Help Requested With Massive Malware Removal

[ginus]

Hello All.

My laptop is infected quite severly with various trojans and the like.

Kapersky returns this in the log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 11, 2007 8:28:19 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/10/2007
Kaspersky Anti-Virus database records: 431155
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 82068
Number of viruses found: 23
Number of infected objects: 19839
Number of suspicious objects: 2
Duration of the scan process: 01:07:56



I did not post the rest of the log due to the size.

I have run Spybot in regular and safe mode without making much progress.

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:11 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [dcsm] "C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOL Music Now] "C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe"
O4 - HKLM\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6426] command /c del "C:\Documents and Settings\Rob Lindberg\Start Menu\Programs\Startup\svchost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1186] cmd /c del "C:\Documents and Settings\Rob Lindberg\Start Menu\Programs\Startup\svchost.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Filter hijack: text/html - {030215A3-6E97-4e7c-ACBE-64BBB004FD62} - C:\Documents and Settings\Karen Lindberg\Application Data\iebar.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: fbfbcbafdeacd - C:\WINDOWS\system32\fbfbcbafdeacd.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10487 bytes




Any help is greatly appreciated!

 

[shelf life]

hi ginus,

before using hjt please disable spybots tea timer so hjt can make some changes, like this:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

next:
scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.


O4 - HKLM\..\Run: [dcsm] "C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe"

O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe

O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe

O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe

O4 - HKUS\S-1-5-18\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe (User 'Default user')

O18 - Filter hijack: text/html - {030215A3-6E97-4e7c-ACBE-64BBB004FD62} - C:\Documents and Settings\Karen Lindberg\Application Data\iebar.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat

O20 - Winlogon Notify: fbfbcbafdeacd - C:\WINDOWS\system32\fbfbcbafdeacd.dll (file missing)
----------------------------------------
next:
Please download ComboFix (by sUBs) from one of the following links:

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Save it to the Desktop.
Double-click combofix.exe and follow the prompts.

CAUTION: Do not mouse-click ComboFix's window while it is running.
It may cause it to stall.

When finished, it produces a log.

Please provide the contents of the ComboFix log in your reply.
---------------------
your avg anti virus is up to date?
post a new hjt log and the combofix log.

shelf life

 

[ginus]

Thank you, Shelf Life. I will try this tonight.

 

[ginus]

I am running the latest AVG app and definitions.

Here is the log from ComboFix:

ComboFix 07-10-12.4 - Rob Lindberg 2007-10-12 21:15:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.137 [GMT -4:00]
Running from: C:\Documents and Settings\Rob Lindberg\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\country.exe
C:\Documents and Settings\Karen Lindberg\Application Data\antivirus.exe
C:\Documents and Settings\Karen Lindberg\Application Data\DriveCleaner Free
C:\Documents and Settings\Karen Lindberg\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Karen Lindberg\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Karen Lindberg\Application Data\drvcleaner.exe
C:\Documents and Settings\Karen Lindberg\Application Data\errsafer.exe
C:\Documents and Settings\Karen Lindberg\Application Data\install.dat
C:\Documents and Settings\Karen Lindberg\Application Data\install.dat
C:\Documents and Settings\Karen Lindberg\Application Data\privprotect.exe
C:\Documents and Settings\Karen Lindberg\err.log
C:\Documents and Settings\Karen Lindberg\ResErrors.log
C:\Documents and Settings\Karen Lindberg\Start Menu\Programs\Startup\info.exe
C:\Documents and Settings\Karen Lindberg\Start Menu\Programs\Startup\info.exe
C:\Documents and Settings\Karen Lindberg\Start Menu\Programs\Startup\svchost.exe
C:\Documents and Settings\Karen Lindberg\Start Menu\Programs\Startup\system.exe
C:\Documents and Settings\Rob Lindberg\Application Data\install.dat
C:\Documents and Settings\Rob Lindberg\Application Data\install.dat
C:\kl1.exe
C:\ms1.exe
C:\Program Files\paytime.exe
C:\tool1.exe
C:\tool2.exe
C:\tool3.exe
C:\tool4.exe
C:\tool5.exe
C:\toolbar.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\hosts
C:\WINDOWS\system32\4_exception.nls
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\gln.dll
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\vtr.dll
C:\WINDOWS\system32\vtr.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_POOF
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\runtime


((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.

2007-10-12 21:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 20:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-11 18:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-11 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-11 18:50 1,308,216 --a------ C:\HiJackThis_v2.exe
2007-10-11 18:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-11 18:21 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-11 00:57 140,288 --a------ C:\vcleaner.exe
2007-10-11 00:42 <DIR> d-------- C:\Documents and Settings\Rob Lindberg\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-10 22:20 <DIR> d-------- C:\VundoFix Backups
2007-10-10 21:54 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 17:56 195,602 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\mcrupdate.exe
2007-10-09 17:56 1,772 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\antivir.exe
2007-10-09 17:31 9,098 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\spoolsvc.dll
2007-10-08 16:28 41,984 --a------ C:\WINDOWS\xxsdsa.exe
2007-10-08 16:28 22,697 --a------ C:\WINDOWS\denvic.exe
2007-10-08 14:47 16,384 --a------ C:\WINDOWS\mraera.exe
2007-10-04 10:39 20,992 --a------ C:\WINDOWS\pdoakac.exe
2007-10-04 10:38 113,152 --a------ C:\WINDOWS\mteadea.exe
2007-10-04 10:38 12,288 --a------ C:\WINDOWS\mraerea.exe
2007-10-04 10:37 9,728 --a------ C:\WINDOWS\exploeee.exe
2007-09-29 10:43 138,264 --a------ C:\Documents and Settings\Karen Lindberg\Application Data\prprotect.exe
2007-09-19 17:07 1,565 --a------ C:\Documents and Settings\Karen Lindberg\xl10050.exe
2007-09-19 17:06 1,776 --a------ C:\Documents and Settings\Karen Lindberg\Application Data\antivir.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 22:52 --------- d-----w C:\Documents and Settings\Rob Lindberg\Application Data\Gtek
2007-10-11 22:11 --------- d-----w C:\Program Files\Common Files\Real
2007-10-11 22:10 --------- d-----w C:\Program Files\QuickTime
2007-10-11 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-13 23:57 --------- d-----w C:\Documents and Settings\Karen Lindberg\Application Data\ultra
2007-07-02 14:20 2 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\xxx.exe
2007-01-14 02:40 29,184 ----a-w C:\Documents and Settings\Rob Lindberg\uovouvwo.exe
2006-07-10 22:14 64,096 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\GDIPFONTCACHEV1.DAT
2006-04-18 00:49 0 ----a-w C:\Program Files\secure32.html
2005-01-06 09:17 95,696 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\sysdoctor.exe
2004-11-12 14:28 44,032 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\iebar.dll
2006-01-19 01:07:43 56 --sh--r C:\WINDOWS\system32\E655BAE80E.sys
2006-01-19 01:07:43 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SmcService"="C:\PROGRA~1\Sygate\SPF\Smc.exe" [2003-01-21 15:55]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 16:02]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 10:38]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 16:02]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" []
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"AOL Music Now"="C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe" []
"findfast"="C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-11 00:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"findfast"="C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll, xlibgfl254.dll, append.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AOL ACS"=2 (0x2)


*Newly Created Service* - SHAREDACCESS
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 21:24:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-12 21:26:22 - machine was rebooted
.
--- E O F ---


Here is the log from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:47 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOL Music Now] "C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe"
O4 - HKLM\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9313 bytes


Thanks in advance.

 

[shelf life]

hi ginus,

ok good thanks for the info. one more download to get and use:

Download SmitfraudFix (by S!Ri) to your Desktop:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip


Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named: c:\rapport.txt

stop and post a new HijackThis log along with the contents of the c:\rapport.txt.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

shelf life

 

[ginus]

Thanks for the reply.

Here is the SmitfraudFix log:

SmitFraudFix v2.240

Scan done at 14:28:21.43, Sat 10/13/2007
Run from C:\Documents and Settings\Rob Lindberg\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\exploeee.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\gopa.exe FOUND !
C:\WINDOWS\system32\hadjajr.ini FOUND !
C:\WINDOWS\system32\oleext.dll FOUND !
C:\WINDOWS\system32\vtr???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rob Lindberg


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rob Lindberg\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ROBLIN~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\secure32.html FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 24.92.226.9
DNS Server Search Order: 24.92.226.102

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:07 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOL Music Now] "C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe"
O4 - HKLM\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192246852328
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9623 bytes


Thanks!

 

[shelf life]

hi ginus,

ok good. time to run the second part of the smitfraudfix.
best to do it in safe mode:

copy/paste this part into notepad and save it somewhere so you can find it in safe mode:
to reach safe mode you would tap the f8 key during a computer restart, chose the first option form the list:safe mode, log in to your usual account.
--------------------------------------------------
in safe mode:

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
-------------------------------------
after the above please run combofix once more and post:
the smitfraudfix log
the new combofix log

shelf life

 

[ginus]

Done.

Here is the SmitFraud log. The host section makes it ridiculously long. I'll post it in sections if you feel it is necessary:

SmitFraudFix v2.240

Scan done at 19:12:30.17, Sat 10/13/2007
Run from C:\Documents and Settings\Rob Lindberg\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com

----lots of lines----


127.0.0.1 www.zurrusco.com
127.0.0.1 zurrusco.com
127.0.0.1 zvimigdal.com
127.0.0.1 www.zxlinks.com
127.0.0.1 zxlinks.com
127.0.0.1 zyban-zocor-levitra.com

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\exploeee.exe Deleted
C:\WINDOWS\system32\gopa.exe Deleted
C:\WINDOWS\system32\oleext.dll Deleted
C:\WINDOWS\system32\vtr???.dll Deleted
C:\Program Files\secure32.html Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\hadjajr.ini Please, Reboot and Run SmitfraudFix option 2 once again.


