.dll
    + 2008-04-14 00:11:56 40,960 ----a-w c:\winnt\system32\mf3216.dll
    - 2006-11-01 19:17:45 927,504 ----a-w c:\winnt\system32\mfc40u.dll
    + 2008-04-14 00:11:56 927,504 ----a-w c:\winnt\system32\mfc40u.dll
    - 2004-08-04 07:56:42 1,028,096 ----a-w c:\winnt\system32\mfc42.dll
    + 2008-04-14 00:11:56 1,028,096 ----a-w c:\winnt\system32\mfc42.dll
    - 2004-08-04 07:56:42 22,528 ----a-w c:\winnt\system32\mfcsubs.dll
    + 2008-04-14 00:11:56 22,528 ----a-w c:\winnt\system32\mfcsubs.dll
    - 2004-08-04 07:56:42 14,848 ----a-w c:\winnt\system32\mgmtapi.dll
    + 2008-04-14 00:11:56 14,848 ----a-w c:\winnt\system32\mgmtapi.dll
    + 2008-04-14 00:11:57 184,320 ------w c:\winnt\system32\microsoft.managementconsole.dll
    - 2004-08-04 07:56:42 18,944 ----a-w c:\winnt\system32\midimap.dll
    + 2008-04-14 00:11:57 18,944 ----a-w c:\winnt\system32\midimap.dll
    - 2004-08-04 07:56:42 60,928 ----a-w c:\winnt\system32\miglibnt.dll
    + 2008-04-14 00:11:57 60,928 ----a-w c:\winnt\system32\miglibnt.dll
    + 2007-10-09 21:03:14 1,986,072 ----a-w c:\winnt\system32\milcore.dll
    - 2003-03-31 12:00:00 18,944 ----a-w c:\winnt\system32\mimefilt.dll
    + 2008-04-14 00:11:57 29,696 ----a-w c:\winnt\system32\mimefilt.dll
    - 2004-08-04 07:56:42 586,240 ----a-w c:\winnt\system32\mlang.dll
    + 2008-04-14 00:11:57 586,240 ----a-w c:\winnt\system32\mlang.dll
    - 2004-08-04 07:56:51 815,104 ----a-w c:\winnt\system32\mmc.exe
    + 2008-04-14 00:12:25 1,414,656 ----a-w c:\winnt\system32\mmc.exe
    - 2004-08-04 07:56:42 70,656 ----a-w c:\winnt\system32\mmcbase.dll
    + 2008-04-14 00:11:57 163,328 ----a-w c:\winnt\system32\mmcbase.dll
    + 2008-04-14 00:11:57 397,312 ------w c:\winnt\system32\mmcex.dll
    + 2008-04-14 00:11:57 106,496 ------w c:\winnt\system32\mmcfxcommon.dll
    - 2004-08-04 07:56:42 1,192,960 ----a-w c:\winnt\system32\mmcndmgr.dll
    + 2008-04-14 00:11:57 1,872,896 ----a-w c:\winnt\system32\mmcndmgr.dll
    + 2008-04-14 00:12:25 33,792 ------w c:\winnt\system32\mmcperf.exe
    - 2004-08-04 07:56:42 50,688 ----a-w c:\winnt\system32\mmcshext.dll
    + 2008-04-14 00:11:57 61,440 ----a-w c:\winnt\system32\mmcshext.dll
    - 2004-08-04 07:56:42 17,408 ----a-w c:\winnt\system32\mmfutil.dll
    + 2008-04-14 00:11:57 17,408 ----a-w c:\winnt\system32\mmfutil.dll
    - 2004-08-04 07:56:42 34,560 ----a-w c:\winnt\system32\mnmdd.dll
    + 2008-04-14 00:11:57 34,560 ----a-w c:\winnt\system32\mnmdd.dll
    - 2004-08-04 07:56:51 32,768 ----a-w c:\winnt\system32\mnmsrvc.exe
    + 2008-04-14 00:12:25 32,768 ----a-w c:\winnt\system32\mnmsrvc.exe
    - 2004-08-04 07:56:42 207,360 ----a-w c:\winnt\system32\mobsync.dll
    + 2008-04-14 00:11:57 207,360 ----a-w c:\winnt\system32\mobsync.dll
    - 2004-08-04 07:56:51 143,360 ----a-w c:\winnt\system32\mobsync.exe
    + 2008-04-14 00:12:26 143,360 ----a-w c:\winnt\system32\mobsync.exe
    - 2004-08-04 07:56:42 153,600 ----a-w c:\winnt\system32\modemui.dll
    + 2008-04-14 00:11:57 153,600 ----a-w c:\winnt\system32\modemui.dll
    - 2003-03-31 12:00:00 15,872 ----a-w c:\winnt\system32\more.com
    + 2008-04-14 00:12:42 16,896 ----a-w c:\winnt\system32\more.com
    - 2004-08-04 07:56:11 216,064 ----a-w c:\winnt\system32\moricons.dll
    + 2008-04-13 16:45:30 216,064 ----a-w c:\winnt\system32\moricons.dll
    + 2003-03-31 12:00:00 2,032 ----a-w c:\winnt\system32\mouse.drv
    - 2004-08-04 07:56:52 123,392 ----a-w c:\winnt\system32\mplay32.exe
    + 2008-04-14 00:12:27 123,392 ----a-w c:\winnt\system32\mplay32.exe
    - 2004-08-04 07:56:42 59,904 ----a-w c:\winnt\system32\mpr.dll
    + 2008-04-14 00:11:57 59,904 ----a-w c:\winnt\system32\mpr.dll
    - 2004-08-04 07:56:42 87,040 ----a-w c:\winnt\system32\mprapi.dll
    + 2008-04-14 00:11:57 87,040 ----a-w c:\winnt\system32\mprapi.dll
    - 2003-03-31 12:00:00 49,152 ----a-w c:\winnt\system32\mprdim.dll
    + 2008-04-14 00:11:57 53,248 ----a-w c:\winnt\system32\mprdim.dll
    - 2007-11-02 07:12:57 18,238,072 ----a-w c:\winnt\system32\MRT.exe
    + 2009-02-25 20:54:59 24,768,960 ----a-w c:\winnt\system32\MRT.exe
    - 2004-08-04 07:56:42 71,680 ----a-w c:\winnt\system32\msacm32.dll
    + 2008-04-14 00:11:58 71,680 ----a-w c:\winnt\system32\msacm32.dll
    + 2003-03-31 12:00:00 20,480 ----a-w c:\winnt\system32\msacm32.drv
    - 2004-08-04 07:56:12 3,584 ----a-w c:\winnt\system32\msafd.dll
    + 2008-04-14 00:10:06 3,584 ----a-w c:\winnt\system32\msafd.dll
    - 2004-08-04 07:56:42 86,016 ----a-w c:\winnt\system32\msapsspc.dll
    + 2008-04-14 00:11:58 86,016 ----a-w c:\winnt\system32\msapsspc.dll
    - 2004-08-04 07:56:42 57,344 ----a-w c:\winnt\system32\msasn1.dll
    + 2008-04-14 00:11:58 57,344 ----a-w c:\winnt\system32\msasn1.dll
    - 2005-06-29 01:46:00 74,240 ----a-w c:\winnt\system32\mscms.dll
    + 2008-06-24 16:43:16 74,240 ----a-w c:\winnt\system32\mscms.dll
    - 2004-08-04 07:56:42 69,632 ----a-w c:\winnt\system32\msconf.dll
    + 2008-04-14 00:11:58 69,632 ----a-w c:\winnt\system32\msconf.dll
    - 2007-04-13 10:21:14 271,360 ----a-w c:\winnt\system32\mscoree.dll
    + 2007-10-24 09:47:38 282,112 ----a-w c:\winnt\system32\mscoree.dll
    - 2005-09-23 15:28:52 150,016 ----a-w c:\winnt\system32\mscorier.dll
    + 2007-10-24 09:47:38 158,720 ----a-w c:\winnt\system32\mscorier.dll
    - 2005-09-23 15:28:52 74,240 ----a-w c:\winnt\system32\mscories.dll
    + 2007-10-24 09:47:38 84,480 ----a-w c:\winnt\system32\mscories.dll
    - 2004-08-04 07:56:12 12,288 ----a-w c:\winnt\system32\mscpx32r.dll
    + 2008-04-13 17:26:07 12,288 ----a-w c:\winnt\system32\mscpx32r.dll
    - 2004-08-04 07:56:42 36,864 ----a-w c:\winnt\system32\mscpxl32.dll
    + 2008-04-14 00:11:58 36,864 ----a-w c:\winnt\system32\mscpxl32.dll
    - 2004-08-04 07:56:42 294,400 ----a-w c:\winnt\system32\msctf.dll
    + 2008-04-14 00:11:58 297,984 ----a-w c:\winnt\system32\msctf.dll
    - 2004-08-04 07:56:42 69,120 ----a-w c:\winnt\system32\msctfp.dll
    + 2008-04-14 00:11:58 68,608 ----a-w c:\winnt\system32\msctfp.dll
    - 2004-08-04 07:56:42 118,784 ----a-w c:\winnt\system32\msdadiag.dll
    + 2008-04-14 00:11:58 118,784 ----a-w c:\winnt\system32\msdadiag.dll
    - 2004-08-04 07:56:43 151,552 ----a-w c:\winnt\system32\msdart.dll
    + 2008-04-14 00:11:59 151,552 ----a-w c:\winnt\system32\msdart.dll
    - 2004-08-04 07:56:43 14,336 ----a-w c:\winnt\system32\msdmo.dll
    + 2008-04-14 00:11:59 14,336 ----a-w c:\winnt\system32\msdmo.dll
    - 2004-08-04 07:56:53 6,144 ----a-w c:\winnt\system32\msdtc.exe
    + 2008-04-14 00:12:27 6,144 ----a-w c:\winnt\system32\msdtc.exe
    - 2004-08-04 07:56:43 58,880 ----a-w c:\winnt\system32\msdtclog.dll
    + 2008-04-14 00:11:59 58,880 ----a-w c:\winnt\system32\msdtclog.dll
    - 2006-03-01 19:42:42 426,496 ----a-w c:\winnt\system32\msdtcprx.dll
    + 2008-04-14 00:11:59 427,008 ----a-w c:\winnt\system32\msdtcprx.dll
    - 2006-03-01 19:42:42 956,416 ----a-w c:\winnt\system32\msdtctm.dll
    + 2008-04-14 00:11:59 956,928 ----a-w c:\winnt\system32\msdtctm.dll
    - 2006-03-01 19:42:42 161,280 ----a-w c:\winnt\system32\msdtcuiu.dll
    + 2008-04-14 00:11:59 161,792 ----a-w c:\winnt\system32\msdtcuiu.dll
    - 2004-08-04 07:56:13 4,126 ----a-w c:\winnt\system32\msdxmlc.dll
    + 2008-04-14 00:10:08 4,126 ----a-w c:\winnt\system32\msdxmlc.dll
    - 2004-08-04 07:56:43 512,029 ----a-w c:\winnt\system32\msexch40.dll
    + 2008-03-25 04:50:28 518,944 ----a-w c:\winnt\system32\msexch40.dll
    - 2004-08-04 07:56:43 319,517 ----a-w c:\winnt\system32\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 ----a-w c:\winnt\system32\msexcl40.dll
    - 2007-08-20 10:04:39 459,264 ----a-w c:\winnt\system32\msfeeds.dll
    + 2008-12-20 23:15:23 459,264 ----a-w c:\winnt\system32\msfeeds.dll
    - 2007-08-20 10:04:39 52,224 ----a-w c:\winnt\system32\msfeedsbs.dll
    + 2008-12-20 23:15:24 52,224 ----a-w c:\winnt\system32\msfeedsbs.dll
    - 2006-11-27 14:54:06 539,136 ----a-w c:\winnt\system32\msftedit.dll
    + 2008-04-14 00:11:59 539,136 ----a-w c:\winnt\system32\msftedit.dll
    - 2004-08-04 07:56:43 994,304 ----a-w c:\winnt\system32\msgina.dll
    + 2008-04-14 00:11:59 997,376 ----a-w c:\winnt\system32\msgina.dll
    - 2004-08-04 07:56:43 33,792 ----a-w c:\winnt\system32\msgsvc.dll
    + 2008-04-14 00:11:59 33,792 ----a-w c:\winnt\system32\msgsvc.dll
    + 2008-04-14 00:12:45 188,416 ----a-w c:\winnt\system32\msh261.drv
    + 2008-04-14 00:12:45 294,912 ----a-w c:\winnt\system32\msh263.drv
    - 2007-08-20 10:04:41 3,584,512 ----a-w c:\winnt\system32\mshtml.dll
    + 2009-01-17 05:35:14 3,594,752 ----a-w c:\winnt\system32\mshtml.dll
    - 2007-08-20 10:04:41 477,696 ----a-w c:\winnt\system32\mshtmled.dll
    + 2008-12-20 23:15:30 477,696 ----a-w c:\winnt\system32\mshtmled.dll
    - 2007-04-18 16:12:23 2,854,400 ----a-w c:\winnt\system32\msi.dll
    + 2008-04-14 00:11:59 2,843,136 ----a-w c:\winnt\system32\msi.dll
    - 2004-08-04 07:56:43 51,712 ----a-w c:\winnt\system32\msident.dll
    + 2008-04-14 00:11:59 51,712 ----a-w c:\winnt\system32\msident.dll
    - 2004-08-04 07:56:43 6,656 ----a-w c:\winnt\system32\msidle.dll
    + 2008-04-14 00:11:59 6,656 ----a-w c:\winnt\system32\msidle.dll
    - 2004-08-04 07:56:43 248,832 ----a-w c:\winnt\system32\msieftp.dll
    + 2008-04-14 00:11:59 248,832 ----a-w c:\winnt\system32\msieftp.dll
    - 2005-03-21 22:00:22 78,848 ----a-w c:\winnt\system32\msiexec.exe
    + 2008-04-14 00:12:28 78,848 ----a-w c:\winnt\system32\msiexec.exe
    - 2005-03-21 22:00:22 271,360 ----a-w c:\winnt\system32\msihnd.dll
    + 2008-04-14 00:11:59 271,360 ----a-w c:\winnt\system32\msihnd.dll
    - 2004-08-04 07:56:43 4,608 ----a-w c:\winnt\system32\msimg32.dll
    + 2008-04-14 00:11:59 4,608 ----a-w c:\winnt\system32\msimg32.dll
    - 2005-03-21 22:00:22 884,736 ----a-w c:\winnt\system32\msimsg.dll
    + 2008-04-13 15:39:43 884,736 ----a-w c:\winnt\system32\msimsg.dll
    - 2004-08-04 07:56:43 159,232 ----a-w c:\winnt\system32\msimtf.dll
    + 2008-04-14 00:11:59 159,232 ----a-w c:\winnt\system32\msimtf.dll
    - 2005-03-21 22:00:22 15,360 ----a-w c:\winnt\system32\msisip.dll
    + 2008-04-14 00:11:59 15,360 ----a-w c:\winnt\system32\msisip.dll
    + 1999-08-05 03:17:18 1,050,384 ----a-w c:\winnt\system32\msjet35.dll
    - 2004-08-04 07:56:43 1,507,356 ----a-w c:\winnt\system32\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 ------w c:\winnt\system32\msjet40.dll
    - 2004-03-01 18:52:15 358,976 ----a-w c:\winnt\system32\msjetoledb40.dll
    + 2008-03-25 04:50:40 355,112 ------w c:\winnt\system32\msjetoledb40.dll
    + 1998-04-24 08:00:00 123,664 ----a-w c:\winnt\system32\msjint35.dll
    - 2004-08-04 07:56:43 151,583 ----a-w c:\winnt\system32\msjint40.dll
    + 2008-04-14 00:12:00 151,583 ------w c:\winnt\system32\msjint40.dll
    + 2000-06-13 08:00:00 1,234,704 ----a-w c:\winnt\system32\MSJT4JLT.DLL
    + 1998-04-24 08:00:00 24,848 ----a-w c:\winnt\system32\msjter35.dll
    - 2004-08-04 07:56:43 53,279 ----a-w c:\winnt\system32\msjter40.dll
    + 2008-03-25 04:50:42 60,192 ------w c:\winnt\system32\msjter40.dll
    - 2004-08-04 07:56:43 241,693 ----a-w c:\winnt\system32\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 ------w c:\winnt\system32\msjtes40.dll
    - 2004-08-04 07:56:43 25,088 ----a-w c:\winnt\system32\mslbui.dll
    + 2008-04-14 00:12:00 25,088 ----a-w c:\winnt\system32\mslbui.dll
    - 2004-08-04 07:56:43 213,023 ----a-w c:\winnt\system32\msltus40.dll
    + 2008-03-25 04:50:44 219,936 ------w c:\winnt\system32\msltus40.dll
    - 2004-08-04 07:56:43 290,816 ----a-w c:\winnt\system32\msnsspc.dll
    + 2008-04-14 00:12:00 290,816 ----a-w c:\winnt\system32\msnsspc.dll
    - 2004-08-04 07:56:43 252,928 ----a-w c:\winnt\system32\msoeacct.dll
    + 2008-04-14 00:12:00 252,928 ----a-w c:\winnt\system32\msoeacct.dll
    - 2004-08-04 07:56:43 105,984 ----a-w c:\winnt\system32\msoert2.dll
    + 2008-04-14 00:12:00 105,984 ----a-w c:\winnt\system32\msoert2.dll
    - 2004-08-04 07:56:18 20,480 ----a-w c:\winnt\system32\msorc32r.dll
    + 2008-04-13 17:24:14 20,480 ----a-w c:\winnt\system32\msorc32r.dll
    - 2004-08-04 07:56:43 143,360 ----a-w c:\winnt\system32\msorcl32.dll
    + 2008-04-14 00:12:00 143,360 ----a-w c:\winnt\system32\msorcl32.dll
    - 2004-08-04 07:56:53 343,040 ----a-w c:\winnt\system32\mspaint.exe
    + 2008-04-14 00:12:28 343,040 ----a-w c:\winnt\system32\mspaint.exe
    - 2004-08-04 07:56:43 30,208 ----a-w c:\winnt\system32\mspatcha.dll
    + 2008-04-14 00:12:00 29,696 ----a-w c:\winnt\system32\mspatcha.dll
    - 2004-08-04 07:56:43 348,189 ----a-w c:\winnt\system32\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 ----a-w c:\winnt\system32\mspbde40.dll
    - 2004-08-04 07:56:18 48,128 ----a-w c:\winnt\system32\msprivs.dll
    + 2008-04-13 16:23:31 48,128 ----a-w c:\winnt\system32\msprivs.dll
    - 2007-08-20 10:04:41 193,024 ----a-w c:\winnt\system32\msrating.dll
    + 2008-12-20 23:15:31 193,024 ----a-w c:\winnt\system32\msrating.dll
    + 1998-04-24 08:00:00 252,176 ----a-w c:\winnt\system32\msrd2x35.dll
    - 2004-08-04 07:56:43 421,919 ----a-w c:\winnt\system32\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 ----a-w c:\winnt\system32\msrd2x40.dll
    - 2004-08-04 07:56:43 315,423 ----a-w c:\winnt\system32\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 ----a-w c:\winnt\system32\msrd3x40.dll
    + 1999-04-24 05:22:00 430,080 ----a-w c:\winnt\system32\MSREPL35.DLL
    - 2004-08-04 07:56:43 552,989 ----a-w c:\winnt\system32\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 ----a-w c:\winnt\system32\msrepl40.dll
    - 2004-08-04 07:56:43 11,264 ----a-w c:\winnt\system32\msrle32.dll
    + 2008-04-14 00:12:00 11,264 ----a-w c:\winnt\system32\msrle32.dll
    - 2004-08-04 07:56:43 134,656 ----a-w c:\winnt\system32\mssap.dll
    + 2008-04-14 00:12:00 134,656 ----a-w c:\winnt\system32\mssap.dll
    + 2008-04-14 00:12:00 155,136 ------w c:\winnt\system32\mssha.dll
    + 2008-04-13 18:14:58 76,800 ------w c:\winnt\system32\msshavmsg.dll
    + 2004-02-23 07:00:00 119,808 ----a-w c:\winnt\system32\MSSTDFMT.DLL
    - 2004-08-04 07:56:43 274,944 ----a-w c:\winnt\system32\mstask.dll
    + 2008-04-14 00:12:00 274,944 ----a-w c:\winnt\system32\mstask.dll
    - 2004-08-04 07:56:43 258,077 ----a-w c:\winnt\system32\mstext40.dll
    + 2008-03-25 04:50:55 264,992 ----a-w c:\winnt\system32\mstext40.dll
    - 2007-08-20 10:04:42 671,232 ----a-w c:\winnt\system32\mstime.dll
    + 2008-12-20 23:15:32 671,232 ----a-w c:\winnt\system32\mstime.dll
    - 2004-08-04 07:56:53 12,288 ----a-w c:\winnt\system32\mstinit.exe
    + 2008-04-14 00:12:29 12,288 ----a-w c:\winnt\system32\mstinit.exe
    - 2004-08-04 07:56:43 115,712 ----a-w c:\winnt\system32\mstlsapi.dll
    + 2008-04-14 00:12:00 116,224 ----a-w c:\winnt\system32\mstlsapi.dll
    - 2004-08-04 05:59:40 407,552 ----a-w c:\winnt\system32\mstsc.exe
    + 2008-04-14 00:12:23 677,888 ----a-w c:\winnt\system32\mstsc.exe
    - 2004-08-04 05:59:43 655,360 ----a-w c:\winnt\system32\mstscax.dll
    + 2008-04-14 00:11:56 2,061,824 ----a-w c:\winnt\system32\mstscax.dll
    - 2004-08-04 07:56:43 195,072 ----a-w c:\winnt\system32\msutb.dll
    + 2008-04-14 00:12:00 195,072 ----a-w c:\winnt\system32\msutb.dll
    - 2004-08-04 07:56:43 129,536 ----a-w c:\winnt\system32\msv1_0.dll
    + 2008-04-14 00:12:00 132,608 ----a-w c:\winnt\system32\msv1_0.dll
    - 2003-11-28 17:19:58 1,347,344 ----a-w c:\winnt\system32\Msvbvm50.dll
    + 2004-03-20 01:40:10 1,355,776 ----a-w c:\winnt\system32\Msvbvm50.dll
    - 2004-08-04 07:56:43 1,392,671 ----a-w c:\winnt\system32\msvbvm60.dll
    + 2008-04-14 00:12:00 1,384,479 ------w c:\winnt\system32\msvbvm60.dll
    - 2004-08-04 07:56:43 54,784 ----a-w c:\winnt\system32\msvcirt.dll
    + 2008-04-14 00:12:01 57,344 ----a-w c:\winnt\system32\msvcirt.dll
    - 2004-08-04 07:56:43 413,696 ----a-w c:\winnt\system32\msvcp60.dll
    + 2008-04-14 00:12:01 413,696 ----a-w c:\winnt\system32\msvcp60.dll
    - 2003-03-19 03:14:52 499,712 ----a-w c:\winnt\system32\msvcp71.dll
    + 2008-09-25 01:23:22 499,712 ----a-w c:\winnt\system32\msvcp71.dll
    - 2004-08-04 07:56:43 343,040 ----a-w c:\winnt\system32\msvcrt.dll
    + 2008-04-14 00:12:01 343,040 ----a-w c:\winnt\system32\msvcrt.dll
    - 2004-08-04 05:58:25 61,440 ----a-w c:\winnt\system32\msvcrt40.dll
    + 2008-04-13 18:30:46 61,440 ----a-w c:\winnt\system32\msvcrt40.dll
    - 2004-08-04 07:56:43 120,832 ----a-w c:\winnt\system32\msvfw32.dll
    + 2008-04-14 00:12:01 121,344 ----a-w c:\winnt\system32\msvfw32.dll
    - 2004-08-04 07:56:43 1,428,480 ----a-w c:\winnt\system32\msvidctl.dll
    + 2008-04-14 00:12:01 1,428,992 ----a-w c:\winnt\system32\msvidctl.dll
  7. 2009-03-24, 00:28 #27
    RallyReal
    RallyReal is offline
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Combofix Cont.

    - 2004-08-04 07:56:43 72,704 ----a-w c:\winnt\system32\msw3prt.dll
    + 2008-04-14 00:12:01 72,704 ----a-w c:\winnt\system32\msw3prt.dll
    - 2004-08-04 07:56:44 831,519 ----a-w c:\winnt\system32\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 ----a-w c:\winnt\system32\mswdat10.dll
    - 2004-08-04 07:56:44 204,288 ----a-w c:\winnt\system32\mswebdvd.dll
    + 2008-04-14 00:12:01 203,776 ----a-w c:\winnt\system32\mswebdvd.dll
    - 2004-08-04 07:56:44 245,248 ----a-w c:\winnt\system32\mswsock.dll
    + 2008-06-20 17:46:57 245,248 ----a-w c:\winnt\system32\mswsock.dll
    - 2004-08-04 07:56:44 614,429 ----a-w c:\winnt\system32\mswstr10.dll
    + 2008-03-25 04:50:58 621,344 ----a-w c:\winnt\system32\mswstr10.dll
    - 2004-08-04 07:56:44 348,189 ----a-w c:\winnt\system32\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 ----a-w c:\winnt\system32\msxbde40.dll
    - 2004-08-04 07:56:44 506,368 ----a-w c:\winnt\system32\msxml.dll
    + 2008-04-14 00:12:01 506,368 ----a-w c:\winnt\system32\msxml.dll
    - 2004-08-04 07:56:44 701,440 ----a-w c:\winnt\system32\msxml2.dll
    + 2008-04-14 00:12:01 701,440 ----a-w c:\winnt\system32\msxml2.dll
    - 2007-06-26 06:08:16 1,104,896 ----a-w c:\winnt\system32\msxml3.dll
    + 2008-09-04 17:15:04 1,106,944 ----a-w c:\winnt\system32\msxml3.dll
    + 2008-09-10 01:14:56 1,307,648 ----a-w c:\winnt\system32\msxml6.dll
    + 2008-04-13 17:27:18 79,872 ----a-w c:\winnt\system32\msxml6r.dll
    - 2004-08-04 07:56:44 17,408 ----a-w c:\winnt\system32\msyuv.dll
    + 2008-04-14 00:12:01 16,896 ----a-w c:\winnt\system32\msyuv.dll
    - 2006-03-01 19:42:42 66,560 ----a-w c:\winnt\system32\mtxclu.dll
    + 2008-04-14 00:12:01 66,560 ----a-w c:\winnt\system32\mtxclu.dll
    - 2003-03-31 12:00:00 20,480 ----a-w c:\winnt\system32\mtxdm.dll
    + 2008-04-14 00:12:01 30,720 ----a-w c:\winnt\system32\mtxdm.dll
    - 2003-03-31 12:00:00 4,096 ----a-w c:\winnt\system32\mtxex.dll
    + 2008-04-14 00:12:01 4,096 ----a-w c:\winnt\system32\mtxex.dll
    - 2003-03-31 12:00:00 25,088 ----a-w c:\winnt\system32\mtxlegih.dll
    + 2008-04-14 00:12:01 34,304 ----a-w c:\winnt\system32\mtxlegih.dll
    - 2006-03-01 19:42:42 91,136 ----a-w c:\winnt\system32\mtxoci.dll
    + 2008-04-14 00:12:01 91,648 ----a-w c:\winnt\system32\mtxoci.dll
    - 2004-08-04 07:56:44 1,737,856 ----a-w c:\winnt\system32\mtxparhd.dll
    + 2008-04-14 00:12:01 1,737,856 ----a-w c:\winnt\system32\mtxparhd.dll
    - 2007-07-31 02:19:10 271,224 ----a-w c:\winnt\system32\mucltui.dll
    + 2008-10-16 22:06:48 268,648 ----a-w c:\winnt\system32\mucltui.dll
    - 2006-12-22 20:02:36 6,144 ----a-w c:\winnt\system32\mui\0409\mscorees.dll
    + 2007-10-24 09:47:44 15,360 ----a-w c:\winnt\system32\mui\0409\mscorees.dll
    - 2004-08-04 07:56:22 405,504 ----a-w c:\winnt\system32\mui\041b\xpob2res.dll
    + 2008-04-13 18:40:52 405,504 ----a-w c:\winnt\system32\mui\041b\xpob2res.dll
    - 2004-08-04 07:56:29 193,024 ----a-w c:\winnt\system32\mui\041b\xpsp1res.dll
    + 2008-04-13 18:35:28 192,512 ----a-w c:\winnt\system32\mui\041b\xpsp1res.dll
    - 2004-08-04 07:56:29 757,248 ----a-w c:\winnt\system32\mui\041b\xpsp2res.dll
    + 2008-04-13 18:38:37 757,248 ----a-w c:\winnt\system32\mui\041b\xpsp2res.dll
    + 2008-04-13 18:40:04 577,536 ------w c:\winnt\system32\mui\041b\xpsp3res.dll
    - 2004-08-04 07:56:36 187,392 ----a-w c:\winnt\system32\mui\041e\xpsp1res.dll
    + 2008-04-13 17:39:22 187,392 ----a-w c:\winnt\system32\mui\041e\xpsp1res.dll
    - 2004-08-04 07:56:36 2,897,920 ----a-w c:\winnt\system32\mui\041e\xpsp2res.dll
    + 2008-04-13 17:39:24 2,897,920 ----a-w c:\winnt\system32\mui\041e\xpsp2res.dll
    - 2004-08-04 07:56:22 408,576 ----a-w c:\winnt\system32\mui\0424\xpob2res.dll
    + 2008-04-13 18:40:56 408,576 ----a-w c:\winnt\system32\mui\0424\xpob2res.dll
    - 2004-08-04 07:56:29 192,512 ----a-w c:\winnt\system32\mui\0424\xpsp1res.dll
    + 2008-04-13 18:35:28 192,512 ----a-w c:\winnt\system32\mui\0424\xpsp1res.dll
    - 2004-08-04 07:56:30 732,160 ----a-w c:\winnt\system32\mui\0424\xpsp2res.dll
    + 2008-04-13 18:38:36 732,160 ----a-w c:\winnt\system32\mui\0424\xpsp2res.dll
    + 2008-04-13 18:40:05 576,512 ------w c:\winnt\system32\mui\0424\xpsp3res.dll
    - 2007-07-31 02:19:04 207,736 ----a-w c:\winnt\system32\muweb.dll
    + 2008-10-16 22:06:48 208,744 ----a-w c:\winnt\system32\muweb.dll
    - 2004-08-04 07:56:44 90,624 ----a-w c:\winnt\system32\mydocs.dll
    + 2008-04-14 00:12:01 90,624 ----a-w c:\winnt\system32\mydocs.dll
    + 2008-04-14 00:12:01 30,208 ------w c:\winnt\system32\napipsec.dll
    + 2008-04-14 00:12:01 193,024 ------w c:\winnt\system32\napmontr.dll
    + 2008-04-14 00:12:29 176,640 ------w c:\winnt\system32\napstat.exe
    - 2004-08-04 07:56:54 53,760 ----a-w c:\winnt\system32\narrator.exe
    + 2008-04-14 00:12:29 53,760 ----a-w c:\winnt\system32\narrator.exe
    - 2004-08-04 07:56:44 36,352 ----a-w c:\winnt\system32\ncobjapi.dll
    + 2008-04-14 00:12:01 36,352 ----a-w c:\winnt\system32\ncobjapi.dll
    - 2004-08-04 07:56:44 17,920 ----a-w c:\winnt\system32\nddeapi.dll
    + 2008-04-14 00:12:01 17,920 ----a-w c:\winnt\system32\nddeapi.dll
    - 2004-08-04 07:56:54 4,096 ----a-w c:\winnt\system32\nddeapir.exe
    + 2008-04-14 00:12:29 4,096 ----a-w c:\winnt\system32\nddeapir.exe
    - 2004-08-04 07:56:44 18,944 ----a-w c:\winnt\system32\nddenb32.dll
    + 2008-04-14 00:12:01 18,944 ----a-w c:\winnt\system32\nddenb32.dll
    - 2004-08-04 07:56:54 42,496 ----a-w c:\winnt\system32\net.exe
    + 2008-04-14 00:12:29 42,496 ----a-w c:\winnt\system32\net.exe
    - 2004-08-04 07:56:54 124,928 ----a-w c:\winnt\system32\net1.exe
    + 2008-04-14 00:12:29 124,928 ----a-w c:\winnt\system32\net1.exe
    - 2006-08-17 12:28:27 332,288 ----a-w c:\winnt\system32\netapi32.dll
    + 2008-10-15 16:34:24 337,408 ----a-w c:\winnt\system32\netapi32.dll
    - 2004-08-04 07:56:44 622,080 ----a-w c:\winnt\system32\netcfgx.dll
    + 2008-04-14 00:12:01 622,592 ----a-w c:\winnt\system32\netcfgx.dll
    - 2004-08-04 07:56:54 111,104 ----a-w c:\winnt\system32\netdde.exe
    + 2008-04-14 00:12:29 111,104 ----a-w c:\winnt\system32\netdde.exe
    - 2004-08-04 07:56:44 139,264 ----a-w c:\winnt\system32\netid.dll
    + 2008-04-14 00:12:01 139,264 ----a-w c:\winnt\system32\netid.dll
    - 2004-08-04 07:56:44 407,040 ----a-w c:\winnt\system32\netlogon.dll
    + 2008-04-14 00:12:01 407,040 ----a-w c:\winnt\system32\netlogon.dll
    - 2005-08-22 18:29:46 197,632 ----a-w c:\winnt\system32\netman.dll
    + 2008-04-14 00:12:01 198,144 ----a-w c:\winnt\system32\netman.dll
    - 2004-08-04 07:56:44 875,008 ----a-w c:\winnt\system32\netplwiz.dll
    + 2008-04-14 00:12:01 875,008 ----a-w c:\winnt\system32\netplwiz.dll
    - 2004-08-04 07:56:44 12,288 ----a-w c:\winnt\system32\netrap.dll
    + 2008-04-14 00:12:01 11,776 ----a-w c:\winnt\system32\netrap.dll
    - 2004-08-04 08:02:44 329,728 ----a-w c:\winnt\system32\netsetup.exe
    + 2008-04-14 00:16:51 329,728 ----a-w c:\winnt\system32\netsetup.exe
    - 2004-08-04 07:56:54 86,016 ----a-w c:\winnt\system32\netsh.exe
    + 2008-04-14 00:12:29 86,016 ----a-w c:\winnt\system32\netsh.exe
    - 2004-08-04 07:56:44 1,708,032 ----a-w c:\winnt\system32\netshell.dll
    + 2008-04-14 00:12:02 1,703,936 ----a-w c:\winnt\system32\netshell.dll
    - 2004-08-04 07:56:54 36,864 ----a-w c:\winnt\system32\netstat.exe
    + 2008-04-14 00:12:29 36,864 ----a-w c:\winnt\system32\netstat.exe
    - 2004-08-04 07:56:44 80,896 ----a-w c:\winnt\system32\netui0.dll
    + 2008-04-14 00:12:02 80,896 ----a-w c:\winnt\system32\netui0.dll
    - 2004-08-04 07:56:44 245,760 ----a-w c:\winnt\system32\netui1.dll
    + 2008-04-14 00:12:02 245,760 ----a-w c:\winnt\system32\netui1.dll
    - 2004-08-04 07:56:44 248,832 ----a-w c:\winnt\system32\newdev.dll
    + 2008-04-14 00:12:02 247,808 ----a-w c:\winnt\system32\newdev.dll
    - 2004-08-04 07:56:44 103,936 ----a-w c:\winnt\system32\nlhtml.dll
    + 2008-04-14 00:12:02 98,304 ----a-w c:\winnt\system32\nlhtml.dll
    - 2004-08-04 07:56:44 28,672 ----a-w c:\winnt\system32\nmmkcert.dll
    + 2008-04-14 00:12:02 28,672 ----a-w c:\winnt\system32\nmmkcert.dll
    - 2004-08-04 07:56:54 69,120 ----a-w c:\winnt\system32\notepad.exe
    + 2008-04-14 00:12:29 69,120 ----a-w c:\winnt\system32\notepad.exe
    - 2004-08-04 07:56:44 57,344 ----a-w c:\winnt\system32\npp\ndisnpp.dll
    + 2008-04-14 00:12:01 57,344 ----a-w c:\winnt\system32\npp\ndisnpp.dll
    - 2004-08-04 07:56:54 15,360 ----a-w c:\winnt\system32\npp\nppagent.exe
    + 2008-04-14 00:12:29 15,360 ----a-w c:\winnt\system32\npp\nppagent.exe
    - 2004-08-04 07:56:44 54,784 ----a-w c:\winnt\system32\npptools.dll
    + 2008-04-14 00:12:02 54,784 ----a-w c:\winnt\system32\npptools.dll
    - 2004-08-04 07:56:54 76,800 ----a-w c:\winnt\system32\nslookup.exe
    + 2008-04-14 00:12:29 76,800 ----a-w c:\winnt\system32\nslookup.exe
    - 2004-08-04 07:56:36 708,096 ----a-w c:\winnt\system32\ntdll.dll
    + 2008-04-14 00:11:24 706,048 ----a-w c:\winnt\system32\ntdll.dll
    - 2004-08-04 07:56:44 67,072 ----a-w c:\winnt\system32\ntdsapi.dll
    + 2008-04-14 00:12:02 67,072 ----a-w c:\winnt\system32\ntdsapi.dll
    - 2007-02-28 08:38:57 2,015,744 ----a-w c:\winnt\system32\ntkrnlpa.exe
    + 2008-08-14 09:33:16 2,023,936 ----a-w c:\winnt\system32\ntkrnlpa.exe
    - 2004-08-04 07:56:44 43,520 ----a-w c:\winnt\system32\ntlanman.dll
    + 2008-04-14 00:12:02 44,032 ----a-w c:\winnt\system32\ntlanman.dll
    - 2004-08-04 07:56:44 8,192 ----a-w c:\winnt\system32\ntlsapi.dll
    + 2008-04-14 00:12:02 8,192 ----a-w c:\winnt\system32\ntlsapi.dll
    - 2004-08-04 07:56:44 118,784 ----a-w c:\winnt\system32\ntmarta.dll
    + 2008-04-14 00:12:02 118,784 ----a-w c:\winnt\system32\ntmarta.dll
    - 2004-08-04 07:56:44 40,960 ----a-w c:\winnt\system32\ntmsapi.dll
    + 2008-04-14 00:12:02 40,960 ----a-w c:\winnt\system32\ntmsapi.dll
    - 2004-08-04 07:56:44 179,712 ----a-w c:\winnt\system32\ntmsdba.dll
    + 2008-04-14 00:12:02 179,200 ----a-w c:\winnt\system32\ntmsdba.dll
    - 2004-08-04 07:56:44 488,448 ----a-w c:\winnt\system32\ntmsmgr.dll
    + 2008-04-14 00:12:02 488,448 ----a-w c:\winnt\system32\ntmsmgr.dll
    - 2004-08-04 07:56:44 435,200 ----a-w c:\winnt\system32\ntmssvc.dll
    + 2008-04-14 00:12:02 435,200 ----a-w c:\winnt\system32\ntmssvc.dll
    - 2007-02-28 09:08:48 2,136,064 ----a-w c:\winnt\system32\ntoskrnl.exe
    + 2008-08-14 10:09:26 2,145,280 ----a-w c:\winnt\system32\ntoskrnl.exe
    - 2004-08-04 07:56:44 91,136 ----a-w c:\winnt\system32\ntprint.dll
    + 2008-04-14 00:12:02 91,136 ----a-w c:\winnt\system32\ntprint.dll
    - 2004-08-04 07:56:44 143,872 ----a-w c:\winnt\system32\ntshrui.dll
    + 2008-04-14 00:12:02 143,360 ----a-w c:\winnt\system32\ntshrui.dll
    - 2004-08-04 07:56:54 419,840 ----a-w c:\winnt\system32\ntvdm.exe
    + 2008-04-14 00:12:30 420,864 ----a-w c:\winnt\system32\ntvdm.exe
    - 2003-03-31 12:00:00 13,312 ----a-w c:\winnt\system32\ntvdmd.dll
    + 2008-04-14 00:12:02 15,360 ----a-w c:\winnt\system32\ntvdmd.dll
    - 2004-08-04 07:56:44 4,274,816 ----a-w c:\winnt\system32\nv4_disp.dll
    + 2008-04-14 00:12:02 4,274,816 ----a-w c:\winnt\system32\nv4_disp.dll
    - 2006-10-13 12:35:12 142,336 ----a-w c:\winnt\system32\nwprovau.dll
    + 2008-04-14 00:12:02 142,336 ----a-w c:\winnt\system32\nwprovau.dll
    - 2004-08-04 07:56:44 266,752 ----a-w c:\winnt\system32\oakley.dll
    + 2008-04-14 00:12:02 270,336 ----a-w c:\winnt\system32\oakley.dll
    - 2004-08-04 07:56:44 285,696 ----a-w c:\winnt\system32\objsel.dll
    + 2008-04-14 00:12:02 286,208 ----a-w c:\winnt\system32\objsel.dll
    - 2007-08-20 10:04:42 102,400 ----a-w c:\winnt\system32\occache.dll
    + 2008-12-20 23:15:38 102,912 ----a-w c:\winnt\system32\occache.dll
    - 2003-03-31 12:00:00 60,928 ----a-w c:\winnt\system32\ocmanage.dll
    + 2008-04-14 00:12:02 67,584 ----a-w c:\winnt\system32\ocmanage.dll
    - 2004-08-04 07:56:44 249,856 ----a-w c:\winnt\system32\odbc32.dll
    + 2008-04-14 00:12:02 249,856 ----a-w c:\winnt\system32\odbc32.dll
    - 2004-08-04 07:56:44 16,384 ----a-w c:\winnt\system32\odbc32gt.dll
    + 2008-04-14 00:12:02 16,384 ----a-w c:\winnt\system32\odbc32gt.dll
    - 2004-08-04 07:56:54 32,768 ----a-w c:\winnt\system32\odbcad32.exe
    + 2008-04-14 00:12:30 32,768 ----a-w c:\winnt\system32\odbcad32.exe
    - 2004-08-04 07:56:44 24,576 ----a-w c:\winnt\system32\odbcbcp.dll
    + 2008-04-14 00:12:02 24,576 ----a-w c:\winnt\system32\odbcbcp.dll
    - 2004-08-04 07:56:44 135,168 ----a-w c:\winnt\system32\odbcconf.dll
    + 2008-04-14 00:12:02 135,168 ----a-w c:\winnt\system32\odbcconf.dll
    - 2004-08-04 07:56:54 69,632 ----a-w c:\winnt\system32\odbcconf.exe
    + 2008-04-14 00:12:30 69,632 ----a-w c:\winnt\system32\odbcconf.exe
    - 2004-08-04 07:56:44 106,496 ----a-w c:\winnt\system32\odbccp32.dll
    + 2008-04-14 00:12:02 106,496 ----a-w c:\winnt\system32\odbccp32.dll
    - 2004-08-04 07:56:44 65,536 ----a-w c:\winnt\system32\odbccr32.dll
    + 2008-04-14 00:12:02 65,536 ----a-w c:\winnt\system32\odbccr32.dll
    - 2004-08-04 07:56:44 65,536 ----a-w c:\winnt\system32\odbccu32.dll
    + 2008-04-14 00:12:02 65,536 ----a-w c:\winnt\system32\odbccu32.dll
    - 2004-08-04 07:56:22 94,208 ----a-w c:\winnt\system32\odbcint.dll
    + 2008-04-13 17:26:05 94,208 ----a-w c:\winnt\system32\odbcint.dll
    - 2004-08-04 07:56:22 53,279 ----a-w c:\winnt\system32\odbcji32.dll
    + 2008-04-14 00:10:31 53,279 ----a-w c:\winnt\system32\odbcji32.dll
    - 2004-08-04 07:56:44 278,559 ----a-w c:\winnt\system32\odbcjt32.dll
    + 2008-04-14 00:12:02 278,559 ----a-w c:\winnt\system32\odbcjt32.dll
    - 2004-08-04 07:56:22 12,288 ----a-w c:\winnt\system32\odbcp32r.dll
    + 2008-04-13 17:26:05 12,288 ----a-w c:\winnt\system32\odbcp32r.dll
    - 2004-08-04 07:56:44 147,456 ----a-w c:\winnt\system32\odbctrac.dll
    + 2008-04-14 00:12:02 147,456 ----a-w c:\winnt\system32\odbctrac.dll
    - 2004-08-04 07:56:44 20,511 ----a-w c:\winnt\system32\oddbse32.dll
    + 2008-04-14 00:12:02 20,511 ----a-w c:\winnt\system32\oddbse32.dll
    - 2004-08-04 07:56:44 20,510 ----a-w c:\winnt\system32\odexl32.dll
    + 2008-04-14 00:12:02 20,510 ----a-w c:\winnt\system32\odexl32.dll
    - 2004-08-04 07:56:44 20,510 ----a-w c:\winnt\system32\odfox32.dll
    + 2008-04-14 00:12:02 20,510 ----a-w c:\winnt\system32\odfox32.dll
    - 2004-08-04 07:56:44 20,510 ----a-w c:\winnt\system32\odpdx32.dll
    + 2008-04-14 00:12:02 20,510 ----a-w c:\winnt\system32\odpdx32.dll
    - 2004-08-04 07:56:44 20,511 ----a-w c:\winnt\system32\odtext32.dll
    + 2008-04-14 00:12:02 20,511 ----a-w c:\winnt\system32\odtext32.dll
    - 2004-08-04 07:56:44 120,832 ----a-w c:\winnt\system32\offfilt.dll
    + 2008-04-14 00:12:02 192,000 ----a-w c:\winnt\system32\offfilt.dll
    - 2005-07-26 04:39:48 1,285,120 ----a-w c:\winnt\system32\ole32.dll
    + 2008-04-14 00:12:02 1,287,168 ----a-w c:\winnt\system32\ole32.dll
    - 2007-05-17 11:28:05 549,376 ----a-w c:\winnt\system32\oleaut32.dll
    + 2008-04-14 00:12:02 551,936 ----a-w c:\winnt\system32\oleaut32.dll
    - 2005-07-26 04:39:48 74,752 ----a-w c:\winnt\system32\olecli32.dll
    + 2008-04-14 00:12:02 74,752 ----a-w c:\winnt\system32\olecli32.dll
    - 2005-07-26 04:39:49 37,888 ----a-w c:\winnt\system32\olecnv32.dll
    + 2008-04-14 00:12:02 37,376 ----a-w c:\winnt\system32\olecnv32.dll
    - 2006-10-16 16:15:00 122,880 ----a-w c:\winnt\system32\oledlg.dll
    + 2008-04-14 00:12:02 122,880 ----a-w c:\winnt\system32\oledlg.dll
    - 2004-08-04 07:56:44 107,008 ----a-w c:\winnt\system32\oleprn.dll
    + 2008-04-14 00:12:02 107,008 ----a-w c:\winnt\system32\oleprn.dll
    - 2004-08-04 07:56:44 83,456 ----a-w c:\winnt\system32\olepro32.dll
    + 2008-04-14 00:12:02 84,992 ----a-w c:\winnt\system32\olepro32.dll
    + 2008-04-14 00:12:02 144,384 ------w c:\winnt\system32\onex.dll
    - 2004-08-04 07:56:43 122,368 ----a-w c:\winnt\system32\oobe\msobcomm.dll
    + 2008-04-14 00:12:00 122,368 ----a-w c:\winnt\system32\oobe\msobcomm.dll
    - 2004-08-04 07:56:43 16,384 ----a-w c:\winnt\system32\oobe\msobdl.dll
    + 2008-04-14 00:12:00 16,384 ----a-w c:\winnt\system32\oobe\msobdl.dll
    - 2004-08-04 07:56:43 561,664 ----a-w c:\winnt\system32\oobe\msobmain.dll
    + 2008-04-14 00:12:00 565,248 ----a-w c:\winnt\system32\oobe\msobmain.dll
    - 2004-08-04 07:56:43 30,720 ----a-w c:\winnt\system32\oobe\msobshel.dll
    + 2008-04-14 00:12:00 30,720 ----a-w c:\winnt\system32\oobe\msobshel.dll
    - 2004-08-04 07:56:43 18,944 ----a-w c:\winnt\system32\oobe\msobweb.dll
    + 2008-04-14 00:12:00 19,456 ----a-w c:\winnt\system32\oobe\msobweb.dll
    - 2003-03-31 12:00:00 28,160 ----a-w c:\winnt\system32\oobe\msoobe.exe
    + 2008-04-14 00:12:28 29,184 ----a-w c:\winnt\system32\oobe\msoobe.exe
    - 2004-08-04 07:56:54 51,200 ----a-w c:\winnt\system32\oobe\oobebaln.exe
    + 2008-04-14 00:12:31 51,200 ----a-w c:\winnt\system32\oobe\oobebaln.exe
    - 2004-08-04 07:56:44 713,728 ----a-w c:\winnt\system32\opengl32.dll
    + 2008-04-14 00:12:02 713,728 ----a-w c:\winnt\system32\opengl32.dll
    + 2004-04-20 22:00:00 172,032 ----a-w c:\winnt\system32\OptimFROG.dll
    - 2004-08-04 07:56:55 215,552 ----a-w c:\winnt\system32\osk.exe
    + 2008-04-14 00:12:31 215,552 ----a-w c:\winnt\system32\osk.exe
    - 2004-08-04 07:56:44 67,584 ----a-w c:\winnt\system32\osuninst.dll
    + 2008-04-14 00:12:02 67,584 ----a-w c:\winnt\system32\osuninst.dll
    + 2001-08-18 05:36:28 116,736 ----a-w c:\winnt\system32\OVCodec2.dll
    + 2001-08-18 05:36:28 20,480 ----a-w c:\winnt\system32\OVComC.dll
    + 2001-08-18 05:36:54 39,424 ----a-w c:\winnt\system32\OVComS.exe
    + 2001-08-18 05:36:28 44,544 ----a-w c:\winnt\system32\OVUI2.dll
    + 2001-08-18 05:36:28 41,984 ----a-w c:\winnt\system32\OVUI2RC.dll
    - 2004-08-04 07:56:44 116,224 ----a-w c:\winnt\system32\p2p.dll
    + 2008-04-14 00:12:02 153,600 ----a-w c:\winnt\system32\p2p.dll
    - 2004-08-04 07:56:44 86,016 ----a-w c:\winnt\system32\p2pgasvc.dll
    + 2008-04-14 00:12:02 105,472 ----a-w c:\winnt\system32\p2pgasvc.dll
    - 2004-08-04 07:56:44 312,320 ----a-w c:\winnt\system32\p2pgraph.dll
    + 2008-04-14 00:12:02 313,856 ----a-w c:\winnt\system32\p2pgraph.dll
    - 2004-08-04 07:56:44 88,064 ----a-w c:\winnt\system32\p2pnetsh.dll
    + 2008-04-14 00:12:02 115,712 ----a-w c:\winnt\system32\p2pnetsh.dll
    - 2004-08-04 07:56:44 526,848 ----a-w c:\winnt\system32\p2psvc.dll
    + 2008-04-14 00:12:02 554,496 ----a-w c:\winnt\system32\p2psvc.dll
    - 2004-08-04 07:56:55 58,368 ----a-w c:\winnt\system32\packager.exe
    + 2008-04-14 00:12:31 58,368 ----a-w c:\winnt\system32\packager.exe
    - 2004-08-04 07:56:44 62,976 ----a-w c:\winnt\system32\pautoenr.dll
    + 2008-04-14 00:12:02 67,584 ----a-w c:\winnt\system32\pautoenr.dll
    - 2002-06-07 11:02:02 212,480 ----a-r c:\winnt\system32\PCDLIB32.DLL
    + 2002-03-14 21:41:04 212,480 ----a-w c:\winnt\system32\PCDLIB32.DLL
    - 2004-08-04 07:56:44 283,648 ----a-w c:\winnt\system32\pdh.dll
    + 2008-04-14 00:12:02 284,160 ----a-w c:\winnt\system32\pdh.dll
    - 2007-11-06 21:22:07 62,856 ----a-w c:\winnt\system32\perfc009.dat
    + 2009-03-09 22:52:13 71,820 ----a-w c:\winnt\system32\perfc009.dat
    - 2004-08-04 07:56:44 39,936 ----a-w c:\winnt\system32\perfctrs.dll
    + 2008-04-14 00:12:02 39,936 ----a-w c:\winnt\system32\perfctrs.dll
    - 2004-08-04 07:56:44 26,624 ----a-w c:\winnt\system32\perfdisk.dll
    + 2008-04-14 00:12:02 26,624 ----a-w c:\winnt\system32\perfdisk.dll
    - 2007-11-06 21:22:08 401,848 ----a-w c:\winnt\system32\perfh009.dat
    + 2009-03-09 22:52:13 442,408 ----a-w c:\winnt\system32\perfh009.dat
    - 2004-08-04 07:56:55 15,872 ----a-w c:\winnt\system32\perfmon.exe
    + 2008-04-14 00:12:31 15,872 ----a-w c:\winnt\system32\perfmon.exe
    - 2003-03-31 12:00:00 16,896 ----a-w c:\winnt\system32\perfnet.dll
    + 2008-04-14 00:12:02 17,920 ----a-w c:\winnt\system32\perfnet.dll
    - 2004-08-04 07:56:44 25,088 ----a-w c:\winnt\system32\perfos.dll
    + 2008-04-14 00:12:02 25,088 ----a-w c:\winnt\system32\perfos.dll
    - 2004-08-04 07:56:44 34,816 ----a-w c:\winnt\system32\perfproc.dll
    + 2008-04-14 00:12:02 34,816 ----a-w c:\winnt\system32\perfproc.dll
    + 2008-04-14 00:12:02 412,160 ------w c:\winnt\system32\photometadatahandler.dll
    - 2004-08-04 07:56:44 176,128 ----a-w c:\winnt\system32\photowiz.dll
    + 2008-04-14 00:12:02 176,128 ----a-w c:\winnt\system32\photowiz.dll
    - 2004-08-04 07:56:44 35,328 ----a-w c:\winnt\system32\pid.dll
    + 2008-04-14 00:12:02 35,328 ----a-w c:\winnt\system32\pid.dll
    - 2004-08-04 06:04:41 24,064 ----a-w c:\winnt\system32\pidgen.dll
    + 2008-04-13 18:35:22 24,064 ----a-w c:\winnt\system32\pidgen.dll
    - 2004-08-04 07:56:55 17,920 ----a-w c:\winnt\system32\ping.exe
    + 2008-04-14 00:12:31 17,920 ----a-w c:\winnt\system32\ping.exe
    + 2005-10-29 07:49:42 84,480 ------w c:\winnt\system32\pintool.exe
    - 2004-08-04 07:56:44 15,360 ----a-w c:\winnt\system32\pjlmon.dll
    + 2008-04-14 00:12:02 15,360 ----a-w c:\winnt\system32\pjlmon.dll
    - 2007-06-25 08:04:45 278,528 ----a-w c:\winnt\system32\pncrt.dll
    + 2008-12-01 02:31:09 278,528 ----a-w c:\winnt\system32\pncrt.dll
    - 2007-06-25 08:04:55 6,656 ----a-w c:\winnt\system32\pndx5016.dll
    + 2008-12-01 02:31:19 6,656 ----a-w c:\winnt\system32\pndx5016.dll
    - 2007-06-25 08:04:55 5,632 ----a-w c:\winnt\system32\pndx5032.dll
    + 2008-12-01 02:31:19 5,632 ----a-w c:\winnt\system32\pndx5032.dll
    - 2006-10-17 19:58:08 44,544 ----a-w c:\winnt\system32\pngfilt.dll
    + 2008-12-20 23:15:38 44,544 ----a-w c:\winnt\system32\pngfilt.dll
    - 2004-08-04 07:56:44 48,640 ----a-w c:\winnt\system32\pnrpnsp.dll
    + 2008-04-14 00:12:02 58,880 ----a-w c:\winnt\system32\pnrpnsp.dll
    - 2004-08-04 07:56:44 105,472 ----a-w c:\winnt\system32\polstore.dll
    + 2008-04-14 00:12:02 105,472 ----a-w c:\winnt\system32\polstore.dll
    - 2004-08-04 07:56:55 49,152 ----a-w c:\winnt\system32\powercfg.exe
    + 2008-04-14 00:12:31 49,152 ----a-w c:\winnt\system32\powercfg.exe
    - 2004-08-04 07:56:44 17,408 ----a-w c:\winnt\system32\powrprof.dll
    + 2008-04-14 00:12:03 17,408 ----a-w c:\winnt\system32\powrprof.dll
    + 2007-10-09 21:03:04 106,520 ----a-w c:\winnt\system32\PresentationCFFRasterizerNative_v0300.dll
    + 2007-10-09 21:03:08 350,744 ----a-w c:\winnt\system32\PresentationHost.exe
    + 2007-10-09 21:03:02 33,304 ----a-w c:\winnt\system32\PresentationHostProxy.dll
    + 2007-10-09 21:03:12 779,800 ----a-w c:\winnt\system32\PresentationNative_v0300.dll
    - 2004-08-04 07:56:44 560,640 ----a-w c:\winnt\system32\printui.dll
    + 2008-04-14 00:12:03 560,640 ----a-w c:\winnt\system32\printui.dll
    + 2007-03-23 04:25:02 124,928 ------w c:\winnt\system32\prntvpt.dll
    - 2004-08-04 07:56:44 27,648 ----a-w c:\winnt\system32\profmap.dll
    + 2008-04-14 00:12:03 27,648 ----a-w c:\winnt\system32\profmap.dll
    - 2004-08-04 07:56:55 109,568 ----a-w c:\winnt\system32\progman.exe
    + 2008-04-14 00:12:31 109,568 ----a-w c:\winnt\system32\progman.exe
    - 2004-08-04 07:56:55 50,176 ----a-w c:\winnt\system32\proquota.exe
    + 2008-04-14 00:12:32 50,176 ----a-w c:\winnt\system32\proquota.exe
    - 2004-08-04 07:56:55 9,216 ----a-w c:\winnt\system32\proxycfg.exe
    + 2008-04-14 00:12:32 9,216 ----a-w c:\winnt\system32\proxycfg.exe
    - 2004-08-04 07:56:44 23,040 ----a-w c:\winnt\system32\psapi.dll
    + 2008-04-14 00:12:03 23,040 ----a-w c:\winnt\system32\psapi.dll
    - 2004-08-04 07:56:44 96,768 ----a-w c:\winnt\system32\psbase.dll
    + 2008-04-14 00:12:03 96,768 ----a-w c:\winnt\system32\psbase.dll
    - 2004-08-04 07:56:44 363,520 ----a-w c:\winnt\system32\psisdecd.dll
    + 2008-04-14 00:12:03 363,520 ----a-w c:\winnt\system32\psisdecd.dll
    - 2004-08-04 07:56:44 43,520 ----a-w c:\winnt\system32\pstorec.dll
    + 2008-04-14 00:12:03 43,520 ----a-w c:\winnt\system32\pstorec.dll
    - 2004-08-04 07:56:44 34,304 ----a-w c:\winnt\system32\pstorsvc.dll
    + 2008-04-14 00:12:03 34,304 ----a-w c:\winnt\system32\pstorsvc.dll
    + 2008-04-14 00:12:03 150,528 ------w c:\winnt\system32\qagent.dll
    + 2008-04-14 00:12:03 291,328 ------w c:\winnt\system32\qagentrt.dll
    - 2004-08-04 07:56:44 192,512 ----a-w c:\winnt\system32\qcap.dll
    + 2008-04-14 00:12:03 192,512 ----a-w c:\winnt\system32\qcap.dll
    + 2008-04-14 00:12:03 62,464 ------w c:\winnt\system32\qcliprov.dll
    - 2004-08-04 07:56:44 279,040 ----a-w c:\winnt\system32\qdv.dll
    + 2008-04-14 00:12:03 279,040 ----a-w c:\winnt\system32\qdv.dll
    - 2004-08-04 07:56:44 385,024 ----a-w c:\winnt\system32\qdvd.dll
    + 2008-04-14 00:12:03 386,048 ----a-w c:\winnt\system32\qdvd.dll
    - 2004-08-04 07:56:44 562,176 ----a-w c:\winnt\system32\qedit.dll
    + 2008-04-14 00:12:03 562,176 ----a-w c:\winnt\system32\qedit.dll
    - 2004-08-04 07:56:24 733,696 ----a-w c:\winnt\system32\qedwipes.dll
    + 2008-04-13 17:21:32 733,696 ----a-w c:\winnt\system32\qedwipes.dll
    - 2004-08-04 07:56:44 382,464 ----a-w c:\winnt\system32\qmgr.dll
    + 2008-04-14 00:12:03 409,088 ----a-w c:\winnt\system32\qmgr.dll
    - 2004-08-04 07:56:44 18,944 ----a-w c:\winnt\system32\qmgrprxy.dll
    + 2008-04-14 00:12:03 18,944 ----a-w c:\winnt\system32\qmgrprxy.dll
    - 2004-08-04 07:56:55 20,480 ----a-w c:\winnt\system32\qprocess.exe
    + 2008-04-14 00:12:32 19,968 ----a-w c:\winnt\system32\qprocess.exe
    - 2007-08-15 22:33:14 3,596,288 ----a-w c:\winnt\system32\qt-dx331.dll
    + 2008-05-22 22:22:18 3,596,288 ----a-w c:\winnt\system32\qt-dx331.dll
    - 2005-08-30 03:54:26 1,287,168 ----a-w c:\winnt\system32\quartz.dll
    + 2008-05-07 05:12:40 1,288,192 ----a-w c:\winnt\system32\quartz.dll
    - 2006-06-22 05:06:30 1,435,648 ----a-w c:\winnt\system32\query.dll
    + 2008-04-14 00:12:03 1,435,648 ----a-w c:\winnt\system32\query.dll
    + 2008-04-14 00:12:03 76,800 ------w c:\winnt\system32\qutil.dll
    - 2004-08-04 07:56:44 43,520 ----a-w c:\winnt\system32\racpldlg.dll
    + 2008-04-14 00:12:03 43,520 ----a-w c:\winnt\system32\racpldlg.dll
    - 2006-06-26 17:37:10 8,192 ----a-w c:\winnt\system32\rasadhlp.dll
    + 2008-04-14 00:12:03 7,680 ----a-w c:\winnt\system32\rasadhlp.dll
    - 2004-08-04 07:56:44 236,544 ----a-w c:\winnt\system32\rasapi32.dll
    + 2008-04-14 00:12:03 237,056 ----a-w c:\winnt\system32\rasapi32.dll
    - 2004-08-04 07:56:44 89,088 ----a-w c:\winnt\system32\rasauto.dll
    + 2008-04-14 00:12:03 88,576 ----a-w c:\winnt\system32\rasauto.dll
    - 2004-08-04 07:56:44 69,632 ----a-w c:\winnt\system32\raschap.dll
    + 2008-04-14 00:12:03 79,872 ----a-w c:\winnt\system32\raschap.dll
    - 2004-08-04 07:56:44 657,920 ----a-w c:\winnt\system32\rasdlg.dll
    + 2008-04-14 00:12:03 658,432 ----a-w c:\winnt\system32\rasdlg.dll
    - 2004-08-04 07:56:44 61,440 ----a-w c:\winnt\system32\rasman.dll
    + 2008-04-14 00:12:03 61,440 ----a-w c:\winnt\system32\rasman.dll
    - 2006-05-14 08:44:08 181,248 ----a-w c:\winnt\system32\rasmans.dll
    + 2008-04-14 00:12:03 186,368 ----a-w c:\winnt\system32\rasmans.dll
    - 2004-08-04 07:56:55 56,832 ----a-w c:\winnt\system32\rasphone.exe
    + 2008-04-14 00:12:32 56,832 ----a-w c:\winnt\system32\rasphone.exe
    - 2004-08-04 07:56:44 206,336 ----a-w c:\winnt\system32\rasppp.dll
    + 2008-04-14 00:12:03 210,944 ----a-w c:\winnt\system32\rasppp.dll
    + 2008-04-14 00:12:03 61,952 ------w c:\winnt\system32\rasqec.dll
    - 2004-08-04 07:56:44 16,896 ----a-w c:\winnt\system32\rassapi.dll
    + 2008-04-14 00:12:03 16,384 ----a-w c:\winnt\system32\rassapi.dll
    - 2004-08-04 07:56:44 58,880 ----a-w c:\winnt\system32\rastapi.dll
    + 2008-04-14 00:12:03 58,368 ----a-w c:\winnt\system32\rastapi.dll
    - 2004-08-04 07:56:44 112,128 ----a-w c:\winnt\system32\rastls.dll
    + 2008-04-14 00:12:03 150,016 ----a-w c:\winnt\system32\rastls.dll
    - 2004-08-04 07:56:44 102,400 ----a-w c:\winnt\system32\rcbdyctl.dll
    + 2008-04-14 00:12:03 102,400 ----a-w c:\winnt\system32\rcbdyctl.dll
    - 2004-08-04 07:56:55 35,840 ----a-w c:\winnt\system32\rcimlby.exe
    + 2008-04-14 00:12:32 35,840 ----a-w c:\winnt\system32\rcimlby.exe
    - 2004-08-04 07:56:55 21,504 ----a-w c:\winnt\system32\rcp.exe
    + 2008-04-14 00:12:32 21,504 ----a-w c:\winnt\system32\rcp.exe
    - 2004-08-04 07:56:44 147,968 ----a-w c:\winnt\system32\rdchost.dll
    + 2008-04-14 00:12:03 147,968 ----a-w c:\winnt\system32\rdchost.dll
    - 2004-08-04 07:56:55 62,464 ----a-w c:\winnt\system32\rdpclip.exe
    + 2008-04-14 00:12:32 62,976 ----a-w c:\winnt\system32\rdpclip.exe
    - 2004-08-04 08:01:07 92,168 ----a-w c:\winnt\system32\rdpdd.dll
    + 2008-04-14 00:13:22 92,424 ----a-w c:\winnt\system32\rdpdd.dll
    - 2004-08-04 07:56:44 19,968 ----a-w c:\winnt\system32\rdpsnd.dll
    + 2008-04-14 00:12:04 19,968 ----a-w c:\winnt\system32\rdpsnd.dll
    - 2004-08-04 08:01:08 87,176 ----a-w c:\winnt\system32\rdpwsx.dll
    + 2008-04-14 00:13:22 87,176 ----a-w c:\winnt\system32\rdpwsx.dll
    - 2004-08-04 07:56:55 13,824 ----a-w c:\winnt\system32\rdsaddin.exe
    + 2008-04-14 00:12:32 13,824 ----a-w c:\winnt\system32\rdsaddin.exe
    - 2004-08-04 07:56:55 67,072 ----a-w c:\winnt\system32\rdshost.exe
    + 2008-04-14 00:12:32 67,072 ----a-w c:\winnt\system32\rdshost.exe
    - 2004-08-04 07:56:55 50,176 ----a-w c:\winnt\system32\reg.exe
    + 2008-04-14 00:12:32 50,176 ----a-w c:\winnt\system32\reg.exe
    - 2004-08-04 07:56:44 49,664 ----a-w c:\winnt\system32\regapi.dll
    + 2008-04-14 00:12:04 49,664 ----a-w c:\winnt\system32\regapi.dll
    - 2004-08-04 07:56:44 59,904 ----a-w c:\winnt\system32\regsvc.dll
    + 2008-04-14 00:12:04 59,904 ----a-w c:\winnt\system32\regsvc.dll
    - 2004-08-04 07:56:55 11,776 ----a-w c:\winnt\system32\regsvr32.exe
    + 2008-04-14 00:12:32 11,776 ----a-w c:\winnt\system32\regsvr32.exe
    - 2004-08-04 07:56:44 397,824 ----a-w c:\winnt\system32\regwizc.dll
    + 2008-04-14 00:12:04 397,824 ----a-w c:\winnt\system32\regwizc.dll
    + 2004-08-04 05:59:19 36,096 ----a-w c:\winnt\system32\ReinstallBackups\0013\DriverFiles\i386\intelppm.sys
    + 2004-08-04 05:59:19 36,096 ----a-w c:\winnt\system32\ReinstallBackups\0015\DriverFiles\i386\intelppm.sys
    - 2004-08-04 07:56:44 60,416 ----a-w c:\winnt\system32\remotepg.dll
    + 2008-04-14 00:12:04 60,416 ----a-w c:\winnt\system32\remotepg.dll
    - 2004-08-04 07:56:55 380,416 ----a-w c:\winnt\system32\Restore\rstrui.exe
    + 2008-04-14 00:12:33 380,416 ----a-w c:\winnt\system32\Restore\rstrui.exe
    - 2004-08-04 07:56:44 58,880 ----a-w c:\winnt\system32\resutils.dll
    + 2008-04-14 00:12:04 58,880 ----a-w c:\winnt\system32\resutils.dll
    - 2004-08-04 07:56:55 13,824 ----a-w c:\winnt\system32\rexec.exe
    + 2008-04-14 00:12:33 13,824 ----a-w c:\winnt\system32\rexec.exe
    + 2006-08-25 00:15:06 150,808 ----a-w c:\winnt\system32\rgb9rast_2.dll
    + 2008-04-14 00:12:04 290,304 ------w c:\winnt\system32\rhttpaa.dll
    - 2006-11-27 14:54:06 433,152 ----a-w c:\winnt\system32\riched20.dll
    + 2008-04-14 00:12:04 433,664 ----a-w c:\winnt\system32\riched20.dll
    - 2007-06-25 08:05:18 185,952 ----a-w c:\winnt\system32\rmoc3260.dll
    + 2008-12-01 02:31:37 185,920 ----a-w c:\winnt\system32\rmoc3260.dll
    - 2003-08-11 05:37:26 1,044,480 ----a-w c:\winnt\system32\roboex32.dll
    + 2001-11-30 01:44:16 1,044,480 ----a-w c:\winnt\system32\roboex32.dll
    - 2007-07-09 13:16:16 582,656 ----a-w c:\winnt\system32\rpcrt4.dll
    + 2008-04-14 00:12:04 584,704 ----a-w c:\winnt\system32\rpcrt4.dll
    - 2005-07-26 04:39:49 397,824 ----a-w c:\winnt\system32\rpcss.dll
    + 2008-04-14 00:12:04 399,360 ----a-w c:\winnt\system32\rpcss.dll
    - 2004-08-04 05:31:43 152,576 ----a-w c:\winnt\system32\rsaenh.dll
    + 2008-04-13 17:37:57 208,384 ----a-w c:\winnt\system32\rsaenh.dll
    - 2004-08-04 07:56:55 14,848 ----a-w c:\winnt\system32\rsh.exe
    + 2008-04-14 00:12:33 14,848 ----a-w c:\winnt\system32\rsh.exe
    - 2004-08-04 07:56:44 39,936 ----a-w c:\winnt\system32\rshx32.dll
    + 2008-04-14 00:12:04 39,936 ----a-w c:\winnt\system32\rshx32.dll
    - 2004-08-04 07:56:44 18,944 ----a-w c:\winnt\system32\rsmps.dll
    + 2008-04-14 00:12:04 18,944 ----a-w c:\winnt\system32\rsmps.dll
    - 2003-03-31 12:00:00 90,112 ----a-w c:\winnt\system32\rsvpsp.dll
    + 2008-04-14 00:12:04 92,672 ----a-w c:\winnt\system32\rsvpsp.dll
    - 2004-08-04 07:56:55 77,312 ----a-w c:\winnt\system32\rtcshare.exe
    + 2008-04-14 00:12:33 77,312 ----a-w c:\winnt\system32\rtcshare.exe
    - 2004-08-04 07:56:44 31,744 ----a-w c:\winnt\system32\rtipxmib.dll
    + 2008-04-14 00:12:04 31,744 ----a-w c:\winnt\system32\rtipxmib.dll
    - 2004-08-04 07:56:44 44,032 ----a-w c:\winnt\system32\rtutils.dll
    + 2008-04-14 00:12:04 44,032 ----a-w c:\winnt\system32\rtutils.dll
    - 2004-08-04 07:56:55 33,280 ----a-w c:\winnt\system32\rundll32.exe
    + 2008-04-14 00:12:33 33,280 ----a-w c:\winnt\system32\rundll32.exe
    - 2004-08-04 07:56:55 14,336 ----a-w c:\winnt\system32\runonce.exe
    + 2008-04-14 00:12:33 14,336 ----a-w c:\winnt\system32\runonce.exe
    + 2004-08-10 06:50:40 49,216 ----a-w c:\winnt\system32\rv10.dll
    + 2004-08-10 06:51:00 57,411 ----a-w c:\winnt\system32\rv20.dll
    + 2004-08-10 06:52:14 49,221 ----a-w c:\winnt\system32\rv30.dll
    - 2004-08-04 07:56:44 397,056 ----a-w c:\winnt\system32\s3gnb.dll
    + 2008-04-14 00:12:04 397,056 ----a-w c:\winnt\system32\s3gnb.dll
    - 2004-08-04 07:56:44 43,520 ----a-w c:\winnt\system32\safrcdlg.dll
    + 2008-04-14 00:12:04 43,520 ----a-w c:\winnt\system32\safrcdlg.dll
    - 2004-08-04 07:56:44 29,696 ----a-w c:\winnt\system32\safrdm.dll
    + 2008-04-14 00:12:04 29,696 ----a-w c:\winnt\system32\safrdm.dll
    - 2004-08-04 07:56:44 45,568 ----a-w c:\winnt\system32\safrslv.dll
    + 2008-04-14 00:12:04 45,568 ----a-w c:\winnt\system32\safrslv.dll
    - 2004-08-04 07:56:44 64,000 ----a-w c:\winnt\system32\samlib.dll
    + 2008-04-14 00:12:04 64,000 ----a-w c:\winnt\system32\samlib.dll
    - 2004-08-04 07:56:44 415,744 ----a-w c:\winnt\system32\samsrv.dll
    + 2008-04-14 00:12:04 415,744 ----a-w c:\winnt\system32\samsrv.dll
    - 2004-08-04 07:56:55 13,312 ----a-w c:\winnt\system32\savedump.exe
    + 2008-04-14 00:12:33 13,312 ----a-w c:\winnt\system32\savedump.exe
    - 2004-08-04 07:56:44 270,848 ----a-w c:\winnt\system32\sbe.dll
    + 2008-04-14 00:12:04 270,848 ----a-w c:\winnt\system32\sbe.dll
    - 2004-08-04 07:56:44 159,232 ----a-w c:\winnt\system32\sbeio.dll
    + 2008-04-14 00:12:04 159,232 ----a-w c:\winnt\system32\sbeio.dll
    - 2004-08-04 07:56:44 69,632 ----a-w c:\winnt\system32\scarddlg.dll
    + 2008-04-14 00:12:04 69,632 ----a-w c:\winnt\system32\scarddlg.dll
    - 2004-08-04 07:56:55 95,744 ----a-w c:\winnt\system32\scardsvr.exe
    + 2008-04-14 00:12:33 95,744 ----a-w c:\winnt\system32\scardsvr.exe
    - 2004-08-04 07:56:44 171,008 ----a-w c:\winnt\system32\sccsccp.dll
    + 2008-04-14 00:12:05 171,008 ----a-w c:\winnt\system32\sccsccp.dll
    - 2004-08-04 07:56:44 180,224 ----a-w c:\winnt\system32\scecli.dll
    + 2008-04-14 00:12:05 181,248 ----a-w c:\winnt\system32\scecli.dll
    - 2004-08-04 07:56:44 313,856 ----a-w c:\winnt\system32\scesrv.dll
    + 2008-04-14 00:12:05 314,880 ----a-w c:\winnt\system32\scesrv.dll
    - 2007-04-25 14:21:15 144,896 ----a-w c:\winnt\system32\schannel.dll
    + 2008-12-05 06:54:55 144,896 ----a-w c:\winnt\system32\schannel.dll
    - 2004-08-04 07:56:44 190,976 ----a-w c:\winnt\system32\schedsvc.dll
    + 2008-04-14 00:12:05 192,512 ----a-w c:\winnt\system32\schedsvc.dll
    - 2004-08-04 07:56:44 20,992 ----a-w c:\winnt\system32\sclgntfy.dll
    + 2008-04-14 00:12:05 20,480 ----a-w c:\winnt\system32\sclgntfy.dll
    - 2004-08-04 07:56:57 9,216 ----a-w c:\winnt\system32\scrnsave.scr
    + 2008-04-14 00:12:43 9,216 ----a-w c:\winnt\system32\scrnsave.scr
    - 2004-08-04 07:56:44 159,744 ----a-w c:\winnt\system32\scrobj.dll
    + 2008-05-09 10:53:39 180,224 ----a-w c:\winnt\system32\scrobj.dll
    - 2004-08-04 07:56:44 151,552 ----a-w c:\winnt\system32\scrrun.dll
    + 2008-05-09 10:53:40 172,032 ----a-w c:\winnt\system32\scrrun.dll
    - 2004-08-04 07:56:55 77,312 ----a-w c:\winnt\system32\sdbinst.exe
    + 2008-04-14 00:12:34 77,312 ----a-w c:\winnt\system32\sdbinst.exe
    - 2004-08-04 07:56:44 29,184 ----a-w c:\winnt\system32\sdhcinst.dll
    + 2008-04-14 00:12:05 29,184 ----a-w c:\winnt\system32\sdhcinst.dll
    - 2004-08-04 07:56:44 18,944 ----a-w c:\winnt\system32\seclogon.dll
    + 2008-04-14 00:12:05 18,944 ----a-w c:\winnt\system32\seclogon.dll
    - 2004-08-04 07:56:44 55,808 ----a-w c:\winnt\system32\secur32.dll
    + 2008-04-14 00:12:05 56,320 ----a-w c:\winnt\system32\secur32.dll
    - 2004-08-04 07:56:44 5,632 ----a-w c:\winnt\system32\security.dll
    + 2008-04-14 00:12:05 5,632 ----a-w c:\winnt\system32\security.dll
    - 2004-08-04 07:56:44 29,184 ----a-w c:\winnt\system32\sendcmsg.dll
    + 2008-04-14 00:12:05 29,184 ----a-w c:\winnt\system32\sendcmsg.dll
    - 2004-08-04 07:56:44 55,296 ----a-w c:\winnt\system32\sendmail.dll
    + 2008-04-14 00:12:05 54,784 ----a-w c:\winnt\system32\sendmail.dll
    - 2004-08-04 07:56:44 38,912 ----a-w c:\winnt\system32\sens.dll
    + 2008-04-14 00:12:05 39,424 ----a-w c:\winnt\system32\sens.dll
    - 2004-08-04 07:56:44 6,656 ----a-w c:\winnt\system32\sensapi.dll
    + 2008-04-14 00:12:05 7,168 ----a-w c:\winnt\system32\sensapi.dll
    - 2004-08-04 07:56:44 56,320 ----a-w c:\winnt\system32\servdeps.dll
    + 2008-04-14 00:12:05 56,320 ----a-w c:\winnt\system32\servdeps.dll
    - 2004-08-04 07:56:55 108,032 ----a-w c:\winnt\system32\services.exe
    + 2008-04-14 00:12:34 108,544 ----a-w c:\winnt\system32\services.exe
    - 2004-08-04 07:56:56 140,800 ----a-w c:\winnt\system32\sessmgr.exe
    + 2008-04-14 00:12:34 141,312 ----a-w c:\winnt\system32\sessmgr.exe
    - 2004-08-04 07:56:56 31,232 ----a-w c:\winnt\system32\sethc.exe
    + 2008-04-14 00:12:34 31,232 ----a-w c:\winnt\system32\sethc.exe
    - 2004-08-04 07:56:56 23,040 ----a-w c:\winnt\system32\setup.exe
    + 2008-04-14 00:12:34 23,040 ----a-w c:\winnt\system32\setup.exe
    - 2003-03-31 12:00:00 259,584 ----a-w c:\winnt\system32\Setup\comsetup.dll
    + 2008-04-14 00:11:51 274,944 ----a-w c:\winnt\system32\Setup\comsetup.dll
    - 2004-08-04 07:56:42 32,828 ----a-w c:\winnt\system32\Setup\fp40ext.dll
    + 2008-04-14 00:11:53 32,828 ----a-w c:\winnt\system32\Setup\fp40ext.dll
    - 2004-08-04 07:56:42 132,608 ----a-w c:\winnt\system32\Setup\fxsocm.dll
    + 2008-04-14 00:11:54 132,608 ----a-w c:\winnt\system32\Setup\fxsocm.dll
    - 2004-08-04 07:56:42 505,344 ----a-w c:\winnt\system32\Setup\iis.dll
    + 2008-04-14 00:11:54 505,344 ----a-w c:\winnt\system32\Setup\iis.dll
    - 2003-03-31 12:00:00 115,712 ----a-w c:\winnt\system32\Setup\imsinsnt.dll
    + 2008-04-14 00:11:54 123,392 ----a-w c:\winnt\system32\Setup\imsinsnt.dll
    + 2008-04-14 00:11:56 8,192 ----a-w c:\winnt\system32\Setup\koc.dll
    - 2003-03-31 12:00:00 82,432 ----a-w c:\winnt\system32\Setup\msdtcstp.dll
    + 2008-04-14 00:11:59 90,112 ----a-w c:\winnt\system32\Setup\msdtcstp.dll
    - 2004-08-04 07:56:43 15,360 ----a-w c:\winnt\system32\Setup\msgrocm.dll
    + 2008-04-14 00:11:59 15,360 ----a-w c:\winnt\system32\Setup\msgrocm.dll
    - 2004-08-04 07:56:44 77,312 ----a-w c:\winnt\system32\Setup\netoc.dll
    + 2008-04-14 00:12:01 77,312 ----a-w c:\winnt\system32\Setup\netoc.dll
    - 2004-08-04 07:56:44 62,976 ----a-w c:\winnt\system32\Setup\ntoc.dll
    + 2008-04-14 00:12:02 62,976 ----a-w c:\winnt\system32\Setup\ntoc.dll
    - 2004-08-04 07:56:44 15,872 ----a-w c:\winnt\system32\Setup\ocgen.dll
    + 2008-04-14 00:12:02 15,360 ----a-w c:\winnt\system32\Setup\ocgen.dll
    - 2004-08-04 07:56:44 17,408 ----a-w c:\winnt\system32\Setup\ocmsn.dll
    + 2008-04-14 00:12:02 17,408 ----a-w c:\winnt\system32\Setup\ocmsn.dll
    - 2004-08-04 07:56:44 101,376 ----a-w c:\winnt\system32\Setup\setupqry.dll
    + 2008-04-14 00:12:05 101,376 ----a-w c:\winnt\system32\Setup\setupqry.dll
    - 2004-08-04 07:56:45 22,016 ----a-w c:\winnt\system32\Setup\startoc.dll
    + 2008-04-14 00:12:07 26,624 ----a-w c:\winnt\system32\Setup\startoc.dll
    - 2004-08-04 07:56:46 121,856 ----a-w c:\winnt\system32\Setup\tsoc.dll
    + 2008-04-14 00:12:07 130,048 ----a-w c:\winnt\system32\Setup\tsoc.dll
    - 2004-08-04 07:56:46 983,552 ----a-w c:\winnt\system32\setupapi.dll
    + 2008-04-14 12:42:06 985,088 ----a-w c:\winnt\system32\setupapi.dll
    + 2008-04-14 00:12:35 32,768 ------w c:\winnt\system32\setupn.exe
    - 2004-08-04 07:56:44 5,120 ----a-w c:\winnt\system32\sfc.dll
    + 2008-04-14 00:12:05 5,120 ----a-w c:\winnt\system32\sfc.dll
    - 2004-08-04 07:56:44 140,288 ----a-w c:\winnt\system32\sfc_os.dll
    + 2008-04-14 00:12:05 140,288 ----a-w c:\winnt\system32\sfc_os.dll
    - 2004-08-04 07:56:45 1,580,544 ----a-w c:\winnt\system32\sfcfiles.dll
    + 2008-04-14 00:12:05 1,614,848 ----a-w c:\winnt\system32\sfcfiles.dll
    - 2004-08-04 07:56:27 549,376 ----a-w c:\winnt\system32\shdoclc.dll
    + 2008-04-13 17:03:19 549,376 ----a-w c:\winnt\system32\shdoclc.dll
    - 2006-09-04 06:12:56 1,497,088 ----a-w c:\winnt\system32\shdocvw.dll
    + 2008-04-14 00:12:05 1,499,136 ----a-w c:\winnt\system32\shdocvw.dll
    - 2007-10-26 03:34:01 8,460,288 ----a-w c:\winnt\system32\shell32.dll
    + 2008-06-17 19:02:19 8,461,312 ----a-w c:\winnt\system32\shell32.dll
    + 2006-11-02 16:10:16 80,912 ----a-w c:\winnt\system32\sherlock2.exe
    - 2004-08-04 07:56:45 25,088 ----a-w c:\winnt\system32\shfolder.dll
    + 2008-04-14 00:12:05 25,088 ----a-w c:\winnt\system32\shfolder.dll
    - 2004-08-04 07:56:45 68,096 ----a-w c:\winnt\system32\shgina.dll
    + 2008-04-14 00:12:05 68,096 ----a-w c:\winnt\system32\shgina.dll
    - 2004-08-04 07:56:45 65,536 ----a-w c:\winnt\system32\shimeng.dll
    + 2008-04-14 00:12:05 65,024 ----a-w c:\winnt\system32\shimeng.dll
    - 2004-08-04 07:56:45 438,272 ----a-w c:\winnt\system32\shimgvw.dll
    + 2008-04-14 00:12:05 438,272 ----a-w c:\winnt\system32\shimgvw.dll
    - 2006-09-23 20:12:50 474,112 ----a-w c:\winnt\system32\shlwapi.dll
    + 2008-04-14 00:12:05 474,112 ----a-w c:\winnt\system32\shlwapi.dll
    - 2004-08-04 07:56:45 151,552 ----a-w c:\winnt\system32\shmedia.dll
    + 2008-04-14 00:12:05 152,064 ----a-w c:\winnt\system32\shmedia.dll
    - 2004-08-04 07:56:56 42,496 ----a-w c:\winnt\system32\shmgrate.exe
    + 2008-04-14 00:12:35 45,056 ----a-w c:\winnt\system32\shmgrate.exe
    - 2004-08-04 07:56:56 77,824 ----a-w c:\winnt\system32\shrpubw.exe
    + 2008-04-14 00:12:35 77,824 ----a-w c:\winnt\system32\shrpubw.exe
    - 2004-08-04 07:56:45 27,648 ----a-w c:\winnt\system32\shscrap.dll
    + 2008-04-14 00:12:05 27,648 ----a-w c:\winnt\system32\shscrap.dll
    - 2006-12-19 21:52:18 134,656 ----a-w c:\winnt\system32\shsvcs.dll
    + 2008-04-14 00:12:05 135,168 ----a-w c:\winnt\system32\shsvcs.dll
    - 2004-08-04 07:56:56 19,456 ----a-w c:\winnt\system32\shutdown.exe
    + 2008-04-14 00:12:35 19,456 ----a-w c:\winnt\system32\shutdown.exe
    - 2004-08-04 07:56:45 13,312 ----a-w c:\winnt\system32\sigtab.dll
    + 2008-04-14 00:12:05 13,312 ----a-w c:\winnt\system32\sigtab.dll
    - 2004-08-04 07:56:56 70,144 ----a-w c:\winnt\system32\sigverif.exe
    + 2008-04-14 00:12:35 70,144 ----a-w c:\winnt\system32\sigverif.exe
    + 2004-08-10 06:50:12 106,561 ----a-w c:\winnt\system32\sipr.dll
    - 2004-08-04 07:56:56 26,112 ----a-w c:\winnt\system32\skeys.exe
    + 2008-04-14 00:12:35 26,112 ----a-w c:\winnt\system32\skeys.exe
    - 2004-08-04 07:56:45 25,088 ----a-w c:\winnt\system32\slayerxp.dll
    + 2008-04-14 00:12:06 25,088 ----a-w c:\winnt\system32\slayerxp.dll
    - 2004-08-04 07:56:45 98,304 ----a-w c:\winnt\system32\slbiop.dll
    + 2008-04-14 00:12:06 98,304 ----a-w c:\winnt\system32\slbiop.dll
    - 2004-08-04 07:56:45 73,832 ----a-w c:\winnt\system32\slcoinst.dll
    + 2008-04-14 00:12:06 73,832 ----a-w c:\winnt\system32\slcoinst.dll
    - 2004-08-04 07:56:45 286,792 ----a-w c:\winnt\system32\slextspk.dll
    + 2008-04-14 00:12:06 286,792 ----a-w c:\winnt\system32\slextspk.dll
    - 2004-08-04 07:56:45 188,508 ----a-w c:\winnt\system32\slgen.dll
    + 2008-04-14 00:12:06 188,508 ----a-w c:\winnt\system32\slgen.dll
    - 2004-08-04 07:56:56 32,866 ----a-w c:\winnt\system32\slrundll.exe
    + 2008-04-14 00:12:35 32,866 ----a-w c:\winnt\system32\slrundll.exe
    - 2004-08-04 07:56:56 73,796 ----a-w c:\winnt\system32\slserv.exe
    + 2008-04-14 00:12:35 73,796 ----a-w c:\winnt\system32\slserv.exe
    - 2004-08-04 07:56:56 8,192 ----a-w c:\winnt\system32\smbinst.exe
    + 2008-04-14 00:12:35 8,192 ----a-w c:\winnt\system32\smbinst.exe
    - 2004-08-04 07:56:45 363,008 ----a-w c:\winnt\system32\smlogcfg.dll
    + 2008-04-14 00:12:06 362,496 ----a-w c:\winnt\system32\smlogcfg.dll
    - 2004-08-04 07:56:56 89,600 ----a-w c:\winnt\system32\smlogsvc.exe
    + 2008-04-14 00:12:35 89,600 ----a-w c:\winnt\system32\smlogsvc.exe
    - 2004-08-04 07:56:56 50,688 ----a-w c:\winnt\system32\smss.exe
    + 2008-04-14 00:12:36 50,688 ----a-w c:\winnt\system32\smss.exe
    - 2004-08-04 07:56:56 131,584 ----a-w c:\winnt\system32\sndrec32.exe
    + 2008-04-14 00:12:36 131,584 ----a-w c:\winnt\system32\sndrec32.exe
    - 2004-08-04 07:56:45 18,944 ----a-w c:\winnt\system32\snmpapi.dll
    + 2008-04-14 00:12:06 18,944 ----a-w c:\winnt\system32\snmpapi.dll
    - 2004-08-04 07:56:45 182,272 ----a-w c:\winnt\system32\snmpsnap.dll
    + 2008-04-14 00:12:06 182,272 ----a-w c:\winnt\system32\snmpsnap.dll
    + 2008-07-19 05:10:20 36,552 ----a-w c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
    + 2008-10-16 22:08:58 34,328 ----a-w c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
    + 2008-07-19 05:10:40 45,768 ----a-w c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
    + 2008-10-16 22:09:44 43,544 ----a-w c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
    - 2003-03-31 12:00:00 23,552 ----a-w c:\winnt\system32\sort.exe
    + 2008-04-14 00:12:36 24,576 ----a-w c:\winnt\system32\sort.exe
    + 2003-03-31 12:00:00 1,744 ----a-w c:\winnt\system32\sound.drv
    - 2004-08-04 07:56:56 8,192 ----a-w c:\winnt\system32\spdwnwxp.exe
    + 2008-04-14 00:12:36 7,680 ----a-w c:\winnt\system32\spdwnwxp.exe
    - 2004-08-04 07:56:57 538,624 ----a-w c:\winnt\system32\spider.exe
    + 2008-04-14 00:12:36 538,624 ----a-w c:\winnt\system32\spider.exe
    - 2006-09-26 00:58:48 14,640 ----a-w c:\winnt\system32\spmsg.dll
    + 2007-11-30 11:18:51 17,272 ------w c:\winnt\system32\spmsg.dll
    + 2006-06-29 21:07:36 14,048 ------w c:\winnt\system32\spmsg2.dll
    - 2004-08-04 07:56:58 11,776 ----a-w c:\winnt\system32\spnpinst.exe
    + 2008-04-14 12:42:38 11,264 ----a-w c:\winnt\system32\spnpinst.exe
    + 1996-09-01 17:19:58 73,856 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\HLP256.DLL
    + 1996-09-01 17:18:14 154,624 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\hlp25632.dll
    + 1997-07-29 21:13:46 41,472 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\ldeei.dll
    + 2000-09-18 22:19:00 49,664 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\ledf.dll
    + 1997-10-09 19:08:26 79,872 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\LEX_PSU.EXE
    + 2000-09-18 21:43:46 177,152 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\LEX2KUSB.DLL
    + 2000-09-14 23:08:12 135,168 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\LEXBCE.DLL
    + 2000-09-14 23:08:52 287,744 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\LEXBCES.EXE
    + 1998-05-20 17:03:40 161,792 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\lexdrvin.exe
    + 1997-08-03 00:40:02 11,776 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\lexdwnld.dll
    + 1998-07-15 16:05:18 78,848 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\lexgo1.exe
    + 2000-09-18 21:44:46 190,976 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\lexlmpm.dll
    + 2000-09-18 21:43:00 201,728 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\LEXP2P32.DLL
    + 2000-09-14 23:05:58 169,984 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\LEXPPS.EXE
    + 2000-09-18 22:21:34 26,624 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\lexreg.exe
    + 2000-09-18 22:21:08 11,776 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\lexstat.dll
    + 2000-09-18 22:19:14 58,880 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\lmprint.dll
    + 2000-09-18 22:18:00 1,143,820 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\LXAADRIV.DLL
    + 2000-09-18 22:20:14 480,768 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\lxaastrn.dll
    + 2000-09-18 22:20:52 1,128,960 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\LXAASW32.EXE
  8. 2009-03-24, 00:28 #28
    RallyReal
    RallyReal is offline
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Combofix Cont.

    + 2000-09-18 22:19:42 58,880 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\LXAAUI.DLL
    + 2000-09-14 23:04:20 32,256 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\printray.dll
    + 2000-09-14 23:03:56 36,864 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\printray.exe
    + 1998-10-07 05:12:54 152,576 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\ptzipw32.dll
    + 2000-03-24 15:02:46 233,057 ----a-w c:\winnt\system32\spool\drivers\w32x86\2\WAVS.EXE
    + 2001-08-18 05:36:18 135,168 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\LXAAFCIC.DLL
    + 2001-08-18 05:36:18 368,640 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\LXAAICUR.DLL
    + 2001-08-18 05:36:18 14,336 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\LXAASRDR.DLL
    + 2001-08-18 05:34:56 4,096 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\LXAASRES.DLL
    + 2001-08-18 05:36:18 176,640 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\LXAASUI.DLL
    + 2001-08-18 05:35:00 1,789,952 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\LXSDCLR1.DLL
    + 2007-03-23 04:24:50 762,880 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\mxdwdrv.dll
    + 2007-03-23 04:24:34 131,584 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\mxdwdui.dll
    - 2001-08-18 06:36:28 129,024 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\ps5ui.dll
    + 2008-04-14 00:12:03 728,576 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\ps5ui.dll
    - 2001-08-18 06:36:28 455,168 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\pscript5.dll
    + 2008-04-14 00:12:03 543,232 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\pscript5.dll
    + 2008-04-14 00:12:07 373,248 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\unidrv.dll
    + 2008-04-14 00:12:07 744,448 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\unidrvui.dll
    + 2007-03-23 05:03:58 761,344 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\unires.dll
    + 2007-03-23 14:07:56 1,683,280 ----a-w c:\winnt\system32\spool\drivers\w32x86\3\XpsSvcs.dll
    + 1996-09-01 17:19:58 73,856 ----a-w c:\winnt\system32\spool\drivers\w32x86\hlp256.dll
    + 1996-09-01 17:18:14 154,624 ----a-w c:\winnt\system32\spool\drivers\w32x86\hlp25632.dll
    + 1997-07-29 21:13:46 41,472 ----a-w c:\winnt\system32\spool\drivers\w32x86\ldeei.dll
    + 2000-09-18 22:19:00 49,664 ----a-w c:\winnt\system32\spool\drivers\w32x86\LEDF.DLL
    + 1997-10-09 19:08:26 79,872 ----a-w c:\winnt\system32\spool\drivers\w32x86\lex_psu.exe
    + 2000-09-18 21:43:46 177,152 ----a-w c:\winnt\system32\spool\drivers\w32x86\lex2kusb.dll
    + 2000-09-14 23:08:12 135,168 ----a-w c:\winnt\system32\spool\drivers\w32x86\LexBce.dll
    + 2000-09-14 23:08:52 287,744 ----a-w c:\winnt\system32\spool\drivers\w32x86\LexBceS.exe
    + 1998-05-20 17:03:40 161,792 ----a-w c:\winnt\system32\spool\drivers\w32x86\lexdrvin.exe
    + 1997-08-03 00:40:02 11,776 ----a-w c:\winnt\system32\spool\drivers\w32x86\lexdwnld.dll
    + 1998-07-15 16:05:18 78,848 ----a-w c:\winnt\system32\spool\drivers\w32x86\lexgo1.exe
    + 2000-09-18 21:44:46 190,976 ----a-w c:\winnt\system32\spool\drivers\w32x86\lexlmpm.dll
    + 2000-09-18 21:43:00 201,728 ----a-w c:\winnt\system32\spool\drivers\w32x86\Lexp2p32.dll
    + 2000-09-14 23:05:58 169,984 ----a-w c:\winnt\system32\spool\drivers\w32x86\Lexpps.exe
    + 2000-09-18 22:21:34 26,624 ----a-w c:\winnt\system32\spool\drivers\w32x86\LEXREG.EXE
    + 2000-09-18 22:21:08 11,776 ----a-w c:\winnt\system32\spool\drivers\w32x86\LEXSTAT.DLL
    + 2000-09-18 22:19:14 58,880 ----a-w c:\winnt\system32\spool\drivers\w32x86\LMPRINT.DLL
    + 2000-09-18 22:18:00 1,143,820 ----a-w c:\winnt\system32\spool\drivers\w32x86\LXAADRIV.DLL
    + 2000-09-18 22:20:14 480,768 ----a-w c:\winnt\system32\spool\drivers\w32x86\LXAASTRN.DLL
    + 2000-09-18 22:20:52 1,128,960 ----a-w c:\winnt\system32\spool\drivers\w32x86\LXAASW32.EXE
    + 2000-09-18 22:19:42 58,880 ----a-w c:\winnt\system32\spool\drivers\w32x86\LXAAUI.DLL
    + 2000-09-14 23:04:20 32,256 ----a-w c:\winnt\system32\spool\drivers\w32x86\PrinTray.dll
    + 2000-09-14 23:03:56 36,864 ----a-w c:\winnt\system32\spool\drivers\w32x86\PrinTray.exe
    + 1998-10-07 05:12:54 152,576 ----a-w c:\winnt\system32\spool\drivers\w32x86\ptzipw32.dll
    + 2000-03-24 15:02:46 233,057 ----a-w c:\winnt\system32\spool\drivers\w32x86\WAVS.EXE
    + 2006-10-15 00:43:18 27,648 ----a-w c:\winnt\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    + 2000-09-18 22:19:14 58,880 ----a-w c:\winnt\system32\spool\prtprocs\w32x86\LMPRINT.DLL
    + 2007-03-23 04:25:42 677,376 ------w c:\winnt\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
    + 2006-10-15 01:13:02 34,304 ----a-w c:\winnt\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
    + 2007-03-23 04:53:16 746,496 ----a-w c:\winnt\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
    + 2007-03-23 04:59:24 2,932,224 ----a-w c:\winnt\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
    + 2007-03-23 04:53:16 746,496 ----a-w c:\winnt\system32\spool\XPSEP\amd64\mxdwdrv.dll
    + 2007-03-23 04:59:24 2,932,224 ----a-w c:\winnt\system32\spool\XPSEP\amd64\xpssvcs.dll
    + 2007-03-23 04:24:50 762,880 ----a-w c:\winnt\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
    + 2007-03-23 14:07:56 1,683,280 ----a-w c:\winnt\system32\spool\XPSEP\i386\i386\xpssvcs.dll
    + 2007-03-23 04:24:50 762,880 ----a-w c:\winnt\system32\spool\XPSEP\i386\mxdwdrv.dll
    + 2007-03-23 14:07:56 1,683,280 ----a-w c:\winnt\system32\spool\XPSEP\i386\xpssvcs.dll
    - 2004-08-04 07:56:45 74,752 ----a-w c:\winnt\system32\spoolss.dll
    + 2008-04-14 00:12:06 75,264 ----a-w c:\winnt\system32\spoolss.dll
    - 2005-06-10 23:53:32 57,856 ----a-w c:\winnt\system32\spoolsv.exe
    + 2008-04-14 00:12:36 57,856 ----a-w c:\winnt\system32\spoolsv.exe
    - 2006-09-26 00:58:48 23,856 ----a-w c:\winnt\system32\spupdsvc.exe
    + 2007-07-27 16:41:38 26,488 ----a-w c:\winnt\system32\spupdsvc.exe
    - 2004-08-04 07:56:57 21,504 ----a-w c:\winnt\system32\spupdwxp.exe
    + 2008-04-14 00:12:36 20,992 ----a-w c:\winnt\system32\spupdwxp.exe
    - 2004-08-04 07:56:45 442,368 ----a-w c:\winnt\system32\sqlsrv32.dll
    + 2008-04-14 00:12:06 442,368 ----a-w c:\winnt\system32\sqlsrv32.dll
    - 2004-08-04 07:56:45 180,800 ----a-w c:\winnt\system32\sqlunirl.dll
    + 2008-04-14 00:12:06 180,800 ----a-w c:\winnt\system32\sqlunirl.dll
    - 2004-08-04 07:56:45 67,584 ----a-w c:\winnt\system32\srclient.dll
    + 2008-04-14 00:12:07 67,584 ----a-w c:\winnt\system32\srclient.dll
    - 2004-08-04 07:56:45 239,104 ----a-w c:\winnt\system32\srrstr.dll
    + 2008-04-14 00:12:07 239,104 ----a-w c:\winnt\system32\srrstr.dll
    - 2004-08-04 07:56:45 170,496 ----a-w c:\winnt\system32\srsvc.dll
    + 2008-04-14 00:12:07 171,008 ----a-w c:\winnt\system32\srsvc.dll
    - 2004-12-07 19:32:34 96,768 ----a-w c:\winnt\system32\srvsvc.dll
    + 2008-04-14 00:12:07 96,768 ----a-w c:\winnt\system32\srvsvc.dll
    - 2004-08-04 07:56:57 704,512 ----a-w c:\winnt\system32\ss3dfo.scr
    + 2008-04-14 00:12:43 704,512 ----a-w c:\winnt\system32\ss3dfo.scr
    - 2004-08-04 07:56:57 19,968 ----a-w c:\winnt\system32\ssbezier.scr
    + 2008-04-14 00:12:43 19,968 ----a-w c:\winnt\system32\ssbezier.scr
    - 2004-08-04 07:56:45 34,816 ----a-w c:\winnt\system32\ssdpapi.dll
    + 2008-04-14 00:12:07 34,816 ----a-w c:\winnt\system32\ssdpapi.dll
    - 2004-08-04 07:56:45 71,680 ----a-w c:\winnt\system32\ssdpsrv.dll
    + 2008-04-14 00:12:07 71,680 ----a-w c:\winnt\system32\ssdpsrv.dll
    - 2004-08-04 07:56:57 393,216 ----a-w c:\winnt\system32\ssflwbox.scr
    + 2008-04-14 00:12:43 393,216 ----a-w c:\winnt\system32\ssflwbox.scr
    - 2007-08-15 22:33:06 200,704 ----a-w c:\winnt\system32\ssldivx.dll
    + 2008-05-22 22:20:42 200,704 ----a-w c:\winnt\system32\ssldivx.dll
    - 2004-08-04 07:56:57 20,992 ----a-w c:\winnt\system32\ssmarque.scr
    + 2008-04-14 00:12:44 20,992 ----a-w c:\winnt\system32\ssmarque.scr
    - 2004-08-04 07:56:57 47,104 ----a-w c:\winnt\system32\ssmypics.scr
    + 2008-04-14 00:12:44 47,104 ----a-w c:\winnt\system32\ssmypics.scr
    - 2004-08-04 07:56:57 18,944 ----a-w c:\winnt\system32\ssmyst.scr
    + 2008-04-14 00:12:44 18,944 ----a-w c:\winnt\system32\ssmyst.scr
    - 2004-08-04 07:56:57 610,304 ----a-w c:\winnt\system32\sspipes.scr
    + 2008-04-14 00:12:44 610,304 ----a-w c:\winnt\system32\sspipes.scr
    - 2004-08-04 07:56:57 14,336 ----a-w c:\winnt\system32\ssstars.scr
    + 2008-04-14 00:12:44 14,336 ----a-w c:\winnt\system32\ssstars.scr
    - 2004-08-04 07:56:57 679,936 ----a-w c:\winnt\system32\sstext3d.scr
    + 2008-04-14 00:12:44 679,936 ----a-w c:\winnt\system32\sstext3d.scr
    + 1998-06-19 05:23:52 27,648 ----a-w c:\winnt\system32\SSUBTMR.DLL
    + 1998-07-09 18:06:42 116,736 ----a-w c:\winnt\system32\stamin32.dll
    - 2003-03-31 12:00:00 54,272 ----a-w c:\winnt\system32\stclient.dll
    + 2008-04-14 00:12:07 59,392 ----a-w c:\winnt\system32\stclient.dll
    - 2004-08-04 07:56:45 67,584 ----a-w c:\winnt\system32\sti.dll
    + 2008-04-14 00:12:07 68,096 ----a-w c:\winnt\system32\sti.dll
    - 2004-08-04 07:56:45 136,704 ----a-w c:\winnt\system32\sti_ci.dll
    + 2008-04-14 00:12:07 136,704 ----a-w c:\winnt\system32\sti_ci.dll
    - 2004-08-04 07:56:57 14,848 ----a-w c:\winnt\system32\stimon.exe
    + 2008-04-14 00:12:36 14,848 ----a-w c:\winnt\system32\stimon.exe
    - 2004-08-04 07:56:45 121,856 ----a-w c:\winnt\system32\stobject.dll
    + 2008-04-14 00:12:07 121,856 ----a-w c:\winnt\system32\stobject.dll
    - 2004-08-04 07:56:45 74,752 ----a-w c:\winnt\system32\storprop.dll
    + 2008-04-14 00:12:07 74,752 ----a-w c:\winnt\system32\storprop.dll
    - 2006-08-21 17:52:08 246,814 ----a-w c:\winnt\system32\strmdll.dll
    + 2008-10-03 10:02:42 247,326 ----a-w c:\winnt\system32\strmdll.dll
    - 2004-08-04 07:56:45 75,776 ----a-w c:\winnt\system32\strmfilt.dll
    + 2008-04-14 00:12:07 75,776 ----a-w c:\winnt\system32\strmfilt.dll
    - 2004-08-04 07:56:57 14,336 ----a-w c:\winnt\system32\svchost.exe
    + 2009-03-20 07:52:37 14,336 ----a-w c:\winnt\system32\svchost.exe
    - 2006-10-19 13:56:32 713,216 ----a-w c:\winnt\system32\sxs.dll
    + 2008-04-14 00:12:07 713,216 ----a-w c:\winnt\system32\sxs.dll
    - 2004-08-04 07:56:46 57,856 ----a-w c:\winnt\system32\synceng.dll
    + 2008-04-14 00:12:07 57,856 ----a-w c:\winnt\system32\synceng.dll
    - 2004-08-04 07:56:46 191,488 ----a-w c:\winnt\system32\syncui.dll
    + 2008-04-14 00:12:07 191,488 ----a-w c:\winnt\system32\syncui.dll
    - 2004-08-04 07:56:57 105,984 ----a-w c:\winnt\system32\sysocmgr.exe
    + 2008-04-14 00:12:37 106,496 ----a-w c:\winnt\system32\sysocmgr.exe
    - 2004-08-04 07:56:46 984,576 ----a-w c:\winnt\system32\syssetup.dll
    + 2008-04-14 00:12:07 990,208 ----a-w c:\winnt\system32\syssetup.dll
    + 2003-03-31 12:00:00 3,360 ----a-w c:\winnt\system32\system.drv
    - 2005-10-17 21:14:46 118,272 ----a-w c:\winnt\system32\t2embed.dll
    + 2008-04-14 00:12:07 117,760 ----a-w c:\winnt\system32\t2embed.dll
    - 2004-08-04 07:56:46 858,624 ----a-w c:\winnt\system32\tapi3.dll
    + 2008-04-14 00:12:07 858,624 ----a-w c:\winnt\system32\tapi3.dll
    - 2004-08-04 07:56:46 181,760 ----a-w c:\winnt\system32\tapi32.dll
    + 2008-04-14 00:12:07 181,760 ----a-w c:\winnt\system32\tapi32.dll
    - 2005-07-08 16:27:56 249,344 ----a-w c:\winnt\system32\tapisrv.dll
    + 2008-04-14 00:12:07 249,856 ----a-w c:\winnt\system32\tapisrv.dll
    - 2004-08-04 07:56:57 135,680 ----a-w c:\winnt\system32\taskmgr.exe
    + 2008-04-14 00:12:37 135,680 ----a-w c:\winnt\system32\taskmgr.exe
    - 2004-08-04 07:56:46 14,848 ----a-w c:\winnt\system32\tcpmib.dll
    + 2008-04-14 00:12:07 14,848 ----a-w c:\winnt\system32\tcpmib.dll
    - 2004-08-04 07:56:46 45,568 ----a-w c:\winnt\system32\tcpmon.dll
    + 2008-04-14 00:12:07 45,568 ----a-w c:\winnt\system32\tcpmon.dll
    - 2004-08-04 07:56:46 45,568 ----a-w c:\winnt\system32\tcpmonui.dll
    + 2008-04-14 00:12:07 45,568 ----a-w c:\winnt\system32\tcpmonui.dll
    - 2005-05-10 23:45:48 75,776 ----a-w c:\winnt\system32\telnet.exe
    + 2008-04-14 00:12:37 75,776 ----a-w c:\winnt\system32\telnet.exe
    - 2004-08-04 07:56:46 358,400 ----a-w c:\winnt\system32\termmgr.dll
    + 2008-04-14 00:12:07 358,400 ----a-w c:\winnt\system32\termmgr.dll
    - 2004-08-04 07:56:46 295,424 ----a-w c:\winnt\system32\termsrv.dll
    + 2008-04-14 00:12:07 295,424 ----a-w c:\winnt\system32\termsrv.dll
    - 2004-08-04 07:56:46 385,536 ----a-w c:\winnt\system32\themeui.dll
    + 2008-04-14 00:12:07 385,536 ----a-w c:\winnt\system32\themeui.dll
    + 2003-03-31 12:00:00 4,048 ----a-w c:\winnt\system32\timer.drv
    - 2004-08-04 07:56:57 347,136 ----a-w c:\winnt\system32\tourstart.exe
    + 2008-04-14 00:12:38 347,136 ----a-w c:\winnt\system32\tourstart.exe
    - 2004-08-04 07:56:57 12,288 ----a-w c:\winnt\system32\tracert.exe
    + 2008-04-14 00:12:38 12,288 ----a-w c:\winnt\system32\tracert.exe
    - 2003-03-31 12:00:00 11,264 ----a-w c:\winnt\system32\tree.com
    + 2008-04-14 00:12:42 12,800 ----a-w c:\winnt\system32\tree.com
    - 2004-08-04 07:56:46 90,624 ----a-w c:\winnt\system32\trkwks.dll
    + 2008-04-14 00:12:07 90,112 ----a-w c:\winnt\system32\trkwks.dll
    - 2004-08-04 07:56:46 93,696 ----a-w c:\winnt\system32\tscfgwmi.dll
    + 2008-04-14 00:12:07 93,696 ----a-w c:\winnt\system32\tscfgwmi.dll
    - 2004-08-04 08:01:07 12,168 ----a-w c:\winnt\system32\tsddd.dll
    + 2008-04-14 00:13:21 12,168 ----a-w c:\winnt\system32\tsddd.dll
    + 2008-04-14 00:12:07 53,248 ------w c:\winnt\system32\tsgqec.dll
    + 2008-04-14 00:12:07 50,688 ------w c:\winnt\system32\tspkg.dll
    + 2007-10-09 20:58:20 16,896 ----a-w c:\winnt\system32\tswpfwrp.exe
    - 2004-08-04 07:56:46 44,032 ----a-w c:\winnt\system32\twext.dll
    + 2008-04-14 00:12:07 57,856 ----a-w c:\winnt\system32\twext.dll
    - 2005-07-26 04:39:49 101,376 ----a-w c:\winnt\system32\txflog.dll
    + 2008-04-14 00:12:07 101,376 ----a-w c:\winnt\system32\txflog.dll
    - 2007-07-18 12:42:22 60,416 ----a-w c:\winnt\system32\tzchange.exe
    + 2008-10-23 10:06:59 62,976 ----a-w c:\winnt\system32\tzchange.exe
    - 2004-08-04 07:56:46 25,600 ----a-w c:\winnt\system32\udhisapi.dll
    + 2008-04-14 00:12:07 26,624 ----a-w c:\winnt\system32\udhisapi.dll
    + 2007-10-09 21:03:08 161,304 ----a-w c:\winnt\system32\UIAutomationCore.dll
    - 2004-08-04 07:56:46 275,456 ----a-w c:\winnt\system32\ulib.dll
    + 2008-04-14 00:12:07 275,456 ----a-w c:\winnt\system32\ulib.dll
    - 2004-08-04 07:56:46 35,840 ----a-w c:\winnt\system32\umandlg.dll
    + 2008-04-14 00:12:07 35,840 ----a-w c:\winnt\system32\umandlg.dll
    - 2005-08-23 03:35:42 123,392 ----a-w c:\winnt\system32\umpnpmgr.dll
    + 2008-04-14 00:12:07 123,392 ----a-w c:\winnt\system32\umpnpmgr.dll
    - 2004-08-04 07:56:46 74,240 ----a-w c:\winnt\system32\unimdmat.dll
    + 2008-04-14 00:12:07 74,240 ----a-w c:\winnt\system32\unimdmat.dll
    - 2004-08-04 07:56:46 13,824 ----a-w c:\winnt\system32\uniplat.dll
    + 2008-04-14 00:12:07 13,824 ----a-w c:\winnt\system32\uniplat.dll
    - 2004-08-04 07:56:46 316,416 ----a-w c:\winnt\system32\untfs.dll
    + 2008-04-14 00:12:07 316,416 ----a-w c:\winnt\system32\untfs.dll
    - 2004-08-04 07:56:46 132,608 ----a-w c:\winnt\system32\upnp.dll
    + 2008-04-14 00:12:08 133,632 ----a-w c:\winnt\system32\upnp.dll
    - 2004-08-04 07:56:57 16,896 ----a-w c:\winnt\system32\upnpcont.exe
    + 2008-04-14 00:12:38 16,896 ----a-w c:\winnt\system32\upnpcont.exe
    - 2007-02-05 20:17:02 185,344 ----a-w c:\winnt\system32\upnphost.dll
    + 2008-04-14 00:12:08 185,856 ----a-w c:\winnt\system32\upnphost.dll
    - 2004-08-04 07:56:46 239,616 ----a-w c:\winnt\system32\upnpui.dll
    + 2008-04-14 00:12:08 239,616 ----a-w c:\winnt\system32\upnpui.dll
    - 2004-08-04 07:56:57 18,432 ----a-w c:\winnt\system32\ups.exe
    + 2008-04-14 00:12:38 18,432 ----a-w c:\winnt\system32\ups.exe
    - 2007-08-20 10:04:42 105,984 ----a-w c:\winnt\system32\url.dll
    + 2008-12-20 23:15:39 105,984 ----a-w c:\winnt\system32\url.dll
    - 2007-08-20 10:04:42 1,152,000 ----a-w c:\winnt\system32\urlmon.dll
    + 2008-12-20 23:15:40 1,160,192 ----a-w c:\winnt\system32\urlmon.dll
    - 2004-08-04 07:56:46 16,896 ----a-w c:\winnt\system32\usbmon.dll
    + 2008-04-14 00:12:08 16,896 ----a-w c:\winnt\system32\usbmon.dll
    - 2004-08-04 07:56:46 74,240 ----a-w c:\winnt\system32\usbui.dll
    + 2008-04-14 00:12:08 74,240 ----a-w c:\winnt\system32\usbui.dll
    - 2007-03-08 15:36:28 577,536 ----a-w c:\winnt\system32\user32.dll
    + 2008-04-14 00:12:08 578,560 ----a-w c:\winnt\system32\user32.dll
    - 2004-08-04 07:56:46 723,456 ----a-w c:\winnt\system32\userenv.dll
    + 2008-04-14 00:12:08 727,040 ----a-w c:\winnt\system32\userenv.dll
    - 2005-04-27 23:15:36 17,920 ----a-w c:\winnt\system32\usmt\cobramsg.dll
    + 2008-04-13 16:44:16 17,920 ----a-w c:\winnt\system32\usmt\cobramsg.dll
    - 2005-04-28 19:16:29 133,120 ----a-w c:\winnt\system32\usmt\guitrn.dll
    + 2008-04-14 00:11:54 133,120 ----a-w c:\winnt\system32\usmt\guitrn.dll
    - 2005-04-28 19:16:29 115,200 ----a-w c:\winnt\system32\usmt\guitrna.dll
    + 2008-04-14 00:11:54 115,200 ----a-w c:\winnt\system32\usmt\guitrna.dll
    + 2008-04-13 16:44:29 2,560 ----a-w c:\winnt\system32\usmt\iconlib.dll
    - 2005-04-28 19:16:29 19,968 ----a-w c:\winnt\system32\usmt\log.dll
    + 2008-04-14 00:11:56 19,968 ----a-w c:\winnt\system32\usmt\log.dll
    - 2005-04-28 19:16:29 274,432 ----a-w c:\winnt\system32\usmt\migism.dll
    + 2008-04-14 00:11:57 274,432 ----a-w c:\winnt\system32\usmt\migism.dll
    - 2005-04-28 20:16:30 261,120 ----a-w c:\winnt\system32\usmt\migisma.dll
    + 2008-04-14 00:11:57 261,120 ----a-w c:\winnt\system32\usmt\migisma.dll
    - 2005-04-28 00:12:58 103,424 ----a-w c:\winnt\system32\usmt\migload.exe
    + 2008-04-14 00:12:25 103,936 ----a-w c:\winnt\system32\usmt\migload.exe
    - 2005-04-28 00:12:57 245,248 ----a-w c:\winnt\system32\usmt\migwiz.exe
    + 2008-04-14 00:12:25 245,248 ----a-w c:\winnt\system32\usmt\migwiz.exe
    - 2005-04-28 00:12:57 241,152 ----a-w c:\winnt\system32\usmt\migwiza.exe
    + 2008-04-14 00:12:25 241,152 ----a-w c:\winnt\system32\usmt\migwiza.exe
    - 2005-04-28 19:16:29 215,552 ----a-w c:\winnt\system32\usmt\script.dll
    + 2008-04-14 00:12:05 215,552 ----a-w c:\winnt\system32\usmt\script.dll
    - 2005-04-28 19:16:29 199,680 ----a-w c:\winnt\system32\usmt\scripta.dll
    + 2008-04-14 00:12:05 199,680 ----a-w c:\winnt\system32\usmt\scripta.dll
    - 2005-04-28 19:16:29 193,024 ----a-w c:\winnt\system32\usmt\sysmod.dll
    + 2008-04-14 00:12:07 193,024 ----a-w c:\winnt\system32\usmt\sysmod.dll
    - 2005-04-28 19:16:29 173,568 ----a-w c:\winnt\system32\usmt\sysmoda.dll
    + 2008-04-14 00:12:07 173,568 ----a-w c:\winnt\system32\usmt\sysmoda.dll
    - 2004-08-04 07:56:46 406,528 ----a-w c:\winnt\system32\usp10.dll
    + 2008-04-14 00:12:08 406,016 ----a-w c:\winnt\system32\usp10.dll
    - 2004-08-04 07:56:57 50,176 ----a-w c:\winnt\system32\utilman.exe
    + 2008-04-14 00:12:38 50,176 ----a-w c:\winnt\system32\utilman.exe
    - 2004-08-04 07:56:46 218,624 ----a-w c:\winnt\system32\uxtheme.dll
    + 2008-04-14 00:12:08 218,624 ----a-w c:\winnt\system32\uxtheme.dll
    + 1998-06-18 08:00:00 89,360 ----a-w c:\winnt\system32\VB5DB.DLL
    - 2004-08-04 07:56:46 30,749 ----a-w c:\winnt\system32\vbajet32.dll
    + 2008-04-14 00:12:08 30,749 ----a-w c:\winnt\system32\vbajet32.dll
    - 2006-10-17 20:33:40 413,696 ----a-w c:\winnt\system32\vbscript.dll
    + 2008-05-09 10:53:40 430,080 ----a-w c:\winnt\system32\vbscript.dll
    - 2004-08-04 07:56:46 26,112 ----a-w c:\winnt\system32\vdmdbg.dll
    + 2008-04-14 00:12:08 26,112 ----a-w c:\winnt\system32\vdmdbg.dll
    - 2004-08-04 07:56:46 51,712 ----a-w c:\winnt\system32\vdmredir.dll
    + 2008-04-14 00:12:08 51,712 ----a-w c:\winnt\system32\vdmredir.dll
    - 2006-03-17 00:38:01 28,672 ----a-w c:\winnt\system32\verclsid.exe
    + 2008-04-14 00:12:38 28,672 ----a-w c:\winnt\system32\verclsid.exe
    - 2003-03-31 12:00:00 13,312 ----a-w c:\winnt\system32\verifier.dll
    + 2008-04-14 00:12:08 26,624 ----a-w c:\winnt\system32\verifier.dll
    - 2004-08-04 07:56:46 18,944 ----a-w c:\winnt\system32\version.dll
    + 2008-04-14 00:12:08 18,944 ----a-w c:\winnt\system32\version.dll
    + 2008-04-14 00:12:08 53,760 ----a-w c:\winnt\system32\vfwwdm32.dll
    + 2003-03-31 12:00:00 2,176 ----a-w c:\winnt\system32\vga.drv
    + 2007-09-03 13:35:28 966,656 ----a-w c:\winnt\system32\VSFilter.dll
    - 2004-08-04 07:56:46 430,592 ----a-w c:\winnt\system32\vssapi.dll
    + 2008-04-14 00:12:08 430,592 ----a-w c:\winnt\system32\vssapi.dll
    - 2004-08-04 07:56:57 289,792 ----a-w c:\winnt\system32\vssvc.exe
    + 2008-04-14 00:12:38 289,792 ----a-w c:\winnt\system32\vssvc.exe
    - 2004-08-04 07:56:46 174,592 ----a-w c:\winnt\system32\w32time.dll
    + 2008-04-14 00:12:08 175,104 ----a-w c:\winnt\system32\w32time.dll
    - 2004-08-04 07:56:46 15,872 ----a-w c:\winnt\system32\w3ssl.dll
    + 2008-04-14 00:12:08 15,872 ----a-w c:\winnt\system32\w3ssl.dll
    - 2004-08-04 06:07:32 17,664 ----a-w c:\winnt\system32\watchdog.sys
    + 2008-04-13 18:44:59 17,664 ----a-w c:\winnt\system32\watchdog.sys
    - 2003-03-31 12:00:00 208,896 ----a-w c:\winnt\system32\wavemsp.dll
    + 2008-04-14 00:12:08 215,552 ----a-w c:\winnt\system32\wavemsp.dll
    - 2004-08-04 07:56:41 1,352,192 ----a-w c:\winnt\system32\wbem\cimwin32.dll
    + 2008-04-14 00:11:50 1,358,848 ----a-w c:\winnt\system32\wbem\cimwin32.dll
    - 2004-08-04 07:56:42 247,808 ----a-w c:\winnt\system32\wbem\esscli.dll
    + 2008-04-14 00:11:53 247,808 ----a-w c:\winnt\system32\wbem\esscli.dll
    - 2004-08-04 07:56:42 22,016 ----a-w c:\winnt\system32\wbem\evntrprv.dll
    + 2008-04-14 00:11:53 21,504 ----a-w c:\winnt\system32\wbem\evntrprv.dll
    - 2004-08-04 07:56:42 472,064 ----a-w c:\winnt\system32\wbem\fastprox.dll
    + 2008-04-14 00:11:53 472,064 ----a-w c:\winnt\system32\wbem\fastprox.dll
    - 2004-08-04 07:56:42 185,856 ----a-w c:\winnt\system32\wbem\framedyn.dll
    + 2008-04-14 00:11:53 185,344 ----a-w c:\winnt\system32\wbem\framedyn.dll
    - 2004-08-04 07:56:42 24,576 ----a-w c:\winnt\system32\wbem\krnlprov.dll
    + 2008-04-14 00:11:56 24,576 ----a-w c:\winnt\system32\wbem\krnlprov.dll
    - 2004-08-04 07:56:51 16,384 ----a-w c:\winnt\system32\wbem\mofcomp.exe
    + 2008-04-14 00:12:26 16,384 ----a-w c:\winnt\system32\wbem\mofcomp.exe
    - 2004-08-04 07:56:42 123,904 ----a-w c:\winnt\system32\wbem\mofd.dll
    + 2008-04-14 00:11:57 123,904 ----a-w c:\winnt\system32\wbem\mofd.dll
    - 2004-08-04 07:56:44 47,104 ----a-w c:\winnt\system32\wbem\ncprov.dll
    + 2008-04-14 00:12:01 47,104 ----a-w c:\winnt\system32\wbem\ncprov.dll
    - 2004-08-04 07:56:44 212,992 ----a-w c:\winnt\system32\wbem\ntevt.dll
    + 2008-04-14 00:12:02 212,992 ----a-w c:\winnt\system32\wbem\ntevt.dll
    - 2004-08-04 07:56:44 237,056 ----a-w c:\winnt\system32\wbem\provthrd.dll
    + 2008-04-14 00:12:03 237,056 ----a-w c:\winnt\system32\wbem\provthrd.dll
    - 2004-08-04 07:56:44 177,152 ----a-w c:\winnt\system32\wbem\repdrvfs.dll
    + 2008-04-14 00:12:04 178,176 ----a-w c:\winnt\system32\wbem\repdrvfs.dll
    - 2004-08-04 07:56:55 36,864 ----a-w c:\winnt\system32\wbem\scrcons.exe
    + 2008-04-14 00:12:34 36,352 ----a-w c:\winnt\system32\wbem\scrcons.exe
    - 2004-08-04 07:56:45 86,528 ----a-w c:\winnt\system32\wbem\stdprov.dll
    + 2008-04-14 00:12:07 86,528 ----a-w c:\winnt\system32\wbem\stdprov.dll
    - 2004-08-04 07:56:46 131,584 ----a-w c:\winnt\system32\wbem\viewprov.dll
    + 2008-04-14 00:12:08 131,584 ----a-w c:\winnt\system32\wbem\viewprov.dll
    - 2004-08-04 07:56:46 196,608 ----a-w c:\winnt\system32\wbem\wbemcntl.dll
    + 2008-04-14 00:12:08 196,608 ----a-w c:\winnt\system32\wbem\wbemcntl.dll
    - 2004-08-04 07:56:46 214,528 ----a-w c:\winnt\system32\wbem\wbemcomn.dll
    + 2008-04-14 00:12:08 214,528 ----a-w c:\winnt\system32\wbem\wbemcomn.dll
    - 2004-08-04 07:56:46 71,680 ----a-w c:\winnt\system32\wbem\wbemcons.dll
    + 2008-04-14 00:12:08 71,680 ----a-w c:\winnt\system32\wbem\wbemcons.dll
    - 2004-08-04 07:56:46 530,944 ----a-w c:\winnt\system32\wbem\wbemcore.dll
    + 2008-04-14 00:12:08 531,456 ----a-w c:\winnt\system32\wbem\wbemcore.dll
    - 2004-08-04 07:56:46 178,176 ----a-w c:\winnt\system32\wbem\wbemdisp.dll
    + 2008-04-14 00:12:08 178,176 ----a-w c:\winnt\system32\wbem\wbemdisp.dll
    - 2004-08-04 07:56:46 273,920 ----a-w c:\winnt\system32\wbem\wbemess.dll
    + 2008-04-14 00:12:08 273,920 ----a-w c:\winnt\system32\wbem\wbemess.dll
    - 2004-08-04 07:56:46 43,008 ----a-w c:\winnt\system32\wbem\wbemperf.dll
    + 2008-04-14 00:12:08 43,008 ----a-w c:\winnt\system32\wbem\wbemperf.dll
    - 2004-08-04 07:56:46 18,944 ----a-w c:\winnt\system32\wbem\wbemprox.dll
    + 2008-04-14 00:12:08 18,944 ----a-w c:\winnt\system32\wbem\wbemprox.dll
    - 2004-08-04 07:56:46 43,520 ----a-w c:\winnt\system32\wbem\wbemsvc.dll
    + 2008-04-14 00:12:08 43,520 ----a-w c:\winnt\system32\wbem\wbemsvc.dll
    - 2004-08-04 07:56:57 116,224 ----a-w c:\winnt\system32\wbem\wbemtest.exe
    + 2008-04-14 00:12:39 116,224 ----a-w c:\winnt\system32\wbem\wbemtest.exe
    - 2004-08-04 07:56:46 197,120 ----a-w c:\winnt\system32\wbem\wbemupgd.dll
    + 2008-04-14 00:12:08 197,120 ----a-w c:\winnt\system32\wbem\wbemupgd.dll
    - 2004-08-04 07:56:57 196,608 ----a-w c:\winnt\system32\wbem\wmiadap.exe
    + 2008-04-14 00:12:40 196,608 ----a-w c:\winnt\system32\wbem\wmiadap.exe
    - 2004-08-04 07:56:35 6,656 ----a-w c:\winnt\system32\wbem\wmiapres.dll
    + 2008-04-13 17:10:20 6,656 ----a-w c:\winnt\system32\wbem\wmiapres.dll
    - 2004-08-04 07:56:46 89,088 ----a-w c:\winnt\system32\wbem\wmiaprpl.dll
    + 2008-04-14 00:12:09 88,576 ----a-w c:\winnt\system32\wbem\wmiaprpl.dll
    - 2004-08-04 07:56:57 126,464 ----a-w c:\winnt\system32\wbem\wmiapsrv.exe
    + 2008-04-14 00:12:40 126,464 ----a-w c:\winnt\system32\wbem\wmiapsrv.exe
    - 2004-08-04 07:56:46 60,928 ----a-w c:\winnt\system32\wbem\wmicookr.dll
    + 2008-04-14 00:12:09 60,928 ----a-w c:\winnt\system32\wbem\wmicookr.dll
    - 2004-08-04 07:56:46 140,800 ----a-w c:\winnt\system32\wbem\wmidcprv.dll
    + 2008-04-14 00:12:09 140,800 ----a-w c:\winnt\system32\wbem\wmidcprv.dll
    - 2004-08-04 07:56:46 156,672 ----a-w c:\winnt\system32\wbem\wmipcima.dll
    + 2008-04-14 00:12:09 156,672 ----a-w c:\winnt\system32\wbem\wmipcima.dll
    - 2004-08-04 07:56:46 132,096 ----a-w c:\winnt\system32\wbem\wmipdskq.dll
    + 2008-04-14 00:12:09 132,096 ----a-w c:\winnt\system32\wbem\wmipdskq.dll
    - 2004-08-04 07:56:46 62,464 ----a-w c:\winnt\system32\wbem\wmipiprt.dll
    + 2008-04-14 00:12:09 61,952 ----a-w c:\winnt\system32\wbem\wmipiprt.dll
    - 2004-08-04 07:56:46 62,976 ----a-w c:\winnt\system32\wbem\wmipjobj.dll
    + 2008-04-14 00:12:09 62,464 ----a-w c:\winnt\system32\wbem\wmipjobj.dll
    - 2004-08-04 07:56:46 144,896 ----a-w c:\winnt\system32\wbem\wmiprov.dll
    + 2008-04-14 00:12:09 144,896 ----a-w c:\winnt\system32\wbem\wmiprov.dll
    - 2004-08-04 07:56:46 437,248 ----a-w c:\winnt\system32\wbem\wmiprvsd.dll
    + 2008-04-14 00:12:09 437,248 ----a-w c:\winnt\system32\wbem\wmiprvsd.dll
    - 2004-08-04 07:56:57 218,112 ----a-w c:\winnt\system32\wbem\wmiprvse.exe
    + 2008-04-14 00:12:40 218,112 ----a-w c:\winnt\system32\wbem\wmiprvse.exe
    - 2004-08-04 07:56:46 41,472 ----a-w c:\winnt\system32\wbem\wmipsess.dll
    + 2008-04-14 00:12:09 41,472 ----a-w c:\winnt\system32\wbem\wmipsess.dll
    - 2004-08-04 07:56:46 144,896 ----a-w c:\winnt\system32\wbem\wmisvc.dll
    + 2008-04-14 00:12:09 144,896 ----a-w c:\winnt\system32\wbem\wmisvc.dll
    - 2004-08-04 07:56:46 95,232 ----a-w c:\winnt\system32\wbem\wmiutils.dll
    + 2008-04-14 00:12:09 95,232 ----a-w c:\winnt\system32\wbem\wmiutils.dll
    - 2006-03-24 04:37:50 49,152 ----a-w c:\winnt\system32\wdigest.dll
    + 2008-04-14 00:12:08 49,152 ----a-w c:\winnt\system32\wdigest.dll
    + 2008-04-14 00:12:45 23,552 ----a-w c:\winnt\system32\wdmaud.drv
    - 2007-08-20 10:04:42 232,960 ----a-w c:\winnt\system32\webcheck.dll
    + 2008-12-20 23:15:40 233,472 ----a-w c:\winnt\system32\webcheck.dll
    - 2006-01-04 03:35:05 68,096 ----a-w c:\winnt\system32\webclnt.dll
    + 2008-04-14 00:12:08 68,096 ----a-w c:\winnt\system32\webclnt.dll
    - 2004-08-04 07:56:46 135,680 ----a-w c:\winnt\system32\webvw.dll
    + 2008-04-14 00:12:08 135,680 ----a-w c:\winnt\system32\webvw.dll
    - 2004-08-04 07:56:57 65,536 ----a-w c:\winnt\system32\wextract.exe
    + 2008-04-14 00:12:39 65,024 ----a-w c:\winnt\system32\wextract.exe
    + 2003-03-31 12:00:00 13,600 ----a-w c:\winnt\system32\wfwnet.drv
    - 2004-08-04 07:56:57 433,664 ----a-w c:\winnt\system32\wiaacmgr.exe
    + 2008-04-14 00:12:39 433,664 ----a-w c:\winnt\system32\wiaacmgr.exe
    - 2004-08-04 07:56:46 463,360 ----a-w c:\winnt\system32\wiadefui.dll
    + 2008-04-14 00:12:08 463,360 ----a-w c:\winnt\system32\wiadefui.dll
    - 2004-08-04 07:56:46 124,416 ----a-w c:\winnt\system32\wiadss.dll
    + 2008-04-14 00:12:08 124,416 ----a-w c:\winnt\system32\wiadss.dll
    - 2004-08-04 07:56:46 75,776 ----a-w c:\winnt\system32\wiascr.dll
    + 2008-04-14 00:12:08 75,776 ----a-w c:\winnt\system32\wiascr.dll
    - 2006-12-19 18:16:47 333,824 ----a-w c:\winnt\system32\wiaservc.dll
    + 2008-04-14 00:12:08 333,824 ----a-w c:\winnt\system32\wiaservc.dll
    - 2004-08-04 07:56:46 589,312 ----a-w c:\winnt\system32\wiashext.dll
    + 2008-04-14 00:12:08 589,312 ----a-w c:\winnt\system32\wiashext.dll
    - 2004-08-04 07:56:46 111,104 ----a-w c:\winnt\system32\wiavideo.dll
    + 2008-04-14 00:12:08 111,104 ----a-w c:\winnt\system32\wiavideo.dll
    - 2007-03-08 13:47:48 1,843,584 ----a-w c:\winnt\system32\win32k.sys
    + 2009-02-09 11:13:27 1,846,784 ----a-w c:\winnt\system32\win32k.sys
    - 2004-08-04 07:56:46 101,888 ----a-w c:\winnt\system32\win32spl.dll
    + 2008-04-14 00:12:08 102,400 ----a-w c:\winnt\system32\win32spl.dll
    - 2004-08-04 07:56:35 937,984 ----a-w c:\winnt\system32\winbrand.dll
    + 2008-04-13 16:48:53 1,647,616 ----a-w c:\winnt\system32\winbrand.dll
    + 2008-04-14 00:12:08 712,704 ------w c:\winnt\system32\windowscodecs.dll
    + 2008-04-14 00:12:08 346,112 ------w c:\winnt\system32\windowscodecsext.dll
    - 2004-08-04 07:56:46 351,232 ----a-w c:\winnt\system32\winhttp.dll
    + 2008-04-14 00:12:08 354,304 ----a-w c:\winnt\system32\winhttp.dll
    - 2007-08-20 10:04:43 824,832 ----a-w c:\winnt\system32\wininet.dll
    + 2008-12-20 23:15:41 826,368 ----a-w c:\winnt\system32\wininet.dll
    - 2004-08-04 07:56:46 32,768 ----a-w c:\winnt\system32\winipsec.dll
    + 2008-04-14 00:12:09 32,256 ----a-w c:\winnt\system32\winipsec.dll
    - 2004-08-04 07:56:57 502,272 ----a-w c:\winnt\system32\winlogon.exe
    + 2008-04-14 00:12:39 507,904 ----a-w c:\winnt\system32\winlogon.exe
    - 2004-08-04 07:56:46 176,128 ----a-w c:\winnt\system32\winmm.dll
    + 2008-04-14 00:12:09 176,128 ----a-w c:\winnt\system32\winmm.dll
    - 2004-08-04 07:56:35 764,928 ----a-w c:\winnt\system32\winntbbu.dll
    + 2008-04-14 00:11:11 756,224 ----a-w c:\winnt\system32\winntbbu.dll
    - 2004-08-04 07:56:46 16,896 ----a-w c:\winnt\system32\winrnr.dll
    + 2008-04-14 00:12:09 16,896 ----a-w c:\winnt\system32\winrnr.dll
    - 2004-08-04 07:56:46 99,328 ----a-w c:\winnt\system32\winscard.dll
    + 2008-04-14 00:12:09 99,328 ----a-w c:\winnt\system32\winscard.dll
    - 2004-08-04 07:56:46 17,408 ----a-w c:\winnt\system32\winshfhc.dll
    + 2008-04-14 00:12:09 17,408 ----a-w c:\winnt\system32\winshfhc.dll
    + 2003-03-31 12:00:00 2,864 ----a-w c:\winnt\system32\winsock.dll
    + 2008-04-14 00:12:45 146,432 ----a-w c:\winnt\system32\winspool.drv
    + 2003-03-31 12:00:00 2,112 ----a-w c:\winnt\system32\winspool.exe
    - 2007-03-17 13:43:01 292,864 ----a-w c:\winnt\system32\winsrv.dll
    + 2008-04-14 00:12:09 293,376 ----a-w c:\winnt\system32\winsrv.dll
    - 2004-08-04 07:56:46 53,760 ----a-w c:\winnt\system32\winsta.dll
    + 2008-04-14 00:12:09 53,760 ----a-w c:\winnt\system32\winsta.dll
    - 2004-08-04 07:56:46 176,640 ----a-w c:\winnt\system32\wintrust.dll
    + 2008-04-14 00:12:09 176,640 ----a-w c:\winnt\system32\wintrust.dll
    - 2004-08-04 07:56:57 5,632 ----a-w c:\winnt\system32\winver.exe
    + 2008-04-14 00:12:40 5,632 ----a-w c:\winnt\system32\winver.exe
    - 2006-08-17 12:28:27 132,096 ----a-w c:\winnt\system32\wkssvc.dll
    + 2008-04-14 00:12:09 132,096 ----a-w c:\winnt\system32\wkssvc.dll
    + 2008-04-14 00:12:09 69,120 ------w c:\winnt\system32\wlanapi.dll
    - 2004-08-04 07:56:46 172,032 ----a-w c:\winnt\system32\wldap32.dll
    + 2008-04-14 00:12:09 172,032 ----a-w c:\winnt\system32\wldap32.dll
    - 2004-08-04 07:56:46 92,672 ----a-w c:\winnt\system32\wlnotify.dll
    + 2008-04-14 00:12:09 92,672 ----a-w c:\winnt\system32\wlnotify.dll
    - 2006-10-19 05:47:18 222,208 ----a-w c:\winnt\system32\wmasf.dll
    + 2007-10-28 01:40:30 222,720 ----a-w c:\winnt\system32\wmasf.dll
    - 2004-08-04 07:56:35 5,632 ----a-w c:\winnt\system32\wmi.dll
    + 2008-04-14 00:11:15 5,632 ----a-w c:\winnt\system32\wmi.dll
    - 2006-10-19 05:47:20 937,984 ----a-w c:\winnt\system32\WMNetMgr.dll
    + 2008-06-18 13:03:08 938,496 ----a-w c:\winnt\system32\WMNetmgr.dll
    - 2007-06-12 06:51:12 10,834,944 ----a-w c:\winnt\system32\wmp.dll
    + 2008-11-12 01:34:42 10,838,016 ----a-w c:\winnt\system32\wmp.dll
    - 2006-10-19 05:47:20 295,936 ----a-w c:\winnt\system32\wmpeffects.dll
    + 2008-06-25 01:12:58 295,936 ----a-w c:\winnt\system32\wmpeffects.dll
    + 2008-04-14 00:12:09 276,992 ------w c:\winnt\system32\wmphoto.dll
    - 2004-08-04 07:56:46 115,200 ----a-w c:\winnt\system32\wmsdmoe.dll
    + 2008-04-14 00:12:09 115,200 ----a-w c:\winnt\system32\wmsdmoe.dll
    - 2004-08-04 07:56:46 303,616 ----a-w c:\winnt\system32\wmstream.dll
    + 2008-04-14 00:12:10 303,616 ----a-w c:\winnt\system32\wmstream.dll
    - 2006-10-19 05:47:22 2,450,944 ----a-w c:\winnt\system32\wmvcore.dll
    + 2008-06-18 13:03:14 2,458,112 ----a-w c:\winnt\system32\WMVCore.dll
    - 2004-08-04 07:56:46 264,192 ----a-w c:\winnt\system32\wow32.dll
    + 2008-04-14 00:12:10 264,192 ----a-w c:\winnt\system32\wow32.dll
    + 2003-03-31 12:00:00 2,736 ----a-w c:\winnt\system32\wowdeb.exe
    - 2004-08-04 07:56:57 32,256 ----a-w c:\winnt\system32\wpabaln.exe
    + 2008-04-14 00:12:40 32,256 ----a-w c:\winnt\system32\wpabaln.exe
    - 2004-08-04 07:56:57 32,256 ----a-w c:\winnt\system32\wpnpinst.exe
    + 2008-04-14 00:12:41 11,264 ----a-w c:\winnt\system32\wpnpinst.exe
    - 2004-08-04 07:56:46 82,944 ----a-w c:\winnt\system32\ws2_32.dll
    + 2008-04-14 00:12:10 82,432 ----a-w c:\winnt\system32\ws2_32.dll
    - 2004-08-04 07:56:46 19,968 ----a-w c:\winnt\system32\ws2help.dll
    + 2008-04-14 00:12:10 19,968 ----a-w c:\winnt\system32\ws2help.dll
    - 2004-08-04 07:56:57 13,824 ----a-w c:\winnt\system32\wscntfy.exe
    + 2008-04-14 00:12:41 13,824 ----a-w c:\winnt\system32\wscntfy.exe
    - 2004-08-04 07:56:57 114,688 ----a-w c:\winnt\system32\wscript.exe
    + 2008-05-08 11:24:44 155,648 ----a-w c:\winnt\system32\wscript.exe
    - 2004-08-04 07:56:46 81,408 ----a-w c:\winnt\system32\wscsvc.dll
    + 2008-04-14 00:12:10 80,896 ----a-w c:\winnt\system32\wscsvc.dll
    - 2004-08-04 07:56:46 108,032 ----a-w c:\winnt\system32\wshbth.dll
    + 2008-04-14 00:12:10 108,032 ----a-w c:\winnt\system32\wshbth.dll
    - 2004-08-04 07:56:46 28,672 ----a-w c:\winnt\system32\wshcon.dll
    + 2008-04-14 00:12:10 36,864 ----a-w c:\winnt\system32\wshcon.dll
    - 2004-08-04 07:56:46 65,536 ----a-w c:\winnt\system32\wshext.dll
    + 2008-05-09 10:53:40 90,112 ----a-w c:\winnt\system32\wshext.dll
    - 2004-08-04 07:56:46 14,336 ----a-w c:\winnt\system32\wship6.dll
    + 2008-04-14 00:12:10 14,336 ----a-w c:\winnt\system32\wship6.dll
    - 2004-08-04 07:56:46 11,776 ----a-w c:\winnt\system32\wshrm.dll
    + 2008-04-14 00:12:10 11,264 ----a-w c:\winnt\system32\wshrm.dll
    - 2004-08-04 07:56:46 19,968 ----a-w c:\winnt\system32\wshtcpip.dll
    + 2008-04-14 00:12:10 19,456 ----a-w c:\winnt\system32\wshtcpip.dll
    - 2004-08-04 07:56:46 42,496 ----a-w c:\winnt\system32\wsnmp32.dll
    + 2008-04-14 00:12:10 41,984 ----a-w c:\winnt\system32\wsnmp32.dll
    - 2004-08-04 07:56:46 22,528 ----a-w c:\winnt\system32\wsock32.dll
    + 2008-04-14 00:12:10 22,528 ----a-w c:\winnt\system32\wsock32.dll
    - 2004-08-04 07:56:46 50,688 ----a-w c:\winnt\system32\wstdecod.dll
    + 2008-04-14 00:12:10 50,688 ----a-w c:\winnt\system32\wstdecod.dll
    - 2004-08-04 07:56:46 18,432 ----a-w c:\winnt\system32\wtsapi32.dll
    + 2008-04-14 00:12:10 18,432 ----a-w c:\winnt\system32\wtsapi32.dll
    - 2007-07-31 02:19:36 549,720 ----a-w c:\winnt\system32\wuapi.dll
    + 2008-10-16 22:12:20 561,688 ----a-w c:\winnt\system32\wuapi.dll
    - 2007-07-31 02:19:16 53,080 ----a-w c:\winnt\system32\wuauclt.exe
    + 2008-10-16 22:09:44 51,224 ----a-w c:\winnt\system32\wuauclt.exe
    - 2007-07-31 02:19:42 1,712,984 ----a-w c:\winnt\system32\wuaueng.dll
    + 2008-10-16 22:13:40 1,809,944 ----a-w c:\winnt\system32\wuaueng.dll
    - 2004-08-04 07:56:46 6,656 ----a-w c:\winnt\system32\wuauserv.dll
    + 2008-04-14 00:12:11 6,656 ----a-w c:\winnt\system32\wuauserv.dll
    - 2007-07-31 02:19:32 325,976 ----a-w c:\winnt\system32\wucltui.dll
    + 2008-10-16 22:12:22 323,608 ----a-w c:\winnt\system32\wucltui.dll
    - 2007-07-31 02:18:40 33,624 ----a-w c:\winnt\system32\wups.dll
    + 2008-10-16 22:08:58 34,328 ----a-w c:\winnt\system32\wups.dll
    - 2007-07-31 02:19:12 43,352 ----a-w c:\winnt\system32\wups2.dll
    + 2008-10-16 22:09:44 43,544 ----a-w c:\winnt\system32\wups2.dll
    - 2007-07-31 02:19:28 203,096 ----a-w c:\winnt\system32\wuweb.dll
    + 2008-10-16 22:13:40 202,776 ----a-w c:\winnt\system32\wuweb.dll
    - 2004-08-04 07:56:46 378,368 ----a-w c:\winnt\system32\wzcdlg.dll
    + 2008-04-14 00:12:11 383,488 ----a-w c:\winnt\system32\wzcdlg.dll
    - 2004-08-04 07:56:46 51,712 ----a-w c:\winnt\system32\wzcsapi.dll
    + 2008-04-14 00:12:11 52,736 ----a-w c:\winnt\system32\wzcsapi.dll
    - 2004-08-04 07:56:46 359,936 ----a-w c:\winnt\system32\wzcsvc.dll
    + 2008-04-14 00:12:11 483,840 ----a-w c:\winnt\system32\wzcsvc.dll
    - 2004-08-04 07:56:46 91,648 ----a-w c:\winnt\system32\xactsrv.dll
    + 2008-04-14 00:12:11 91,648 ----a-w c:\winnt\system32\xactsrv.dll
    - 2004-08-04 07:56:57 30,720 ----a-w c:\winnt\system32\xcopy.exe
    + 2008-04-14 00:12:41 30,720 ----a-w c:\winnt\system32\xcopy.exe
    - 2006-07-14 15:51:51 121,856 ----a-w c:\winnt\system32\xmllite.dll
    + 2008-04-14 00:12:11 121,856 ----a-w c:\winnt\system32\xmllite.dll
    - 2004-08-04 07:56:46 129,536 ----a-w c:\winnt\system32\xmlprov.dll
    + 2008-04-14 00:12:11 129,024 ----a-w c:\winnt\system32\xmlprov.dll
    - 2004-08-04 07:56:46 50,176 ----a-w c:\winnt\system32\xmlprovi.dll
    + 2008-04-14 00:12:11 50,176 ----a-w c:\winnt\system32\xmlprovi.dll
    - 2006-03-01 19:42:42 11,776 ----a-w c:\winnt\system32\xolehlp.dll
    + 2008-04-14 00:12:11 11,776 ----a-w c:\winnt\system32\xolehlp.dll
    - 2004-08-04 07:56:36 438,784 ----a-w c:\winnt\system32\xpob2res.dll
    + 2008-04-13 17:39:29 438,784 ----a-w c:\winnt\system32\xpob2res.dll
    - 2004-08-04 07:56:36 187,392 ----a-w c:\winnt\system32\xpsp1res.dll
    + 2008-04-13 17:39:22 187,392 ----a-w c:\winnt\system32\xpsp1res.dll
    - 2004-08-04 07:56:36 2,897,920 ----a-w c:\winnt\system32\xpsp2res.dll
    + 2008-04-13 17:39:24 2,897,920 ----a-w c:\winnt\system32\xpsp2res.dll
    - 2007-10-29 10:04:03 350,720 ----a-w c:\winnt\system32\xpsp3res.dll
    + 2008-04-13 17:39:26 689,152 ----a-w c:\winnt\system32\xpsp3res.dll
    + 2007-03-23 14:07:54 583,504 ------w c:\winnt\system32\XPSSHHDR.dll
    + 2007-03-23 14:07:56 1,683,280 ------w c:\winnt\system32\XpsSvcs.dll
  9. 2009-03-24, 00:29 #29
    RallyReal
    RallyReal is offline
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Combofix End

    + 2007-10-09 21:03:08 308,760 ----a-w c:\winnt\system32\XPSViewer\XPSViewer.exe
    + 2008-04-27 17:33:36 765,952 ----a-w c:\winnt\system32\xvidcore.dll
    + 2008-04-27 17:35:28 180,224 ----a-w c:\winnt\system32\xvidvfw.dll
    - 2004-08-04 07:56:46 337,920 ----a-w c:\winnt\system32\zipfldr.dll
    + 2008-04-14 00:12:11 338,432 ----a-w c:\winnt\system32\zipfldr.dll
    + 2009-03-22 23:04:42 16,384 ----atw c:\winnt\TEMP\Perflib_Perfdata_11c.dat
    - 2004-08-04 07:56:46 50,688 ----a-w c:\winnt\twain_32.dll
    + 2008-04-14 00:12:07 50,688 ----a-w c:\winnt\twain_32.dll
    + 2008-02-28 04:50:34 2,543 ----a-w c:\winnt\unins000.dat
    + 2008-02-28 04:48:50 691,545 ----a-w c:\winnt\unins000.exe
    + 1997-04-09 03:08:10 299,520 ----a-w c:\winnt\uninst.exe
    + 2000-08-31 15:00:00 49,152 ----a-w c:\winnt\VFIND.exe
    - 2004-08-04 07:56:57 283,648 ----a-w c:\winnt\winhlp32.exe
    + 2008-04-14 00:12:39 283,648 ----a-w c:\winnt\winhlp32.exe
    + 2008-01-02 08:33:00 8,192 ----a-w c:\winnt\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    - 2007-01-19 20:15:24 74,802 ----a-w c:\winnt\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
    + 2008-04-14 00:12:50 74,802 ----a-w c:\winnt\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
    - 2007-01-19 20:15:24 995,383 ----a-w c:\winnt\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
    + 2008-04-14 00:12:50 995,383 ----a-w c:\winnt\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
    - 2007-01-19 20:15:24 1,011,774 ----a-w c:\winnt\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
    + 2008-04-14 00:12:50 1,011,774 ----a-w c:\winnt\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
    - 2007-01-19 20:15:24 401,462 ----a-w c:\winnt\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
    + 2008-04-14 00:12:50 401,462 ----a-w c:\winnt\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
    + 2007-10-24 09:47:56 479,232 ----a-w c:\winnt\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll
    + 2007-10-24 09:47:56 558,080 ----a-w c:\winnt\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
    + 2007-10-24 09:47:56 635,904 ----a-w c:\winnt\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
    + 2008-04-14 00:12:51 1,054,208 ----a-w c:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    + 2008-04-14 00:12:51 57,344 ----a-w c:\winnt\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
    + 2008-04-14 00:12:51 343,040 ----a-w c:\winnt\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
    + 2008-04-15 17:54:19 1,724,416 ----a-w c:\winnt\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
    + 2008-04-14 00:12:47 1,724,416 ----a-w c:\winnt\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll
    + 2008-04-15 17:47:33 1,724,416 ----a-w c:\winnt\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
    - 2004-08-04 07:56:59 853,504 ----a-w c:\winnt\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
    + 2008-04-14 00:12:49 853,504 ----a-w c:\winnt\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
    - 2004-08-04 07:56:59 991,232 ----a-w c:\winnt\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
    + 2008-04-14 00:12:50 991,232 ----a-w c:\winnt\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
    - 2004-08-04 07:55:56 132,096 ----a-w c:\winnt\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
    + 2008-04-13 18:26:33 132,096 ----a-w c:\winnt\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
    - 2007-07-11 08:01:51 258,048 ----a-w c:\winnt\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2008-01-02 08:33:12 258,048 ----a-w c:\winnt\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2007-07-11 08:01:51 114,176 ----a-w c:\winnt\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2008-01-02 08:33:12 113,664 ----a-w c:\winnt\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2000-08-31 15:00:00 68,096 ----a-w c:\winnt\zip.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-13 c:\winnt\system32\narrator.exe]

    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    Screen Saver Control.lnk - c:\winnt\FSScrCtl.exe [2004-01-24 249344]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    GetRight - Tray Icon.lnk - c:\program files\GetRight\getright.exe [2005-09-24 4628752]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PIM1"= pclepim1.dll
    "vidc.ffds"= ffdshow.ax
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
    "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service
    "<NO NAME>"=
    "57156:TCP"= 57156:TCP:Pando P2P TCP Listening Port
    "57156:UDP"= 57156:UDP:Pando P2P UDP Listening Port

    R2 LicCtrlService;LicCtrl Service;c:\winnt\Runservice.exe [2008-10-15 2560]
    R3 FLASHREADER;USB Reader;c:\winnt\system32\drivers\camusb.sys [1979-12-31 25216]
    S1 117d6292;117d6292;c:\winnt\system32\drivers\117d6292.sys --> c:\winnt\system32\drivers\117d6292.sys [?]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-11 33752]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    MespW
    Ouken
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-14 c:\winnt\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://images.google.com/imghp?ie=UTF-8&tab=wi
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://www.yahoo.com
    uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
    uInternet Settings,ProxyOverride = *.local
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Download with Go!Zilla - file://c:\program files\BP Go!Zilla v4.1\download-with-gozilla.html
    IE: Search &Dictionary - c:\program files\Lexico\Toolbar\dictionary.htm
    IE: Search &Thesaurus - c:\program files\Lexico\Toolbar\thesaurus.htm
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/barnyardinvasion/sis/slgwebinstall.cab
    DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/ghostfrenzy/sis/axhost.cab
    DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - hxxp://www.typingmaster.com/contents/tm2002/oneclick/TMSetup.cab
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\kj32c38l.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - GoogleCOM
    FF - prefs.js: browser.startup.homepage - hxxp://images.google.com/imghp?hl=en&tab=wi
    FF - prefs.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGetRt.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

    ---- FIREFOX POLICIES ----

    FF - user.js: browser.search.selectedEngine - GoogleCOM
    FF - user.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-22 16:05:21
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0]
    "1"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,b4,b6,07,c1,1b,95,01,
    2f
    "2"=hex:e4,d7,da,38,b0,b5,3c,88,a2,01,5f,80,71,fc,07,41,22,5f,c1,26,5d,01,8c,
    86
    "3"=hex:d5,3e,50,00,82,25,c9,f6,dd,f6,18,c9,99,5b,70,06,53,86,fb,a3,af,c0,18,
    8b,f9,e5,ef,ce,f2,5f,47,59,1f,2b,25,f6,12,48,81,74

    [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \04F7528984592EA0\FD1E79A92259B5BC6F3673C7C70B3F80]
    "1"=hex:a0,05,e5,14,70,56,59,19,19,f2,d5,d0,45,ea,42,c8,7b,0e,8f,12,8d,fe,0d,
    89,e7,25,77,a8,98,63,f3,0c
    "2"=hex:03,13,8a,80,bd,85,45,8e
    "3"=hex:a2,64,f1,6f,8c,e0,34,8f,eb,ec,fc,19,df,46,d2,40,db,d8,17,55,7a,be,5f,
    f2,d1,db,11,d7,36,8b,87,3b,b3,9c,c1,5b,f3,80,c3,dd,1b,84,70,63,e0,09,0c,1f,\
    "4"=hex:bd,75,77,15,24,56,01,85
    "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
    1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
    "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
    51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
    "7"=hex:c9,3a,93,65,d5,aa,5c,a5,af,ff,f0,6c,ea,dc,3b,16,d5,46,14,1e,de,21,e3,
    92,5e,f6,28,50,86,1e,42,82,78,98,b2,16,ef,bb,c5,35,e6,7b,97,84,6e,7c,e4,9d,\
    "8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,d5,51,9f,32,fb,06,fa,
    8c,e8,22,fe,5a,96,f6,72,ff,b7,d3,87,b3,8d,54,9f,32,5f,3a,e2,a1,97,10,45,b9,\
    "9"=hex:81,20,8f,ab,28,6a,52,9c
    "18"=hex:70,56,26,33,e3,20,f8,ab
    "10"=hex:c7,b0,18,85,7b,39,96,ed
    "11"=hex:81,20,8f,ab,28,6a,52,9c
    "12"=hex:81,20,8f,ab,28,6a,52,9c
    "13"=hex:81,20,8f,ab,28,6a,52,9c
    "14"=hex:81,20,8f,ab,28,6a,52,9c
    "24"=hex:81,20,8f,ab,28,6a,52,9c
    "26"=hex:81,20,8f,ab,28,6a,52,9c
    "27"=hex:81,20,8f,ab,28,6a,52,9c
    "19"=hex:81,20,8f,ab,28,6a,52,9c
    "22"=hex:81,20,8f,ab,28,6a,52,9c
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\winnt\system32\ati2evxx.exe
    c:\winnt\system32\LexBceS.exe
    c:\winnt\system32\Lexpps.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\winnt\system32\WLTRYSVC.EXE
    c:\winnt\system32\BCMWLTRY.EXE
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\winnt\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-03-22 16:10:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-03-22 23:10:19
    ComboFix2.txt 2007-12-01 11:50:02

    Pre-Run: 10,452,537,344 bytes free
    Post-Run: 10,616,643,584 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    10767 --- E O F --- 2009-03-20 08:00:11
  10. 2009-03-24, 00:30 #30
    RallyReal
    RallyReal is offline
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default virtumonde

    Thank you again for your help. I think I'll just keep saying it. I think that's everything with the combofix log. Thank you thank you thank you.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules