Help Requested With Massive Malware Removal

[ginus]

Part 2:

+ 2005-01-28 17:44:28 413,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2005-01-28 17:44:28 940,544 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2005-01-28 17:44:28 1,218,808 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2005-01-28 17:44:28 1,512,448 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
+ 2005-01-28 17:44:28 2,370,296 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
+ 2005-01-28 17:44:28 895,736 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2005-01-28 17:44:28 1,003,008 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2005-01-28 17:44:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2005-01-28 17:44:28 61,952 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
+ 2005-01-28 17:44:28 114,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2005-01-28 17:44:28 66,560 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2005-01-28 17:44:28 331,264 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
+ 2005-01-28 17:44:28 18,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
+ 2004-09-15 17:28:06 8,192 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
+ 2004-09-15 17:27:52 344,064 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
+ 2004-09-23 00:46:04 819,200 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
+ 2006-05-16 22:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2006-05-16 22:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2004-09-15 17:27:54 192,512 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
+ 2004-09-15 17:27:54 189,440 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
+ 2004-09-15 17:27:54 122,880 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmlaunch.exe
+ 2007-04-30 12:20:24 5,537,792 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-09-15 17:28:00 135,168 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-09-15 17:28:00 77,824 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-09-15 17:28:00 282,624 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-09-15 17:28:00 28,672 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpenc.exe
+ 2004-09-15 17:28:00 1,589,760 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpencen.dll
+ 2004-09-15 17:28:00 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2004-09-15 17:28:00 3,371,008 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-09-15 17:28:00 86,016 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2004-09-15 17:28:00 175,104 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpsrcwp.dll
+ 2006-09-16 05:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 05:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 23:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2007-10-13 02:00:38 151,552 ----a-w C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-10-13 02:01:18 3,915,776 ----a-w C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2007-10-13 02:01:22 344,064 ----a-w C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2007-10-13 02:00:38 352,256 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2007-10-13 02:01:18 593,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2007-10-13 02:01:18 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
+ 2007-10-13 02:01:21 184,320 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2007-10-13 02:01:21 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2007-10-13 02:01:21 376,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2007-10-13 02:01:21 151,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2007-10-13 02:01:20 4,972,544 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2007-10-13 02:01:20 897,024 ----a-w C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2007-10-13 02:01:22 528,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2007-10-13 02:00:39 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2007-10-13 02:00:39 126,976 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2007-10-13 02:00:39 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2007-10-13 02:00:40 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2007-10-13 02:00:40 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2007-10-13 02:00:43 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
+ 2007-10-13 02:00:43 16,384 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2007-10-13 02:00:41 5,623,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2007-10-13 02:01:22 688,128 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2007-10-13 02:05:09 1,108,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2007-10-13 02:05:10 1,641,272 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2007-10-13 02:05:09 588,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2007-10-13 02:01:21 163,840 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2007-10-13 02:01:21 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2007-10-13 02:01:20 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2007-10-13 02:01:20 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2007-10-13 02:01:18 1,167,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2007-10-13 02:01:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2007-10-13 03:52:21 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\ea42d7294d0496c4b81b5698383835e2\ComSvcConfig.ni.exe
+ 2007-10-13 03:52:28 405,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\6402f5a81a68017188ba9b24a73cf7c3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2007-10-13 03:52:26 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\d1087bdb136a10b01ff884f927ae82ba\Microsoft.Transactions.Bridge.ni.dll
+ 2007-10-13 02:02:03 17,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\9243aa36665a75662f1d59d403faecb1\Microsoft.VisualC.ni.dll
+ 2007-10-13 03:53:19 1,568,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\e93b6376afd494a9fc81eed875ea29e0\PresentationBuildTasks.ni.dll
+ 2007-10-13 02:03:04 40,448 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b4cfc6ddaee930535792b2a7c4c8cc92\PresentationCFFRasterizer.ni.dll
+ 2007-10-13 02:03:03 11,984,896 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\e464f99432204c8bbf67b44459f4fa18\PresentationCore.ni.dll
+ 2007-10-13 02:04:56 48,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4901e5dec936a79c18f0960796d05c9c\PresentationFontCache.ni.exe
+ 2007-10-13 02:04:55 393,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\06b6deda7d175c895e062f0ea5c68ad1\PresentationFramework.Aero.ni.dll
+ 2007-10-13 02:04:50 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0e3292d46d353e0423018160d0ba53fc\PresentationFramework.Classic.ni.dll
+ 2007-10-13 02:04:30 14,680,064 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43d2f60da1dd03f05b8bbf13e791e1f9\PresentationFramework.ni.dll
+ 2007-10-13 02:04:52 270,336 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c1c4d02ff8e228046456aae042b8d201\PresentationFramework.Royale.ni.dll
+ 2007-10-13 02:04:51 548,864 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e2ae6990fad677869a6b9db4ce74df41\PresentationFramework.Luna.ni.dll
+ 2007-10-13 02:04:36 1,982,464 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI\789186c85e2c9a47d9ccb3e6efad1bfc\PresentationUI.ni.dll
+ 2007-10-13 02:04:46 2,396,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\50d61959bfc570016a93b8c72cdae7f1\ReachFramework.ni.dll
+ 2007-10-13 03:52:29 135,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\8135fba136671154323d108c20545a25\ServiceModelReg.ni.exe
+ 2007-10-13 03:52:30 286,720 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\d785a43e2e848909583c135793478ad7\SMDiagnostics.ni.dll
+ 2007-10-13 03:52:32 323,584 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4a4f4b6222fdd6efff9c517375884e6e\SMSvcHost.ni.exe
+ 2007-10-13 03:53:24 262,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\sysglobl\37109f785b4735a89ea5d55e9f710d35\sysglobl.ni.dll
+ 2007-10-13 02:02:11 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\0618c7d0205e2ffc29142e7ca3019522\System.Configuration.Install.ni.dll
+ 2007-10-13 02:02:09 1,179,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\192321a3510e79d9b822f0e02e061f40\System.Data.OracleClient.ni.dll
+ 2007-10-13 02:02:03 2,695,168 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\10bf204296279d932ff5af300b5d33ec\System.Data.SqlXml.ni.dll
+ 2007-10-13 03:33:50 241,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\c5ab82efcedf18ea4fa43dd411fa408f\System.IdentityModel.Selectors.ni.dll
+ 2007-10-13 03:33:48 987,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\88113e5f9522652ba9749d31f8b92775\System.IdentityModel.ni.dll
+ 2007-10-13 03:33:54 421,888 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6921c5b940056a701641d6f41336479c\System.IO.Log.ni.dll
+ 2007-10-13 02:05:34 655,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\e0a84a4c3f66d1c83dc0e491918464e3\System.Messaging.ni.dll
+ 2007-10-13 02:04:48 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\6f334b11dda437ce05536f65e94f9381\System.Printing.ni.dll
+ 2007-10-13 02:02:05 815,104 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2b3cf3e3905e4a95198511adf00f482e\System.Runtime.Remoting.ni.dll
+ 2007-10-13 02:02:06 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\5cbee81017e149a1a25d192e16206375\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2007-10-13 03:34:05 2,363,392 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\cc72c1894cd4a5c9f79c848c7fe17493\System.Runtime.Serialization.ni.dll
+ 2007-10-13 03:34:49 17,534,976 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\48bc039b18f4560cde9a0c1a10d9945f\System.ServiceModel.ni.dll
+ 2007-10-13 02:02:11 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\badccba6db750943a4a539d64f43064d\System.ServiceProcess.ni.dll
+ 2007-10-13 03:53:23 2,031,616 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\bc09ca99a455f0dcda92ce63a556ecec\System.Speech.ni.dll
+ 2007-10-13 02:05:20 2,994,176 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\304e2df5da628c36f2c0b8551721bb88\System.Workflow.Activities.ni.dll
+ 2007-10-13 02:05:28 4,587,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\eae0db1852c570c280db8e50709454a6\System.Workflow.ComponentModel.ni.dll
+ 2007-10-13 02:05:32 2,101,248 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\7103b8586c4b21c219fc2016366363cb\System.Workflow.Runtime.ni.dll
+ 2007-10-13 03:53:25 483,328 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\f49961851ab12e73bb4eb3ff335edc1f\UIAutomationClient.ni.dll
+ 2007-10-13 03:53:27 1,118,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\49d3f2e5a75dc5636709a823b227ddde\UIAutomationClientsideProviders.ni.dll
+ 2007-10-13 02:03:03 50,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\6389bbe9806b9de2e97658dc88af018a\UIAutomationProvider.ni.dll
+ 2007-10-13 02:03:04 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\ae6a32e233c32faabdd75ff724ccf1a2\UIAutomationTypes.ni.dll
+ 2007-10-13 02:01:57 3,272,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\490d87660e0cd4cf68ede4a64ec4ea35\WindowsBase.ni.dll
+ 2007-10-13 03:53:30 274,432 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\c2e0748fc01067435523e9d2239dd3f5\WindowsFormsIntegration.ni.dll
+ 2007-10-13 03:52:33 380,928 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ba16276ca93b4fd1f6c77639eddaf68\WsatConfig.ni.exe
- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2006-07-06 12:50:37 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2007-10-14 00:00:40 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2006-07-06 12:50:37 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2007-10-14 00:00:40 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2006-07-06 12:50:37 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-10-14 00:00:40 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2006-07-06 12:50:37 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2007-10-14 00:00:40 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-07-06 12:50:37 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-10-14 00:00:41 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-07-06 12:50:37 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2007-10-14 00:00:41 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-07-06 12:50:37 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-10-14 00:00:40 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-07-06 12:50:37 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-10-14 00:00:40 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-07-06 12:50:37 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-10-14 00:00:41 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-07-06 12:50:37 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2007-10-14 00:00:40 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-07-06 12:50:37 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-10-14 00:00:40 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-11-07 08:06:47 16,832 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
+ 2006-10-30 08:06:24 74,012 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat
+ 2006-10-30 07:25:56 99,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe
+ 2006-10-30 03:15:06 220,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll
+ 2006-10-30 03:17:56 1,054,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll
+ 2006-10-30 03:14:26 163,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll
+ 2006-10-30 07:25:54 194,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe
+ 2006-10-30 07:25:56 167,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe
+ 2006-10-30 07:25:56 365,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
+ 2006-10-30 07:17:12 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll
+ 2006-10-30 07:17:30 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll
+ 2006-10-30 07:17:36 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll
+ 2006-10-30 07:17:44 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll
+ 2006-10-30 07:17:50 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll

 

[ginus]

Part 3:

+ 2006-10-30 07:17:56 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll
+ 2006-10-30 07:18:10 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll
+ 2006-10-30 07:18:16 91,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll
+ 2006-10-30 07:18:22 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll
+ 2006-10-30 07:18:30 89,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll
+ 2006-10-30 07:18:36 88,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll
+ 2006-10-30 07:18:42 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll
+ 2006-10-30 07:18:48 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll
+ 2006-10-30 07:18:56 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll
+ 2006-10-30 07:19:02 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll
+ 2006-10-30 07:19:08 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll
+ 2006-10-30 07:19:14 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll
+ 2006-10-30 07:19:28 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll
+ 2006-10-30 07:19:34 83,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll
+ 2006-10-30 07:19:42 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll
+ 2006-10-30 07:17:24 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll
+ 2006-10-30 07:19:22 90,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll
+ 2006-10-30 07:18:02 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll
+ 2006-10-30 03:15:20 80,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll
+ 2006-10-30 03:15:22 1,621,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll
+ 2006-10-30 03:16:52 1,139,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll
+ 2006-10-30 03:18:26 590,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll
+ 2006-10-30 03:20:20 541,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll
+ 2006-10-30 03:18:12 816,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll
+ 2006-10-30 07:17:14 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll
+ 2006-10-30 07:17:30 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll
+ 2006-10-30 07:17:38 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll
+ 2006-10-30 07:17:44 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll
+ 2006-10-30 07:17:50 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll
+ 2006-10-30 07:17:58 104,448 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll
+ 2006-10-30 07:18:10 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll
+ 2006-10-30 07:18:16 103,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll
+ 2006-10-30 07:18:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll
+ 2006-10-30 07:18:30 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll
+ 2006-10-30 07:18:36 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll
+ 2006-10-30 07:18:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll
+ 2006-10-30 07:18:50 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll
+ 2006-10-30 07:18:56 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll
+ 2006-10-30 07:19:02 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll
+ 2006-10-30 07:19:08 99,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll
+ 2006-10-30 07:19:16 99,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll
+ 2006-10-30 07:19:28 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll
+ 2006-10-30 07:19:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll
+ 2006-10-30 07:19:42 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll
+ 2006-10-30 07:17:24 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll
+ 2006-10-30 07:19:22 101,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll
+ 2006-10-30 07:18:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll
+ 2006-10-30 03:18:36 98,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll
+ 2006-10-30 03:19:30 1,103,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll
+ 2006-10-30 07:34:02 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2006-10-30 07:33:58 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2007-10-13 02:00:32 626,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe
+ 2007-10-13 02:00:32 80,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll
+ 2006-10-30 07:34:00 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2006-10-30 07:34:00 151,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2006-10-30 07:34:02 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2006-10-30 07:34:02 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2006-10-30 07:34:00 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll
+ 2006-10-30 07:34:02 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2006-10-30 07:34:02 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2006-10-30 07:34:02 5,623,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2006-10-30 07:34:00 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2006-10-30 07:34:00 16,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2006-10-30 07:34:02 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2006-07-26 01:32:00 14,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2006-10-20 20:08:52 797,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2006-10-20 20:09:02 4,874,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2006-10-20 18:03:40 2,628,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2006-10-21 01:29:46 72,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2006-10-21 01:21:24 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2006-10-21 01:21:24 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2006-10-21 01:29:52 106,272 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2006-10-21 01:21:26 897,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2006-10-21 01:21:26 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
- 2004-09-23 00:45:38 161,792 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2005-01-28 17:44:28 164,864 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
- 2004-09-23 00:45:54 25,088 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2005-01-28 17:44:28 25,088 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
- 2004-09-23 00:45:54 169,472 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2005-01-28 17:44:28 173,568 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
- 2004-09-23 00:45:56 360,176 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2005-01-28 17:44:28 364,784 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
- 2004-09-23 00:45:56 311,296 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2005-01-28 17:44:28 315,904 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
- 2004-09-23 00:46:12 30,208 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2005-01-28 17:44:28 28,160 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
- 2004-09-23 00:46:12 34,304 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2005-01-28 17:44:28 33,792 ----a-w C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
- 2004-09-23 00:46:10 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2005-01-28 17:44:28 47,104 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
- 2004-09-23 00:46:10 15,872 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2005-01-28 17:44:28 15,872 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
- 2004-09-23 00:46:10 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2005-01-28 17:44:28 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
- 2004-09-23 00:46:38 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2005-01-28 17:44:28 38,912 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
- 2004-09-23 00:46:36 61,952 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2005-01-28 17:44:28 61,952 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
- 2004-09-23 00:46:36 114,176 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2005-01-28 17:44:28 114,176 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
- 2004-09-23 00:46:36 331,776 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2005-01-28 17:44:28 331,776 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
- 2004-09-23 00:46:36 66,560 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2005-01-28 17:44:28 66,560 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
- 2004-09-23 00:46:36 327,680 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2005-01-28 17:44:28 331,264 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
- 2004-09-23 00:46:38 10,752 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2005-01-28 17:44:28 10,752 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
- 2004-09-23 00:46:38 18,944 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2005-01-28 17:44:28 18,944 ----a-w C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
- 2004-09-23 00:46:10 380,144 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2005-01-28 17:44:28 396,528 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
- 2004-09-23 00:46:26 773,368 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2005-01-28 17:44:28 774,904 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
- 2004-09-23 00:46:30 531,192 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2005-01-28 17:44:28 413,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
- 2004-09-23 00:46:32 1,181,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2005-01-28 17:44:28 1,218,808 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
- 2004-09-23 00:46:34 871,160 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2005-01-28 17:44:28 895,736 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
- 2004-09-23 00:45:44 6,656 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2005-01-28 17:44:28 6,656 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
- 2004-09-23 00:45:44 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
- 2004-09-23 00:46:02 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2005-01-28 17:44:28 221,184 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
- 2004-09-23 00:46:10 712,704 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2005-01-28 17:44:28 716,288 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
- 2004-09-23 00:46:12 229,376 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2005-01-28 17:44:28 224,768 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
- 2004-09-23 00:46:12 344,064 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2005-01-28 17:44:28 335,872 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
- 2004-09-23 00:46:14 290,816 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2005-01-28 17:44:28 290,816 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
- 2004-09-23 00:46:14 150,016 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2005-01-28 17:44:28 150,016 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
- 2004-09-23 00:46:16 1,027,072 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2005-01-28 17:44:28 1,027,072 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
- 2004-09-23 00:46:26 1,116,160 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2005-01-28 17:44:28 1,119,744 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
- 2004-09-23 00:46:30 936,960 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2005-01-28 17:44:28 940,544 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
- 2004-09-23 00:46:32 1,509,376 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2005-01-28 17:44:28 1,512,448 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
- 2004-09-23 00:46:32 2,362,104 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2005-01-28 17:44:28 2,370,296 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
- 2004-09-23 00:46:34 999,424 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2005-01-28 17:44:28 1,003,008 ----a-w C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
- 2004-09-23 00:45:38 233,472 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2005-01-28 17:44:28 294,912 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
- 2004-09-23 00:45:42 253,688 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2005-01-28 17:44:28 258,296 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
- 2004-09-23 00:45:42 95,232 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
- 2004-09-23 00:45:42 527,360 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2005-01-28 17:44:28 502,272 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
- 2004-09-23 00:45:52 141,312 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2005-01-28 17:44:28 142,336 ----a-w C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2006-10-04 08:48:36 72,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\magnify.exe
+ 2006-10-04 08:48:36 53,760 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\narrator.exe

 

[ginus]

Part 4:

+ 2006-10-04 08:48:37 215,552 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\osk.exe
+ 2006-10-04 13:33:38 35,840 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\umandlg.dll
+ 2006-10-04 08:48:37 50,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2gdr\utilman.exe
+ 2006-10-04 10:40:05 72,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\magnify.exe
+ 2006-10-04 10:40:06 53,760 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\narrator.exe
+ 2006-10-04 10:40:06 215,552 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\osk.exe
+ 2006-10-04 14:05:57 35,840 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\umandlg.dll
+ 2006-10-04 10:40:06 50,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\sp2qfe\utilman.exe
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0eaed8d713d78954a90c813a5e2c5934\update\updspapi.dll
+ 2007-03-23 00:54:06 35,840 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\filterpipelineprintproc.dll
+ 2007-03-23 00:53:16 746,496 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\mxdwdrv.dll
+ 2007-03-23 00:59:24 2,932,224 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\amd64\xpssvcs.dll
+ 2007-03-23 00:24:58 28,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\filterpipelineprintproc.dll
+ 2007-03-23 00:24:58 28,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\filterpipelineprintproc.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\mxdwdrv.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\i386\xpssvcs.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\mxdwdrv.dll
+ 2007-03-23 00:24:34 131,584 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\mxdwdui.dll
+ 2007-03-23 00:25:42 677,376 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\printfilterpipelinesvc.exe
+ 2007-03-23 00:25:02 124,928 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\prntvpt.dll
+ 2006-06-29 17:07:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spmsg2.dll
+ 2006-06-29 17:07:36 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spuninst.exe
+ 2006-06-29 17:07:36 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\spupdsvc.exe
+ 2007-03-23 00:24:06 376,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unidrv.dll
+ 2007-03-23 01:03:54 749,568 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unidrvui.dll
+ 2007-03-23 01:03:58 761,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\unires.dll
+ 2006-06-29 17:07:36 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\spcustom.dll
+ 2006-06-29 17:07:36 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\update.exe
+ 2006-06-29 17:07:36 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\update\updspapi.dll
+ 2007-03-23 10:07:54 583,504 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\xpsshhdr.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\SoftwareDistribution\Download\38f17263fa42e2e02606ca20e3ca0c9d\xpssvcs.dll
+ 2006-10-14 21:13:02 34,304 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\filterpipelineprintproc.dll
+ 2006-10-14 21:12:14 737,792 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\mxdwdrv.dll
+ 2006-10-15 00:09:04 2,946,304 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\amd64\xpssvcs.dll
+ 2006-10-14 20:43:18 27,648 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\filterpipelineprintproc.dll
+ 2006-10-14 20:43:18 27,648 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\filterpipelineprintproc.dll
+ 2006-10-14 20:43:18 751,104 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\mxdwdrv.dll
+ 2006-10-15 00:22:00 1,698,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\i386\xpssvcs.dll
+ 2006-10-14 20:43:18 751,104 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\mxdwdrv.dll
+ 2006-10-14 20:42:40 131,584 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\mxdwdui.dll
+ 2006-10-14 20:44:44 671,744 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\printfilterpipelinesvc.exe
+ 2006-10-14 20:43:38 124,416 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\prntvpt.dll
+ 2006-06-29 17:07:36 14,048 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spmsg2.dll
+ 2006-06-29 17:07:36 213,216 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spuninst.exe
+ 2006-06-29 17:07:36 22,752 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\spupdsvc.exe
+ 2006-10-14 20:42:18 376,320 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unidrv.dll
+ 2006-10-14 20:42:28 510,464 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unidrvui.dll
+ 2006-10-14 20:40:36 619,008 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\unires.dll
+ 2006-06-29 17:07:36 22,752 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\spcustom.dll
+ 2006-06-29 17:07:36 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\update.exe
+ 2006-06-29 17:07:36 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\update\updspapi.dll
+ 2006-10-15 00:21:58 580,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\xpsshhdr.dll
+ 2006-10-15 00:22:00 1,698,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\4a70c28cb8115cefc13bb853867e3a00\xpssvcs.dll
+ 2005-06-28 14:20:24 13,536 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spmsg.dll
+ 2005-06-28 14:23:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spuninst.exe
+ 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spupdsvc.exe
+ 2005-06-28 14:24:52 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\update.exe
+ 2005-06-28 14:23:54 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\updspapi.dll
+ 2007-06-12 03:51:12 10,834,944 ----a-w C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\wmp.dll
+ 2006-11-13 06:02:58 116,736 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\lhmstsc.exe
+ 2006-11-13 06:02:58 1,866,240 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\lhmstscx.dll
+ 2006-11-13 06:02:58 288,768 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tscuinst.vbs
+ 2006-11-13 06:02:58 36,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2GDR\tsgqec.dll
+ 2006-11-13 06:02:15 116,736 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\lhmstsc.exe
+ 2006-11-13 06:02:15 1,866,240 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\lhmstscx.dll
+ 2006-11-13 06:02:15 288,768 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tscuinst.vbs
+ 2006-11-13 06:02:15 36,352 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\SP2QFE\tsgqec.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\spcustom.dll
+ 2006-11-13 06:02:58 38,400 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\tscupdatecustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\5c6585b611f6aa43aa9bf05fb121b36e\update\updspapi.dll
+ 2006-10-11 16:24:45 153,088 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2p.dll
+ 2006-10-11 16:24:45 104,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pgasvc.dll
+ 2006-10-11 16:24:45 313,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pgraph.dll
+ 2006-10-11 16:24:45 116,224 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2pnetsh.dll
+ 2006-10-11 16:24:45 553,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\p2psvc.dll
+ 2006-10-11 16:24:45 58,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2gdr\pnrpnsp.dll
+ 2006-10-11 16:35:59 153,088 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2p.dll
+ 2006-10-11 16:35:59 104,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pgasvc.dll
+ 2006-10-11 16:35:59 313,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pgraph.dll
+ 2006-10-11 16:35:59 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2pnetsh.dll
+ 2006-10-11 16:35:59 553,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\p2psvc.dll
+ 2006-10-11 16:35:59 58,880 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\pnrpnsp.dll
+ 2006-09-26 08:51:38 212,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\sp2qfe\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\63a796445bbe991c61ab6f27bc47844f\update\updspapi.dll
+ 2006-10-24 16:30:20 412,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\photometadatahandler.dll
+ 2006-10-16 20:10:58 14,640 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spmsg.dll
+ 2006-10-16 20:10:58 221,488 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spuninst.exe
+ 2006-10-16 20:10:58 23,856 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\spupdsvc.exe
+ 2006-10-16 20:10:56 23,856 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\spcustom.dll
+ 2006-10-16 20:10:58 742,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\update.exe
+ 2006-10-16 20:10:58 379,184 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\update\updspapi.dll
+ 2006-10-24 16:30:06 716,288 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\windowscodecs.dll
+ 2006-10-24 16:29:50 352,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\windowscodecsext.dll
+ 2006-10-24 16:30:00 276,992 ----a-w C:\WINDOWS\SoftwareDistribution\Download\75dbb8bbff547dc1bae58bc8980482d5\wmphoto.dll
+ 2005-06-28 14:20:24 13,536 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
+ 2005-06-28 14:23:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\unregmp2.exe
+ 2005-06-28 14:24:52 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\update.exe
+ 2005-06-28 14:23:54 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\updspapi.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\msscp.dll
+ 2005-06-28 14:20:24 13,536 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spmsg.dll
+ 2005-06-28 14:23:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spuninst.exe
+ 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spupdsvc.exe
+ 2005-06-28 14:24:52 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\update.exe
+ 2005-06-28 14:23:54 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\updspapi.dll
+ 2005-01-24 19:52:06 40,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\fsdkreboot.exe
+ 2004-11-18 14:41:18 13,536 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\spmsg.dll
+ 2004-11-18 14:44:50 209,632 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\spuninst.exe
+ 2004-11-18 14:42:52 22,752 -c--a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\spupdsvc.exe
+ 2004-11-18 14:46:32 717,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\update\update.exe
+ 2004-11-18 14:45:18 371,936 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\update\updspapi.dll
+ 2005-01-28 18:13:56 5,732,096 ----a-w C:\WINDOWS\SoftwareDistribution\Download\f79a0abf54df8cb1967cbc84b2d1c410\wmfdist95.exe
- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 01:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2001-01-22 09:25:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL
+ 2004-01-29 14:08:23 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL
- 2005-03-15 20:33:52 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
+ 2006-11-02 00:48:02 89,088 ----a-w C:\WINDOWS\system32\ATL71.DLL
- 2004-09-15 17:28:06 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-19 01:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2004-12-07 01:45:12 172,032 ------w C:\WINDOWS\system32\BCMLogon.dll
+ 2006-11-02 00:48:02 770,048 ----a-w C:\WINDOWS\system32\BCMLogon.dll
- 2004-12-07 01:45:12 872,556 ------w C:\WINDOWS\system32\BCMWLTRY.EXE
+ 2006-11-02 00:48:10 1,253,376 ----a-w C:\WINDOWS\system32\BCMWLTRY.EXE
- 2004-12-07 01:45:12 204,800 ------w C:\WINDOWS\system32\BCMWLU00.EXE
+ 2006-11-02 00:48:10 253,952 ----a-w C:\WINDOWS\system32\bcmwlu00.exe
- 2004-09-23 00:45:38 233,472 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 01:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-09-23 00:45:38 161,792 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 01:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-09-23 00:45:38 233,472 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 01:47:10 542,720 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2004-09-23 00:45:38 161,792 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-09-23 00:45:42 253,688 ----a-w C:\WINDOWS\system32\dllcache\drmclien.dll
+ 2005-01-28 17:44:28 258,296 ----a-w C:\WINDOWS\system32\dllcache\drmclien.dll
- 2004-09-23 00:45:42 95,232 ----a-w C:\WINDOWS\system32\dllcache\drmstor.dll
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\system32\dllcache\drmstor.dll
- 2004-09-23 00:45:42 527,360 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2007-03-23 00:24:58 28,160 ------w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll

 

[ginus]

Part 5:

- 2004-09-23 00:45:44 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 01:47:14 11,264 ----a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-09-23 00:45:44 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 00:03:58 100,864 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-04 08:48:36 72,704 ------w C:\WINDOWS\system32\dllcache\magnify.exe
- 2004-09-15 17:27:52 344,064 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 01:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-09-23 00:45:52 141,312 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-09-23 00:45:54 25,088 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 01:47:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-09-23 00:45:54 169,472 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 01:47:16 175,616 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2004-09-23 00:45:56 360,176 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2004-09-23 00:45:56 311,296 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 01:47:16 321,536 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-04 08:48:36 53,760 ------w C:\WINDOWS\system32\dllcache\narrator.exe
+ 2006-10-04 08:48:37 215,552 ------w C:\WINDOWS\system32\dllcache\osk.exe
+ 2006-10-11 16:24:45 153,088 ------w C:\WINDOWS\system32\dllcache\p2p.dll
+ 2006-10-11 16:24:45 104,960 ------w C:\WINDOWS\system32\dllcache\p2pgasvc.dll
+ 2006-10-11 16:24:45 313,344 ------w C:\WINDOWS\system32\dllcache\p2pgraph.dll
+ 2006-10-11 16:24:45 116,224 ------w C:\WINDOWS\system32\dllcache\p2pnetsh.dll
+ 2006-10-11 16:24:45 553,984 ------w C:\WINDOWS\system32\dllcache\p2psvc.dll
+ 2006-10-11 16:24:45 58,880 ------w C:\WINDOWS\system32\dllcache\pnrpnsp.dll
+ 2007-03-23 00:25:42 677,376 ------w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
- 2004-09-23 00:46:02 221,184 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 01:47:18 211,456 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-09-23 00:46:04 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-01 22:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-10-04 13:33:38 35,840 ------w C:\WINDOWS\system32\dllcache\umandlg.dll
- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2006-10-04 08:48:37 50,176 ------w C:\WINDOWS\system32\dllcache\utilman.exe
- 2004-09-23 00:46:10 380,144 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 ----a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-09-23 00:46:10 712,704 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 ----a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2004-09-23 00:46:12 229,376 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-19 01:47:18 222,208 ----a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2004-09-23 00:46:12 30,208 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 01:47:18 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-09-23 00:46:12 34,304 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 01:47:18 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 01:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2004-09-23 00:46:14 150,016 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 01:47:20 157,184 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-09-23 00:46:16 1,027,072 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 01:47:20 937,984 ----a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-09-15 17:28:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 01:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-09-15 17:28:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 01:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-09-23 00:46:26 773,368 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-09-23 00:46:26 1,116,160 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-09-23 00:46:30 531,192 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-09-23 00:46:30 936,960 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 01:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-09-23 00:46:34 871,160 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-09-23 00:46:34 999,424 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
+ 2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\dllcache\XpsSvcs.dll
- 2004-12-07 02:09:58 369,024 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS
+ 2006-10-13 03:28:42 604,928 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS
- 2004-06-18 01:55:38 685,056 ----a-w C:\WINDOWS\system32\drivers\HSF_CNXT.sys
+ 2005-05-03 19:08:44 705,408 ----a-w C:\WINDOWS\system32\drivers\HSF_CNXT.sys
+ 2005-05-03 19:09:28 1,033,728 ----a-w C:\WINDOWS\system32\drivers\HSF_DPV.SYS
- 2004-06-18 01:57:02 200,064 ----a-w C:\WINDOWS\system32\drivers\HSFHWICH.sys
+ 2005-05-03 19:08:50 208,384 ----a-w C:\WINDOWS\system32\drivers\HSFHWICH.sys
- 2005-02-15 20:02:58 804,317 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
+ 2005-10-14 19:15:18 1,302,812 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
+ 2007-07-19 19:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2004-03-17 23:04:14 13,059 ----a-w C:\WINDOWS\system32\drivers\mdmxsdk.sys
+ 2004-03-17 16:04:14 13,059 ----a-w C:\WINDOWS\system32\drivers\mdmxsdk.sys
+ 2006-10-19 01:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2004-09-23 00:46:38 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 00:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 22:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 23:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
- 2004-09-23 00:45:42 253,688 ----a-w C:\WINDOWS\system32\drmclien.dll
+ 2005-01-28 17:44:28 258,296 ----a-w C:\WINDOWS\system32\drmclien.dll
- 2004-09-23 00:45:42 95,232 ----a-w C:\WINDOWS\system32\drmstor.dll
+ 2005-01-28 17:44:28 96,768 ----a-w C:\WINDOWS\system32\drmstor.dll
+ 2006-10-19 00:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-09-23 00:45:42 527,360 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-21 01:29:46 69,408 ----a-w C:\WINDOWS\system32\dxva2.dll
+ 2006-10-21 01:30:00 478,496 ----a-w C:\WINDOWS\system32\evr.dll
- 1999-10-18 01:01:42 1,129,232 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2003-09-25 16:07:00 1,139,472 ----a-w C:\WINDOWS\system32\FM20.DLL
- 1999-10-18 01:01:16 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2003-08-18 18:26:32 25,872 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2007-07-28 02:58:54 254,272 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-10-13 02:08:24 257,456 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2005-02-15 20:02:56 118,784 ----a-w C:\WINDOWS\system32\hccutils.dll
+ 2005-10-14 18:45:22 73,728 ----a-w C:\WINDOWS\system32\hccutils.dll
- 2005-02-15 20:02:56 126,976 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2005-10-14 18:46:34 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2005-02-23 19:02:10 42,858 ----a-w C:\WINDOWS\system32\hsfci014.dll
+ 2005-10-14 19:06:54 61,440 ----a-w C:\WINDOWS\system32\iAlmCoIn_v4410.dll
- 2005-02-15 20:02:58 878,651 ----a-w C:\WINDOWS\system32\ialmdd5.dll
+ 2005-10-14 19:14:16 901,242 ----a-w C:\WINDOWS\system32\ialmdd5.dll
- 2005-02-15 20:02:58 178,779 ----a-w C:\WINDOWS\system32\ialmdev5.dll
+ 2005-10-14 19:06:40 213,274 ----a-w C:\WINDOWS\system32\ialmdev5.dll
- 2005-02-15 20:02:58 108,092 ----a-w C:\WINDOWS\system32\ialmdnt5.dll
+ 2005-10-14 19:06:52 118,395 ----a-w C:\WINDOWS\system32\ialmdnt5.dll
- 2005-02-15 20:02:58 49,152 ----a-w C:\WINDOWS\system32\ialmrem.dll
+ 2005-10-14 19:06:54 49,152 ----a-w C:\WINDOWS\system32\ialmrem.dll
- 2005-02-15 20:02:58 37,951 ----a-w C:\WINDOWS\system32\ialmrnt5.dll
+ 2005-10-14 19:06:58 36,990 ----a-w C:\WINDOWS\system32\ialmrnt5.dll
+ 2005-10-14 18:51:06 40,960 ----a-w C:\WINDOWS\system32\ialmuARA.dll
+ 2005-10-14 18:51:06 40,960 ----a-w C:\WINDOWS\system32\ialmuARB.dll
+ 2005-10-14 18:51:06 40,960 ----a-w C:\WINDOWS\system32\ialmuCHS.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuCHT.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuCSY.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuDAN.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuDEU.dll
+ 2005-10-14 18:51:06 114,688 ----a-w C:\WINDOWS\system32\ialmudlg.exe
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuELL.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuENG.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuESP.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuFIN.dll
+ 2005-10-14 18:51:08 40,960 ----a-w C:\WINDOWS\system32\ialmuFRA.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuFRC.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuHEB.dll
+ 2005-10-14 18:51:14 40,960 ----a-w C:\WINDOWS\system32\ialmuHUN.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuITA.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuJPN.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuKOR.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuNLD.dll
+ 2005-10-14 18:51:10 40,960 ----a-w C:\WINDOWS\system32\ialmuNOR.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuPLK.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuPTB.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuPTG.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuRUS.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuSVE.dll
+ 2005-10-14 18:51:12 40,960 ----a-w C:\WINDOWS\system32\ialmuTHA.dll
+ 2005-10-14 18:51:14 40,960 ----a-w C:\WINDOWS\system32\ialmuTRK.dll
+ 2006-10-30 07:33:58 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe
+ 2006-10-30 07:33:58 9,480 ----a-w C:\WINDOWS\system32\icardres.dll
- 2005-02-15 20:02:58 503,808 ----a-w C:\WINDOWS\system32\igfxcfg.exe
+ 2005-10-14 18:49:08 446,464 ----a-w C:\WINDOWS\system32\igfxcfg.exe
- 2005-02-15 20:02:58 139,264 ----a-w C:\WINDOWS\system32\igfxdev.dll
+ 2005-10-14 18:45:38 135,168 ----a-w C:\WINDOWS\system32\igfxdev.dll
- 2005-02-15 20:02:58 86,016 ----a-w C:\WINDOWS\system32\igfxdo.dll
+ 2005-10-14 18:46:38 86,016 ----a-w C:\WINDOWS\system32\igfxdo.dll
- 2005-02-15 20:02:58 36,864 ----a-w C:\WINDOWS\system32\igfxexps.dll
+ 2005-10-14 18:50:24 40,960 ----a-w C:\WINDOWS\system32\igfxexps.dll
- 2005-02-15 20:02:58 106,496 ----a-w C:\WINDOWS\system32\igfxext.exe
+ 2005-10-14 18:50:22 94,208 ----a-w C:\WINDOWS\system32\igfxext.exe
+ 2005-10-14 18:50:30 114,688 ----a-w C:\WINDOWS\system32\igfxpers.exe
- 2005-02-15 20:02:58 225,280 ----a-w C:\WINDOWS\system32\igfxpph.dll
+ 2005-10-14 18:49:30 147,456 ----a-w C:\WINDOWS\system32\igfxpph.dll
- 2005-02-15 20:02:58 1,245,184 ----a-w C:\WINDOWS\system32\igfxress.dll
+ 2005-10-14 18:49:36 1,503,232 ----a-w C:\WINDOWS\system32\igfxress.dll
- 2005-02-15 20:02:58 348,160 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
+ 2005-10-14 18:46:28 57,344 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
+ 2005-10-14 18:46:24 159,744 ----a-w C:\WINDOWS\system32\igfxsrvc.exe
- 2005-02-15 20:02:58 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
+ 2005-10-14 18:49:46 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
- 2005-02-15 20:02:58 114,688 ----a-w C:\WINDOWS\system32\igfxzoom.exe
+ 2005-10-14 18:50:16 114,688 ----a-w C:\WINDOWS\system32\igfxzoom.exe
+ 2005-10-14 18:59:00 524,288 ----a-w C:\WINDOWS\system32\igldev32.dll
+ 2005-10-14 18:57:06 2,310,144 ----a-w C:\WINDOWS\system32\iglicd32.dll
+ 2006-10-30 07:33:58 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll
- 2004-09-23 00:45:44 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 01:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
+ 2007-09-06 20:13:58 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2004-09-23 00:45:44 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 00:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
- 2004-08-04 10:00:00 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
+ 2006-10-04 08:48:36 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
- 2004-09-01 16:56:46 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2006-11-02 00:48:12 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.DLL
+ 2006-10-19 01:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-21 01:30:06 1,980,704 ----a-w C:\WINDOWS\system32\milcore.dll
+ 2006-10-19 01:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 10:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 01:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 10:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 01:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 10:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 19:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2004-09-23 00:45:52 141,312 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-09-23 00:45:54 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 01:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-09-23 00:45:54 169,472 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 01:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2004-09-23 00:45:56 360,176 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-08-04 10:00:00 407,552 ----a-w C:\WINDOWS\system32\mstsc.exe
+ 2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\system32\mstsc.exe
- 2004-08-04 10:00:00 655,360 ----a-w C:\WINDOWS\system32\mstscax.dll
+ 2006-11-13 06:02:58 1,866,240 ----a-w C:\WINDOWS\system32\mstscax.dll
- 2004-09-23 00:45:56 311,296 ----a-w C:\WINDOWS\system32\MSWMDM.dll

 

[ginus]

Part 6:

+ 2006-10-19 01:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2007-05-15 19:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2006-10-19 17:33:20 86,728 ----a-w C:\WINDOWS\system32\msxml6r.dll
- 2004-08-04 10:00:00 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2006-10-04 08:48:36 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
- 2005-02-15 20:02:58 69,632 ----a-w C:\WINDOWS\system32\oemdspif.dll
+ 2005-10-14 18:50:34 53,248 ----a-w C:\WINDOWS\system32\oemdspif.dll
- 2004-08-04 10:00:00 215,552 ----a-w C:\WINDOWS\system32\osk.exe
+ 2006-10-04 08:48:37 215,552 ----a-w C:\WINDOWS\system32\osk.exe
- 2004-08-04 10:00:00 116,224 ----a-w C:\WINDOWS\system32\p2p.dll
+ 2006-10-11 16:24:45 153,088 ----a-w C:\WINDOWS\system32\p2p.dll
- 2004-08-04 10:00:00 86,016 ----a-w C:\WINDOWS\system32\p2pgasvc.dll
+ 2006-10-11 16:24:45 104,960 ----a-w C:\WINDOWS\system32\p2pgasvc.dll
- 2004-08-04 10:00:00 312,320 ----a-w C:\WINDOWS\system32\p2pgraph.dll
+ 2006-10-11 16:24:45 313,344 ----a-w C:\WINDOWS\system32\p2pgraph.dll
- 2004-08-04 10:00:00 88,064 ----a-w C:\WINDOWS\system32\p2pnetsh.dll
+ 2006-10-11 16:24:45 116,224 ----a-w C:\WINDOWS\system32\p2pnetsh.dll
- 2004-08-04 10:00:00 526,848 ----a-w C:\WINDOWS\system32\p2psvc.dll
+ 2006-10-11 16:24:45 553,984 ----a-w C:\WINDOWS\system32\p2psvc.dll
- 2007-10-11 22:23:19 63,418 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-13 02:05:37 71,198 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-11 22:23:20 402,974 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-13 02:05:37 438,270 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2006-10-24 16:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll
- 2004-08-04 10:00:00 48,640 ----a-w C:\WINDOWS\system32\pnrpnsp.dll
+ 2006-10-11 16:24:45 58,880 ----a-w C:\WINDOWS\system32\pnrpnsp.dll
+ 2006-10-19 01:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 01:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 01:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 01:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 01:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
+ 2006-10-21 01:29:52 104,224 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2006-10-21 01:29:58 344,352 ----a-w C:\WINDOWS\system32\PresentationHost.exe
+ 2006-10-21 01:29:46 20,768 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
+ 2006-10-21 01:30:02 769,312 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
+ 2007-03-23 00:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
- 2004-09-23 00:46:02 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-19 01:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2004-06-18 01:55:38 685,056 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSF_CNXT.sys
+ 2004-06-18 01:55:04 1,041,536 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSF_DP.sys
+ 2004-06-17 01:23:00 33,818 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSFCI010.dll
+ 2004-06-18 01:57:02 200,064 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HSFHWICH.sys
+ 2004-03-13 03:20:44 536,576 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\HXFSetup.exe
+ 2004-03-17 23:00:32 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\mdmxsdk.dll
+ 2004-03-17 23:04:14 13,059 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\mdmxsdk.sys
+ 2005-02-15 20:02:56 118,784 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\hccutils.dll
+ 2005-02-15 20:02:56 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\hkcmd.exe
+ 2005-02-15 20:02:56 61,440 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\iAlmCoIn.dll
+ 2005-02-15 20:02:58 878,651 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmdd5.dll
+ 2005-02-15 20:02:58 178,779 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmdev5.dll
+ 2005-02-15 20:02:58 108,092 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmdnt5.dll
+ 2005-02-15 20:02:58 516,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmgdev.dll
+ 2005-02-15 20:02:58 2,289,664 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmgicd.dll
+ 2005-02-15 20:02:58 804,317 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmnt5.sys
+ 2005-02-15 20:02:58 49,152 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmrem.dll
+ 2005-02-15 20:02:58 37,951 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\ialmrnt5.dll
+ 2005-02-15 20:02:58 503,808 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxcfg.exe
+ 2005-02-15 20:02:58 139,264 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdev.dll
+ 2005-02-15 20:02:58 45,056 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdgps.dll
+ 2005-02-15 20:02:58 151,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdiag.exe
+ 2005-02-15 20:02:58 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxdo.dll
+ 2005-02-15 20:02:58 225,280 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxeud.dll
+ 2005-02-15 20:02:58 36,864 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxexps.dll
+ 2005-02-15 20:02:58 106,496 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxext.exe
+ 2005-02-15 20:02:58 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxhk.dll
+ 2005-02-15 20:02:58 225,280 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxpph.dll
+ 2005-02-15 20:02:58 1,245,184 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxress.dll
+ 2005-02-15 20:02:58 348,160 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxsrvc.dll
+ 2005-02-15 20:02:58 155,648 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxtray.exe
+ 2005-02-15 20:02:58 114,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxzoom.exe
+ 2005-02-15 20:02:58 69,632 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\oemdspif.dll
+ 2005-02-15 20:02:56 118,784 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\hccutils.dll
+ 2005-02-15 20:02:56 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\hkcmd.exe
+ 2005-02-15 20:02:56 61,440 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iAlmCoIn.dll
+ 2005-02-15 20:02:58 878,651 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmdd5.dll
+ 2005-02-15 20:02:58 178,779 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmdev5.dll
+ 2005-02-15 20:02:58 108,092 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmdnt5.dll
+ 2005-02-15 20:02:58 516,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmgdev.dll
+ 2005-02-15 20:02:58 2,289,664 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmgicd.dll
+ 2005-10-14 19:15:18 1,302,812 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmnt5.sys
+ 2005-10-14 19:06:54 49,152 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmrem.dll
+ 2005-02-15 20:02:58 37,951 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\ialmrnt5.dll
+ 2005-10-14 18:49:08 446,464 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxcfg.exe
+ 2005-02-15 20:02:58 139,264 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxdev.dll
+ 2005-10-14 18:46:38 86,016 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxdo.dll
+ 2005-10-14 18:50:24 40,960 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxexps.dll
+ 2005-10-14 18:50:22 94,208 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxext.exe
+ 2005-02-15 20:02:58 126,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxhk.dll
+ 2005-10-14 18:49:30 147,456 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxpph.dll
+ 2005-02-15 20:02:58 1,245,184 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxress.dll
+ 2005-02-15 20:02:58 348,160 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxsrvc.dll
+ 2005-10-14 18:49:46 94,208 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxtray.exe
+ 2005-10-14 18:50:16 114,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxzoom.exe
+ 2005-10-14 18:50:34 53,248 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\oemdspif.dll
+ 2004-12-07 02:09:58 369,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\BCMWL5.SYS
+ 2006-08-24 20:15:06 150,808 ----a-w C:\WINDOWS\system32\rgb9rast_2.dll
- 2006-12-10 18:10:02 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-16 20:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2007-03-23 00:24:34 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
- 2004-08-04 05:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2007-03-23 00:24:06 376,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
- 2004-08-04 05:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2007-03-23 01:03:54 749,568 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
- 2004-08-04 05:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2007-03-23 01:03:58 761,344 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2006-10-14 20:43:18 27,648 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2007-03-23 00:25:42 677,376 ------w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2006-10-14 21:13:02 34,304 ----a-w C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2007-03-23 00:53:16 746,496 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2007-03-23 00:59:24 2,932,224 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2007-03-23 00:53:16 746,496 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2007-03-23 00:59:24 2,932,224 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2007-03-23 00:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2007-03-23 10:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-16 20:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2006-11-29 21:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2007-10-13 18:27:17 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 09:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2007-10-13 18:27:17 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-10-21 01:29:54 159,008 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
- 2004-08-04 10:00:00 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
+ 2006-10-04 13:33:38 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
- 2004-08-04 10:00:00 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2006-10-04 08:48:37 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
- 2004-09-23 00:46:10 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 01:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2007-09-06 20:14:04 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-09-06 20:14:28 395,080 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-09-06 20:14:04 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-09-06 20:14:04 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-09-06 20:14:04 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-09-06 20:14:04 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-09-06 20:14:06 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-09-06 20:14:06 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2007-09-06 20:14:06 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2004-09-23 00:46:10 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 01:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2004-09-23 00:46:10 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 01:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-24 16:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll
+ 2006-10-24 16:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll
- 2004-12-07 01:45:14 696,425 ------w C:\WINDOWS\system32\WLTRAY.EXE
+ 2006-11-02 00:48:12 1,392,640 ----a-w C:\WINDOWS\system32\WLTRAY.EXE
- 2004-12-07 01:45:14 81,920 ------w C:\WINDOWS\system32\wltrynt.dll
+ 2006-11-02 00:48:12 44,032 ----a-w C:\WINDOWS\system32\wltrynt.dll
- 2004-12-07 01:45:14 65,536 ------w C:\WINDOWS\system32\WLTRYSVC.EXE
+ 2006-11-02 00:48:12 20,480 ----a-w C:\WINDOWS\system32\WLTRYSVC.EXE
- 2004-09-23 00:46:10 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-09-23 00:46:10 712,704 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2004-09-23 00:46:12 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-19 01:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
- 2004-09-23 00:46:12 30,208 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 01:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-09-23 00:46:12 34,304 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 01:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2004-09-23 00:46:12 344,064 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 01:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2004-09-23 00:46:14 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 01:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 01:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 01:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-09-23 00:46:14 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 01:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-09-23 00:46:16 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 01:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 12:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 03:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2004-09-15 17:28:00 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 01:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-24 16:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll
- 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 01:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 01:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 01:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-09-15 17:28:00 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 01:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-09-23 00:46:26 773,368 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-09-23 00:46:26 1,116,160 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-09-23 00:46:30 531,192 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-09-23 00:46:30 936,960 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2004-09-23 00:46:32 1,181,944 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2004-09-23 00:46:32 1,509,376 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 01:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 01:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-09-23 00:46:34 871,160 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-09-23 00:46:34 999,424 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 01:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll

 

[ginus]

Part 7:

+ 2006-10-19 01:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 01:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2004-09-23 00:46:38 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 01:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2004-09-23 00:46:36 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 01:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2004-09-23 00:46:36 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 01:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2004-09-23 00:46:36 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
+ 2005-01-28 17:44:28 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
- 2004-09-23 00:46:36 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 00:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 01:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 01:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2004-09-23 00:46:36 327,680 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 01:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
- 2004-09-23 00:46:38 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
+ 2005-01-28 17:44:28 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
+ 2006-09-29 00:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 22:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 22:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 22:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 22:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
+ 2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
+ 2006-10-21 01:29:54 304,928 ----a-w C:\WINDOWS\system32\XPSViewer\XPSViewer.exe
+ 2007-09-06 20:14:06 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-09-06 20:14:08 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2007-09-06 20:13:56 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-31 04:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 18:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 04:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 04:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 04:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 04:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-07-19 19:10:32 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
+ 2007-07-19 19:10:32 186,128 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
+ 2007-05-31 04:03:48 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
+ 2007-07-19 19:10:28 127,768 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
+ 2007-05-31 04:03:50 45,056 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
+ 2006-09-20 03:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-08-24 23:31:48 274,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 22:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-31 04:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 04:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 04:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 04:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-08-24 23:31:48 135,168 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 22:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-09-06 20:13:56 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 16:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2007-09-06 20:13:58 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-09-06 20:13:58 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-09-06 20:13:58 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-09-06 20:14:30 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2007-09-06 20:14:30 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2007-09-06 20:14:30 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-09-06 20:14:32 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-09-06 20:14:32 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-09-06 20:15:50 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-09-06 20:15:52 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-08-15 19:45:42 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-08-15 19:45:44 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-09-06 20:14:00 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-01-11 15:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-08-15 19:45:44 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-06-11 16:44:10 50,416 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-09-06 20:14:02 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-09-06 20:15:52 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-09-06 20:15:54 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-05 00:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-08-01 10:30:04 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-09-06 20:14:18 149,032 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 21:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-09-06 20:14:04 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-09-06 20:14:04 79,336 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-09-06 20:14:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-09-06 20:14:04 2,024,936 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2007-09-06 20:14:06 1,345,000 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-09-06 20:14:06 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-01-11 15:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2007-09-06 20:14:08 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-09-06 20:14:08 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-09-06 20:14:08 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-09-06 20:14:08 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SmcService"="C:\PROGRA~1\Sygate\SPF\Smc.exe" [2003-01-21 15:55]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 10:38]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" []
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" []
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"AOL Music Now"="C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe" []
"findfast"="C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-11 00:41]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 20:48]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"findfast"="C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll, xlibgfl254.dll, append.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"AOL ACS"=2 (0x2)


.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 22:53:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-13 22:54:16
C:\ComboFix2.txt ... 2007-10-13 19:28
C:\ComboFix3.txt ... 2007-10-12 21:26
.
--- E O F ---

 

[shelf life]

hi ginus,

ok good, thanks for the info. that host file must be part of spybot.(IE immunization) dont worry about it. it just prevents you from getting to malicious website.
smitfraud and combofix both deleted stuff this second time.
please post a new hjt log for a last look. do you use anything other than spybot as a antimalware scanner? dosnt hurt to use two.

shelf life

 

[ginus]

Thanks, shelflife.

I am only running Spybot as an antimalware scanner. Do you have a suggetion for an additional scanner I should be using? I thought they could sometimes interfere with eachother.

Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:27 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOL Music Now] "C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe"
O4 - HKLM\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192246852328
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9543 bytes

 

[ginus]

I am getting the following error when going to the Windows Update site:

wupdmgr.exe - Bad Image

The application or DLL C:\Windows\System32\xlibgfl254.dll is not a valid Windows image. Please check this against your installation diskette.



Is this a remnant of one of the infections? I am able to get to the site and run updates.

ginus

 

[shelf life]

hi ginus,

I thought they could sometimes interfere with eachother.

two antimalware scanners is plenty. the problems that arise can be if both use real time protection, a component that runs in the background like spybots tea timer or Avg antispyware guard. having two running at the same time can cause conflicts. if both have a real time component you can disable the feature in one of the applications.
i like super antispyware:
http://www.superantispyware.com/

but there is also:
avg antispyware
http://free.grisoft.com/doc/avg-anti-spyware-free/lng/us/tpl/v5

lavasofts ad aware:
http://www.lavasoftusa.com/software/adaware
------------------------------------
ok the hjt log:
look in add/remove programs panel and uninstall anything like myway or my way search.

also you have two firewalls: sygate and zone alarm. only need one. you can uninstall one via the add/remove programs panel.

after the uninstall of the above please reboot computer once and post a new hjt log-
----------------------

for that .dll file we will use hjt to delete it:

Start Hijackthis, click the "open misc tools section" then the "delete a file on reboot..."

A new window will open. --Navigate to the file: C:\Windows\System32\xlibgfl254.dll and click on it once, and then click on the Open button.
You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button to reboot your computer

shelf life

 

[ginus]

Thanks, shelf life.

I installed the superantispyware.

Here is my latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:15 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOL Music Now] "C:\PROGRA~1\AOLMUS~1\AOLMusicNow.exe"
O4 - HKLM\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [findfast] C:\Documents and Settings\Rob Lindberg\Application Data\findfast.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192246852328
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} (PhoenixBody Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9132 bytes



Thanks for the soon to come info on that dll.

 

[shelf life]

hi ginus,

your welcome, hows it all looking on that end now?

hjt log looks ok. we can make new restore points next if all is well.

shelf life

 

[ginus]

Hi shelf life.

The machine is acting fine now, but Superantispyware finds some trojans. It's not done running, but it has found 28 so far. Should I assume that these are relatively minor threats, let it do it's removal, and assume I'm good going forward?

Thanks again for your generous assistance.

 

[shelf life]

hi ginus,

ok good. lets see what it dug up: to post the log:

start superantispyware
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program

shelf life

 

[ginus]

Thanks, shelf life.

There were 28 threats and I pet the Superantispyware clean them. I hope that was ok. Here is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2007 at 08:49 PM

Application Version : 3.9.1008

Core Rules Database Version : 3324
Trace Rules Database Version: 1325

Scan type : Quick Scan
Total Scan Time : 01:43:08

Memory items scanned : 401
Memory threats detected : 0
Registry items scanned : 893
Registry threats detected : 11
File items scanned : 56650
File threats detected : 17

Adware.Tracking Cookie
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@atdmt[1].txt
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@www.googleadservices[1].txt
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@msnportal.112.2o7[1].txt
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@data3.perf.overture[2].txt
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@tribalfusion[1].txt
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@revsci[2].txt
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@perf.overture[1].txt

Trojan.Anti-Virus Pro
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECUREDISK\0000\LogConf
C:\Program Files\Anti-Virus-Pro

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\KAREN LINDBERG\APPLICATION DATA\ANTIVIRUS.EXE.VIR

Malware.DriveCleaner
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\KAREN LINDBERG\APPLICATION DATA\DRVCLEANER.EXE.VIR

Trojan.ErrorSafe
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\KAREN LINDBERG\APPLICATION DATA\ERRSAFER.EXE.VIR

Malware.SystemDoctor
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\KAREN LINDBERG\APPLICATION DATA\SYSDOCTOR.EXE.VIR

Trojan.Net-Explore/DND
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\KAREN LINDBERG\START MENU\PROGRAMS\STARTUP\INFO.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\EXPLORE.EXE.VIR

Trojan.Rootkit-SpamPoof
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KOOS.EXE.VIR

Trojan.Downloader-Gen/NoMultiTask
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VTR.DLL.VIR

Trojan.Downloader-XLIB
C:\WINDOWS\SYSTEM32\XLIBGFL254.DLL



I'm running an AVG virus scan, and it's found 9 threats so far. Sorry to keep this going on for so long when it seems that it is all taken care of.

Thanks for the help.

 

[shelf life]

hi ginus,

ok good. cookies arent really to much to be worried about and those items in C:\Qoobox are from the combofix quarantine folder. please run superantispyware once more and this time do a deep scan. there are two scan options a quick scan and another one, i think its called deep or complete scan, cant remember. chose the other this time, post the log and if it all looks ok i think we will be done.

shelf life

 

[ginus]

Thanks shelf life.

I'm running the scan right now. I assume it will take a while, so I'll post the results once it's done.

ginus

 

[ginus]

Hi shelf life.

Here are the scan results:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/15/2007 at 08:21 PM

Application Version : 3.9.1008

Core Rules Database Version : 3324
Trace Rules Database Version: 1325

Scan type : Complete Scan
Total Scan Time : 03:08:42

Memory items scanned : 387
Memory threats detected : 0
Registry items scanned : 6142
Registry threats detected : 7
File items scanned : 48318
File threats detected : 15

Trojan.Downloader-GLN
HKLM\Software\Classes\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}
HKCR\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}
HKCR\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}
HKCR\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}\InprocServer32
HKCR\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}\InprocServer32#ThreadingModel
HKCR\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}\ProgID
HKCR\CLSID\{B4E7CAAB-6535-4243-99BD-F12350B584A2}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\GLN.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Rob Lindberg\Cookies\rob_lindberg@msnportal.112.2o7[1].txt

Trojan.Net-AVP/AVT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP388\A0038291.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP388\A0038292.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP388\A0038293.EXE

Trojan.Downloader-Gen/NoMultiTask
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP388\A0038300.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP410\A0042393.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP411\A0043395.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP412\A0043429.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0051737.DLL

Malware.DriveCleaner
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP396\A0039339.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0051718.EXE

Trojan.ErrorSafe
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0051716.EXE

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0051717.EXE

Malware.SystemDoctor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP428\A0053355.EXE



I let it remove what it found. Do you think I am good to go now?

 

[shelf life]

hi ginus,

ok good. yes i think you are good to go. all those in c:\system volume info are your restore points. we can delete all those and make new ones like this:

One of the features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is agood idea after malware is removed.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405
--------------------------------
see my link below for some prevention tips. happy safe surfing.

shelf life

 

[ginus]

Great.

I reset my restore point.

Thank you so much for all of your help and patience. I truly appreciate it!

ginus