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[ginus]

And the ComboFix log:

+ 2004-09-15 17:27:54 122,880 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmlaunch.exe
+ 2007-04-30 12:20:24 5,537,792 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-09-15 17:28:00 135,168 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-09-15 17:28:00 77,824 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-09-15 17:28:00 282,624 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-09-15 17:28:00 28,672 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpenc.exe
+ 2004-09-15 17:28:00 1,589,760 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpencen.dll
+ 2004-09-15 17:28:00 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-09-15 17:28:00 3,371,008 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-09-15 17:28:00 86,016 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2004-09-15 17:28:00 175,104 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpsrcwp.dll
+ 2006-09-16 05:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 05:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 23:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll

 

[ginus]

I'll try again. Part 1 of the ComboFix log:

ComboFix 07-10-12.4 - Rob Lindberg 2007-10-13 19:21:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.175 [GMT -4:00]
Running from: C:\Documents and Settings\Rob Lindberg\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.

2007-10-13 19:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-13 19:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-13 19:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-13 19:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-13 19:12 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-13 14:28 4,554 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-12 23:09 389,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-12 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-12 23:06 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-12 23:06 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-12 23:06 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-12 23:04 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-12 22:59 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-10-12 22:06 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-12 22:05 <DIR> d-------- C:\Program Files\MSBuild
2007-10-12 22:01 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-10-12 22:00 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-10-12 21:59 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-10-12 21:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-10-12 21:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-12 21:54 2,129,920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2007-10-12 21:54 757,760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2007-10-12 21:54 86,016 --a------ C:\WINDOWS\system32\preflib.dll
2007-10-12 21:54 69,632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll
2007-10-12 21:54 33,664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
2007-10-12 21:46 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-10-12 21:46 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-10-12 21:46 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-10-12 21:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 20:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-11 18:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-11 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-11 18:50 1,308,216 --a------ C:\HiJackThis_v2.exe
2007-10-11 18:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-11 18:21 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-11 00:57 140,288 --a------ C:\vcleaner.exe
2007-10-11 00:42 <DIR> d-------- C:\Documents and Settings\Rob Lindberg\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-10 22:20 <DIR> d-------- C:\VundoFix Backups
2007-10-10 21:54 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 17:56 195,602 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\mcrupdate.exe
2007-10-09 17:56 1,772 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\antivir.exe
2007-10-09 17:31 9,098 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\spoolsvc.dll
2007-10-08 16:28 41,984 --a------ C:\WINDOWS\xxsdsa.exe
2007-10-08 16:28 22,697 --a------ C:\WINDOWS\denvic.exe
2007-10-08 14:47 16,384 --a------ C:\WINDOWS\mraera.exe
2007-10-04 10:39 20,992 --a------ C:\WINDOWS\pdoakac.exe
2007-10-04 10:38 113,152 --a------ C:\WINDOWS\mteadea.exe
2007-10-04 10:38 12,288 --a------ C:\WINDOWS\mraerea.exe
2007-09-29 10:43 138,264 --a------ C:\Documents and Settings\Karen Lindberg\Application Data\prprotect.exe
2007-09-19 17:07 1,565 --a------ C:\Documents and Settings\Karen Lindberg\xl10050.exe
2007-09-19 17:06 1,776 --a------ C:\Documents and Settings\Karen Lindberg\Application Data\antivir.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 23:10 5,348 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-13 03:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 03:46 --------- d-----w C:\Program Files\Dell
2007-10-13 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-10-11 22:11 --------- d-----w C:\Program Files\Common Files\Real
2007-10-11 22:10 --------- d-----w C:\Program Files\QuickTime
2007-10-11 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-13 23:57 --------- d-----w C:\Documents and Settings\Karen Lindberg\Application Data\ultra
2007-09-06 20:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 23:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-02 14:20 2 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\xxx.exe
2007-01-14 02:40 29,184 ----a-w C:\Documents and Settings\Rob Lindberg\uovouvwo.exe
2006-07-10 22:14 64,096 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\GDIPFONTCACHEV1.DAT
2005-01-06 09:17 95,696 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\sysdoctor.exe
2004-11-12 14:28 44,032 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\iebar.dll
2006-01-19 01:07:43 56 --sh--r C:\WINDOWS\system32\E655BAE80E.sys
2006-01-19 01:07:43 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-12_21.25.14.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-11 16:35:59 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2p.dll
+ 2006-10-11 16:35:59 104,960 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pgasvc.dll
+ 2006-10-11 16:35:59 313,344 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pgraph.dll
+ 2006-10-11 16:35:59 115,712 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pnetsh.dll
+ 2006-10-11 16:35:59 553,984 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2psvc.dll
+ 2006-10-11 16:35:59 58,880 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\pnrpnsp.dll
+ 2006-09-26 08:51:38 212,480 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920342\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920342\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920342\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920342\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920342\update\updspapi.dll
+ 2006-10-04 10:40:05 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2006-10-04 10:40:06 53,760 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 10:40:06 215,552 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2006-10-04 14:05:57 35,840 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\umandlg.dll
+ 2006-10-04 10:40:06 50,176 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\updspapi.dll
+ 2006-11-13 06:02:15 116,736 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\lhmstsc.exe
+ 2006-11-13 06:02:15 1,866,240 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\lhmstscx.dll
+ 2006-11-13 06:02:15 288,768 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tscuinst.vbs
+ 2006-11-13 06:02:15 36,352 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tsgqec.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925876\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925876\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\spcustom.dll
+ 2006-11-13 06:02:58 38,400 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\tscupdatecustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\updspapi.dll
+ 2004-11-18 14:44:50 209,632 -c----w C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe
+ 2004-11-18 14:45:18 371,936 -c----w C:\WINDOWS\$NtUninstallKB891122$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 116,224 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2p.dll
+ 2004-08-04 10:00:00 86,016 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pgasvc.dll
+ 2004-08-04 10:00:00 312,320 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pgraph.dll
+ 2004-08-04 10:00:00 88,064 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pnetsh.dll
+ 2004-08-04 10:00:00 526,848 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2psvc.dll
+ 2004-08-04 10:00:00 48,640 -c----w C:\WINDOWS\$NtUninstallKB920342$\pnrpnsp.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB920342$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 72,704 -c----w C:\WINDOWS\$NtUninstallKB925720$\magnify.exe
+ 2004-08-04 10:00:00 53,760 -c----w C:\WINDOWS\$NtUninstallKB925720$\narrator.exe
+ 2004-08-04 10:00:00 215,552 -c----w C:\WINDOWS\$NtUninstallKB925720$\osk.exe
+ 2005-10-12 23:16:49 213,216 -c----w C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56 371,424 -c----w C:\WINDOWS\$NtUninstallKB925720$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 35,840 -c----w C:\WINDOWS\$NtUninstallKB925720$\umandlg.dll
+ 2004-08-04 10:00:00 50,176 -c----w C:\WINDOWS\$NtUninstallKB925720$\utilman.exe
+ 2004-08-04 10:00:00 407,552 -c----w C:\WINDOWS\$NtUninstallKB925876$\mstsc.exe
+ 2004-08-04 10:00:00 655,360 -c----w C:\WINDOWS\$NtUninstallKB925876$\mstscax.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB925876$\spuninst\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
+ 2006-10-19 01:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
+ 2006-10-19 01:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2006-11-01 22:31:34 315,904 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
+ 2006-09-25 21:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2006-09-25 21:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2006-10-16 20:10:58 221,488 -c----w C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe
+ 2006-10-16 20:10:58 379,184 -c----w C:\WINDOWS\$NtUninstallWIC$\spuninst\updspapi.dll
+ 2004-09-15 17:28:06 480,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\audiodev.dll
+ 2005-01-28 17:44:28 294,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2005-01-28 17:44:28 164,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2005-01-28 17:44:28 502,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2005-01-28 17:44:28 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2005-01-28 17:44:28 96,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2004-08-04 10:00:00 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2004-08-04 10:00:00 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2004-08-04 10:00:00 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2005-01-28 17:44:28 142,336 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2005-01-28 17:44:28 25,088 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2005-01-28 17:44:28 173,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2005-01-28 17:44:28 364,784 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2005-01-28 17:44:28 315,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2005-01-28 17:44:28 221,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-16 22:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2006-05-16 22:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2006-11-02 15:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2005-01-28 17:44:28 47,104 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
+ 2005-01-28 17:44:28 15,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
+ 2005-01-28 17:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2005-01-28 17:44:28 396,528 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2005-01-28 17:44:28 716,288 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2005-01-28 17:44:28 224,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
+ 2005-01-28 17:44:28 28,160 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2005-01-28 17:44:28 33,792 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2005-01-28 17:44:28 335,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2005-01-28 17:44:28 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2005-01-28 17:44:28 150,016 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2005-01-28 17:44:28 1,027,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2005-01-28 17:44:28 774,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2005-01-28 17:44:28 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2005-01-28 19:44:28 819,200 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe
+ 2005-01-28 17:44:28 413,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2005-01-28 17:44:28 940,544 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2005-01-28 17:44:28 1,218,808 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2005-01-28 17:44:28 1,512,448 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
+ 2005-01-28 17:44:28 2,370,296 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
+ 2005-01-28 17:44:28 895,736 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2005-01-28 17:44:28 1,003,008 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2005-01-28 17:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2005-01-28 17:44:28 61,952 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
+ 2005-01-28 17:44:28 114,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2005-01-28 17:44:28 66,560 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2005-01-28 17:44:28 331,264 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
+ 2005-01-28 17:44:28 18,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
+ 2004-09-15 17:28:06 8,192 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
+ 2004-09-15 17:27:52 344,064 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll

 

[ginus]

Part 2:

+ 2004-09-23 00:46:04 819,200 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
+ 2006-05-16 22:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2006-05-16 22:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2004-09-15 17:27:54 192,512 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
+ 2004-09-15 17:27:54 189,440 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
+ 2004-09-15 17:27:54 122,880 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmlaunch.exe
+ 2007-04-30 12:20:24 5,537,792 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-09-15 17:28:00 135,168 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-09-15 17:28:00 77,824 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-09-15 17:28:00 282,624 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-09-15 17:28:00 28,672 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpenc.exe
+ 2004-09-15 17:28:00 1,589,760 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpencen.dll
+ 2004-09-15 17:28:00 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-09-15 17:28:00 3,371,008 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-09-15 17:28:00 86,016 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2004-09-15 17:28:00 175,104 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpsrcwp.dll
+ 2006-09-16 05:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 05:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 23:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2007-10-13 02:00:38 151,552 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-10-13 02:01:18 3,915,776 ----a-w C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2007-10-13 02:01:22 344,064 ----a-w C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2007-10-13 02:00:38 352,256 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2007-10-13 02:01:18 593,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2007-10-13 02:01:18 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2007-10-13 02:01:21 184,320 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2007-10-13 02:01:21 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2007-10-13 02:01:21 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2007-10-13 02:01:21 151,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2007-10-13 02:01:20 4,972,544 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2007-10-13 02:01:20 897,024 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2007-10-13 02:01:22 528,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2007-10-13 02:00:39 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2007-10-13 02:00:39 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2007-10-13 02:00:39 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2007-10-13 02:00:40 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2007-10-13 02:00:40 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2007-10-13 02:00:43 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2007-10-13 02:00:43 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2007-10-13 02:00:41 5,623,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2007-10-13 02:01:22 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2007-10-13 02:05:09 1,108,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2007-10-13 02:05:10 1,641,272 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2007-10-13 02:05:09 588,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2007-10-13 02:01:21 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2007-10-13 02:01:21 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2007-10-13 02:01:20 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2007-10-13 02:01:20 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2007-10-13 02:01:18 1,167,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2007-10-13 02:01:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2007-10-13 03:52:21 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\ea42d7294d0496c4b81b5698383835e2\ComSvcConfig.ni.exe
+ 2007-10-13 03:52:28 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6402f5a81a68017188ba9b24a73cf7c3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2007-10-13 03:52:26 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\d1087bdb136a10b01ff884f927ae82ba\Microsoft.Transactions.Bridge.ni.dll
+ 2007-10-13 02:02:03 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\9243aa36665a75662f1d59d403faecb1\Microsoft.VisualC.ni.dll
+ 2007-10-13 03:53:19 1,568,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e93b6376afd494a9fc81eed875ea29e0\PresentationBuildTasks.ni.dll
+ 2007-10-13 02:03:04 40,448 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b4cfc6ddaee930535792b2a7c4c8cc92\PresentationCFFRasterizer.ni.dll
+ 2007-10-13 02:03:03 11,984,896 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\e464f99432204c8bbf67b44459f4fa18\PresentationCore.ni.dll
+ 2007-10-13 02:04:56 48,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4901e5dec936a79c18f0960796d05c9c\PresentationFontCache.ni.exe
+ 2007-10-13 02:04:55 393,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\06b6deda7d175c895e062f0ea5c68ad1\PresentationFramework.Aero.ni.dll
+ 2007-10-13 02:04:50 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0e3292d46d353e0423018160d0ba53fc\PresentationFramework.Classic.ni.dll
+ 2007-10-13 02:04:30 14,680,064 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43d2f60da1dd03f05b8bbf13e791e1f9\PresentationFramework.ni.dll
+ 2007-10-13 02:04:52 270,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c1c4d02ff8e228046456aae042b8d201\PresentationFramework.Royale.ni.dll
+ 2007-10-13 02:04:51 548,864 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e2ae6990fad677869a6b9db4ce74df41\PresentationFramework.Luna.ni.dll
+ 2007-10-13 02:04:36 1,982,464 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\789186c85e2c9a47d9ccb3e6efad1bfc\PresentationUI.ni.dll
+ 2007-10-13 02:04:46 2,396,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\50d61959bfc570016a93b8c72cdae7f1\ReachFramework.ni.dll
+ 2007-10-13 03:52:29 135,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\8135fba136671154323d108c20545a25\ServiceModelReg.ni.exe
+ 2007-10-13 03:52:30 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\d785a43e2e848909583c135793478ad7\SMDiagnostics.ni.dll
+ 2007-10-13 03:52:32 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4a4f4b6222fdd6efff9c517375884e6e\SMSvcHost.ni.exe
+ 2007-10-13 03:53:24 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\37109f785b4735a89ea5d55e9f710d35\sysglobl.ni.dll
+ 2007-10-13 02:02:11 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\0618c7d0205e2ffc29142e7ca3019522\System.Configuration.Install.ni.dll
+ 2007-10-13 02:02:09 1,179,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\192321a3510e79d9b822f0e02e061f40\System.Data.OracleClient.ni.dll
+ 2007-10-13 02:02:03 2,695,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\10bf204296279d932ff5af300b5d33ec\System.Data.SqlXml.ni.dll
+ 2007-10-13 03:33:50 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\c5ab82efcedf18ea4fa43dd411fa408f\System.IdentityModel.Selectors.ni.dll
+ 2007-10-13 03:33:48 987,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\88113e5f9522652ba9749d31f8b92775\System.IdentityModel.ni.dll
+ 2007-10-13 03:33:54 421,888 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6921c5b940056a701641d6f41336479c\System.IO.Log.ni.dll
+ 2007-10-13 02:05:34 655,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\e0a84a4c3f66d1c83dc0e491918464e3\System.Messaging.ni.dll
+ 2007-10-13 02:04:48 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\6f334b11dda437ce05536f65e94f9381\System.Printing.ni.dll
+ 2007-10-13 02:02:05 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2b3cf3e3905e4a95198511adf00f482e\System.Runtime.Remoting.ni.dll
+ 2007-10-13 02:02:06 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\5cbee81017e149a1a25d192e16206375\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2007-10-13 03:34:05 2,363,392 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\cc72c1894cd4a5c9f79c848c7fe17493\System.Runtime.Serialization.ni.dll
+ 2007-10-13 03:34:49 17,534,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\48bc039b18f4560cde9a0c1a10d9945f\System.ServiceModel.ni.dll
+ 2007-10-13 02:02:11 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\badccba6db750943a4a539d64f43064d\System.ServiceProcess.ni.dll
+ 2007-10-13 03:53:23 2,031,616 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\bc09ca99a455f0dcda92ce63a556ecec\System.Speech.ni.dll
+ 2007-10-13 02:05:20 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\304e2df5da628c36f2c0b8551721bb88\System.Workflow.Activities.ni.dll
+ 2007-10-13 02:05:28 4,587,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\eae0db1852c570c280db8e50709454a6\System.Workflow.ComponentModel.ni.dll
+ 2007-10-13 02:05:32 2,101,248 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\7103b8586c4b21c219fc2016366363cb\System.Workflow.Runtime.ni.dll
+ 2007-10-13 03:53:25 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\f49961851ab12e73bb4eb3ff335edc1f\UIAutomationClient.ni.dll
+ 2007-10-13 03:53:27 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\49d3f2e5a75dc5636709a823b227ddde\UIAutomationClientsideProviders.ni.dll
+ 2007-10-13 02:03:03 50,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\6389bbe9806b9de2e97658dc88af018a\UIAutomationProvider.ni.dll
+ 2007-10-13 02:03:04 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\ae6a32e233c32faabdd75ff724ccf1a2\UIAutomationTypes.ni.dll
+ 2007-10-13 02:01:57 3,272,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\490d87660e0cd4cf68ede4a64ec4ea35\WindowsBase.ni.dll
+ 2007-10-13 03:53:30 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\c2e0748fc01067435523e9d2239dd3f5\WindowsFormsIntegration.ni.dll
+ 2007-10-13 03:52:33 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ba16276ca93b4fd1f6c77639eddaf68\WsatConfig.ni.exe
- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe

 

[ginus]

Part 3:

+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2006-07-06 12:50:37 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2007-10-13 04:00:03 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2006-07-06 12:50:37 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2007-10-13 04:00:03 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2006-07-06 12:50:37 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-10-13 04:00:03 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2006-07-06 12:50:37 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2007-10-13 04:00:03 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-07-06 12:50:37 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-10-13 04:00:03 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-07-06 12:50:37 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2007-10-13 04:00:03 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-07-06 12:50:37 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-10-13 04:00:03 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-07-06 12:50:37 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-10-13 04:00:03 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-07-06 12:50:37 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-10-13 04:00:03 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-07-06 12:50:37 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2007-10-13 04:00:02 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-07-06 12:50:37 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-10-13 04:00:02 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-11-07 08:06:47 16,832 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
+ 2006-10-30 08:06:24 74,012 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat
+ 2006-10-30 07:25:56 99,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe
+ 2006-10-30 03:15:06 220,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll
+ 2006-10-30 03:17:56 1,054,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll
+ 2006-10-30 03:14:26 163,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll
+ 2006-10-30 07:25:54 194,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe
+ 2006-10-30 07:25:56 167,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe
+ 2006-10-30 07:25:56 365,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
+ 2006-10-30 07:17:12 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll
+ 2006-10-30 07:17:30 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll
+ 2006-10-30 07:17:36 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll
+ 2006-10-30 07:17:44 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll
+ 2006-10-30 07:17:50 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll
+ 2006-10-30 07:17:56 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll
+ 2006-10-30 07:18:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll
+ 2006-10-30 07:18:16 91,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll
+ 2006-10-30 07:18:22 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll
+ 2006-10-30 07:18:30 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll
+ 2006-10-30 07:18:36 88,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll
+ 2006-10-30 07:18:42 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll
+ 2006-10-30 07:18:48 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll
+ 2006-10-30 07:18:56 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll
+ 2006-10-30 07:19:02 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll
+ 2006-10-30 07:19:08 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll
+ 2006-10-30 07:19:14 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll
+ 2006-10-30 07:19:28 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll
+ 2006-10-30 07:19:34 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll
+ 2006-10-30 07:19:42 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll
+ 2006-10-30 07:17:24 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll
+ 2006-10-30 07:19:22 90,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll
+ 2006-10-30 07:18:02 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll
+ 2006-10-30 03:15:20 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll
+ 2006-10-30 03:15:22 1,621,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll
+ 2006-10-30 03:16:52 1,139,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll
+ 2006-10-30 03:18:26 590,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll
+ 2006-10-30 03:20:20 541,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll
+ 2006-10-30 03:18:12 816,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll
+ 2006-10-30 07:17:14 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll
+ 2006-10-30 07:17:30 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll
+ 2006-10-30 07:17:38 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll
+ 2006-10-30 07:17:44 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll
+ 2006-10-30 07:17:50 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll
+ 2006-10-30 07:17:58 104,448 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll
+ 2006-10-30 07:18:10 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll
+ 2006-10-30 07:18:16 103,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll
+ 2006-10-30 07:18:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll
+ 2006-10-30 07:18:30 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll
+ 2006-10-30 07:18:36 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll
+ 2006-10-30 07:18:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll
+ 2006-10-30 07:18:50 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll
+ 2006-10-30 07:18:56 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll
+ 2006-10-30 07:19:02 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll
+ 2006-10-30 07:19:08 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll
+ 2006-10-30 07:19:16 99,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll
+ 2006-10-30 07:19:28 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll
+ 2006-10-30 07:19:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll
+ 2006-10-30 07:19:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll
+ 2006-10-30 07:17:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll
+ 2006-10-30 07:19:22 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll
+ 2006-10-30 07:18:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll
+ 2006-10-30 03:18:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll
+ 2006-10-30 03:19:30 1,103,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll
+ 2006-10-30 07:34:02 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2006-10-30 07:33:58 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2007-10-13 02:00:32 626,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe
+ 2007-10-13 02:00:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll
+ 2006-10-30 07:34:00 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2006-10-30 07:34:00 151,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2006-10-30 07:34:02 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2006-10-30 07:34:02 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2006-10-30 07:34:00 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2006-10-30 07:34:02 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2006-10-30 07:34:02 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2006-10-30 07:34:02 5,623,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2006-10-30 07:34:00 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2006-10-30 07:34:00 16,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2006-10-30 07:34:02 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2006-07-26 01:32:00 14,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2006-10-20 20:08:52 797,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2006-10-20 20:09:02 4,874,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2006-10-20 18:03:40 2,628,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2006-10-21 01:29:46 72,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2006-10-21 01:21:24 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2006-10-21 01:21:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2006-10-21 01:29:52 106,272 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2006-10-21 01:21:26 897,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2006-10-21 01:21:26 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
- 2004-09-23 00:45:38 161,792 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2005-01-28 17:44:28 164,864 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
- 2004-09-23 00:45:54 25,088 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2005-01-28 17:44:28 25,088 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
- 2004-09-23 00:45:54 169,472 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2005-01-28 17:44:28 173,568 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
- 2004-09-23 00:45:56 360,176 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2005-01-28 17:44:28 364,784 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
- 2004-09-23 00:45:56 311,296 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2005-01-28 17:44:28 315,904 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
- 2004-09-23 00:46:12 30,208 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2005-01-28 17:44:28 28,160 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
- 2004-09-23 00:46:12 34,304 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2005-01-28 17:44:28 33,792 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
- 2004-09-23 00:46:10 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2005-01-28 17:44:28 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
- 2004-09-23 00:46:10 15,872 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2005-01-28 17:44:28 15,872 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
- 2004-09-23 00:46:10 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2005-01-28 17:44:28 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
- 2004-09-23 00:46:38 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2005-01-28 17:44:28 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
- 2004-09-23 00:46:36 61,952 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2005-01-28 17:44:28 61,952 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
- 2004-09-23 00:46:36 114,176 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2005-01-28 17:44:28 114,176 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
- 2004-09-23 00:46:36 331,776 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2005-01-28 17:44:28 331,776 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
- 2004-09-23 00:46:36 66,560 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2005-01-28 17:44:28 66,560 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
- 2004-09-23 00:46:36 327,680 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2005-01-28 17:44:28 331,264 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
- 2004-09-23 00:46:38 10,752 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2005-01-28 17:44:28 10,752 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
- 2004-09-23 00:46:38 18,944 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2005-01-28 17:44:28 18,944 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
- 2004-09-23 00:46:10 380,144 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2005-01-28 17:44:28 396,528 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
- 2004-09-23 00:46:26 773,368 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2005-01-28 17:44:28 774,904 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
- 2004-09-23 00:46:30 531,192 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2005-01-28 17:44:28 413,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
- 2004-09-23 00:46:32 1,181,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2005-01-28 17:44:28 1,218,808 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
- 2004-09-23 00:46:34 871,160 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2005-01-28 17:44:28 895,736 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
- 2004-09-23 00:45:44 6,656 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2005-01-28 17:44:28 6,656 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
- 2004-09-23 00:45:44 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
- 2004-09-23 00:46:02 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2005-01-28 17:44:28 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
- 2004-09-23 00:46:10 712,704 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2005-01-28 17:44:28 716,288 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll

 

[ginus]

Part 4:

- 2004-09-23 00:46:12 229,376 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2005-01-28 17:44:28 224,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
- 2004-09-23 00:46:12 344,064 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2005-01-28 17:44:28 335,872 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
- 2004-09-23 00:46:14 290,816 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2005-01-28 17:44:28 290,816 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
- 2004-09-23 00:46:14 150,016 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2005-01-28 17:44:28 150,016 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
- 2004-09-23 00:46:16 1,027,072 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2005-01-28 17:44:28 1,027,072 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
- 2004-09-23 00:46:26 1,116,160 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2005-01-28 17:44:28 1,119,744 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
- 2004-09-23 00:46:30 936,960 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2005-01-28 17:44:28 940,544 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
- 2004-09-23 00:46:32 1,509,376 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2005-01-28 17:44:28 1,512,448 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
- 2004-09-23 00:46:32 2,362,104 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2005-01-28 17:44:28 2,370,296 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
- 2004-09-23 00:46:34 999,424 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2005-01-28 17:44:28 1,003,008 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
- 2004-09-23 00:45:38 233,472 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2005-01-28 17:44:28 294,912 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
- 2004-09-23 00:45:42 253,688 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2005-01-28 17:44:28 258,296 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
- 2004-09-23 00:45:42 95,232 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
- 2004-09-23 00:45:42 527,360 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2005-01-28 17:44:28 502,272 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
- 2004-09-23 00:45:52 141,312 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2005-01-28 17:44:28 142,336 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2006-10-04 08:48:36 72,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\magnify.exe
+ 2006-10-04 08:48:36 53,760 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\narrator.exe
+ 2006-10-04 08:48:37 215,552 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\osk.exe
+ 2006-10-04 13:33:38 35,840 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\umandlg.dll
+ 2006-10-04 08:48:37 50,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\utilman.exe
+ 2006-10-04 10:40:05 72,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\magnify.exe
+ 2006-10-04 10:40:06 53,760 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\narrator.exe
+ 2006-10-04 10:40:06 215,552 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\osk.exe
+ 2006-10-04 14:05:57 35,840 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\umandlg.dll
+ 2006-10-04 10:40:06 50,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\utilman.exe
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\updspapi.dll
+ 2007-03-23 00:54:06 35,840 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\filterpipelineprintproc.dll
+ 2007-03-23 00:53:16 746,496 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\mxdwdrv.dll
+ 2007-03-23 00:59:24 2,932,224 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\xpssvcs.dll
+ 2007-03-23 00:24:58 28,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\filterpipelineprintproc.dll
+ 2007-03-23 00:24:58 28,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\filterpipelineprintproc.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\mxdwdrv.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\xpssvcs.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\mxdwdrv.dll
+ 2007-03-23 00:24:34 131,584 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\mxdwdui.dll
+ 2007-03-23 00:25:42 677,376 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\printfilterpipelinesvc.exe
+ 2007-03-23 00:25:02 124,928 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\prntvpt.dll
+ 2006-06-29 17:07:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spmsg2.dll
+ 2006-06-29 17:07:36 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spuninst.exe
+ 2006-06-29 17:07:36 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spupdsvc.exe
+ 2007-03-23 00:24:06 376,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unidrv.dll
+ 2007-03-23 01:03:54 749,568 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unidrvui.dll
+ 2007-03-23 01:03:58 761,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unires.dll
+ 2006-06-29 17:07:36 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\spcustom.dll
+ 2006-06-29 17:07:36 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\update.exe
+ 2006-06-29 17:07:36 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\updspapi.dll
+ 2007-03-23 10:07:54 583,504 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\xpsshhdr.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\xpssvcs.dll
+ 2006-10-14 21:13:02 34,304 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\filterpipelineprintproc.dll
+ 2006-10-14 21:12:14 737,792 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\mxdwdrv.dll
+ 2006-10-15 00:09:04 2,946,304 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\xpssvcs.dll
+ 2006-10-14 20:43:18 27,648 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\filterpipelineprintproc.dll
+ 2006-10-14 20:43:18 27,648 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\filterpipelineprintproc.dll
+ 2006-10-14 20:43:18 751,104 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\mxdwdrv.dll
+ 2006-10-15 00:22:00 1,698,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\xpssvcs.dll
+ 2006-10-14 20:43:18 751,104 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\mxdwdrv.dll
+ 2006-10-14 20:42:40 131,584 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\mxdwdui.dll
+ 2006-10-14 20:44:44 671,744 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\printfilterpipelinesvc.exe
+ 2006-10-14 20:43:38 124,416 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\prntvpt.dll
+ 2006-06-29 17:07:36 14,048 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spmsg2.dll
+ 2006-06-29 17:07:36 213,216 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spuninst.exe
+ 2006-06-29 17:07:36 22,752 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spupdsvc.exe
+ 2006-10-14 20:42:18 376,320 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unidrv.dll
+ 2006-10-14 20:42:28 510,464 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unidrvui.dll
+ 2006-10-14 20:40:36 619,008 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unires.dll
+ 2006-06-29 17:07:36 22,752 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\spcustom.dll
+ 2006-06-29 17:07:36 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\update.exe
+ 2006-06-29 17:07:36 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\updspapi.dll
+ 2006-10-15 00:21:58 580,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\xpsshhdr.dll
+ 2006-10-15 00:22:00 1,698,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\xpssvcs.dll
+ 2005-06-28 14:20:24 13,536 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spmsg.dll
+ 2005-06-28 14:23:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spuninst.exe
+ 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spupdsvc.exe
+ 2005-06-28 14:24:52 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\update.exe
+ 2005-06-28 14:23:54 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\updspapi.dll
+ 2007-06-12 03:51:12 10,834,944 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\wmp.dll
+ 2006-11-13 06:02:58 116,736 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\lhmstsc.exe
+ 2006-11-13 06:02:58 1,866,240 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\lhmstscx.dll
+ 2006-11-13 06:02:58 288,768 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tscuinst.vbs
+ 2006-11-13 06:02:58 36,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tsgqec.dll
+ 2006-11-13 06:02:15 116,736 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\lhmstsc.exe
+ 2006-11-13 06:02:15 1,866,240 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\lhmstscx.dll

 

[ginus]

Part 5:

+ 2006-11-13 06:02:15 288,768 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tscuinst.vbs
+ 2006-11-13 06:02:15 36,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tsgqec.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\spcustom.dll
+ 2006-11-13 06:02:58 38,400 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\tscupdatecustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\updspapi.dll
+ 2006-10-11 16:24:45 153,088 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2p.dll
+ 2006-10-11 16:24:45 104,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pgasvc.dll
+ 2006-10-11 16:24:45 313,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pgraph.dll
+ 2006-10-11 16:24:45 116,224 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pnetsh.dll
+ 2006-10-11 16:24:45 553,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2psvc.dll
+ 2006-10-11 16:24:45 58,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\pnrpnsp.dll
+ 2006-10-11 16:35:59 153,088 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2p.dll
+ 2006-10-11 16:35:59 104,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pgasvc.dll
+ 2006-10-11 16:35:59 313,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pgraph.dll
+ 2006-10-11 16:35:59 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pnetsh.dll
+ 2006-10-11 16:35:59 553,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2psvc.dll
+ 2006-10-11 16:35:59 58,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\pnrpnsp.dll
+ 2006-09-26 08:51:38 212,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\updspapi.dll
+ 2006-10-24 16:30:20 412,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\photometadatahandler.dll
+ 2006-10-16 20:10:58 14,640 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spmsg.dll
+ 2006-10-16 20:10:58 221,488 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spuninst.exe
+ 2006-10-16 20:10:58 23,856 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spupdsvc.exe
+ 2006-10-16 20:10:56 23,856 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\spcustom.dll
+ 2006-10-16 20:10:58 742,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\update.exe
+ 2006-10-16 20:10:58 379,184 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\updspapi.dll
+ 2006-10-24 16:30:06 716,288 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\windowscodecs.dll
+ 2006-10-24 16:29:50 352,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\windowscodecsext.dll
+ 2006-10-24 16:30:00 276,992 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\wmphoto.dll
+ 2005-06-28 14:20:24 13,536 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
+ 2005-06-28 14:23:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\unregmp2.exe
+ 2005-06-28 14:24:52 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\update.exe
+ 2005-06-28 14:23:54 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\updspapi.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\msscp.dll
+ 2005-06-28 14:20:24 13,536 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spmsg.dll
+ 2005-06-28 14:23:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spuninst.exe
+ 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spupdsvc.exe
+ 2005-06-28 14:24:52 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\update.exe
+ 2005-06-28 14:23:54 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\updspapi.dll
+ 2005-01-24 19:52:06 40,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\fsdkreboot.exe
+ 2004-11-18 14:41:18 13,536 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\spmsg.dll
+ 2004-11-18 14:44:50 209,632 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\spuninst.exe
+ 2004-11-18 14:42:52 22,752 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\spupdsvc.exe
+ 2004-11-18 14:46:32 717,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\update\update.exe
+ 2004-11-18 14:45:18 371,936 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\update\updspapi.dll
+ 2005-01-28 18:13:56 5,732,096 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\wmfdist95.exe
- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 01:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2005-03-15 20:33:52 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
+ 2006-11-02 00:48:02 89,088 ----a-w C:\WINDOWS\system32\ATL71.DLL
- 2004-09-15 17:28:06 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-19 01:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2004-12-07 01:45:12 172,032 ------w C:\WINDOWS\system32\BCMLogon.dll
+ 2006-11-02 00:48:02 770,048 ----a-w C:\WINDOWS\system32\BCMLogon.dll
- 2004-12-07 01:45:12 872,556 ------w C:\WINDOWS\system32\BCMWLTRY.EXE
+ 2006-11-02 00:48:10 1,253,376 ----a-w C:\WINDOWS\system32\BCMWLTRY.EXE
- 2004-12-07 01:45:12 204,800 ------w C:\WINDOWS\system32\BCMWLU00.EXE
+ 2006-11-02 00:48:10 253,952 ----a-w C:\WINDOWS\system32\bcmwlu00.exe
- 2004-09-23 00:45:38 233,472 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 01:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-09-23 00:45:38 161,792 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 01:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-09-23 00:45:38 233,472 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 01:47:10 542,720 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2004-09-23 00:45:38 161,792 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-09-23 00:45:42 253,688 ----a-w C:\WINDOWS\system32\dllcache\drmclien.dll
+ 2005-01-28 17:44:28 258,296 ----a-w C:\WINDOWS\system32\dllcache\drmclien.dll
- 2004-09-23 00:45:42 95,232 ----a-w C:\WINDOWS\system32\dllcache\drmstor.dll
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\system32\dllcache\drmstor.dll
- 2004-09-23 00:45:42 527,360 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2007-03-23 00:24:58 28,160 ------w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
- 2004-09-23 00:45:44 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 01:47:14 11,264 ----a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-09-23 00:45:44 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 00:03:58 100,864 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-04 08:48:36 72,704 ------w C:\WINDOWS\system32\dllcache\magnify.exe
- 2004-09-15 17:27:52 344,064 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 01:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-09-23 00:45:52 141,312 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-09-23 00:45:54 25,088 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 01:47:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-09-23 00:45:54 169,472 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 01:47:16 175,616 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2004-09-23 00:45:56 360,176 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2004-09-23 00:45:56 311,296 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 01:47:16 321,536 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-04 08:48:36 53,760 ------w C:\WINDOWS\system32\dllcache\narrator.exe
+ 2006-10-04 08:48:37 215,552 ------w C:\WINDOWS\system32\dllcache\osk.exe
+ 2006-10-11 16:24:45 153,088 ------w C:\WINDOWS\system32\dllcache\p2p.dll
+ 2006-10-11 16:24:45 104,960 ------w C:\WINDOWS\system32\dllcache\p2pgasvc.dll
+ 2006-10-11 16:24:45 313,344 ------w C:\WINDOWS\system32\dllcache\p2pgraph.dll
+ 2006-10-11 16:24:45 116,224 ------w C:\WINDOWS\system32\dllcache\p2pnetsh.dll
+ 2006-10-11 16:24:45 553,984 ------w C:\WINDOWS\system32\dllcache\p2psvc.dll
+ 2006-10-11 16:24:45 58,880 ------w C:\WINDOWS\system32\dllcache\pnrpnsp.dll
+ 2007-03-23 00:25:42 677,376 ------w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
- 2004-09-23 00:46:02 221,184 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 01:47:18 211,456 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-09-23 00:46:04 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-01 22:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-10-04 13:33:38 35,840 ------w C:\WINDOWS\system32\dllcache\umandlg.dll
- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2006-10-04 08:48:37 50,176 ------w C:\WINDOWS\system32\dllcache\utilman.exe
- 2004-09-23 00:46:10 380,144 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 ----a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-09-23 00:46:10 712,704 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 ----a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2004-09-23 00:46:12 229,376 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-19 01:47:18 222,208 ----a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2004-09-23 00:46:12 30,208 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 01:47:18 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-09-23 00:46:12 34,304 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 01:47:18 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 01:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2004-09-23 00:46:14 150,016 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 01:47:20 157,184 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-09-23 00:46:16 1,027,072 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 01:47:20 937,984 ----a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-09-15 17:28:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 01:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-09-15 17:28:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 01:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-09-23 00:46:26 773,368 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-09-23 00:46:26 1,116,160 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-09-23 00:46:30 531,192 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-09-23 00:46:30 936,960 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 01:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-09-23 00:46:34 871,160 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-09-23 00:46:34 999,424 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
+ 2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\dllcache\XpsSvcs.dll
- 2004-12-07 02:09:58 369,024 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS
+ 2006-10-13 03:28:42 604,928 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS
- 2004-06-18 01:55:38 685,056 ----a-w C:\WINDOWS\system32\drivers\HSF_CNXT.sys
+ 2005-05-03 19:08:44 705,408 ----a-w C:\WINDOWS\system32\drivers\HSF_CNXT.sys
+ 2005-05-03 19:09:28 1,033,728 ----a-w C:\WINDOWS\system32\drivers\HSF_DPV.SYS
- 2004-06-18 01:57:02 200,064 ----a-w C:\WINDOWS\system32\drivers\HSFHWICH.sys
+ 2005-05-03 19:08:50 208,384 ----a-w C:\WINDOWS\system32\drivers\HSFHWICH.sys
- 2005-02-15 20:02:58 804,317 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
+ 2005-10-14 19:15:18 1,302,812 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
+ 2007-07-19 19:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2004-03-17 23:04:14 13,059 ----a-w C:\WINDOWS\system32\drivers\mdmxsdk.sys
+ 2004-03-17 16:04:14 13,059 ----a-w C:\WINDOWS\system32\drivers\mdmxsdk.sys
+ 2006-10-19 01:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2004-09-23 00:46:38 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 00:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 22:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 23:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
- 2004-09-23 00:45:42 253,688 ----a-w C:\WINDOWS\system32\drmclien.dll
+ 2005-01-28 17:44:28 258,296 ----a-w C:\WINDOWS\system32\drmclien.dll
- 2004-09-23 00:45:42 95,232 ----a-w C:\WINDOWS\system32\drmstor.dll
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\system32\drmstor.dll
+ 2006-10-19 00:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-09-23 00:45:42 527,360 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-21 01:29:46 69,408 ----a-w C:\WINDOWS\system32\dxva2.dll
+ 2006-10-21 01:30:00 478,496 ----a-w C:\WINDOWS\system32\evr.dll
- 1999-10-18 01:01:42 1,129,232 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2003-09-25 16:07:00 1,139,472 ----a-w C:\WINDOWS\system32\FM20.DLL
- 1999-10-18 01:01:16 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2003-08-18 18:26:32 25,872 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2007-07-28 02:58:54 254,272 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-10-13 02:08:24 257,456 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2005-02-15 20:02:56 118,784 ----a-w C:\WINDOWS\system32\hccutils.dll
+ 2005-10-14 18:45:22 73,728 ----a-w C:\WINDOWS\system32\hccutils.dll
- 2005-02-15 20:02:56 126,976 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2005-10-14 18:46:34 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2005-02-23 19:02:10 42,858 ----a-w C:\WINDOWS\system32\hsfci014.dll
+ 2005-10-14 19:06:54 61,440 ----a-w C:\WINDOWS\system32\iAlmCoIn_v4410.dll
- 2005-02-15 20:02:58 878,651 ----a-w C:\WINDOWS\system32\ialmdd5.dll
+ 2005-10-14 19:14:16 901,242 ----a-w C:\WINDOWS\system32\ialmdd5.dll
- 2005-02-15 20:02:58 178,779 ----a-w C:\WINDOWS\system32\ialmdev5.dll
+ 2005-10-14 19:06:40 213,274 ----a-w C:\WINDOWS\system32\ialmdev5.dll
- 2005-02-15 20:02:58 108,092 ----a-w C:\WINDOWS\system32\ialmdnt5.dll

 

[ginus]

Part 6:

+ 2005-10-14 19:06:52 118,395 ----a-w C:\WINDOWS\system32\ialmdnt5.dll
- 2005-02-15 20:02:58 49,152 ----a-w C:\WINDOWS\system32\ialmrem.dll
+ 2005-10-14 19:06:54 49,152 ----a-w C:\WINDOWS\system32\ialmrem.dll
- 2005-02-15 20:02:58 37,951 ----a-w C:\WINDOWS\system32\ialmrnt5.dll
+ 2005-10-14 19:06:58 36,990 ----a-w C:\WINDOWS\system32\ialmrnt5.dll
+ 2005-10-14 18:51:06 40,960 ----a-w C:\WINDOWS\system32\ialmuARA.dll
+ 2005-10-14 18:51:06 40,960 ----a-w C:\WINDOWS\system32\ialmuARB.dll
+ 2005-10-14 18:51:06 40,960 ----a-w C:\WINDOWS\system32\ialmuCHS.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuCHT.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuCSY.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuDAN.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuDEU.dll
+ 2005-10-14 18:51:06 114,688 ----a-w C:\WINDOWS\system32\ialmudlg.exe
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuELL.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuENG.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuESP.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuFIN.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuFRA.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuFRC.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuHEB.dll
+ 2005-10-14 18:51:14 40,960 ----a-w C:\WINDOWS\system32\ialmuHUN.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuITA.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuJPN.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuKOR.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuNLD.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuNOR.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuPLK.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuPTB.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuPTG.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuRUS.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuSVE.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuTHA.dll
+ 2005-10-14 18:51:14 40,960 ----a-w C:\WINDOWS\system32\ialmuTRK.dll
+ 2006-10-30 07:33:58 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe
+ 2006-10-30 07:33:58 9,480 ----a-w C:\WINDOWS\system32\icardres.dll
- 2005-02-15 20:02:58 503,808 ----a-w C:\WINDOWS\system32\igfxcfg.exe
+ 2005-10-14 18:49:08 446,464 ----a-w C:\WINDOWS\system32\igfxcfg.exe
- 2005-02-15 20:02:58 139,264 ----a-w C:\WINDOWS\system32\igfxdev.dll
+ 2005-10-14 18:45:38 135,168 ----a-w C:\WINDOWS\system32\igfxdev.dll
- 2005-02-15 20:02:58 86,016 ----a-w C:\WINDOWS\system32\igfxdo.dll
+ 2005-10-14 18:46:38 86,016 ----a-w C:\WINDOWS\system32\igfxdo.dll
- 2005-02-15 20:02:58 36,864 ----a-w C:\WINDOWS\system32\igfxexps.dll
+ 2005-10-14 18:50:24 40,960 ----a-w C:\WINDOWS\system32\igfxexps.dll
- 2005-02-15 20:02:58 106,496 ----a-w C:\WINDOWS\system32\igfxext.exe
+ 2005-10-14 18:50:22 94,208 ----a-w C:\WINDOWS\system32\igfxext.exe
+ 2005-10-14 18:50:30 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
- 2005-02-15 20:02:58 225,280 ----a-w C:\WINDOWS\system32\igfxpph.dll
+ 2005-10-14 18:49:30 147,456 ----a-w C:\WINDOWS\system32\igfxpph.dll
- 2005-02-15 20:02:58 1,245,184 ----a-w C:\WINDOWS\system32\igfxress.dll
+ 2005-10-14 18:49:36 1,503,232 ----a-w C:\WINDOWS\system32\igfxress.dll
- 2005-02-15 20:02:58 348,160 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
+ 2005-10-14 18:46:28 57,344 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
+ 2005-10-14 18:46:24 159,744 ----a-w C:\WINDOWS\system32\igfxsrvc.exe
- 2005-02-15 20:02:58 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
+ 2005-10-14 18:49:46 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
- 2005-02-15 20:02:58 114,688 ----a-w C:\WINDOWS\system32\igfxzoom.exe
+ 2005-10-14 18:50:16 114,688 ----a-w C:\WINDOWS\system32\igfxzoom.exe
+ 2005-10-14 18:59:00 524,288 ----a-w C:\WINDOWS\system32\igldev32.dll
+ 2005-10-14 18:57:06 2,310,144 ----a-w C:\WINDOWS\system32\iglicd32.dll
+ 2006-10-30 07:33:58 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll
- 2004-09-23 00:45:44 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 01:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
+ 2007-09-06 20:13:58 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2004-09-23 00:45:44 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 00:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
- 2004-08-04 10:00:00 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
+ 2006-10-04 08:48:36 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
- 2004-09-01 16:56:46 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2006-11-02 00:48:12 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.DLL
+ 2006-10-19 01:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-21 01:30:06 1,980,704 ----a-w C:\WINDOWS\system32\milcore.dll
+ 2006-10-19 01:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 10:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 01:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 10:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 01:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 10:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 19:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2004-09-23 00:45:52 141,312 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-09-23 00:45:54 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 01:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-09-23 00:45:54 169,472 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 01:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2004-09-23 00:45:56 360,176 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-08-04 10:00:00 407,552 ----a-w C:\WINDOWS\system32\mstsc.exe
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\system32\mstsc.exe
- 2004-08-04 10:00:00 655,360 ----a-w C:\WINDOWS\system32\mstscax.dll
+ 2006-11-13 06:02:58 1,866,240 ----a-w C:\WINDOWS\system32\mstscax.dll
- 2004-09-23 00:45:56 311,296 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-19 01:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2007-05-15 19:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2006-10-19 17:33:20 86,728 ----a-w C:\WINDOWS\system32\msxml6r.dll
- 2004-08-04 10:00:00 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2006-10-04 08:48:36 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
- 2005-02-15 20:02:58 69,632 ----a-w C:\WINDOWS\system32\oemdspif.dll
+ 2005-10-14 18:50:34 53,248 ----a-w C:\WINDOWS\system32\oemdspif.dll
- 2004-08-04 10:00:00 215,552 ----a-w C:\WINDOWS\system32\osk.exe
+ 2006-10-04 08:48:37 215,552 ----a-w C:\WINDOWS\system32\osk.exe
- 2004-08-04 10:00:00 116,224 ----a-w C:\WINDOWS\system32\p2p.dll
+ 2006-10-11 16:24:45 153,088 ----a-w C:\WINDOWS\system32\p2p.dll
- 2004-08-04 10:00:00 86,016 ----a-w C:\WINDOWS\system32\p2pgasvc.dll
+ 2006-10-11 16:24:45 104,960 ----a-w C:\WINDOWS\system32\p2pgasvc.dll
- 2004-08-04 10:00:00 312,320 ----a-w C:\WINDOWS\system32\p2pgraph.dll
+ 2006-10-11 16:24:45 313,344 ----a-w C:\WINDOWS\system32\p2pgraph.dll
- 2004-08-04 10:00:00 88,064 ----a-w C:\WINDOWS\system32\p2pnetsh.dll
+ 2006-10-11 16:24:45 116,224 ----a-w C:\WINDOWS\system32\p2pnetsh.dll
- 2004-08-04 10:00:00 526,848 ----a-w C:\WINDOWS\system32\p2psvc.dll
+ 2006-10-11 16:24:45 553,984 ----a-w C:\WINDOWS\system32\p2psvc.dll
- 2007-10-11 22:23:19 63,418 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-13 02:05:37 71,198 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-11 22:23:20 402,974 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-13 02:05:37 438,270 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-24 16:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll
- 2004-08-04 10:00:00 48,640 ----a-w C:\WINDOWS\system32\pnrpnsp.dll
+ 2006-10-11 16:24:45 58,880 ----a-w C:\WINDOWS\system32\pnrpnsp.dll
+ 2006-10-19 01:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 01:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 01:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 01:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 01:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
+ 2006-10-21 01:29:52 104,224 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-21 01:29:58 344,352 ----a-w C:\WINDOWS\system32\PresentationHost.exe
+ 2006-10-21 01:29:46 20,768 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
+ 2006-10-21 01:30:02 769,312 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
+ 2007-03-23 00:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
- 2004-09-23 00:46:02 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-19 01:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2004-06-18 01:55:38 685,056 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSF_CNXT.sys
+ 2004-06-18 01:55:04 1,041,536 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSF_DP.sys
+ 2004-06-17 01:23:00 33,818 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSFCI010.dll
+ 2004-06-18 01:57:02 200,064 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSFHWICH.sys
+ 2004-03-13 03:20:44 536,576 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HXFSetup.exe
+ 2004-03-17 23:00:32 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\mdmxsdk.dll
+ 2004-03-17 23:04:14 13,059 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\mdmxsdk.sys
+ 2005-02-15 20:02:56 118,784 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\hccutils.dll
+ 2005-02-15 20:02:56 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\hkcmd.exe
+ 2005-02-15 20:02:56 61,440 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\iAlmCoIn.dll
+ 2005-02-15 20:02:58 878,651 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmdd5.dll
+ 2005-02-15 20:02:58 178,779 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmdev5.dll
+ 2005-02-15 20:02:58 108,092 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmdnt5.dll
+ 2005-02-15 20:02:58 516,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmgdev.dll
+ 2005-02-15 20:02:58 2,289,664 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmgicd.dll
+ 2005-02-15 20:02:58 804,317 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmnt5.sys
+ 2005-02-15 20:02:58 49,152 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmrem.dll
+ 2005-02-15 20:02:58 37,951 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmrnt5.dll
+ 2005-02-15 20:02:58 503,808 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxcfg.exe
+ 2005-02-15 20:02:58 139,264 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdev.dll
+ 2005-02-15 20:02:58 45,056 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdgps.dll
+ 2005-02-15 20:02:58 151,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdiag.exe
+ 2005-02-15 20:02:58 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdo.dll
+ 2005-02-15 20:02:58 225,280 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxeud.dll
+ 2005-02-15 20:02:58 36,864 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxexps.dll
+ 2005-02-15 20:02:58 106,496 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxext.exe
+ 2005-02-15 20:02:58 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxhk.dll
+ 2005-02-15 20:02:58 225,280 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxpph.dll
+ 2005-02-15 20:02:58 1,245,184 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxress.dll
+ 2005-02-15 20:02:58 348,160 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxsrvc.dll
+ 2005-02-15 20:02:58 155,648 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxtray.exe
+ 2005-02-15 20:02:58 114,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxzoom.exe
+ 2005-02-15 20:02:58 69,632 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\oemdspif.dll
+ 2005-02-15 20:02:56 118,784 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\hccutils.dll
+ 2005-02-15 20:02:56 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\hkcmd.exe
+ 2005-02-15 20:02:56 61,440 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iAlmCoIn.dll
+ 2005-02-15 20:02:58 878,651 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmdd5.dll
+ 2005-02-15 20:02:58 178,779 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmdev5.dll
+ 2005-02-15 20:02:58 108,092 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmdnt5.dll
+ 2005-02-15 20:02:58 516,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmgdev.dll
+ 2005-02-15 20:02:58 2,289,664 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmgicd.dll
+ 2005-10-14 19:15:18 1,302,812 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmnt5.sys
+ 2005-10-14 19:06:54 49,152 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmrem.dll
+ 2005-02-15 20:02:58 37,951 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmrnt5.dll
+ 2005-10-14 18:49:08 446,464 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxcfg.exe
+ 2005-02-15 20:02:58 139,264 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxdev.dll
+ 2005-10-14 18:46:38 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxdo.dll
+ 2005-10-14 18:50:24 40,960 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxexps.dll
+ 2005-10-14 18:50:22 94,208 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxext.exe
+ 2005-02-15 20:02:58 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxhk.dll
+ 2005-10-14 18:49:30 147,456 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxpph.dll
+ 2005-02-15 20:02:58 1,245,184 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxress.dll
+ 2005-02-15 20:02:58 348,160 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxsrvc.dll
+ 2005-10-14 18:49:46 94,208 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxtray.exe
+ 2005-10-14 18:50:16 114,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxzoom.exe

 

[ginus]

Part 7:

+ 2005-10-14 18:50:34 53,248 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\oemdspif.dll
+ 2004-12-07 02:09:58 369,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\BCMWL5.SYS
+ 2006-08-24 20:15:06 150,808 ----a-w C:\WINDOWS\system32\rgb9rast_2.dll
- 2006-12-10 18:10:02 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-16 20:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2007-03-23 00:24:34 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
- 2004-08-04 05:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2007-03-23 00:24:06 376,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
- 2004-08-04 05:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2007-03-23 01:03:54 749,568 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
- 2004-08-04 05:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2007-03-23 01:03:58 761,344 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2006-10-14 20:43:18 27,648 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2007-03-23 00:25:42 677,376 ------w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2006-10-14 21:13:02 34,304 ----a-w C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2007-03-23 00:53:16 746,496 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2007-03-23 00:59:24 2,932,224 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2007-03-23 00:53:16 746,496 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2007-03-23 00:59:24 2,932,224 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-16 20:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2006-11-29 21:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2007-10-13 18:27:17 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 09:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2007-10-13 18:27:17 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-10-21 01:29:54 159,008 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
- 2004-08-04 10:00:00 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
+ 2006-10-04 13:33:38 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
- 2004-08-04 10:00:00 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2006-10-04 08:48:37 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
- 2004-09-23 00:46:10 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 01:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2007-09-06 20:14:04 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-09-06 20:14:28 395,080 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-09-06 20:14:04 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-09-06 20:14:04 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-09-06 20:14:04 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-09-06 20:14:04 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-09-06 20:14:06 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-09-06 20:14:06 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2007-09-06 20:14:06 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2004-09-23 00:46:10 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 01:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2004-09-23 00:46:10 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 01:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-24 16:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll
+ 2006-10-24 16:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll
- 2004-12-07 01:45:14 696,425 ------w C:\WINDOWS\system32\WLTRAY.EXE
+ 2006-11-02 00:48:12 1,392,640 ----a-w C:\WINDOWS\system32\WLTRAY.EXE
- 2004-12-07 01:45:14 81,920 ------w C:\WINDOWS\system32\wltrynt.dll
+ 2006-11-02 00:48:12 44,032 ----a-w C:\WINDOWS\system32\wltrynt.dll
- 2004-12-07 01:45:14 65,536 ------w C:\WINDOWS\system32\WLTRYSVC.EXE
+ 2006-11-02 00:48:12 20,480 ----a-w C:\WINDOWS\system32\WLTRYSVC.EXE
- 2004-09-23 00:46:10 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-09-23 00:46:10 712,704 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2004-09-23 00:46:12 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-19 01:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
- 2004-09-23 00:46:12 30,208 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 01:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-09-23 00:46:12 34,304 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 01:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2004-09-23 00:46:12 344,064 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 01:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2004-09-23 00:46:14 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 01:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 01:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 01:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-09-23 00:46:14 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 01:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-09-23 00:46:16 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 01:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 12:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 03:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2004-09-15 17:28:00 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 01:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-24 16:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll
- 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 01:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 01:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 01:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-09-15 17:28:00 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 01:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-09-23 00:46:26 773,368 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-09-23 00:46:26 1,116,160 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-09-23 00:46:30 531,192 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-09-23 00:46:30 936,960 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2004-09-23 00:46:32 1,181,944 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2004-09-23 00:46:32 1,509,376 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 01:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 01:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-09-23 00:46:34 871,160 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-09-23 00:46:34 999,424 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 01:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 01:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 01:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2004-09-23 00:46:38 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 01:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2004-09-23 00:46:36 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 01:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2004-09-23 00:46:36 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 01:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2004-09-23 00:46:36 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
+ 2005-01-28 17:44:28 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
- 2004-09-23 00:46:36 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 00:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 01:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 01:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2004-09-23 00:46:36 327,680 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 01:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
- 2004-09-23 00:46:38 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
+ 2005-01-28 17:44:28 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
+ 2006-09-29 00:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 22:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 22:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 22:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 22:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
+ 2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
+ 2006-10-21 01:29:54 304,928 ----a-w C:\WINDOWS\system32\XPSViewer\XPSViewer.exe
+ 2007-09-06 20:14:06 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-09-06 20:14:08 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2007-09-06 20:13:56 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-31 04:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 18:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 04:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 04:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 04:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 04:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-07-19 19:10:32 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
+ 2007-07-19 19:10:32 186,128 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
+ 2007-05-31 04:03:48 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
+ 2007-07-19 19:10:28 127,768 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
+ 2007-05-31 04:03:50 45,056 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
+ 2006-09-20 03:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-08-24 23:31:48 274,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 22:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll

 

[ginus]

Part 8:

+ 2007-05-31 04:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 04:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 04:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 04:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-08-24 23:31:48 135,168 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 22:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-09-06 20:13:56 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 16:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2007-09-06 20:13:58 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-09-06 20:13:58 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-09-06 20:13:58 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-09-06 20:14:30 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2007-09-06 20:14:30 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2007-09-06 20:14:30 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-09-06 20:14:32 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-09-06 20:14:32 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-09-06 20:15:50 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-09-06 20:15:52 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-08-15 19:45:42 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-08-15 19:45:44 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-09-06 20:14:00 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-01-11 15:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-08-15 19:45:44 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-06-11 16:44:10 50,416 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-09-06 20:14:02 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-09-06 20:15:52 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-09-06 20:15:54 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-05 00:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-08-01 10:30:04 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-09-06 20:14:18 149,032 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 21:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-09-06 20:14:04 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-09-06 20:14:04 79,336 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-09-06 20:14:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-09-06 20:14:04 2,024,936 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2007-09-06 20:14:06 1,345,000 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-09-06 20:14:06 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-01-11 15:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2007-09-06 20:14:08 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-09-06 20:14:08 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-09-06 20:14:08 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-09-06 20:14:08 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SmcService"="C:\PROGRA~1\Sygate\SPF\Smc.exe" [2003-01-21 15:55]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 10:38]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" []
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"AOL Music Now"="C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe" []
"findfast"="C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-11 00:41]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 20:48]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"findfast"="C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll, xlibgfl254.dll, append.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AOL ACS"=2 (0x2)


.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 19:26:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-13 19:28:49
C:\ComboFix2.txt ... 2007-10-12 21:26
.
--- E O F ---

 

[shelf life]

hi ginus,

ok good. you use a custom host file?

please run the second part of smitfraud once more in safe mode. post the log, leave out the host file section like before to keep it short.
----------------
after running smitfraud:

Copy the contents of the code box below and paste it into windows notepad, (start>programs>accessories>notepad)
save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

File::
C:\WINDOWS\exploeee.exe
C:\WINDOWS\mraerea.exe
C:\WINDOWS\mteadea.exe
C:\WINDOWS\pdoakac.exe
C:\WINDOWS\mraera.exe
C:\WINDOWS\denvic.exe
C:\WINDOWS\xxsdsa.exe
C:\Documents and Settings\Karen Lindberg\Application Data\prprotect.exe
C:\Documents and Settings\Karen Lindberg\Application Data\sysdoctor.exe
C:\Documents and Settings\Karen Lindberg\Application Data\antivir.exe

-----------------
now locate on your destop--both the combofix icon and the text file you just saved.
holding the left mouse button down, click on and drag the CFScript.txt right on top of the combofix icon and release. combo fix will run. please post the log it saves and the smitfraud log also.

shelf life

 

[ginus]

I don't know what it means to use a custom host file, so I don't think so. Could one of these infections have caused that? How do I move away from using the custom host file?

Here is the SmitFraud log:

SmitFraudFix v2.240

Scan done at 22:46:34.87, Sat 10/13/2007
Run from C:\Documents and Settings\Rob Lindberg\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1 007guard.com

---stuff---

127.0.0.1 zxlinks.com
127.0.0.1 zyban-zocor-levitra.com

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\Delete_Me_Dummy_hadjajr.ini Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 24.92.226.9
DNS Server Search Order: 24.92.226.102

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8E792642-010E-4EC9-9447-D77CE4C8AA6E}: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FADBA3F8-E037-41B7-AC53-88F347F7EC14}: DhcpNameServer=192.168.3.1 192.168.3.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.92.226.9 24.92.226.102


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[ginus]

ComboFix Part 1:

ComboFix 07-10-12.4 - Rob Lindberg 2007-10-13 22:51:46.3 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.304 [GMT -4:00]
Running from: C:\Documents and Settings\Rob Lindberg\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rob Lindberg\Desktop\CFScript.txt

FILE::
C:\Documents and Settings\Karen Lindberg\Application Data\antivir.exe
C:\Documents and Settings\Karen Lindberg\Application Data\prprotect.exe
C:\Documents and Settings\Karen Lindberg\Application Data\sysdoctor.exe
C:\WINDOWS\denvic.exe
C:\WINDOWS\exploeee.exe
C:\WINDOWS\mraera.exe
C:\WINDOWS\mraerea.exe
C:\WINDOWS\mteadea.exe
C:\WINDOWS\pdoakac.exe
C:\WINDOWS\xxsdsa.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Karen Lindberg\Application Data\antivir.exe
C:\Documents and Settings\Karen Lindberg\Application Data\prprotect.exe
C:\Documents and Settings\Karen Lindberg\Application Data\sysdoctor.exe
C:\WINDOWS\denvic.exe
C:\WINDOWS\mraera.exe
C:\WINDOWS\mraerea.exe
C:\WINDOWS\mteadea.exe
C:\WINDOWS\pdoakac.exe
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\xxsdsa.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-13 19:30 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-10-13 19:30 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-13 19:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-13 19:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-13 19:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-13 19:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-13 19:12 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-13 14:28 4,554 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-12 23:09 438,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-12 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-12 23:06 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-12 23:06 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-12 23:06 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-12 23:04 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-12 22:59 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-10-12 22:06 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-12 22:05 <DIR> d-------- C:\Program Files\MSBuild
2007-10-12 22:01 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-10-12 22:00 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-10-12 21:59 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-10-12 21:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-10-12 21:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-12 21:54 2,129,920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2007-10-12 21:54 757,760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2007-10-12 21:54 86,016 --a------ C:\WINDOWS\system32\preflib.dll
2007-10-12 21:54 69,632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll
2007-10-12 21:54 33,664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
2007-10-12 21:46 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-10-12 21:46 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-10-12 21:46 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-10-12 21:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 20:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-11 18:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-11 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-11 18:50 1,308,216 --a------ C:\HiJackThis_v2.exe
2007-10-11 18:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-11 18:21 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-11 00:57 140,288 --a------ C:\vcleaner.exe
2007-10-11 00:42 <DIR> d-------- C:\Documents and Settings\Rob Lindberg\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-11 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-10 22:20 <DIR> d-------- C:\VundoFix Backups
2007-10-10 21:54 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 17:56 195,602 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\mcrupdate.exe
2007-10-09 17:56 1,772 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\antivir.exe
2007-10-09 17:31 9,098 --a------ C:\Documents and Settings\Rob Lindberg\Application Data\spoolsvc.dll
2007-09-19 17:07 1,565 --a------ C:\Documents and Settings\Karen Lindberg\xl10050.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 02:41 6,212 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-13 03:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 03:46 --------- d-----w C:\Program Files\Dell
2007-10-13 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-10-11 22:11 --------- d-----w C:\Program Files\Common Files\Real
2007-10-11 22:10 --------- d-----w C:\Program Files\QuickTime
2007-10-11 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-13 23:57 --------- d-----w C:\Documents and Settings\Karen Lindberg\Application Data\ultra
2007-09-06 20:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 23:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-02 14:20 2 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\xxx.exe
2007-01-14 02:40 29,184 ----a-w C:\Documents and Settings\Rob Lindberg\uovouvwo.exe
2006-07-10 22:14 64,096 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\GDIPFONTCACHEV1.DAT
2004-11-12 14:28 44,032 ----a-w C:\Documents and Settings\Karen Lindberg\Application Data\iebar.dll
2006-01-19 01:07:43 56 --sh--r C:\WINDOWS\system32\E655BAE80E.sys
2006-01-19 01:07:43 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-12_21.25.14.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-11 16:35:59 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2p.dll
+ 2006-10-11 16:35:59 104,960 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pgasvc.dll
+ 2006-10-11 16:35:59 313,344 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pgraph.dll
+ 2006-10-11 16:35:59 115,712 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2pnetsh.dll
+ 2006-10-11 16:35:59 553,984 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\p2psvc.dll
+ 2006-10-11 16:35:59 58,880 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\pnrpnsp.dll
+ 2006-09-26 08:51:38 212,480 ----a-w C:\WINDOWS\$hf_mig$\KB920342\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920342\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920342\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920342\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920342\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920342\update\updspapi.dll
+ 2006-10-04 10:40:05 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2006-10-04 10:40:06 53,760 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 10:40:06 215,552 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2006-10-04 14:05:57 35,840 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\umandlg.dll
+ 2006-10-04 10:40:06 50,176 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\updspapi.dll
+ 2006-11-13 06:02:15 116,736 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\lhmstsc.exe
+ 2006-11-13 06:02:15 1,866,240 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\lhmstscx.dll
+ 2006-11-13 06:02:15 288,768 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tscuinst.vbs
+ 2006-11-13 06:02:15 36,352 ----a-w C:\WINDOWS\$hf_mig$\KB925876\SP2QFE\tsgqec.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925876\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925876\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\spcustom.dll
+ 2006-11-13 06:02:58 38,400 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\tscupdatecustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925876\update\updspapi.dll
+ 2004-11-18 14:44:50 209,632 -c----w C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe
+ 2004-11-18 14:45:18 371,936 -c----w C:\WINDOWS\$NtUninstallKB891122$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 116,224 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2p.dll
+ 2004-08-04 10:00:00 86,016 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pgasvc.dll
+ 2004-08-04 10:00:00 312,320 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pgraph.dll
+ 2004-08-04 10:00:00 88,064 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2pnetsh.dll
+ 2004-08-04 10:00:00 526,848 -c----w C:\WINDOWS\$NtUninstallKB920342$\p2psvc.dll
+ 2004-08-04 10:00:00 48,640 -c----w C:\WINDOWS\$NtUninstallKB920342$\pnrpnsp.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB920342$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 72,704 -c----w C:\WINDOWS\$NtUninstallKB925720$\magnify.exe
+ 2004-08-04 10:00:00 53,760 -c----w C:\WINDOWS\$NtUninstallKB925720$\narrator.exe
+ 2004-08-04 10:00:00 215,552 -c----w C:\WINDOWS\$NtUninstallKB925720$\osk.exe
+ 2005-10-12 23:16:49 213,216 -c----w C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56 371,424 -c----w C:\WINDOWS\$NtUninstallKB925720$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 35,840 -c----w C:\WINDOWS\$NtUninstallKB925720$\umandlg.dll
+ 2004-08-04 10:00:00 50,176 -c----w C:\WINDOWS\$NtUninstallKB925720$\utilman.exe
+ 2004-08-04 10:00:00 407,552 -c----w C:\WINDOWS\$NtUninstallKB925876$\mstsc.exe
+ 2004-08-04 10:00:00 655,360 -c----w C:\WINDOWS\$NtUninstallKB925876$\mstscax.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB925876$\spuninst\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
+ 2006-10-19 01:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
+ 2006-10-19 01:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2006-11-01 22:31:34 315,904 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
+ 2006-09-25 21:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2006-09-25 21:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2006-10-16 20:10:58 221,488 -c----w C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe
+ 2006-10-16 20:10:58 379,184 -c----w C:\WINDOWS\$NtUninstallWIC$\spuninst\updspapi.dll
+ 2004-09-15 17:28:06 480,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\audiodev.dll
+ 2005-01-28 17:44:28 294,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2005-01-28 17:44:28 164,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2005-01-28 17:44:28 502,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2005-01-28 17:44:28 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2005-01-28 17:44:28 96,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2004-08-04 10:00:00 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2004-08-04 10:00:00 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2004-08-04 10:00:00 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2005-01-28 17:44:28 142,336 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2005-01-28 17:44:28 25,088 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2005-01-28 17:44:28 173,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2005-01-28 17:44:28 364,784 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2005-01-28 17:44:28 315,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2005-01-28 17:44:28 221,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-16 22:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2006-05-16 22:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2006-11-02 15:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2005-01-28 17:44:28 47,104 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
+ 2005-01-28 17:44:28 15,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
+ 2005-01-28 17:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2005-01-28 17:44:28 396,528 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2005-01-28 17:44:28 716,288 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2005-01-28 17:44:28 224,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
+ 2005-01-28 17:44:28 28,160 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2005-01-28 17:44:28 33,792 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2005-01-28 17:44:28 335,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2005-01-28 17:44:28 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2005-01-28 17:44:28 150,016 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2005-01-28 17:44:28 1,027,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2005-01-28 17:44:28 774,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2005-01-28 17:44:28 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2005-01-28 19:44:28 819,200 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe