Oh do I have problems

ccogswel · May 7, 2008

Hi, I need help in a big way!
First I'm working on a friends computer. It has XP Home on it. Her son and one of his friends had used the computer to surf for some porn. Well now it has malware on it. Alot of it! I down loaded spybotS&D and updated it. I scan the computer. The first time I got 72 adware and spyware stuff. Hit the fix button and it removed some. When I scaned it again I got 59. Done one more scan got 22. Did one more scan and got 16. I tried doing a few more scans using safemode and allowing it to reboot and scan again and things keep coming back. Now I'm back to 22 things on it. I had read what to do before I post about doing a hjt and the online scan but there is so much popups and warnings that it slows it down to a stand still. Where I live I only have Dial up and that makes it worse. The problems are now when I get on the internet and I try to get into the forums it takes over and does a auto search for similier websites. Even if I use google it will not load the page. I can get to the down load mirror page that is in the history folder but when I click the support or the forums links it say page not found. I even tried to make the forums a home page but still no luck. If you could give me a idea on how to by pass this auto search that would be great! I even tried down loading the hjt to another computer and putting it on a disc but when I put it in the computer it just freezes up cause it is so over whelmed with all the stuff that is on it. The task manager has been disabled from this stuff and I can't even get into the registry unless it's in safe mode. But I don't know what to do in there so I leave it alone. I can run spybot again and type everything here so you can see what I'm dealing with or I can do this as well. There is more listed in the recovery then this. But I'll type what I can remember that is still coming up from repeated scans.

180Solutions.searchassistant
2020search
Alexa Related
Zeno Search
Coolwwwsearch.leftovers
Microsoft.Windows.Security.InternetExplorer
Microsoft.WindowsSecurityCenter.Registerytools
Microsoft.WindowsSecuritryCenter.TaskManager
SecondThought.STCLoader
Smitfraud-C.
Smitfraud-C.CoreService
Virtumonde
Virtumonde.dll
Win32.Bancos.zm
Yazzle
Zango

If you want me to I can do another scan and type everything out or if you any other idea to help me get that computer to access your forum to where I can down load the hjt and post. I don't think I can do the online scan as the popups and things slows it down so much. I can't remember how many times I tried to download the spybotS&D Saturday but when I finally did get it download all the way thru it took me over 4 hours to get. At one point it was downloading at 658 bytes. I do apologize for not being more organized and for not posting all you need but I need help as to what to do as I had done all I knew what to do. If you could be of any help I would appriecate it. I may have to just reformat the hard drive from the partion and start her over.
Thanks
Chris

Blade81 · May 8, 2008

Hi Chris

What we need to see is a hjt log from the system. Online scan can be done a bit later

Download and install TrendMicro HijackThis
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

ccogswel · May 8, 2008

Hi Blade81. I want to say Thank You for taking the time to help me.

Ok. I was able to go into the msconfig in safe mode and turn everything off in the start up menu. Doing this must have helped some as I could not get the cd drive on this computer to work or down load anything to it before from a cd. Other wise I didn't know what I was going to do. I cannot get that computer to access the forums here. I can go anywhere else with it but here. I'm having to use two computers to get this done. I got that hjt scan done. Here is the results. I don't know if you needed it but I figured it wouldn't hurt but I got the review log from spybotS&D as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:09 AM, on 5/7/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F} - C:\WINDOWS\System32\jkkJdBtQ.dll
O2 - BHO: (no name) - {2d74354e-f0aa-4c33-8773-902843a9d9c3} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {52E20DB2-8ED5-4574-9856-52CD1FA342EC} - C:\WINDOWS\System32\vtUopPgh.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {6156A32A-C512-4e23-AA9A-2315F4265681} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A4931708-B577-4E71-80F5-43DCDB1036E8} - C:\WINDOWS\System32\ssqRLBRh.dll (file missing)
O2 - BHO: (no name) - {af860538-75c2-1abb-22e3-7089b10eac32} - (no file)
O2 - BHO: (no name) - {BFFE34A0-A767-87C9-1192-A28F07537295} - C:\WINDOWS\System32\dhb.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {F404D09E-95E5-4831-86FD-CA04CABDEE84} - (no file)
O2 - BHO: (no name) - {F4121D80-4F96-4DCD-BD16-24EA20E75036} - C:\WINDOWS\System32\ddcYoOgG.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [FastAccess Help] C:\Program Files\BellSouth Application Management\content\..\Start.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8260] command /c del "C:\Documents and Settings\Administrator\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2558] cmd /c del "C:\Documents and Settings\Administrator\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7567] command /c del "C:\Documents and Settings\Administrator\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3015] cmd /c del "C:\Documents and Settings\Administrator\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA603] command /c del "C:\Documents and Settings\elzabeth\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9203] cmd /c del "C:\Documents and Settings\elzabeth\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA689] command /c del "C:\Documents and Settings\elzabeth\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3624] cmd /c del "C:\Documents and Settings\elzabeth\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7216] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8149] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1486] command /c del "C:\WINDOWS\system32\beqerunn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8871] cmd /c del "C:\WINDOWS\system32\beqerunn.dll_old"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.forums.spybot.info
O20 - Winlogon Notify: jkkJdBtQ - C:\WINDOWS\SYSTEM32\jkkJdBtQ.dll
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7875 bytes

03.05.2008 01:04:44 - ##### check started #####
03.05.2008 01:04:44 - ### Version: 1.5.2
03.05.2008 01:04:44 - ### Date: 5/3/2008 1:04:44 AM
03.05.2008 01:04:45 - ##### checking bots #####
03.05.2008 01:04:45 - found: webHancer Program directory
03.05.2008 01:05:01 - found: Zango Browser helper object
03.05.2008 01:06:01 - found: 180Solutions.SearchAssistant Library
03.05.2008 01:06:01 - found: 180Solutions.SearchAssistant Executable
03.05.2008 01:06:01 - found: 180Solutions.SearchAssistant Browser helper object
03.05.2008 01:06:01 - found: 2020Search Library
03.05.2008 01:06:01 - found: 2020Search Library
03.05.2008 01:06:01 - found: 2020Search Browser helper object
03.05.2008 01:06:58 - found: CoolWWWSearch.Leftovers Library
03.05.2008 01:13:00 - found: Clickspring.OuterInfo Program group
03.05.2008 01:13:00 - found: Clickspring.OuterInfo Link
03.05.2008 01:13:00 - found: Clickspring.OuterInfo Link
03.05.2008 01:13:01 - found: Clickspring.OuterInfo Text file
03.05.2008 01:13:01 - found: Clickspring.OuterInfo Program directory
03.05.2008 01:13:01 - found: Clickspring.OuterInfo Data
03.05.2008 01:13:01 - found: Clickspring.OuterInfo Program directory
03.05.2008 01:13:01 - found: Clickspring.OuterInfo Installer
03.05.2008 01:13:04 - found: Command Service Executable
03.05.2008 01:13:04 - found: Command Service Library
03.05.2008 01:13:04 - found: Command Service Library
03.05.2008 01:14:14 - found: Fraud.XPAntivirus Program directory
03.05.2008 01:14:15 - found: Fraud.XPAntivirus Program directory
03.05.2008 01:14:15 - found: Fraud.XPAntivirus Link
03.05.2008 01:14:15 - found: Fraud.XPAntivirus Link
03.05.2008 01:14:15 - found: Fraud.XPAntivirus Link
03.05.2008 01:14:15 - found: Fraud.XPAntivirus Link
03.05.2008 01:14:15 - found: Fraud.XPAntivirus Program directory
03.05.2008 01:20:29 - found: ZenoSearch Text file
03.05.2008 01:20:29 - found: ZenoSearch Text file
03.05.2008 01:22:52 - found: Smitfraud-C. Executable
03.05.2008 01:23:11 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:12 - found: Smitfraud-C. Browser helper object
03.05.2008 01:23:58 - found: Smitfraud-C. Settings
03.05.2008 01:29:46 - found: Network Monitor Data
03.05.2008 01:29:46 - found: Network Monitor Program directory
03.05.2008 01:29:46 - found: Network Monitor Program directory
03.05.2008 01:30:21 - found: Yazzle Executable
03.05.2008 01:30:21 - found: Yazzle Executable
03.05.2008 01:32:20 - found: Microsoft.Windows.Security.InternetExplorer Settings
03.05.2008 01:32:21 - found: Microsoft.Windows.Security.InternetExplorer Settings
03.05.2008 01:32:21 - found: Microsoft.Windows.Security.InternetExplorer Settings
03.05.2008 01:32:21 - found: Microsoft.WindowsSecurityCenter.TaskManager Settings
03.05.2008 01:32:22 - found: Microsoft.WindowsSecurityCenter.RegistryTools Settings
03.05.2008 01:32:22 - found: Microsoft.WindowsSecurityCenter.TaskManager Settings
03.05.2008 01:32:29 - found: Alexa Related Link
03.05.2008 01:39:51 - found: SecondThought.STCLoader Executable
03.05.2008 01:41:57 - found: webHancer Program directory
03.05.2008 01:41:57 - found: webHancer Library
03.05.2008 01:41:58 - found: webHancer Text file
03.05.2008 01:41:58 - found: webHancer Interface
03.05.2008 01:41:58 - found: webHancer Type library
03.05.2008 01:41:58 - found: webHancer Global settings
03.05.2008 01:48:30 - found: Virtumonde User settings
03.05.2008 01:48:30 - found: Virtumonde Settings
03.05.2008 01:48:46 - found: Virtumonde Executable
03.05.2008 01:49:22 - found: Smitfraud-C.CoreService Data
03.05.2008 01:52:17 - found: Win32.Bancos.zm Text file
03.05.2008 01:53:49 - found: Win32.Small.azl Executable
03.05.2008 01:58:37 - found: Virtumonde.dll Library
03.05.2008 01:58:37 - found: Virtumonde.dll Library
03.05.2008 01:58:37 - found: Virtumonde.dll Library
03.05.2008 01:58:37 - found: Virtumonde.dll Library
03.05.2008 01:59:46 - found: Virtumonde.dll Browser helper object
03.05.2008 01:59:46 - found: Virtumonde.dll Class ID
03.05.2008 01:59:46 - found: Virtumonde.dll Browser helper object
03.05.2008 01:59:46 - found: Virtumonde.dll Class ID
03.05.2008 02:02:13 - ##### check finished #####

Blade81 · May 8, 2008

Hi

First of all enable all msconfig entries you disabled. We'll get the bad ones off

After that disable Spybot's TeaTimer

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

Run ComboFix using these instructions:

1. Ensure that combofix.exe is on your desktop.
2. Make sure you save and close ALL open windows and programs that you are running in the taskbar as combofix will attempt to end all non-windows processes for a faster and more successful cleaning.

Click start > run > copy and paste:

%userprofile%\desktop\combofix.exe /killall

When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

ccogswel · May 9, 2008

Hi Blade81

I had been trying all day to download combofix. I had gotten it on the computer 3 times. But when I click combofix it does nothing. One time after I restarted the computer after it froze on me I had a new icon that said msdos combofix. It was a shortcut. Any way I'm at a loss. I can't get that computer to log onto any internet other then what it will allow. I have had trouble using the cd drive to download that combofix onto it. It keep coming up saying cyclic redundancy check then it would quit. I also noticed when I right click on the combofix icon and check properties on the infected computer it say's size 1.76mb(1,850,821) then size on disk is (1,851,392). When I check the uninfected computer I used to download the combofix with it say's size(1,850,821) and used (1,867,776). If this is the case I don't know what to do as I cannot get that computer to download nothing. Is there anything else you can think of. If I could get it to download from one of those links for that combofix I would have it made. I'll keep trying but to be honest with you I don't think I'll get anywhere. Hope you have some idea's. Right now I can think of one. Where's my sledge hammer. LOL

Blade81 · May 9, 2008

Hi

It's normal that size on disk may have different values on different system. Anyway, let's clean something off first.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Then please download Malwarebytes' Anti-Malware to your desktop as well. And I think it's best to get a fresh copy of ComboFix as well (thru one of those 3 links I posted above).

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.

After that please try running ComboFix in safe mode. Post its report and a fresh hjt log.

ccogswel · May 9, 2008

Hi Blake81

Finally! Ihad worked all night. Found out that the cd drive was bad. Anyway I was able to get all that on this computer. In fact I'm using it right now to post. I know I'm not done yet but Thank You so much for the help so far. I ran that malware 4 times. I'll post each log for your to see. I had only one that it couldn't get rid of. You'll see it below. I also have this here that keeps coming up evertime the computer starts. (C:\WINDOWS\System32\qcpvlabq.dll It is also in the msconfig startup. I can take the check mark out but I want to see what you say first. Also with that first scan I done with malware I had forgot to turn everything that I had turned off and I the teatimer as well. The second log was done with fixes and the teatimer off and other startup's turned back on. Well here it goes.

Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 71594
Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 49
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 99

Memory Processes Infected:
c:\WINDOWS\winself.exe (Trojan.DNSChanger) -> Unloaded process successfully.
c:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\sockins32.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\WINDOWS\system32\hgGyxXpN.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\jkkJdBtQ.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186f05-bbbb-4a39-864f-72d84615c679} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffffffff-bbbb-4146-86fd-a722e8ab3489} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b534962-dd37-401a-b295-2de3c9bdc1d0} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1b534962-dd37-401a-b295-2de3c9bdc1d0} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bffe34a0-a767-87c9-1192-a28f07537295} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bffe34a0-a767-87c9-1192-a28f07537295} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkjdbtq (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebProxy (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMc39c56d2 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingA7216 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingC8149 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\wmsdkns.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyxxpn -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggyxxpn -> Delete on reboot.

Folders Infected:
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\b1 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnVes06 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\n3 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wTMP (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\elzabeth\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\winself.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sockins32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\hgGyxXpN.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\NpXxyGgh.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\NpXxyGgh.ini2 (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\lfn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhb.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jjwnw64m.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnVes06\pnVes061083.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\b1\cbwa3ui.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\n3\predircom3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wTMP\idevdpll.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\Program Files\ISM\ism.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive\qdrloader.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\QdrPack15.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP85\A0013128.old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013143.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013144.EXE (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013145.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013146.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013147.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013148.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013153.DLL (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013154.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP86\A0013155.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP87\A0014825.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP89\A0015026.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP90\A0018298.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029093.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029102.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029114.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029124.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029128.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0029144.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0030204.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0030205.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0030206.exe (Adware.Rotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6D78691B-31FB-4FEA-964E-A64B541795DA}\RP91\A0030209.exe (Adware.Rotator) -> Quarantined and deleted successfully.
C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\QdrModule15.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\kwdy.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\dicy.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\dicts.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\trgts.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Documents and Settings\elzabeth\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\elzabeth\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\clbdll.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\gkuruonf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\000070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\stcloader.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lt.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJdBtQ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.
C:\Documents and Settings\elzabeth\Start Menu\Programs\Startup\Deewoo.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\chris\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\elzabeth\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.

Second Log

Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 72165
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.

Third Log

Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 72201
Time elapsed: 7 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.

Combo Fix Log

ComboFix 08-05-07.1 - amy 2008-05-09 12:22:01.1 - FAT32x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.170 [GMT -6:00]
Running from: C:\Documents and Settings\amy\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\usb80233.sys
C:\WINDOWS\system32\gatxytep.ini
C:\WINDOWS\system32\GgOoYcdd.ini
C:\WINDOWS\system32\GgOoYcdd.ini2
C:\WINDOWS\system32\hgPpoUtv.ini
C:\WINDOWS\system32\hgPpoUtv.ini2
C:\WINDOWS\system32\hRBLRqss.ini
C:\WINDOWS\system32\hRBLRqss.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mTCeOqru.ini
C:\WINDOWS\system32\mTCeOqru.ini2
C:\WINDOWS\system32\qbalvpcq.ini
C:\WINDOWS\system32\svnigukc.dll
C:\WINDOWS\wintst32.tmp
C:\WINDOWS\wnsxs~1
C:\WINDOWS\wnsxs~1\??rss.exe

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
hxxp://dna65.fastaccess.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Legacy_SZKG5
-------\Legacy_USB80233
-------\Service_usb80233

((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-09 12:02 . 2008-05-09 12:02 <DIR> d-------- C:\Documents and Settings\amy\Application Data\Malwarebytes
2008-05-09 11:42 . 2008-05-09 11:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-09 11:42 . 2008-05-09 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-09 11:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-09 11:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-07 16:56 . 2008-05-07 16:56 167,545 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-05-07 15:19 . 2008-05-07 15:19 2,112 --a------ C:\WINDOWS\system32\sqrddpbs.exe
2008-05-06 22:31 . 2008-05-06 22:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-06 09:06 . 2008-05-06 09:06 2,112 --a------ C:\WINDOWS\system32\tupnxxeg.exe
2008-05-05 07:49 . 2008-05-05 07:49 294 ---hs---- C:\WINDOWS\system32\bgpeikoh.ini
2008-05-03 19:06 . 2008-05-03 19:06 <DIR> d--hs---- C:\FOUND.003
2008-05-03 02:02 . 2008-05-07 16:52 2,302 --a------ C:\WINDOWS\wininit.ini
2008-05-03 01:03 . 2008-05-03 01:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 01:03 . 2008-05-03 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-02 11:03 . 2008-05-02 11:03 0 --a------ C:\WINDOWS\BMc39c56d2.xml
2008-05-02 09:18 . 2008-05-02 09:18 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-29 15:34 . 2008-04-29 15:34 <DIR> d--hs---- C:\FOUND.002
2008-04-29 10:48 . 2008-04-29 10:48 2 --a------ C:\WINDOWS\msoffice.ini
2008-04-29 10:14 . 2008-04-29 10:14 <DIR> d--hs---- C:\FOUND.001
2008-04-28 20:16 . 2008-04-28 20:16 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll.szcpf
2008-04-28 20:15 . 2008-04-28 20:16 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll.szcpf
2008-04-27 05:56 . 2002-09-24 04:07 183,488 --a------ C:\WINDOWS\system32\drivers\kgpfr2.cfg
2008-04-27 05:52 . 2008-04-27 05:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-27 05:50 . 2008-04-27 05:50 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-04-27 05:50 . 2008-04-27 05:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-27 05:24 . 2008-04-27 05:24 <DIR> d-------- C:\Program Files\Registry Defender Platinum
2008-04-27 04:56 . 2008-04-27 04:56 <DIR> d--hs---- C:\FOUND.000
2008-04-27 04:42 . 2008-04-27 04:42 57,546 --a------ C:\WINDOWS\promogif3.gif
2008-04-27 04:42 . 2008-04-27 04:42 24,351 --a------ C:\WINDOWS\promogif1.gif
2008-04-27 04:42 . 2008-04-27 04:42 24,066 --a------ C:\WINDOWS\promogif2.gif
2008-04-27 04:41 . 2008-04-27 04:41 578 --a------ C:\WINDOWS\index.html
2008-04-27 04:36 . 2008-04-27 04:36 400,945 --a------ C:\WINDOWS\system32\g37.exe
2008-04-27 04:36 . 2008-05-09 12:36 1,910 --a------ C:\WINDOWS\system32\default.htm
2008-04-27 04:30 . 2008-04-27 04:30 <DIR> d-------- C:\Temp\kvebs14
2008-04-27 04:28 . 2008-04-27 04:28 <DIR> d-------- C:\WINDOWS\YW15
2008-04-27 04:28 . 2008-04-27 04:28 298,317 --a------ C:\WINDOWS\system32\gside.exe
2008-04-27 04:28 . 2008-05-02 10:54 862 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-27 04:26 . 2008-04-27 04:26 <DIR> d-------- C:\Temp\zvebs14
2008-04-27 04:26 . 2008-04-27 04:26 <DIR> d-------- C:\Temp
2008-04-27 04:26 . 2001-08-18 12:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-27 04:25 . 2008-04-27 04:25 <DIR> d-------- C:\WINDOWS\àppPatch
2008-04-25 23:35 . 2008-04-25 23:35 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\AT&T
2008-04-25 06:13 . 2008-04-25 06:13 <DIR> d-------- C:\Documents and Settings\elzabeth\Application Data\AT&T
2008-04-25 04:48 . 2008-04-25 04:48 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-04-25 04:43 . 2008-04-25 04:43 <DIR> d-------- C:\WINDOWS\Motive
2008-04-25 04:43 . 2008-04-25 04:43 <DIR> d-------- C:\Program Files\BellSouth Application Management
2008-04-25 04:43 . 2008-04-25 04:43 <DIR> d-------- C:\Program Files\BellSouth
2008-04-25 04:38 . 2008-04-25 04:38 <DIR> d-------- C:\Program Files\AT&T
2008-04-25 04:38 . 2008-04-25 04:38 <DIR> d-------- C:\Documents and Settings\amy\Application Data\AT&T
2008-04-25 04:38 . 2008-04-25 04:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2008-04-25 04:17 . 2008-04-25 04:17 <DIR> d-------- C:\Program Files\att-nap
2008-04-25 04:17 . 2008-04-25 04:17 <DIR> d-------- C:\Documents and Settings\amy\Application Data\Motive
2008-04-25 04:16 . 2008-04-25 04:16 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-04-24 06:27 . 2008-04-24 06:27 10 -r------- C:\WINDOWS\PSTUDIO.SN
2008-04-24 05:45 . 2008-04-24 05:45 <DIR> d-------- C:\Program Files\FotoBee
2008-04-24 05:35 . 2008-04-24 05:35 10 -r------- C:\WINDOWS\Fantasy2.SN
2008-04-23 04:44 . 2008-04-23 04:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-04-22 03:27 . 2008-04-22 03:27 <DIR> d-------- C:\Documents and Settings\elzabeth\WINDOWS
2008-04-22 03:27 . 1996-07-01 00:00 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2008-04-22 03:27 . 2008-04-24 06:26 865 --a------ C:\WINDOWS\maxlink.ini
2008-04-22 03:27 . 2008-04-24 06:36 744 --a------ C:\WINDOWS\fantasy2.ini
2008-04-22 03:27 . 2008-04-24 06:29 425 --a------ C:\WINDOWS\pstudio.ini
2008-04-22 03:27 . 2008-04-24 06:26 293 --a------ C:\WINDOWS\photoprn.ini
2008-04-22 03:27 . 1998-07-21 20:29 21 --a------ C:\WINDOWS\PS_SUITE.INI
2008-04-20 05:18 . 2008-04-20 05:18 <DIR> d-------- C:\Program Files\Real
2008-04-20 05:18 . 2008-04-20 05:18 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-20 05:18 . 2008-04-20 05:18 <DIR> d-------- C:\My Music
2008-04-20 05:18 . 2001-08-18 12:00 1,338,880 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-04-20 05:18 . 2000-12-07 16:51 51,200 --ah----- C:\WINDOWS\system32\PackethSvc.exe
2008-04-20 05:18 . 1998-10-07 02:21 29,184 --a------ C:\WINDOWS\system32\popup.ocx
2008-04-20 05:18 . 2008-04-20 05:18 24,576 --a------ C:\WINDOWS\system32\prefscpl.cpl
2008-04-20 05:18 . 2000-12-03 10:35 22,640 --a------ C:\WINDOWS\system32\drivers\wandrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 23:47 756,387 ----a-w C:\Program Files\INSTALL.LOG
2008-04-27 10:25 89,088 --sh--r C:\WINDOWS\AppPatch\wuaclt.exe
2008-02-27 10:05 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2005-07-29 22:24 472 --sha-r C:\WINDOWS\YW15\sqYc.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52E20DB2-8ED5-4574-9856-52CD1FA342EC}]
C:\WINDOWS\System32\vtUopPgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F78781-4B2D-4DB0-A369-4A312E3A1FE5}]
C:\WINDOWS\System32\urqOeCTm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4931708-B577-4E71-80F5-43DCDB1036E8}]
C:\WINDOWS\System32\ssqRLBRh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4121D80-4F96-4DCD-BD16-24EA20E75036}]
C:\WINDOWS\System32\ddcYoOgG.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14 1077277]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{F6-65-5E-E1-DW}"="C:\windows\system32\rwwnw64d.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-20 05:18 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-24 20:17 98304]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 13:12 2061816]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 11:55 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 11:51 118784]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-28 19:02 198184]
"FastAccess Help"="C:\Program Files\BellSouth Application Management\content\..\Start.exe" [2007-10-03 08:19 108421]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"c0af654e"="C:\WINDOWS\System32\qcpvlabq.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iZone Monitor.lnk - C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe [2007-11-01 17:01:14 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJdBtQ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-01-28 14:56]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\System32\Drivers\Ca536av.sys [2004-06-29 21:21]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\System32\DRIVERS\mr97310v.sys [2004-03-30 11:29]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 11:53]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 11:53]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\System32\Drivers\Bulk536.sys [2003-05-14 23:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-01 23:46:40 C:\WINDOWS\Tasks\System Restore.job"
- C:\WINDOWS\system32\Restore\rstrui.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 12:20:35
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\clbdriver.sys 16384 bytes
C:\WINDOWS\system32\clb.dll 16384 bytes
C:\WINDOWS\system32\clbcatq.dll 475136 bytes
C:\WINDOWS\system32\clbcatex.dll 114688 bytes
C:\WINDOWS\system32\clbinit.dll 16384 bytes
C:\WINDOWS\system32\clbcfg.dat 16384 bytes

scan completed successfully
hidden files: 6

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver]
"imagepath"="\??\globalroot\systemroot\system32\drivers\clbdriver.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
.
**************************************************************************
.
Completion time: 2008-05-09 12:21:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-09 18:21:12

Pre-Run: 20,506,066,944 bytes free
Post-Run: 20,545,470,464 bytes free

206

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:29 PM, on 5/9/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {52E20DB2-8ED5-4574-9856-52CD1FA342EC} - C:\WINDOWS\System32\vtUopPgh.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {90F78781-4B2D-4DB0-A369-4A312E3A1FE5} - C:\WINDOWS\System32\urqOeCTm.dll (file missing)
O2 - BHO: (no name) - {A4931708-B577-4E71-80F5-43DCDB1036E8} - C:\WINDOWS\System32\ssqRLBRh.dll (file missing)
O2 - BHO: (no name) - {F4121D80-4F96-4DCD-BD16-24EA20E75036} - C:\WINDOWS\System32\ddcYoOgG.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [{F6-65-5E-E1-DW}] C:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [FastAccess Help] C:\Program Files\BellSouth Application Management\content\..\Start.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [c0af654e] rundll32.exe "C:\WINDOWS\System32\qcpvlabq.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.forums.spybot.info
O20 - Winlogon Notify: jkkJdBtQ - C:\WINDOWS\
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4735 bytes

Blade81 · May 9, 2008

Hi

Upload following files to http://virusscan.jotti.org and post back the results:
C:\WINDOWS\system32\msvcr71.dll.szcpf
C:\WINDOWS\system32\mfc71u.dll.szcpf
C:\WINDOWS\system32\drivers\kgpfr2.cfg

Start hjt, do a system scan, check:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Close browsers and other windows. Click fix checked.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

KILLALL::

Driver::
clbdriver

File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\sqrddpbs.exe
C:\WINDOWS\system32\tupnxxeg.exe
C:\WINDOWS\system32\bgpeikoh.ini
C:\WINDOWS\BMc39c56d2.xml
C:\WINDOWS\promogif3.gif
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\index.html
C:\WINDOWS\system32\g37.exe
C:\WINDOWS\system32\default.htm
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\clbcfg.dat

Rootkit::
C:\WINDOWS\system32\drivers\clbdriver.sys

Folder::
C:\Temp\kvebs14
C:\WINDOWS\YW15
C:\Temp\zvebs14

DirLook::
C:\WINDOWS\àppPatch

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52E20DB2-8ED5-4574-9856-52CD1FA342EC}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F78781-4B2D-4DB0-A369-4A312E3A1FE5}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4931708-B577-4E71-80F5-43DCDB1036E8}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4121D80-4F96-4DCD-BD16-24EA20E75036}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{F6-65-5E-E1-DW}"=-
"c0af654e"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJdBtQ]

Save this as
CFScript

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Run Malwarebytes' Anti-malware again and post back its report & a fresh hjt log (without forgetting above meantioned ComboFix resultant log).

ccogswel · May 10, 2008

Blade81- Your the Man!

Hope I done this scan right.
For the first 2 files
C:\WINDOWS\system32\msvcr71.dll.szcpf
C:\WINDOWS\system32\mfc71u.dll.szcpf
SAID /OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

For C:\WINDOWS\system32\drivers\kgpfr2.cfg
It just said OK

Under that it said Scanner Results. All found nothing on all 3 files.

Like I said, I hope I done this right.
Is there anything else I should down load?
Also I hate to ask as you have been such a big help,
but I have one startup item that opens a folder everytime I start.
I have it unchecked in the startup but I was wondering what I could
do to stop and remove it from the list or?????
It deals with a BellSouth Application Management.
Maybe you can see it in one of the list's.
Well anyway here is all the log's.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:45 AM, on 5/10/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {52E20DB2-8ED5-4574-9856-52CD1FA342EC} - C:\WINDOWS\System32\vtUopPgh.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {90F78781-4B2D-4DB0-A369-4A312E3A1FE5} - C:\WINDOWS\System32\urqOeCTm.dll (file missing)
O2 - BHO: (no name) - {A4931708-B577-4E71-80F5-43DCDB1036E8} - C:\WINDOWS\System32\ssqRLBRh.dll (file missing)
O2 - BHO: (no name) - {F4121D80-4F96-4DCD-BD16-24EA20E75036} - C:\WINDOWS\System32\ddcYoOgG.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [{F6-65-5E-E1-DW}] C:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [FastAccess Help] C:\Program Files\BellSouth Application Management\content\..\Start.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [c0af654e] rundll32.exe "C:\WINDOWS\System32\qcpvlabq.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.forums.spybot.info
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3B48A7-1C39-43AD-9D30-353181A238A5}: NameServer = 207.69.188.187 207.69.188.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C3B48A7-1C39-43AD-9D30-353181A238A5}: NameServer = 207.69.188.187 207.69.188.186
O20 - Winlogon Notify: jkkJdBtQ - C:\WINDOWS\
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4629 bytes

ComboFix 08-05-07.1 - amy 2008-05-10 1:09:49.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.109 [GMT -6:00]
Running from: C:\Documents and Settings\amy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\amy\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BMc39c56d2.xml
C:\WINDOWS\index.html
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\promogif3.gif
C:\WINDOWS\system32\bgpeikoh.ini
C:\WINDOWS\system32\clbcfg.dat
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\default.htm
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\g37.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\sqrddpbs.exe
C:\WINDOWS\system32\tupnxxeg.exe
C:\WINDOWS\system32\winpfz33.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\kvebs14
C:\Temp\kvebs14\zvKarru.log
C:\Temp\zvebs14
C:\WINDOWS\BMc39c56d2.xml
C:\WINDOWS\index.html
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\promogif3.gif
C:\WINDOWS\system32\bgpeikoh.ini
C:\WINDOWS\system32\default.htm
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\g37.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\sqrddpbs.exe
C:\WINDOWS\system32\tupnxxeg.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\YW15
C:\WINDOWS\YW15\sqYc.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER

((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-09 12:02 . 2008-05-09 12:02 <DIR> d-------- C:\Documents and Settings\amy\Application Data\Malwarebytes
2008-05-09 11:42 . 2008-05-09 11:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-09 11:42 . 2008-05-09 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-09 11:42 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-09 11:42 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-06 22:31 . 2008-05-06 22:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-03 19:06 . 2008-05-03 19:06 <DIR> d--hs---- C:\FOUND.003
2008-05-03 02:02 . 2008-05-07 16:52 2,302 --a------ C:\WINDOWS\wininit.ini
2008-05-03 01:03 . 2008-05-03 01:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 01:03 . 2008-05-03 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-02 09:18 . 2008-05-02 09:18 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-29 15:34 . 2008-04-29 15:34 <DIR> d--hs---- C:\FOUND.002
2008-04-29 10:48 . 2008-04-29 10:48 2 --a------ C:\WINDOWS\msoffice.ini
2008-04-29 10:14 . 2008-04-29 10:14 <DIR> d--hs---- C:\FOUND.001
2008-04-28 20:16 . 2008-04-28 20:16 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll.szcpf
2008-04-28 20:15 . 2008-04-28 20:16 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll.szcpf
2008-04-27 05:56 . 2002-09-24 04:07 183,488 --a------ C:\WINDOWS\system32\drivers\kgpfr2.cfg
2008-04-27 05:52 . 2008-04-27 05:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-04-27 05:50 . 2008-04-27 05:50 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-04-27 05:50 . 2008-04-27 05:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-04-27 05:24 . 2008-04-27 05:24 <DIR> d-------- C:\Program Files\Registry Defender Platinum
2008-04-27 04:56 . 2008-04-27 04:56 <DIR> d--hs---- C:\FOUND.000
2008-04-27 04:26 . 2008-04-27 04:26 <DIR> d-------- C:\Temp
2008-04-27 04:26 . 2001-08-18 12:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-04-27 04:25 . 2008-04-27 04:25 <DIR> d-------- C:\WINDOWS\àppPatch
2008-04-25 23:35 . 2008-04-25 23:35 <DIR> d-------- C:\Documents and Settings\kevin\Application Data\AT&T
2008-04-25 06:13 . 2008-04-25 06:13 <DIR> d-------- C:\Documents and Settings\elzabeth\Application Data\AT&T
2008-04-25 04:48 . 2008-04-25 04:48 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-04-25 04:43 . 2008-04-25 04:43 <DIR> d-------- C:\WINDOWS\Motive
2008-04-25 04:43 . 2008-04-25 04:43 <DIR> d-------- C:\Program Files\BellSouth Application Management
2008-04-25 04:43 . 2008-04-25 04:43 <DIR> d-------- C:\Program Files\BellSouth
2008-04-25 04:38 . 2008-04-25 04:38 <DIR> d-------- C:\Program Files\AT&T
2008-04-25 04:38 . 2008-04-25 04:38 <DIR> d-------- C:\Documents and Settings\amy\Application Data\AT&T
2008-04-25 04:38 . 2008-04-25 04:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2008-04-25 04:17 . 2008-04-25 04:17 <DIR> d-------- C:\Program Files\att-nap
2008-04-25 04:17 . 2008-04-25 04:17 <DIR> d-------- C:\Documents and Settings\amy\Application Data\Motive
2008-04-25 04:16 . 2008-04-25 04:16 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-04-24 06:27 . 2008-04-24 06:27 10 -r------- C:\WINDOWS\PSTUDIO.SN
2008-04-24 05:45 . 2008-04-24 05:45 <DIR> d-------- C:\Program Files\FotoBee
2008-04-24 05:35 . 2008-04-24 05:35 10 -r------- C:\WINDOWS\Fantasy2.SN
2008-04-23 04:44 . 2008-04-23 04:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-04-22 03:27 . 2008-04-22 03:27 <DIR> d-------- C:\Documents and Settings\elzabeth\WINDOWS
2008-04-22 03:27 . 1996-07-01 00:00 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2008-04-22 03:27 . 2008-04-24 06:26 865 --a------ C:\WINDOWS\maxlink.ini
2008-04-22 03:27 . 2008-04-24 06:36 744 --a------ C:\WINDOWS\fantasy2.ini
2008-04-22 03:27 . 2008-04-24 06:29 425 --a------ C:\WINDOWS\pstudio.ini
2008-04-22 03:27 . 2008-04-24 06:26 293 --a------ C:\WINDOWS\photoprn.ini
2008-04-22 03:27 . 1998-07-21 20:29 21 --a------ C:\WINDOWS\PS_SUITE.INI
2008-04-20 05:18 . 2008-04-20 05:18 <DIR> d-------- C:\Program Files\Real
2008-04-20 05:18 . 2008-04-20 05:18 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-20 05:18 . 2008-04-20 05:18 <DIR> d-------- C:\My Music
2008-04-20 05:18 . 2001-08-18 12:00 1,338,880 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-04-20 05:18 . 2000-12-07 16:51 51,200 --ah----- C:\WINDOWS\system32\PackethSvc.exe
2008-04-20 05:18 . 1998-10-07 02:21 29,184 --a------ C:\WINDOWS\system32\popup.ocx
2008-04-20 05:18 . 2008-04-20 05:18 24,576 --a------ C:\WINDOWS\system32\prefscpl.cpl
2008-04-20 05:18 . 2000-12-03 10:35 22,640 --a------ C:\WINDOWS\system32\drivers\wandrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 23:47 756,387 ----a-w C:\Program Files\INSTALL.LOG
2008-04-27 10:25 89,088 --sh--r C:\WINDOWS\AppPatch\wuaclt.exe
2008-02-27 10:05 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\àppPatch ----

2008-04-27 04:25 89088 -r-hs---- C:\WINDOWS\àppPatch\wuaclt.exe
2008-04-27 04:25 0 d-------- C:\WINDOWS\àppPatch\?ppPatch\
2001-08-18 12:00 8104 --a------ C:\WINDOWS\àppPatch\drvmain.sdb
2001-08-18 12:00 45568 --a------ C:\WINDOWS\àppPatch\AcLua.dll
2001-08-18 12:00 370688 --a------ C:\WINDOWS\àppPatch\AcLayers.dll
2001-08-18 12:00 204288 --a------ C:\WINDOWS\àppPatch\AcSpecfc.dll
2001-08-18 12:00 190010 --a------ C:\WINDOWS\àppPatch\apphelp.sdb
2001-08-18 12:00 148480 --a------ C:\WINDOWS\àppPatch\AcVerfyr.dll
2001-08-18 12:00 134164 --a------ C:\WINDOWS\àppPatch\msimain.sdb
2001-08-18 12:00 1229312 --a------ C:\WINDOWS\àppPatch\AcGenral.dll
2001-08-18 12:00 105472 --a------ C:\WINDOWS\àppPatch\AcXtrnal.dll
2001-08-18 12:00 1026828 --a------ C:\WINDOWS\àppPatch\sysmain.sdb

((((((((((((((((((((((((((((( snapshot@2008-05-09_12.20.58.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-09 18:20:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 07:11:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14 1077277]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-20 05:18 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-24 20:17 98304]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 13:12 2061816]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 11:55 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 11:51 118784]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-28 19:02 198184]
"FastAccess Help"="C:\Program Files\BellSouth Application Management\content\..\Start.exe" [2007-10-03 08:19 108421]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iZone Monitor.lnk - C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe [2007-11-01 17:01:14 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-01-28 14:56]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\System32\Drivers\Ca536av.sys [2004-06-29 21:21]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\System32\DRIVERS\mr97310v.sys [2004-03-30 11:29]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 11:53]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 11:53]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\System32\Drivers\Bulk536.sys [2003-05-14 23:28]

*Newly Created Service* - CLBDRIVER
.
Contents of the 'Scheduled Tasks' folder
"2008-05-01 23:46:40 C:\WINDOWS\Tasks\System Restore.job"
- C:\WINDOWS\system32\Restore\rstrui.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 01:11:45
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\clbdriver.sys 16384 bytes
C:\WINDOWS\system32\clb.dll 16384 bytes
C:\WINDOWS\system32\clbcatq.dll 475136 bytes
C:\WINDOWS\system32\clbcatex.dll 114688 bytes
C:\WINDOWS\system32\clbinit.dll 16384 bytes
C:\WINDOWS\system32\clbcfg.dat 16384 bytes

scan completed successfully
hidden files: 6

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clbdriver]
"imagepath"="\??\globalroot\systemroot\system32\drivers\clbdriver.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
.
**************************************************************************
.
Completion time: 2008-05-10 1:12:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 07:12:24
ComboFix2.txt 2008-05-09 18:21:18

Pre-Run: 20,497,006,592 bytes free
Post-Run: 20,490,633,216 bytes free

204

Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 71843
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Blade81 · May 10, 2008

Hi

Before we go on I want you to install service pack 1a. You can get it here. Post a fresh hjt log after you've installed it.

ccogswel · May 10, 2008

Hi Blade81,

Took me 4 hours to download. Anyway I got it done and here is the hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:06 PM, on 5/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.forums.spybot.info
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 3693 bytes

Blade81 · May 10, 2008

Hi

Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Upload following files to http://virusscan.jotti.org and post back the detailed results:
C:\WINDOWS\system32\clb.dll
C:\WINDOWS\system32\clbcatq.dll
C:\WINDOWS\system32\clbcatex.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\clbcfg.dat

ccogswel · May 11, 2008

Hi Blade81,

I followed what you said but I didn't find anything. I even searched the files and folders. No luck at all. Is that good? Or Bad?

Blade81 · May 11, 2008

Hi

Open device manager (click start, run & write devmgmt.msc)> view> show hidden devices.
Expand "non plug and play drivers"
Locate "clbdriver" and double click it.
Tell it to "not use this device", apply & Ok.
Reboot when prompted.

Remove old ComboFix.exe. Then download latest copy of combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

Run ComboFix and post its log & a fresh hjt log.

ccogswel · May 11, 2008

Hi Blade81,
Combo Fix said it couldn't find a file. But when I went to write it down it changed. Maybe it is in the report. Also the forum said my post was to long so I'll have a few post's.

ComboFix 08-05-11.1 - amy 2008-05-10 13:16:31.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.93 [GMT -6:00]
Running from: C:\Documents and Settings\amy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\drivers\clbdriver.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Service_clbdriver

((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-10 13:07 . 2008-05-10 13:07 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-10 10:23 . 2002-08-29 04:41 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2008-05-10 10:22 . 2002-08-29 04:41 218,112 --------- C:\WINDOWS\system32\sbe.dll
2008-05-10 10:22 . 2002-08-29 04:41 200,192 -ra------ C:\WINDOWS\system32\termsrv.dll
2008-05-10 10:22 . 2002-08-29 04:41 71,168 --a------ C:\WINDOWS\system32\telnet.exe
2008-05-10 10:21 . 2002-08-29 04:41 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2008-05-10 10:21 . 2002-08-29 04:41 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2008-05-10 10:21 . 2002-08-29 04:41 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2008-05-10 10:20 . 2002-08-29 04:41 172,032 --------- C:\WINDOWS\system32\mssap.dll
2008-05-10 10:20 . 2002-08-29 02:28 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2008-05-10 10:19 . 2002-08-29 04:39 205,312 --a------ C:\WINDOWS\system32\sysmon.ocx
2008-05-10 10:19 . 2002-08-29 02:11 162,304 --------- C:\WINDOWS\system32\msctfime.ime
2008-05-10 10:18 . 2002-08-29 04:41 674,816 --a------ C:\WINDOWS\system32\sxs.dll
2008-05-10 10:18 . 2002-08-29 04:41 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2008-05-10 10:18 . 2002-08-29 04:41 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2008-05-10 10:18 . 2002-08-29 04:40 155,648 --------- C:\WINDOWS\system32\encdec.dll
2008-05-10 10:18 . 2002-08-29 04:41 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2008-05-10 10:18 . 2002-08-29 04:41 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2008-05-10 10:18 . 2002-08-29 04:41 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2008-05-10 10:18 . 2002-08-29 04:41 61,952 --a------ C:\WINDOWS\system32\sti.dll
2008-05-10 10:18 . 2002-08-29 04:41 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2008-05-10 10:18 . 2002-08-29 02:32 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2008-05-10 10:17 . 2002-04-19 19:20 66,082 --------- C:\WINDOWS\system32\c_28603.nls
2008-05-10 10:17 . 2002-08-29 00:16 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2008-05-10 10:17 . 2002-08-29 00:16 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2008-05-10 10:17 . 2002-08-29 00:16 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2008-05-10 10:17 . 2002-08-29 04:41 31,263 --------- C:\WINDOWS\system32\ativmvxx.ax
2008-05-10 10:17 . 2002-08-29 00:16 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2008-05-10 10:17 . 2002-08-29 00:16 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2008-05-10 10:17 . 2002-08-29 00:16 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2008-05-10 10:17 . 2002-08-29 04:41 12,831 --------- C:\WINDOWS\system32\ativdaxx.ax
2008-05-10 10:17 . 2002-08-29 02:14 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2008-05-10 10:16 . 2002-08-29 04:40 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2008-05-10 10:16 . 2002-08-29 04:41 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2008-05-10 10:16 . 2002-08-29 00:16 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2008-05-10 10:16 . 2002-08-29 00:16 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2008-05-10 10:16 . 2002-08-29 04:41 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2008-05-10 10:16 . 2002-08-29 00:16 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2008-05-10 10:16 . 2002-08-29 00:16 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2008-05-10 10:15 . 2002-08-29 04:41 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2008-05-10 10:15 . 2002-08-29 04:41 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2008-05-10 10:15 . 2002-08-29 04:41 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2008-05-10 10:14 . 2002-08-29 04:40 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-05-10 10:14 . 2002-08-29 04:41 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2008-05-10 10:14 . 2002-08-29 04:41 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2008-05-10 10:14 . 2002-08-29 04:41 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2008-05-10 10:14 . 2002-08-29 04:41 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2008-05-10 10:12 . 2002-08-29 00:16 450,176 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-10 10:12 . 2002-08-29 04:41 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2008-05-10 10:11 . 2002-08-29 00:16 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-05-10 10:11 . 2002-08-29 04:41 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
2008-05-10 10:11 . 2002-08-29 04:41 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2008-05-10 10:09 . 2002-08-29 04:41 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2008-05-10 10:09 . 2002-08-29 04:41 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2008-05-10 10:09 . 2002-08-29 04:41 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2008-05-10 10:09 . 2002-08-29 04:41 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2008-05-10 10:08 . 2002-04-15 22:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-05-10 10:07 . 2002-08-29 04:41 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2008-05-10 10:07 . 2002-08-29 04:48 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2008-05-10 10:06 . 2002-08-29 04:41 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2008-05-10 10:06 . 2002-08-29 04:41 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2008-05-10 10:06 . 2002-08-29 04:41 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2008-05-10 10:06 . 2002-08-29 04:41 154,112 --a------ C:\WINDOWS\system32\netman.dll
2008-05-10 10:06 . 2002-08-29 04:41 105,984 --a------ C:\WINDOWS\system32\netdde.exe
2008-05-10 10:05 . 2002-08-29 04:41 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2008-05-10 10:05 . 2002-08-29 04:41 115,200 --a------ C:\WINDOWS\system32\net1.exe
2008-05-10 10:05 . 2002-08-29 04:41 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2008-05-10 10:05 . 2002-08-29 04:41 39,424 --a------ C:\WINDOWS\system32\net.exe
2008-05-10 10:05 . 2002-08-29 04:41 16,384 --a------ C:\WINDOWS\system32\nddenb32.dll
2008-05-10 10:04 . 2002-08-29 04:41 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2008-05-10 10:03 . 2002-08-29 04:41 344,095 --a------ C:\WINDOWS\system32\msxbde40.dll
2008-05-10 10:00 . 2002-08-29 02:40 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2008-05-10 10:00 . 2002-08-29 04:41 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2008-05-10 10:00 . 2002-08-29 02:40 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2008-05-10 10:00 . 2002-08-29 04:41 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2008-05-10 10:00 . 2002-08-29 04:41 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2008-05-10 10:00 . 2002-08-29 04:41 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2008-05-10 10:00 . 2002-08-29 04:41 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2008-05-10 10:00 . 2002-08-29 04:41 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2008-05-10 09:59 . 2002-08-29 04:41 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
2008-05-10 09:59 . 2002-08-29 04:41 253,983 --a------ C:\WINDOWS\system32\mstext40.dll
2008-05-10 09:59 . 2002-08-29 04:41 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2008-05-10 09:59 . 2002-08-29 04:41 245,760 --a------ C:\WINDOWS\system32\msscp.dll
2008-05-10 09:59 . 2002-08-29 04:39 106,547 --a------ C:\WINDOWS\system32\msscript.ocx
2008-05-10 09:59 . 2002-08-29 04:41 69,632 --a------ C:\WINDOWS\system32\msscds32.ax
2008-05-10 09:59 . 2002-08-29 04:41 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2008-05-10 09:54 . 2002-08-29 04:41 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2008-05-10 09:54 . 2002-08-29 04:41 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2008-05-10 09:54 . 2002-08-29 04:41 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2008-05-10 09:54 . 2002-08-29 04:41 36,352 --a------ C:\WINDOWS\system32\sens.dll
2008-05-10 09:54 . 2002-08-29 04:41 20,992 --a------ C:\WINDOWS\system32\setup.exe
2008-05-10 09:54 . 2002-08-29 04:41 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2008-05-10 09:54 . 2002-08-29 04:41 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2008-05-10 09:53 . 2002-08-29 04:41 548,864 --a------ C:\WINDOWS\system32\rtcdll.dll
2008-05-10 09:53 . 2002-08-29 04:41 530,432 --a------ C:\WINDOWS\system32\rpcrt4.dll
2008-05-10 09:53 . 2002-08-29 04:41 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2008-05-10 09:53 . 2002-08-29 04:41 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2008-05-10 09:53 . 2002-08-29 04:41 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2008-05-10 09:53 . 2002-08-29 04:41 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2008-05-10 09:53 . 2002-08-28 23:27 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2008-05-10 09:53 . 2002-08-28 23:27 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2008-05-10 09:53 . 2002-08-29 04:41 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2008-05-10 09:53 . 2002-08-29 04:41 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2008-05-10 09:51 . 2002-08-29 04:41 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2008-05-10 09:51 . 2002-08-29 04:41 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2008-05-10 09:51 . 2002-07-16 19:55 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2008-05-10 09:51 . 2002-08-29 04:41 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2008-05-10 09:51 . 2002-08-29 04:41 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2008-05-10 09:51 . 2002-08-29 04:41 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2008-05-10 09:51 . 2002-08-29 04:41 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2008-05-10 09:50 . 2002-08-29 04:41 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-05-10 09:50 . 2002-08-29 04:41 258,048 --a------ C:\WINDOWS\system32\wmvds32.ax
2008-05-10 09:50 . 2002-08-29 04:41 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2008-05-10 09:50 . 2002-08-29 04:41 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2008-05-10 09:50 . 2002-08-29 04:41 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2008-05-10 09:50 . 2002-08-29 04:41 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2008-05-10 09:47 . 2002-08-29 04:39 1,998,848 --a------ C:\WINDOWS\system32\wmploc.dll
2008-05-10 09:47 . 2002-08-29 04:41 1,404,928 --a------ C:\WINDOWS\system32\wmpui.dll
2008-05-10 09:47 . 2002-08-29 04:41 1,298,432 --a------ C:\WINDOWS\system32\wmpcore.dll
2008-05-10 09:47 . 2002-08-29 04:41 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-05-10 09:47 . 2002-08-29 04:41 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2008-05-10 09:47 . 2002-08-29 04:41 278,559 --a------ C:\WINDOWS\system32\wmv8ds32.ax
2008-05-10 09:47 . 2002-08-29 04:41 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2008-05-10 09:47 . 2002-08-29 04:41 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2008-05-10 09:47 . 2002-08-29 04:41 77,824 --a------ C:\WINDOWS\system32\wmpshell.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 23:47 756,387 ----a-w C:\Program Files\INSTALL.LOG
2008-04-27 10:25 89,088 --sh--r C:\WINDOWS\AppPatch\wuaclt.exe
2008-02-27 10:05 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-09_12.20.58.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-18 18:00:00 1,229,312 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
+ 2002-08-29 10:40:48 1,818,624 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2001-08-18 18:00:00 370,688 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2002-08-29 10:40:48 406,528 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2001-08-18 18:00:00 45,568 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
+ 2002-08-29 10:40:48 125,440 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2001-08-18 18:00:00 204,288 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2002-08-29 10:40:48 219,136 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2001-08-18 18:00:00 148,480 ----a-w C:\WINDOWS\AppPatch\AcVerfyr.dll
+ 2002-08-29 10:40:48 255,488 ----a-w C:\WINDOWS\AppPatch\acverfyr.dll
- 2001-08-18 18:00:00 105,472 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2002-08-29 10:40:48 107,520 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
- 2008-05-09 18:20:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-11 19:16:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2002-08-29 10:41:26 13,312 ------w C:\WINDOWS\ehome\medctrro.exe
+ 2002-08-29 10:41:28 4,608 ------w C:\WINDOWS\ehome\snchk.exe
- 2001-08-18 18:00:00 1,000,960 ----a-w C:\WINDOWS\explorer.exe
+ 2002-08-29 10:41:24 1,004,032 ----a-w C:\WINDOWS\explorer.exe
- 2001-08-18 18:00:00 26,647 ----a-w C:\WINDOWS\hh.exe
+ 2002-08-29 10:41:24 10,752 ----a-w C:\WINDOWS\hh.exe
- 2001-08-18 18:00:00 238,592 ----a-w C:\WINDOWS\ime\mscandui.dll
+ 2002-08-29 10:41:02 203,776 ----a-w C:\WINDOWS\ime\mscandui.dll
- 2001-08-18 18:00:00 160,768 ----a-w C:\WINDOWS\ime\SOFTKBD.DLL
+ 2002-08-29 10:41:14 121,344 ----a-w C:\WINDOWS\ime\softkbd.dll
+ 2002-08-29 08:11:52 62,464 ------w C:\WINDOWS\ime\spgrmr.dll
- 2001-08-18 18:00:00 256,000 ----a-w C:\WINDOWS\ime\SPTIP.dll
+ 2002-08-29 10:41:18 235,520 ----a-w C:\WINDOWS\ime\sptip.dll
- 2001-08-18 18:00:00 229,376 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2002-08-29 10:41:28 249,856 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2001-08-18 10:00:00 692,224 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
+ 2002-08-29 10:41:24 742,400 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
- 2001-08-18 10:00:00 694,272 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpSvc.exe
+ 2002-08-29 10:41:24 703,488 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
+ 2002-08-29 10:41:24 8,704 ------w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\hscupd.exe
- 2001-08-18 10:00:00 145,408 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
+ 2002-08-29 10:41:26 145,408 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
- 2001-08-18 10:00:00 97,792 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchshell.dll
+ 2002-08-29 10:41:10 97,792 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchshell.dll
- 2001-08-18 10:00:00 29,184 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
+ 2002-08-29 10:41:10 29,696 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
- 2007-01-30 19:52:40 2,884 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
+ 2008-05-10 15:56:54 3,182 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
- 2001-08-18 18:00:00 134,144 ----a-w C:\WINDOWS\regedit.exe
+ 2002-08-29 10:41:28 134,144 ----a-w C:\WINDOWS\regedit.exe
+ 2002-08-29 08:33:20 50,560 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2002-08-29 08:33:22 46,080 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2002-08-29 10:40:48 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2002-08-29 06:00:48 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2002-08-29 06:00:56 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2002-08-29 10:40:48 1,818,624 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2002-08-29 10:40:48 406,528 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2002-08-29 10:40:48 125,440 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2002-08-29 08:09:06 179,328 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2002-08-29 10:40:48 219,136 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2002-08-29 10:40:48 255,488 ------w C:\WINDOWS\ServicePackFiles\i386\acverfyr.dll
+ 2002-08-29 10:40:48 107,520 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2002-08-29 10:40:48 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2002-08-29 10:41:20 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2002-08-29 06:00:48 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2002-08-29 10:40:48 162,816 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2002-08-29 10:40:48 139,776 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2002-08-29 10:40:48 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2002-08-29 10:40:48 239,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2002-08-29 10:40:48 558,080 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2002-08-29 10:40:48 91,136 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2002-08-29 06:16:38 142,208 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2002-08-29 09:01:14 131,968 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2002-08-29 10:41:20 91,648 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2002-08-29 10:41:20 41,984 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2002-08-29 08:05:06 32,000 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2002-08-29 08:05:08 32,512 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2002-08-29 05:59:12 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2002-08-29 10:40:48 115,712 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2002-08-29 08:33:30 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2002-08-29 10:40:06 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\asferror.dll
+ 2002-08-29 10:40:48 14,366 ------w C:\WINDOWS\ServicePackFiles\i386\asfsipc.dll
+ 2002-08-29 10:41:20 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2002-08-29 08:27:50 86,912 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2002-08-29 10:40:48 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2002-08-29 10:40:48 202,496 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2002-08-29 06:16:18 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2002-08-29 06:16:16 450,176 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2002-08-29 10:40:48 844,675 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2002-08-29 10:40:50 921,475 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2002-08-29 06:16:24 56,591 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2002-08-29 06:16:24 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2002-08-29 06:16:26 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2002-08-29 06:16:26 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2002-08-29 06:16:26 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2002-08-29 06:16:28 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2002-08-29 06:16:28 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2002-08-29 06:16:28 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2002-08-29 06:16:30 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2002-08-29 06:16:30 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2002-08-29 10:40:50 74,810 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2002-08-29 08:33:36 53,888 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2002-08-29 10:40:50 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2002-08-29 10:40:50 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2002-08-29 10:41:20 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2002-08-29 10:41:20 565,760 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2002-08-29 10:41:20 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2002-08-29 07:37:20 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\auupdate.exe
+ 2002-08-29 08:33:22 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2002-08-29 10:40:50 76,288 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2002-08-29 10:40:50 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2002-08-29 10:40:50 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2002-08-29 08:34:42 68,864 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2002-08-29 10:40:10 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2002-08-29 10:40:50 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2002-08-29 10:40:50 1,021,952 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2002-08-29 10:40:50 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2002-08-29 10:40:50 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2002-08-29 10:40:50 360,448 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2002-08-29 10:40:50 582,656 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2002-08-29 08:33:24 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
+ 2002-08-29 08:58:52 59,648 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
+ 2002-08-29 10:40:50 14,848 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
+ 2002-08-29 08:27:56 47,488 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
+ 2002-08-29 10:40:50 186,880 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
+ 2002-08-29 10:40:50 179,712 ------w C:\WINDOWS\ServicePackFiles\i386\cewmdm.dll
+ 2002-08-29 10:40:50 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
+ 2002-08-29 10:41:20 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
+ 2002-08-29 10:40:50 1,267,712 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
+ 2002-08-29 10:40:50 64,512 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
+ 2002-08-29 09:08:44 46,336 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
+ 2002-08-29 10:41:20 98,816 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
+ 2002-08-29 10:40:50 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll
+ 2002-08-29 08:09:06 13,184 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys
+ 2002-08-29 10:40:50 324,608 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2002-08-29 10:41:22 41,472 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
+ 2002-08-29 10:40:50 186,880 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll
+ 2002-08-29 10:40:50 557,056 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
+ 2002-08-29 10:40:50 258,048 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
+ 2002-08-29 10:40:50 238,592 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll
+ 2002-08-29 10:40:50 1,172,992 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll
+ 2002-08-29 10:41:22 995,328 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
+ 2002-08-29 10:41:22 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
+ 2002-08-29 07:37:22 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\copymar.exe
+ 2002-08-29 10:40:50 158,720 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2002-08-29 08:05:08 31,488 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys
+ 2002-08-29 10:40:50 557,568 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll
+ 2002-08-29 10:40:50 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll
+ 2002-08-29 10:40:50 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
+ 2002-08-29 10:40:50 471,040 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll
+ 2002-08-29 10:40:50 307,712 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll
+ 2002-08-29 10:40:50 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll
+ 2002-08-29 10:41:22 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
+ 2002-08-29 07:37:22 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\custdial.dll
+ 2002-08-29 10:40:50 1,180,672 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll
+ 2002-08-29 10:40:50 986,112 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll
+ 2002-08-29 10:40:50 489,984 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll
+ 2002-08-29 10:40:50 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsadsn.dll
+ 2002-08-29 07:36:06 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll
+ 2002-08-29 07:36:06 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsvinn.dll
+ 2002-08-29 10:40:00 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll
+ 2002-08-29 07:34:36 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll
+ 2002-08-29 10:57:58 1,740 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2002-08-29 10:40:50 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll
+ 2002-08-29 10:40:50 253,440 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
+ 2002-08-29 10:41:22 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
+ 2002-08-29 10:40:50 263,168 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll
+ 2002-08-29 10:41:22 76,288 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
+ 2002-08-29 10:41:22 99,328 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
+ 2002-08-29 10:40:50 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgsnap.dll
+ 2002-08-29 10:40:50 113,152 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgui.dll
+ 2002-08-29 10:40:50 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\dfsshlex.dll
+ 2002-08-29 10:40:50 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\dgnet.dll
+ 2002-08-29 10:40:50 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll
+ 2002-08-29 10:40:50 55,296 ------w C:\WINDOWS\ServicePackFiles\i386\digest.dll
+ 2002-08-29 10:40:50 151,552 ------w C:\WINDOWS\ServicePackFiles\i386\dinput.dll
+ 2002-08-29 10:40:50 168,960 ------w C:\WINDOWS\ServicePackFiles\i386\dinput8.dll
+ 2002-08-29 08:27:58 33,792 ------w C:\WINDOWS\ServicePackFiles\i386\disk.sys
+ 2002-08-29 08:27:56 13,184 ------w C:\WINDOWS\ServicePackFiles\i386\diskdump.sys
+ 2002-08-29 10:41:22 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\dlimport.exe
+ 2002-08-29 10:40:50 26,112 ------w C:\WINDOWS\ServicePackFiles\i386\dmband.dll
+ 2002-08-29 10:40:50 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\dmcompos.dll
+ 2002-08-29 10:40:50 172,544 ------w C:\WINDOWS\ServicePackFiles\i386\dmime.dll
+ 2002-08-29 10:40:50 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\dmloader.dll
+ 2002-08-29 10:40:50 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\dmscript.dll
+ 2002-08-29 10:40:50 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\dmstyle.dll
+ 2002-08-29 10:40:50 94,720 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.dll
+ 2002-08-29 10:40:50 139,264 ------w C:\WINDOWS\ServicePackFiles\i386\dnsapi.dll
+ 2002-08-29 10:40:50 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\docprop2.dll
+ 2002-08-29 09:20:28 115,200 ------w C:\WINDOWS\ServicePackFiles\i386\dpcdll.dll
+ 2002-08-29 10:40:50 156,672 ------w C:\WINDOWS\ServicePackFiles\i386\dpnet.dll
+ 2002-08-29 10:40:50 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhpast.dll
+ 2002-08-29 10:40:50 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhupnp.dll
+ 2002-08-29 10:40:50 206,336 ------w C:\WINDOWS\ServicePackFiles\i386\dpvoice.dll
+ 2002-08-29 10:41:22 58,368 ------w C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe
+ 2002-08-29 10:40:50 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\dpwsockx.dll
+ 2002-08-29 10:40:50 266,240 ------w C:\WINDOWS\ServicePackFiles\i386\drmclien.dll
+ 2002-08-29 08:32:34 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\drmk.sys
+ 2002-08-29 08:32:34 2,816 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2002-08-29 10:40:50 76,830 ------w C:\WINDOWS\ServicePackFiles\i386\drmstor.dll
+ 2002-08-29 10:40:50 602,112 ------w C:\WINDOWS\ServicePackFiles\i386\drmv2clt.dll
+ 2002-08-29 10:40:50 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ds32gt.dll
+ 2002-08-29 10:40:50 135,680 ------w C:\WINDOWS\ServicePackFiles\i386\dsprop.dll
+ 2002-08-29 08:14:26 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dsprpres.dll
+ 2002-08-29 10:40:52 227,840 ------w C:\WINDOWS\ServicePackFiles\i386\dsquery.dll
+ 2002-08-29 05:27:32 124,928 ------w C:\WINDOWS\ServicePackFiles\i386\dssenh.dll
+ 2002-08-29 10:41:22 9,216 ------w C:\WINDOWS\ServicePackFiles\i386\dumprep.exe
+ 2002-08-29 10:40:52 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\duser.dll
+ 2002-06-27 23:38:36 162,120 ------w C:\WINDOWS\ServicePackFiles\i386\dw.exe
+ 2002-08-29 10:41:22 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\dwwin.exe
+ 2002-08-29 10:41:22 786,432 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe
+ 2002-08-29 10:40:44 68,992 ------w C:\WINDOWS\ServicePackFiles\i386\dxg.sys
+ 2002-08-29 10:40:52 498,205 ------w C:\WINDOWS\ServicePackFiles\i386\dxmasf.dll
+ 2002-08-29 10:40:52 802,304 ------w C:\WINDOWS\ServicePackFiles\i386\dxmrtp.dll
+ 2002-08-29 10:40:52 337,920 ------w C:\WINDOWS\ServicePackFiles\i386\dxtmsft.dll
+ 2002-08-29 10:40:52 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\dxtrans.dll
+ 2002-08-29 10:40:52 165,376 ------w C:\WINDOWS\ServicePackFiles\i386\els.dll
+ 2002-08-29 10:40:52 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\encapi.dll
+ 2002-08-29 10:40:52 155,648 ------w C:\WINDOWS\ServicePackFiles\i386\encdec.dll
+ 2002-08-29 10:40:52 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\ersvc.dll
+ 2002-08-29 10:40:52 225,280 ------w C:\WINDOWS\ServicePackFiles\i386\es.dll
+ 2002-08-29 10:40:52 235,520 ------w C:\WINDOWS\ServicePackFiles\i386\esscli.dll
+ 2002-08-29 06:00:54 137,088 ------w C:\WINDOWS\ServicePackFiles\i386\essm2e.sys
+ 2002-08-29 10:41:24 178,688 ------w C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe
+ 2002-08-29 10:40:52 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
+ 2002-08-29 10:40:52 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\evntrprv.dll
+ 2002-08-29 10:41:24 1,004,032 ------w C:\WINDOWS\ServicePackFiles\i386\explorer.exe
+ 2002-08-29 10:40:54 380,445 ------w C:\WINDOWS\ServicePackFiles\i386\expsrv.dll
+ 2002-08-29 09:12:46 145,152 ------w C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
+ 2002-08-29 10:40:54 565,248 ------w C:\WINDOWS\ServicePackFiles\i386\fastprox.dll
+ 2002-08-29 10:40:54 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\faultrep.dll
+ 2002-08-29 10:41:24 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe
+ 2002-08-29 10:40:54 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\fldrclnr.dll
+ 2002-08-29 08:27:44 19,712 ------w C:\WINDOWS\ServicePackFiles\i386\flpydisk.sys
+ 2002-08-29 10:41:24 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\fontview.exe
+ 2002-08-29 10:40:54 32,828 ------w C:\WINDOWS\ServicePackFiles\i386\fp40ext.dll
+ 2002-08-29 10:40:54 184,435 ------w C:\WINDOWS\ServicePackFiles\i386\fp4amsft.dll
+ 2002-08-29 10:40:54 82,035 ------w C:\WINDOWS\ServicePackFiles\i386\fp4anscp.dll
+ 2002-08-29 10:40:54 147,513 ------w C:\WINDOWS\ServicePackFiles\i386\fp4apws.dll
+ 2002-08-29 10:40:54 127,034 ------w C:\WINDOWS\ServicePackFiles\i386\fp4areg.dll
+ 2002-08-29 10:40:54 102,509 ------w C:\WINDOWS\ServicePackFiles\i386\fp4atxt.dll
+ 2002-08-29 10:40:54 618,605 ------w C:\WINDOWS\ServicePackFiles\i386\fp4autl.dll
+ 2002-08-29 10:40:54 41,020 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avnb.dll
+ 2002-08-29 10:40:54 32,826 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avss.dll
+ 2002-08-29 10:40:54 49,212 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awebs.dll
+ 2002-08-29 10:40:56 872,557 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awel.dll
+ 2002-08-29 10:41:24 15,120 ------w C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe
+ 2002-08-29 10:41:24 109,840 ------w C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe
+ 2002-08-29 10:41:24 24,632 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe
+ 2002-08-29 10:40:56 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmdll.dll
+ 2002-08-29 10:41:24 188,494 ------w C:\WINDOWS\ServicePackFiles\i386\fpcount.exe
+ 2002-08-29 10:40:56 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\fpencode.dll
+ 2002-08-29 10:40:56 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpexedll.dll
+ 2002-08-29 10:40:56 598,071 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmc.dll
+ 2002-05-15 01:16:22 208,896 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmcsat.dll
+ 2002-08-29 10:41:24 20,538 ------w C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe
+ 2002-08-29 10:41:24 28,728 ------w C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe
+ 2002-08-29 10:40:44 8,832 ------w C:\WINDOWS\ServicePackFiles\i386\framebuf.dll
+ 2002-08-29 10:41:24 40,448 ------w C:\WINDOWS\ServicePackFiles\i386\ftp.exe
+ 2002-08-29 10:40:56 443,392 ------w C:\WINDOWS\ServicePackFiles\i386\fxsapi.dll
+ 2002-08-29 10:41:24 130,048 ------w C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe
+ 2002-08-29 10:40:56 271,360 ------w C:\WINDOWS\ServicePackFiles\i386\fxscomex.dll
+ 2002-08-29 10:41:24 216,064 ------w C:\WINDOWS\ServicePackFiles\i386\fxscover.exe
+ 2002-08-29 10:40:56 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\fxsdrv.dll
+ 2002-08-29 10:40:56 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\fxsext32.dll
+ 2002-08-29 10:40:56 122,880 ------w C:\WINDOWS\ServicePackFiles\i386\fxsocm.dll
+ 2002-08-29 10:40:56 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\fxsperf.dll
+ 2002-08-29 10:39:56 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\fxsres.dll
+ 2002-08-29 10:40:56 559,616 ------w C:\WINDOWS\ServicePackFiles\i386\fxsst.dll
+ 2002-08-29 10:41:24 250,368 ------w C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe
+ 2002-08-29 10:40:56 236,032 ------w C:\WINDOWS\ServicePackFiles\i386\fxst30.dll
+ 2002-08-29 10:40:56 391,168 ------w C:\WINDOWS\ServicePackFiles\i386\fxstiff.dll
+ 2002-08-29 10:40:56 149,504 ------w C:\WINDOWS\ServicePackFiles\i386\fxsui.dll
+ 2002-08-29 10:40:56 185,856 ------w C:\WINDOWS\ServicePackFiles\i386\fxswzrd.dll
+ 2002-08-29 10:40:56 395,264 ------w C:\WINDOWS\ServicePackFiles\i386\fxsxp32.dll
+ 2002-08-29 08:32:44 9,856 ------w C:\WINDOWS\ServicePackFiles\i386\gameenum.sys
+ 2002-08-29 08:32:48 54,144 ------w C:\WINDOWS\ServicePackFiles\i386\gckernel.sys
+ 2002-08-29 10:40:56 250,368 ------w C:\WINDOWS\ServicePackFiles\i386\gdi32.dll
+ 2002-08-29 10:40:56 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\guitrn.dll
+ 2002-08-29 10:40:56 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\guitrn_a.dll
+ 2002-08-29 10:40:56 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\h323cc.dll
+ 2002-08-29 08:05:06 101,376 ------w C:\WINDOWS\ServicePackFiles\i386\hal.dll
+ 2002-08-29 08:05:04 127,872 ------w C:\WINDOWS\ServicePackFiles\i386\halaacpi.dll
+ 2002-08-29 08:05:04 77,440 ------w C:\WINDOWS\ServicePackFiles\i386\halacpi.dll
+ 2002-08-29 08:05:04 146,560 ------w C:\WINDOWS\ServicePackFiles\i386\halapic.dll
+ 2002-08-29 08:05:04 129,920 ------w C:\WINDOWS\ServicePackFiles\i386\halmacpi.dll
+ 2002-08-29 08:05:06 148,352 ------w C:\WINDOWS\ServicePackFiles\i386\halmps.dll
+ 2002-08-29 10:40:56 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\hccoin.dll
+ 2002-08-29 10:41:24 742,400 ------w C:\WINDOWS\ServicePackFiles\i386\helpctr.exe
+ 2002-08-29 10:41:24 703,488 ------w C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe
+ 2002-08-29 10:41:24 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\hh.exe
+ 2002-08-29 10:40:56 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\hhsetup.dll
+ 2002-08-29 08:32:42 34,560 ------w C:\WINDOWS\ServicePackFiles\i386\hidclass.sys
+ 2002-08-29 08:32:42 6,912 ------w C:\WINDOWS\ServicePackFiles\i386\hidir.sys
+ 2002-08-29 10:40:56 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\hidserv.dll
+ 2002-08-29 10:40:56 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\hmmapi.dll
+ 2002-08-29 10:40:56 240,640 ------w C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll
+ 2002-08-29 10:41:24 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\hscupd.exe
+ 2002-08-29 09:06:38 51,072 ------w C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
+ 2002-08-29 10:40:56 9,216 ------w C:\WINDOWS\ServicePackFiles\i386\icaapi.dll
+ 2002-08-29 10:40:56 236,032 ------w C:\WINDOWS\ServicePackFiles\i386\icm32.dll
+ 2002-08-29 10:41:24 208,896 ------w C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe
+ 2002-08-29 10:40:56 113,152 ------w C:\WINDOWS\ServicePackFiles\i386\idq.dll
+ 2002-08-29 10:41:24 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\ie4uinit.exe
+ 2002-08-29 10:40:56 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\ieakeng.dll
+ 2002-08-29 10:40:56 204,288 ------w C:\WINDOWS\ServicePackFiles\i386\ieaksie.dll
+ 2002-08-29 10:40:56 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\iedkcs32.dll
+ 2002-08-29 10:40:56 231,424 ------w C:\WINDOWS\ServicePackFiles\i386\iepeers.dll
+ 2002-08-29 10:40:56 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\iesetup.dll
+ 2002-08-29 10:41:26 91,136 ------w C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
+ 2002-08-29 10:40:56 468,480 ------w C:\WINDOWS\ServicePackFiles\i386\iis.dll
+ 2002-08-29 10:40:56 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\ils.dll
+ 2002-08-29 10:40:56 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\imagehlp.dll
+ 2002-08-29 10:41:26 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\imapi.exe
+ 2002-08-29 08:28:08 39,808 ------w C:\WINDOWS\ServicePackFiles\i386\imapi.sys
+ 2002-08-29 10:40:56 36,922 ------w C:\WINDOWS\ServicePackFiles\i386\imeshare.dll
+ 2002-08-29 10:40:56 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\imgutil.dll
+ 2002-08-29 10:40:56 103,936 ------w C:\WINDOWS\ServicePackFiles\i386\imm32.dll
+ 2002-08-29 10:40:56 587,776 ------w C:\WINDOWS\ServicePackFiles\i386\inetcomm.dll
+ 2002-08-29 10:40:58 114,176 ------w C:\WINDOWS\ServicePackFiles\i386\input.dll
+ 2002-08-29 10:40:58 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\inseng.dll
+ 2002-08-29 08:27:48 4,736 ------w C:\WINDOWS\ServicePackFiles\i386\intelide.sys
+ 2002-08-29 10:41:26 51,712 ------w C:\WINDOWS\ServicePackFiles\i386\ipconfig.exe
+ 2002-08-29 10:40:58 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\iphlpapi.dll
+ 2002-08-29 08:36:14 79,488 ------w C:\WINDOWS\ServicePackFiles\i386\ipnat.sys
+ 2002-08-29 10:40:58 435,200 ------w C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
+ 2002-08-29 10:40:58 318,464 ------w C:\WINDOWS\ServicePackFiles\i386\ippromon.dll
+ 2002-08-29 09:07:22 57,984 ------w C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
+ 2002-08-29 10:40:58 155,648 ------w C:\WINDOWS\ServicePackFiles\i386\ipsecsvc.dll
+ 2002-08-29 10:41:26 60,928 ------w C:\WINDOWS\ServicePackFiles\i386\ipv6.exe
+ 2002-08-29 10:40:58 134,144 ------w C:\WINDOWS\ServicePackFiles\i386\ipv6mon.dll
+ 2002-08-29 10:40:58 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\irmon.dll
+ 2002-08-29 10:40:58 143,872 ------w C:\WINDOWS\ServicePackFiles\i386\itircl.dll
+ 2002-08-29 10:40:58 122,368 ------w C:\WINDOWS\ServicePackFiles\i386\itss.dll
+ 2002-08-29 10:40:58 91,648 ------w C:\WINDOWS\ServicePackFiles\i386\iuctl.dll
+ 2002-08-29 10:40:58 166,912 ------w C:\WINDOWS\ServicePackFiles\i386\iuengine.dll
+ 2002-08-29 10:40:58 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\ixsso.dll
+ 2002-08-29 08:27:02 23,424 ------w C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
+ 2002-08-29 08:05:10 7,040 ------w C:\WINDOWS\ServicePackFiles\i386\kd1394.dll
+ 2002-08-29 10:41:00 272,896 ------w C:\WINDOWS\ServicePackFiles\i386\kerberos.dll
+ 2002-08-29 10:41:00 930,304 ------w C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
+ 2002-08-29 04:23:06 42,537 ------w C:\WINDOWS\ServicePackFiles\i386\keyboard.sys
+ 2002-08-29 08:32:30 159,360 ------w C:\WINDOWS\ServicePackFiles\i386\kmixer.sys
+ 2002-08-29 09:13:42 131,712 ------w C:\WINDOWS\ServicePackFiles\i386\ks.sys
+ 2002-08-29 04:39:42 97,792 ------w C:\WINDOWS\ServicePackFiles\i386\lang\chtmbx.dll
+ 2002-08-29 04:39:42 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\lang\chtskdic.dll
+ 2002-08-29 04:39:42 173,568 ------w C:\WINDOWS\ServicePackFiles\i386\lang\chtskf.dll
+ 2002-08-29 04:39:42 201,216 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cintime.dll
+ 2002-08-29 04:39:44 480,256 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cintsetp.exe
+ 2002-08-29 04:38:26 57,400 ------w C:\WINDOWS\ServicePackFiles\i386\lang\cplexe.exe
+ 2002-08-29 08:12:30 99,328 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imekrcic.dll
+ 2002-06-13 02:14:46 827,438 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjp81k.dll
+ 2002-08-08 02:35:54 360,494 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpcic.dll
+ 2002-08-29 04:38:40 716,857 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpcus.dll
+ 2002-08-29 04:38:40 81,977 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.dll
+ 2002-08-29 04:38:40 307,258 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe
+ 2002-08-29 04:38:40 155,706 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpdsvr.exe
+ 2002-08-29 04:38:42 196,666 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpinst.exe
+ 2002-08-29 04:38:42 208,953 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe
+ 2002-08-29 04:38:46 233,528 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjprw.exe
+ 2002-08-29 04:38:52 262,201 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe
+ 2002-08-29 04:38:54 274,490 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imjputyc.dll
+ 2002-08-29 04:39:02 102,456 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imlang.dll
+ 2002-08-29 04:39:06 59,392 ------w C:\WINDOWS\ServicePackFiles\i386\lang\imscinst.exe
+ 2002-08-29 04:39:46 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\lang\padrs404.dll
+ 2002-08-29 04:39:08 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\lang\padrs804.dll
+ 2002-08-29 04:39:08 175,104 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlcsa.dll
+ 2002-08-29 04:39:08 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlcsd.dll
+ 2002-08-29 04:39:06 70,144 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pintlphr.exe
+ 2002-08-29 04:39:08 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\lang\pmigrate.dll
+ 2002-08-29 04:39:50 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tintlphr.exe
+ 2002-08-29 04:39:50 455,168 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe
+ 2002-08-29 04:39:48 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\lang\tmigrate.dll
+ 2002-08-29 08:12:18 72,192 ------w C:\WINDOWS\ServicePackFiles\i386\lang\uniime.dll
+ 2002-08-29 04:39:06 426,042 ------w C:\WINDOWS\ServicePackFiles\i386\lang\voicepad.dll
+ 2002-08-29 04:39:08 86,074 ------w C:\WINDOWS\ServicePackFiles\i386\lang\voicesub.dll

ccogswel · May 11, 2008

+ 2002-08-29 10:41:00 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\laprxy.dll
+ 2002-08-29 09:41:00 367,616 ------w C:\WINDOWS\ServicePackFiles\i386\licdll.dll
+ 2002-08-29 10:41:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\licmgr10.dll
+ 2002-08-29 10:41:00 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\licwmi.dll
+ 2002-08-29 10:41:00 381,440 ------w C:\WINDOWS\ServicePackFiles\i386\lmrt.dll
+ 2002-08-29 10:41:00 295,936 ------w C:\WINDOWS\ServicePackFiles\i386\localspl.dll
+ 2002-08-29 10:41:00 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\localui.dll
+ 2002-08-29 10:41:00 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\log.dll
+ 2002-08-29 10:41:26 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\logagent.exe
+ 2002-08-29 10:41:28 219,648 ------w C:\WINDOWS\ServicePackFiles\i386\logon.scr
+ 2002-08-29 07:37:30 245,760 ------w C:\WINDOWS\ServicePackFiles\i386\logonmgr.dll
+ 2002-08-29 10:41:26 504,320 ------w C:\WINDOWS\ServicePackFiles\i386\logonui.exe
+ 2002-08-29 10:41:00 671,744 ------w C:\WINDOWS\ServicePackFiles\i386\lsasrv.dll
+ 2002-08-29 10:41:26 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\lsass.exe
+ 2002-08-29 06:34:36 607,360 ------w C:\WINDOWS\ServicePackFiles\i386\ltmdmnt.sys
+ 2002-08-29 06:34:38 420,992 ------w C:\WINDOWS\ServicePackFiles\i386\ltmdmntt.sys
+ 2002-08-29 08:28:02 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\ltotape.sys
+ 2002-08-29 06:16:22 20,864 ------w C:\WINDOWS\ServicePackFiles\i386\lwadihid.sys
+ 2002-08-29 10:41:26 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\medctrro.exe
+ 2002-08-29 08:28:32 24,448 ------w C:\WINDOWS\ServicePackFiles\i386\memstpci.sys
+ 2002-08-29 10:41:00 179,200 ------w C:\WINDOWS\ServicePackFiles\i386\migism.dll
+ 2002-08-29 10:41:00 170,496 ------w C:\WINDOWS\ServicePackFiles\i386\migism_a.dll
+ 2002-08-29 10:41:26 98,816 ------w C:\WINDOWS\ServicePackFiles\i386\migload.exe
+ 2002-08-29 10:41:26 230,400 ------w C:\WINDOWS\ServicePackFiles\i386\migwiz.exe
+ 2002-08-29 10:41:26 226,816 ------w C:\WINDOWS\ServicePackFiles\i386\migwiz_a.exe
+ 2002-08-29 10:41:00 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\mindex.dll
+ 2002-08-29 10:41:00 1,128,960 ------w C:\WINDOWS\ServicePackFiles\i386\mmcndmgr.dll
+ 2002-08-29 10:41:00 32,256 ------w C:\WINDOWS\ServicePackFiles\i386\mnmdd.dll
+ 2002-08-29 10:41:00 196,096 ------w C:\WINDOWS\ServicePackFiles\i386\mobsync.dll
+ 2002-08-29 10:41:26 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\mofcomp.exe
+ 2002-08-29 10:41:00 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\mofd.dll
+ 2002-08-29 10:39:42 210,944 ------w C:\WINDOWS\ServicePackFiles\i386\moricons.dll
+ 2002-08-29 08:27:02 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\mouclass.sys
+ 2002-08-29 10:41:26 806,969 ------w C:\WINDOWS\ServicePackFiles\i386\moviemk.exe
+ 2002-08-29 10:41:00 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\mpg4dmod.dll
+ 2002-08-29 10:41:26 116,736 ------w C:\WINDOWS\ServicePackFiles\i386\mplay32.exe
+ 2002-08-29 10:41:26 4,639 ------w C:\WINDOWS\ServicePackFiles\i386\mplayer2.exe
+ 2002-08-29 08:59:54 407,552 ------w C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
+ 2002-08-29 10:41:02 307,200 ------w C:\WINDOWS\ServicePackFiles\i386\msadce.dll
+ 2002-08-29 10:41:02 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msadcf.dll
+ 2002-08-29 10:41:02 131,072 ------w C:\WINDOWS\ServicePackFiles\i386\msadco.dll
+ 2002-08-29 10:41:02 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\msadcs.dll
+ 2002-08-29 10:41:02 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\msadds.dll
+ 2002-08-29 10:41:02 487,424 ------w C:\WINDOWS\ServicePackFiles\i386\msado15.dll
+ 2002-08-29 10:41:02 159,744 ------w C:\WINDOWS\ServicePackFiles\i386\msadomd.dll
+ 2002-08-29 10:41:02 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\msador15.dll
+ 2002-08-29 10:41:02 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\msadox.dll
+ 2002-08-29 10:41:02 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\msadrh15.dll
+ 2002-08-29 10:41:02 203,776 ------w C:\WINDOWS\ServicePackFiles\i386\mscandui.dll
+ 2002-08-29 10:41:02 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\mscms.dll
+ 2002-08-29 10:41:02 65,536 ------w C:\WINDOWS\ServicePackFiles\i386\msconf.dll
+ 2002-08-29 10:41:26 145,408 ------w C:\WINDOWS\ServicePackFiles\i386\msconfig.exe
+ 2002-08-29 10:39:46 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\mscpx32r.dll
+ 2002-08-29 10:41:02 266,752 ------w C:\WINDOWS\ServicePackFiles\i386\msctf.dll
+ 2002-08-29 10:41:02 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\msctfp.dll
+ 2002-08-29 10:41:02 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdadc.dll
+ 2002-08-29 10:41:02 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdaenum.dll
+ 2002-08-29 10:41:02 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdaer.dll
+ 2002-08-29 10:41:02 532,480 ------w C:\WINDOWS\ServicePackFiles\i386\msdaipp.dll
+ 2002-08-29 10:41:02 221,184 ------w C:\WINDOWS\ServicePackFiles\i386\msdaora.dll
+ 2002-08-29 10:41:02 73,728 ------w C:\WINDOWS\ServicePackFiles\i386\msdaosp.dll
+ 2002-08-29 10:41:02 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\msdaprst.dll
+ 2002-08-29 10:41:02 188,416 ------w C:\WINDOWS\ServicePackFiles\i386\msdaps.dll
+ 2002-08-29 10:41:02 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\msdarem.dll
+ 2002-08-29 10:41:02 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\msdart.dll
+ 2002-08-29 10:41:04 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdasc.dll
+ 2002-08-29 10:41:04 303,104 ------w C:\WINDOWS\ServicePackFiles\i386\msdasql.dll
+ 2002-08-29 10:41:04 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\msdatl3.dll
+ 2002-08-29 10:41:04 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\msdatt.dll
+ 2002-08-29 10:41:04 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\msdaurl.dll
+ 2002-08-29 07:37:34 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\msdbx.dll
+ 2002-08-29 10:41:04 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\msdfmap.dll
+ 2002-08-29 10:41:04 359,936 ------w C:\WINDOWS\ServicePackFiles\i386\msdtcprx.dll
+ 2002-08-29 10:39:46 4,126 ------w C:\WINDOWS\ServicePackFiles\i386\msdxmlc.dll
+ 2002-08-29 10:41:04 512,031 ------w C:\WINDOWS\ServicePackFiles\i386\msexch40.dll
+ 2002-08-29 10:41:04 319,519 ------w C:\WINDOWS\ServicePackFiles\i386\msexcl40.dll
+ 2002-08-29 10:41:04 504,832 ------w C:\WINDOWS\ServicePackFiles\i386\msftedit.dll
+ 2002-08-29 10:41:04 968,192 ------w C:\WINDOWS\ServicePackFiles\i386\msgina.dll
+ 2002-08-29 10:41:04 57,374 ------w C:\WINDOWS\ServicePackFiles\i386\msgrocm.dll
+ 2002-08-21 03:29:46 109,152 ------w C:\WINDOWS\ServicePackFiles\i386\msgsc.dll
+ 2002-08-29 07:36:24 221,215 ------w C:\WINDOWS\ServicePackFiles\i386\msgslang.dll
+ 2002-08-29 10:41:32 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\msh261.drv
+ 2002-08-29 10:41:32 286,720 ------w C:\WINDOWS\ServicePackFiles\i386\msh263.drv
+ 2002-08-29 10:41:04 2,833,920 ------w C:\WINDOWS\ServicePackFiles\i386\mshtml.dll
+ 2002-08-29 10:41:04 440,320 ------w C:\WINDOWS\ServicePackFiles\i386\mshtmled.dll
+ 2002-08-29 10:39:46 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\mshtmler.dll
+ 2002-08-29 10:41:04 2,086,400 ------w C:\WINDOWS\ServicePackFiles\i386\msi.dll
+ 2002-08-29 10:41:04 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\msieftp.dll
+ 2002-08-29 10:41:26 64,512 ------w C:\WINDOWS\ServicePackFiles\i386\msiexec.exe
+ 2002-08-29 10:41:04 305,664 ------w C:\WINDOWS\ServicePackFiles\i386\msihnd.dll
+ 2002-08-29 10:41:04 4,608 ------w C:\WINDOWS\ServicePackFiles\i386\msimg32.dll
+ 2002-08-29 10:41:26 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msimn.exe
+ 2002-08-29 10:41:04 143,872 ------w C:\WINDOWS\ServicePackFiles\i386\msimtf.dll
+ 2002-08-29 10:41:04 368,710 ------w C:\WINDOWS\ServicePackFiles\i386\msisam11.dll
+ 2002-08-29 10:41:06 1,503,262 ------w C:\WINDOWS\ServicePackFiles\i386\msjet40.dll
+ 2002-08-29 10:41:06 348,195 ------w C:\WINDOWS\ServicePackFiles\i386\msjetol1.dll
+ 2002-08-29 10:41:06 90,112 ------w C:\WINDOWS\ServicePackFiles\i386\msjro.dll
+ 2002-08-29 10:41:06 241,695 ------w C:\WINDOWS\ServicePackFiles\i386\msjtes40.dll
+ 2002-08-29 08:27:12 7,040 ------w C:\WINDOWS\ServicePackFiles\i386\mskssrv.sys
+ 2002-08-29 10:41:06 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\mslbui.dll
+ 2002-08-29 10:41:06 213,023 ------w C:\WINDOWS\ServicePackFiles\i386\msltus40.dll
+ 2002-06-27 23:38:38 360,448 ------w C:\WINDOWS\ServicePackFiles\i386\msmom.dll
+ 2002-08-29 10:41:26 1,511,453 ------w C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
+ 2002-08-29 10:41:26 69,663 ------w C:\WINDOWS\ServicePackFiles\i386\msmsgsin.exe
+ 2002-06-27 23:38:40 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\msn6.exe
+ 2002-08-29 10:41:06 174,592 ------w C:\WINDOWS\ServicePackFiles\i386\msnetobj.dll
+ 2002-06-27 23:38:42 978,944 ------w C:\WINDOWS\ServicePackFiles\i386\msnmetal.dll
+ 2002-08-29 07:37:42 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\msnmigr.dll
+ 2002-06-27 23:38:46 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\msnmtllc.dll
+ 2002-08-29 07:37:44 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\msnntmig.dll
+ 2002-08-29 07:37:44 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\msnspell.dll
+ 2002-08-29 10:41:06 319,760 ------w C:\WINDOWS\ServicePackFiles\i386\msnsspc.dll
+ 2002-08-29 07:37:46 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\msnunin.exe
+ 2002-08-29 10:41:06 112,128 ------w C:\WINDOWS\ServicePackFiles\i386\msobcomm.dll
+ 2002-08-29 10:41:06 536,576 ------w C:\WINDOWS\ServicePackFiles\i386\msobmain.dll
+ 2002-08-29 10:41:06 1,174,016 ------w C:\WINDOWS\ServicePackFiles\i386\msoe.dll
+ 2002-08-29 10:41:06 228,864 ------w C:\WINDOWS\ServicePackFiles\i386\msoeacct.dll
+ 2002-08-29 10:41:06 81,408 ------w C:\WINDOWS\ServicePackFiles\i386\msoert2.dll
+ 2002-08-29 10:41:06 131,072 ------w C:\WINDOWS\ServicePackFiles\i386\msorcl32.dll
+ 2002-08-29 10:41:26 339,968 ------w C:\WINDOWS\ServicePackFiles\i386\mspaint.exe
+ 2002-08-29 10:41:06 348,191 ------w C:\WINDOWS\ServicePackFiles\i386\mspbde40.dll
+ 2002-08-29 10:41:06 175,104 ------w C:\WINDOWS\ServicePackFiles\i386\mspmsp.dll
+ 2002-08-29 10:41:06 132,096 ------w C:\WINDOWS\ServicePackFiles\i386\msrating.dll
+ 2002-08-29 10:41:06 421,919 ------w C:\WINDOWS\ServicePackFiles\i386\msrd2x40.dll
+ 2002-08-29 10:41:08 552,991 ------w C:\WINDOWS\ServicePackFiles\i386\msrepl40.dll
+ 2002-08-29 10:41:08 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\msrle32.dll
+ 2002-08-29 10:41:08 172,032 ------w C:\WINDOWS\ServicePackFiles\i386\mssap.dll
+ 2002-08-29 10:41:08 245,760 ------w C:\WINDOWS\ServicePackFiles\i386\msscp.dll
+ 2002-08-29 10:41:08 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\mst120.dll
+ 2002-08-29 10:41:08 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\mst123.dll
+ 2002-08-29 10:41:08 250,368 ------w C:\WINDOWS\ServicePackFiles\i386\mstask.dll
+ 2002-08-29 08:27:12 4,992 ------w C:\WINDOWS\ServicePackFiles\i386\mstee.sys
+ 2002-08-29 10:41:08 253,983 ------w C:\WINDOWS\ServicePackFiles\i386\mstext40.dll
+ 2002-08-29 10:41:08 496,128 ------w C:\WINDOWS\ServicePackFiles\i386\mstime.dll
+ 2002-08-29 10:41:26 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\mstinit.exe
+ 2002-08-29 08:40:46 388,608 ------w C:\WINDOWS\ServicePackFiles\i386\mstsc.exe
+ 2002-08-29 08:40:52 598,016 ------w C:\WINDOWS\ServicePackFiles\i386\mstscax.dll
+ 2002-08-29 10:41:08 241,725 ------w C:\WINDOWS\ServicePackFiles\i386\msuni11.dll
+ 2002-08-29 10:41:08 182,784 ------w C:\WINDOWS\ServicePackFiles\i386\msutb.dll
+ 2002-08-29 10:41:08 108,544 ------w C:\WINDOWS\ServicePackFiles\i386\msv1_0.dll
+ 2002-08-29 10:41:08 401,462 ------w C:\WINDOWS\ServicePackFiles\i386\msvcp60.dll
+ 2002-08-29 10:41:08 323,072 ------w C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll
+ 2002-08-29 10:41:08 113,664 ------w C:\WINDOWS\ServicePackFiles\i386\msvfw32.dll
+ 2002-08-29 10:41:08 1,220,608 ------w C:\WINDOWS\ServicePackFiles\i386\msvidctl.dll
+ 2002-08-29 10:41:08 192,512 ------w C:\WINDOWS\ServicePackFiles\i386\mswebdvd.dll
+ 2002-08-29 10:41:08 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\msxactps.dll
+ 2002-08-29 10:41:08 344,095 ------w C:\WINDOWS\ServicePackFiles\i386\msxbde40.dll
+ 2002-08-29 10:41:08 699,392 ------w C:\WINDOWS\ServicePackFiles\i386\msxml2.dll
+ 2002-08-29 10:41:08 1,122,304 ------w C:\WINDOWS\ServicePackFiles\i386\msxml3.dll
+ 2002-08-29 10:41:26 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\muisetup.exe
+ 2002-08-29 09:12:54 104,064 ------w C:\WINDOWS\ServicePackFiles\i386\mup.sys
+ 2002-08-29 08:28:36 11,904 ------w C:\WINDOWS\ServicePackFiles\i386\mutohpen.sys
+ 2002-08-29 10:41:08 208,896 ------w C:\WINDOWS\ServicePackFiles\i386\nac.dll
+ 2002-08-29 10:41:08 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\ncobjapi.dll
+ 2002-08-29 10:41:08 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\ncprov.dll
+ 2002-08-29 10:41:08 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\nddenb32.dll
+ 2002-08-29 09:09:26 167,552 ------w C:\WINDOWS\ServicePackFiles\i386\ndis.sys
+ 2002-08-29 10:41:08 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\ndisnpp.dll
+ 2002-08-29 08:35:42 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\ndisuio.sys
+ 2002-08-29 08:58:40 87,552 ------w C:\WINDOWS\ServicePackFiles\i386\ndiswan.sys
+ 2002-08-29 10:41:26 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\net.exe
+ 2002-08-29 10:41:28 115,200 ------w C:\WINDOWS\ServicePackFiles\i386\net1.exe
+ 2002-08-29 10:41:08 309,248 ------w C:\WINDOWS\ServicePackFiles\i386\netapi32.dll
+ 2002-08-29 08:35:46 33,152 ------w C:\WINDOWS\ServicePackFiles\i386\netbios.sys
+ 2002-08-29 09:01:58 157,056 ------w C:\WINDOWS\ServicePackFiles\i386\netbt.sys
+ 2002-08-29 10:41:08 584,192 ------w C:\WINDOWS\ServicePackFiles\i386\netcfgx.dll
+ 2002-08-29 10:41:28 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\netdde.exe
+ 2002-08-29 10:41:08 399,360 ------w C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
+ 2002-08-29 10:41:08 154,112 ------w C:\WINDOWS\ServicePackFiles\i386\netman.dll
+ 2002-08-29 10:41:08 71,168 ------w C:\WINDOWS\ServicePackFiles\i386\netoc.dll
+ 2002-08-29 10:41:08 857,600 ------w C:\WINDOWS\ServicePackFiles\i386\netplwiz.dll
+ 2002-08-29 10:48:26 326,656 ------w C:\WINDOWS\ServicePackFiles\i386\netsetup.exe
+ 2002-08-29 10:41:08 1,622,528 ------w C:\WINDOWS\ServicePackFiles\i386\netshell.dll
+ 2002-08-29 05:59:32 132,695 ------w C:\WINDOWS\ServicePackFiles\i386\netwlan5.sys
+ 2002-08-29 10:41:08 238,080 ------w C:\WINDOWS\ServicePackFiles\i386\newdev.dll
+ 2002-08-29 08:33:32 57,984 ------w C:\WINDOWS\ServicePackFiles\i386\nic1394.sys
+ 2002-08-29 10:41:08 95,744 ------w C:\WINDOWS\ServicePackFiles\i386\nlhtml.dll
+ 2002-08-29 10:41:08 217,088 ------w C:\WINDOWS\ServicePackFiles\i386\nmas.dll
+ 2002-08-29 10:41:08 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\nmasnt.dll
+ 2002-08-29 10:41:08 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\nmchat.dll
+ 2002-08-29 10:41:08 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\nmcom.dll
+ 2002-08-29 10:41:08 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\nmft.dll
+ 2002-08-29 10:41:08 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\nmmkcert.dll
+ 2002-08-29 08:34:34 38,272 ------w C:\WINDOWS\ServicePackFiles\i386\nmnt.sys
+ 2002-08-29 10:41:08 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\nmoldwb.dll
+ 2002-08-29 10:41:08 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\nmwb.dll
+ 2002-08-29 10:41:08 157,696 ------w C:\WINDOWS\ServicePackFiles\i386\npdrmv2.dll
+ 2002-08-29 10:41:08 364,544 ------w C:\WINDOWS\ServicePackFiles\i386\npdsplay.dll
+ 2002-08-29 10:41:28 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\nppagent.exe
+ 2002-08-29 10:41:08 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\npptools.dll
+ 2002-08-29 10:41:08 8,223 ------w C:\WINDOWS\ServicePackFiles\i386\npwmsdrm.dll
+ 2002-08-29 04:08:54 47,580 ------w C:\WINDOWS\ServicePackFiles\i386\ntdetect.com
+ 2002-08-29 10:40:42 668,672 ------w C:\WINDOWS\ServicePackFiles\i386\ntdll.dll
+ 2002-08-29 09:13:40 561,920 ------w C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
+ 2002-08-29 04:22:26 33,808 ------w C:\WINDOWS\ServicePackFiles\i386\ntio.sys
+ 2002-08-29 08:04:56 1,891,840 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrnlmp.exe
+ 2002-08-29 08:04:56 1,947,904 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
+ 2002-08-29 08:04:56 1,920,512 ------w C:\WINDOWS\ServicePackFiles\i386\ntkrpamp.exe
+ 2002-08-29 10:41:08 38,400 ------w C:\WINDOWS\ServicePackFiles\i386\ntlanman.dll
+ 2002-08-29 10:41:08 112,128 ------w C:\WINDOWS\ServicePackFiles\i386\ntmarta.dll
+ 2002-08-29 10:41:08 38,400 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsapi.dll
+ 2002-08-29 10:41:08 165,888 ------w C:\WINDOWS\ServicePackFiles\i386\ntmsdba.dll
+ 2002-08-29 10:41:08 392,704 ------w C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
+ 2002-08-29 09:03:30 2,042,240 ------w C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
+ 2002-08-29 10:41:08 80,896 ------w C:\WINDOWS\ServicePackFiles\i386\ntprint.dll
+ 2002-08-29 10:41:08 137,216 ------w C:\WINDOWS\ServicePackFiles\i386\ntshrui.dll
+ 2002-08-29 10:41:28 395,776 ------w C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe
+ 2002-08-29 10:41:10 3,494,303 ------w C:\WINDOWS\ServicePackFiles\i386\nv4_disp.dll
+ 2002-08-29 06:16:30 891,711 ------w C:\WINDOWS\ServicePackFiles\i386\nv4_mini.sys
+ 2002-08-29 10:41:10 133,632 ------w C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
+ 2002-08-29 10:41:10 328,704 ------w C:\WINDOWS\ServicePackFiles\i386\oakley.dll
+ 2002-08-29 10:41:10 12,800 ------w C:\WINDOWS\ServicePackFiles\i386\ocgen.dll
+ 2002-08-29 10:39:36 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\ocmsn.dll
+ 2002-08-29 10:41:10 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\odbc32.dll
+ 2002-08-29 10:41:10 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\odbc32gt.dll
+ 2002-08-29 10:41:28 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\odbcad32.exe
+ 2002-08-29 10:41:10 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\odbcbcp.dll
+ 2002-08-29 10:41:10 122,880 ------w C:\WINDOWS\ServicePackFiles\i386\odbcconf.dll
+ 2002-08-29 10:41:28 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\odbcconf.exe
+ 2002-08-29 10:41:10 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\odbccp32.dll
+ 2002-08-29 10:41:10 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\odbccr32.dll
+ 2002-08-29 10:41:10 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\odbccu32.dll
+ 2002-08-29 10:39:36 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\odbcp32r.dll
+ 2002-08-29 10:41:10 147,456 ------w C:\WINDOWS\ServicePackFiles\i386\odbctrac.dll
+ 2002-08-29 10:41:10 109,568 ------w C:\WINDOWS\ServicePackFiles\i386\offfilt.dll
+ 2002-08-29 08:33:20 55,680 ------w C:\WINDOWS\ServicePackFiles\i386\ohci1394.sys
+ 2002-08-29 10:41:10 1,169,920 ------w C:\WINDOWS\ServicePackFiles\i386\ole32.dll
+ 2002-08-29 10:41:10 569,344 ------w C:\WINDOWS\ServicePackFiles\i386\oleaut32.dll
+ 2002-08-29 10:41:10 413,696 ------w C:\WINDOWS\ServicePackFiles\i386\oledb32.dll
+ 2002-08-29 10:41:10 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\oleprn.dll
+ 2002-08-29 10:41:28 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\oobebaln.exe
+ 2002-08-29 10:41:10 686,080 ------w C:\WINDOWS\ServicePackFiles\i386\opengl32.dll
+ 2002-08-29 08:06:18 157,696 ------w C:\WINDOWS\ServicePackFiles\i386\oschoice.exe
+ 2002-08-29 10:41:28 212,480 ------w C:\WINDOWS\ServicePackFiles\i386\osk.exe
+ 2002-08-29 08:05:20 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\osloader.exe
+ 2002-08-29 08:05:06 37,504 ------w C:\WINDOWS\ServicePackFiles\i386\p3.sys
+ 2002-08-29 10:41:28 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\packager.exe
+ 2002-08-29 08:27:32 76,032 ------w C:\WINDOWS\ServicePackFiles\i386\parport.sys
+ 2002-08-29 10:41:10 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\pautoenr.dll
+ 2002-08-29 10:41:10 97,792 ------w C:\WINDOWS\ServicePackFiles\i386\pchshell.dll
+ 2002-08-29 10:41:10 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\pchsvc.dll
+ 2002-08-29 08:09:12 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\pci.sys
+ 2002-08-29 08:27:48 23,680 ------w C:\WINDOWS\ServicePackFiles\i386\pciidex.sys
+ 2002-08-29 08:09:12 115,712 ------w C:\WINDOWS\ServicePackFiles\i386\pcmcia.sys
+ 2002-08-29 05:59:16 169,984 ------w C:\WINDOWS\ServicePackFiles\i386\pcx500.sys
+ 2002-08-29 10:41:10 254,976 ------w C:\WINDOWS\ServicePackFiles\i386\pdh.dll
+ 2002-08-29 08:31:58 26,752 ------w C:\WINDOWS\ServicePackFiles\i386\perm2.sys
+ 2002-08-29 10:40:44 210,304 ------w C:\WINDOWS\ServicePackFiles\i386\perm2dll.dll
+ 2002-08-29 08:31:58 27,008 ------w C:\WINDOWS\ServicePackFiles\i386\perm3.sys
+ 2002-08-29 10:40:44 252,672 ------w C:\WINDOWS\ServicePackFiles\i386\perm3dd.dll
+ 2002-08-29 09:41:00 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\pid.dll
+ 2002-08-29 08:08:22 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\pidgen.dll
+ 2002-08-29 10:41:28 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ping.exe
+ 2002-08-29 10:41:10 34,304 ------w C:\WINDOWS\ServicePackFiles\i386\pngfilt.dll
+ 2002-08-29 07:37:46 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\popc.dll
+ 2002-08-29 09:01:00 134,272 ------w C:\WINDOWS\ServicePackFiles\i386\portcls.sys
+ 2002-08-29 08:28:06 16,640 ------w C:\WINDOWS\ServicePackFiles\i386\ppa3.sys
+ 2002-08-29 10:41:10 522,240 ------w C:\WINDOWS\ServicePackFiles\i386\printui.dll
+ 2002-08-29 08:05:06 30,592 ------w C:\WINDOWS\ServicePackFiles\i386\processr.sys
+ 2002-08-29 10:41:10 130,048 ------w C:\WINDOWS\ServicePackFiles\i386\ps5ui.dll
+ 2002-08-29 10:41:10 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\psapi.dll
+ 2002-08-29 10:41:10 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\psbase.dll
+ 2002-08-29 08:35:56 66,048 ------w C:\WINDOWS\ServicePackFiles\i386\psched.sys
+ 2002-08-29 10:41:10 455,168 ------w C:\WINDOWS\ServicePackFiles\i386\pscript5.dll
+ 2002-08-29 10:41:10 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\ptpusd.dll
+ 2002-08-29 10:41:10 184,832 ------w C:\WINDOWS\ServicePackFiles\i386\qcap.dll
+ 2002-08-29 10:41:10 357,376 ------w C:\WINDOWS\ServicePackFiles\i386\qdvd.dll
+ 2002-08-29 10:41:10 511,488 ------w C:\WINDOWS\ServicePackFiles\i386\qedit.dll
+ 2002-08-29 10:41:10 221,696 ------w C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
+ 2002-08-29 10:41:10 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\qmgrprxy.dll
+ 2002-08-29 10:41:10 1,142,784 ------w C:\WINDOWS\ServicePackFiles\i386\quartz.dll
+ 2002-08-29 10:41:10 1,349,120 ------w C:\WINDOWS\ServicePackFiles\i386\query.dll
+ 2002-08-29 08:28:34 19,712 ------w C:\WINDOWS\ServicePackFiles\i386\ramdisk.sys
+ 2002-08-29 10:41:10 217,088 ------w C:\WINDOWS\ServicePackFiles\i386\rasapi32.dll
+ 2002-08-29 10:41:10 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\raschap.dll
+ 2002-08-29 10:41:10 631,808 ------w C:\WINDOWS\ServicePackFiles\i386\rasdlg.dll
+ 2002-08-29 09:06:38 48,384 ------w C:\WINDOWS\ServicePackFiles\i386\rasl2tp.sys
+ 2002-08-29 10:41:10 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\rasman.dll
+ 2002-08-29 10:41:10 158,720 ------w C:\WINDOWS\ServicePackFiles\i386\rasmans.dll
+ 2002-08-29 10:41:10 193,536 ------w C:\WINDOWS\ServicePackFiles\i386\rasppp.dll
+ 2002-08-29 09:12:48 46,336 ------w C:\WINDOWS\ServicePackFiles\i386\raspptp.sys
+ 2002-08-29 10:41:10 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\rassapi.dll
+ 2002-08-29 10:41:10 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\rastapi.dll
+ 2002-08-29 10:41:10 91,136 ------w C:\WINDOWS\ServicePackFiles\i386\rastls.dll
+ 2002-08-29 10:41:28 34,304 ------w C:\WINDOWS\ServicePackFiles\i386\rcimlby.exe
+ 2002-08-29 08:58:50 163,328 ------w C:\WINDOWS\ServicePackFiles\i386\rdbss.sys
+ 2002-08-29 10:41:10 135,680 ------w C:\WINDOWS\ServicePackFiles\i386\rdchost.dll
+ 2002-08-29 10:41:28 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\rdpclip.exe
+ 2002-08-29 10:46:44 87,304 ------w C:\WINDOWS\ServicePackFiles\i386\rdpdd.dll
+ 2002-08-29 08:06:36 182,400 ------w C:\WINDOWS\ServicePackFiles\i386\rdpdr.sys
+ 2002-08-29 10:41:10 14,848 ------w C:\WINDOWS\ServicePackFiles\i386\rdpsnd.dll
+ 2002-08-29 10:46:44 115,976 ------w C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys
+ 2002-08-29 10:46:44 75,912 ------w C:\WINDOWS\ServicePackFiles\i386\rdpwsx.dll
+ 2002-08-29 10:41:28 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\rdsaddin.exe
+ 2002-08-29 08:27:46 56,576 ------w C:\WINDOWS\ServicePackFiles\i386\redbook.sys
+ 2002-08-29 04:24:16 3,338 ------w C:\WINDOWS\ServicePackFiles\i386\redir.exe
+ 2002-08-29 10:41:28 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\reg.exe
+ 2002-08-29 10:41:10 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\regapi.dll
+ 2002-08-29 10:41:28 134,144 ------w C:\WINDOWS\ServicePackFiles\i386\regedit.exe
+ 2002-08-29 10:41:10 56,320 ------w C:\WINDOWS\ServicePackFiles\i386\remotepg.dll
+ 2002-08-29 10:41:10 138,240 ------w C:\WINDOWS\ServicePackFiles\i386\repdrvfs.dll
+ 2002-08-29 10:41:10 423,424 ------w C:\WINDOWS\ServicePackFiles\i386\riched20.dll
+ 2002-08-29 10:41:10 530,432 ------w C:\WINDOWS\ServicePackFiles\i386\rpcrt4.dll
+ 2002-08-29 10:41:10 260,608 ------w C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
+ 2002-08-29 10:41:10 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\rrcm.dll
+ 2002-08-29 05:27:32 133,632 ------w C:\WINDOWS\ServicePackFiles\i386\rsaenh.dll
+ 2002-08-29 10:41:10 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\rshx32.dll
+ 2002-08-29 10:41:28 370,688 ------w C:\WINDOWS\ServicePackFiles\i386\rstrui.exe
+ 2002-08-29 10:41:10 548,864 ------w C:\WINDOWS\ServicePackFiles\i386\rtcdll.dll
+ 2002-08-21 03:30:08 203,112 ------w C:\WINDOWS\ServicePackFiles\i386\rtcimsp.dll
+ 2002-08-29 10:41:28 74,240 ------w C:\WINDOWS\ServicePackFiles\i386\rtcshare.exe
+ 2002-08-29 10:41:28 12,800 ------w C:\WINDOWS\ServicePackFiles\i386\runonce.exe
+ 2002-08-29 10:41:12 54,784 ------w C:\WINDOWS\ServicePackFiles\i386\samlib.dll
+ 2002-08-29 10:41:12 696,320 ------w C:\WINDOWS\ServicePackFiles\i386\sapi.dll
+ 2002-08-29 10:41:28 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\savedump.exe
+ 2002-08-29 10:41:12 218,112 ------w C:\WINDOWS\ServicePackFiles\i386\sbe.dll
+ 2002-08-29 10:41:12 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\sbeio.dll
+ 2002-08-29 08:27:58 38,528 ------w C:\WINDOWS\ServicePackFiles\i386\sbp2port.sys
+ 2002-08-29 05:27:34 169,984 ------w C:\WINDOWS\ServicePackFiles\i386\sccbase.dll
+ 2002-08-29 10:41:12 171,008 ------w C:\WINDOWS\ServicePackFiles\i386\sccsccp.dll
+ 2002-08-29 10:41:12 174,592 ------w C:\WINDOWS\ServicePackFiles\i386\scecli.dll
+ 2002-08-29 10:41:12 297,984 ------w C:\WINDOWS\ServicePackFiles\i386\scesrv.dll
+ 2002-08-29 10:41:12 136,704 ------w C:\WINDOWS\ServicePackFiles\i386\schannel.dll
+ 2002-08-29 10:41:12 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll
+ 2002-08-29 10:41:12 173,056 ------w C:\WINDOWS\ServicePackFiles\i386\script.dll
+ 2002-08-29 10:41:12 158,720 ------w C:\WINDOWS\ServicePackFiles\i386\script_a.dll
+ 2002-08-29 10:41:30 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\scrnsave.scr
+ 2002-08-29 08:27:50 90,240 ------w C:\WINDOWS\ServicePackFiles\i386\scsiport.sys
+ 2002-08-29 10:41:28 71,168 ------w C:\WINDOWS\ServicePackFiles\i386\sdbinst.exe
+ 2001-08-18 18:00:00 27,440 ------w C:\WINDOWS\ServicePackFiles\i386\secdrv.sys
+ 2002-04-11 00:18:00 4,573 ------w C:\WINDOWS\ServicePackFiles\i386\secupd.dat
+ 2002-08-29 10:41:12 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\secur32.dll
+ 2002-08-29 10:41:12 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\sens.dll
+ 2002-08-29 10:41:12 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\sensapi.dll
+ 2002-08-29 09:08:28 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\serial.sys
+ 2002-08-29 10:41:28 129,024 ------w C:\WINDOWS\ServicePackFiles\i386\sessmgr.exe
+ 2002-08-29 10:41:28 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\setup.exe
+ 2002-08-29 10:41:28 221,184 ------w C:\WINDOWS\ServicePackFiles\i386\setup_wm.exe
+ 2002-08-29 10:41:28 67,584 ------w C:\WINDOWS\ServicePackFiles\i386\setup50.exe
+ 2002-08-29 10:41:12 932,864 ------w C:\WINDOWS\ServicePackFiles\i386\setupapi.dll
+ 2002-08-29 10:41:12 99,328 ------w C:\WINDOWS\ServicePackFiles\i386\setupqry.dll
+ 2002-08-29 10:41:12 133,120 ------w C:\WINDOWS\ServicePackFiles\i386\sfc_os.dll
+ 2002-08-29 10:41:12 1,157,632 ------w C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
+ 2002-08-29 08:27:58 10,496 ------w C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
+ 2002-08-29 10:41:12 1,341,440 ------w C:\WINDOWS\ServicePackFiles\i386\shdocvw.dll
+ 2002-08-29 10:41:12 8,336,384 ------w C:\WINDOWS\ServicePackFiles\i386\shell32.dll
+ 2002-08-29 10:41:12 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\shfolder.dll
+ 2002-08-29 10:41:12 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\shgina.dll
+ 2002-08-29 10:41:12 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\shimeng.dll
+ 2002-08-29 10:41:12 420,864 ------w C:\WINDOWS\ServicePackFiles\i386\shimgvw.dll
+ 2002-08-29 10:41:12 401,920 ------w C:\WINDOWS\ServicePackFiles\i386\shlwapi.dll
+ 2002-08-29 10:41:28 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\shmgrate.exe
+ 2002-08-29 10:41:12 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll
+ 2002-08-29 10:41:12 20,536 ------w C:\WINDOWS\ServicePackFiles\i386\shtml.dll
+ 2002-08-29 10:41:28 16,437 ------w C:\WINDOWS\ServicePackFiles\i386\shtml.exe
+ 2002-08-29 10:41:12 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\sigtab.dll
+ 2002-08-29 10:41:28 66,048 ------w C:\WINDOWS\ServicePackFiles\i386\sigverif.exe
+ 2002-08-29 10:41:28 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\skeys.exe
+ 2002-08-29 05:59:32 63,547 ------w C:\WINDOWS\ServicePackFiles\i386\sla30nd5.sys
+ 2002-08-29 10:41:12 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\slayerxp.dll
+ 2002-08-29 08:09:04 5,504 ------w C:\WINDOWS\ServicePackFiles\i386\smbali.sys
+ 2002-08-29 08:09:02 14,976 ------w C:\WINDOWS\ServicePackFiles\i386\smbbatt.sys
+ 2002-08-29 08:09:04 6,656 ------w C:\WINDOWS\ServicePackFiles\i386\smbclass.sys
+ 2002-08-29 10:41:28 226,304 ------w C:\WINDOWS\ServicePackFiles\i386\smi2smir.exe
+ 2002-08-29 10:41:12 334,848 ------w C:\WINDOWS\ServicePackFiles\i386\smlogcfg.dll
+ 2002-08-29 10:41:28 82,944 ------w C:\WINDOWS\ServicePackFiles\i386\smlogsvc.exe
+ 2002-08-29 10:41:28 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\smss.exe
+ 2002-08-29 10:41:14 431,616 ------w C:\WINDOWS\ServicePackFiles\i386\smtpsvc.dll
+ 2002-08-29 10:41:28 4,608 ------w C:\WINDOWS\ServicePackFiles\i386\snchk.exe
+ 2002-08-29 10:41:28 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\snmp.exe
+ 2002-08-29 10:41:14 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\snmpapi.dll
+ 2002-08-29 10:41:14 246,784 ------w C:\WINDOWS\ServicePackFiles\i386\snmpcl.dll
+ 2002-08-29 10:41:14 345,600 ------w C:\WINDOWS\ServicePackFiles\i386\snmpincl.dll
+ 2002-08-29 10:41:14 182,784 ------w C:\WINDOWS\ServicePackFiles\i386\snmpsmir.dll
+ 2002-08-29 10:41:14 36,864 ------w C:\WINDOWS\ServicePackFiles\i386\snmpthrd.dll
+ 2002-08-29 10:41:14 121,344 ------w C:\WINDOWS\ServicePackFiles\i386\softkbd.dll
+ 2002-08-29 08:33:16 24,448 ------w C:\WINDOWS\ServicePackFiles\i386\sonydcam.sys
+ 2002-08-29 08:11:52 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\spgrmr.dll
+ 2002-08-29 10:41:28 534,016 ------w C:\WINDOWS\ServicePackFiles\i386\spider.exe
+ 2002-08-29 08:32:28 5,888 ------w C:\WINDOWS\ServicePackFiles\i386\splitter.sys
+ 2002-08-29 10:41:14 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\spoolss.dll
+ 2002-08-29 10:41:18 235,520 ------w C:\WINDOWS\ServicePackFiles\i386\sptip.dll
+ 2002-07-12 03:47:56 471,040 ------w C:\WINDOWS\ServicePackFiles\i386\sqloledb.dll
+ 2002-08-08 01:25:02 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\sqlsrv32.dll
+ 2002-08-29 10:41:18 196,608 ------w C:\WINDOWS\ServicePackFiles\i386\sqlxmlx.dll
+ 2002-08-29 08:17:58 69,248 ------w C:\WINDOWS\ServicePackFiles\i386\sr.sys
+ 2002-08-29 10:41:18 798,782 ------w C:\WINDOWS\ServicePackFiles\i386\srchui.dll
+ 2002-08-29 10:41:18 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\srclient.dll
+ 2002-08-29 10:41:18 226,304 ------w C:\WINDOWS\ServicePackFiles\i386\srrstr.dll
+ 2002-08-29 10:41:18 158,720 ------w C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
+ 2002-08-29 10:41:30 667,648 ------w C:\WINDOWS\ServicePackFiles\i386\ss3dfo.scr
+ 2002-08-29 10:41:30 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\ssbezier.scr
+ 2002-08-29 10:41:18 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ssdpapi.dll
+ 2002-08-29 10:41:18 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll
+ 2002-08-29 10:41:30 364,544 ------w C:\WINDOWS\ServicePackFiles\i386\ssflwbox.scr
+ 2002-08-29 10:41:30 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\ssmarque.scr
+ 2002-08-29 10:41:30 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\ssmyst.scr
+ 2002-08-29 10:41:32 569,344 ------w C:\WINDOWS\ServicePackFiles\i386\sspipes.scr
+ 2002-08-29 10:41:32 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\ssstars.scr
+ 2002-08-29 10:41:32 638,976 ------w C:\WINDOWS\ServicePackFiles\i386\sstext3d.scr
+ 2002-08-29 10:41:18 80,896 ------w C:\WINDOWS\ServicePackFiles\i386\stdprov.dll
+ 2002-08-29 10:41:18 61,952 ------w C:\WINDOWS\ServicePackFiles\i386\sti.dll
+ 2002-08-29 10:41:18 130,560 ------w C:\WINDOWS\ServicePackFiles\i386\sti_ci.dll
+ 2002-08-29 10:41:18 117,760 ------w C:\WINDOWS\ServicePackFiles\i386\stobject.dll
+ 2002-08-29 10:41:18 71,168 ------w C:\WINDOWS\ServicePackFiles\i386\storprop.dll
+ 2002-08-29 08:32:34 44,416 ------w C:\WINDOWS\ServicePackFiles\i386\stream.sys
+ 2002-08-29 10:41:18 251,904 ------w C:\WINDOWS\ServicePackFiles\i386\strmdll.dll
+ 2002-08-29 10:41:28 16,449 ------w C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvadm.exe
+ 2002-08-29 10:41:28 65,601 ------w C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvwin.exe
+ 2002-08-29 10:41:18 674,816 ------w C:\WINDOWS\ServicePackFiles\i386\sxs.dll
+ 2002-08-29 09:01:18 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\sysaudio.sys
+ 2002-08-29 10:41:18 141,312 ------w C:\WINDOWS\ServicePackFiles\i386\sysmod.dll
+ 2002-08-29 10:41:18 130,048 ------w C:\WINDOWS\ServicePackFiles\i386\sysmod_a.dll
+ 2002-08-29 10:41:18 938,496 ------w C:\WINDOWS\ServicePackFiles\i386\syssetup.dll
+ 2002-08-29 08:28:00 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\tape.sys
+ 2002-08-29 10:41:18 165,376 ------w C:\WINDOWS\ServicePackFiles\i386\tapi32.dll
+ 2002-08-29 10:41:18 233,984 ------w C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll
+ 2002-08-29 10:41:28 128,512 ------w C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe
+ 2002-08-29 08:58:12 332,928 ------w C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
+ 2002-08-29 08:37:54 196,288 ------w C:\WINDOWS\ServicePackFiles\i386\tcpip6.sys
+ 2002-08-29 10:41:28 32,827 ------w C:\WINDOWS\ServicePackFiles\i386\tcptest.exe
+ 2002-05-15 01:16:22 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\tcptsat.dll
+ 2002-08-29 10:41:28 71,168 ------w C:\WINDOWS\ServicePackFiles\i386\telnet.exe
+ 2002-08-29 10:46:42 38,024 ------w C:\WINDOWS\ServicePackFiles\i386\termdd.sys
+ 2002-08-29 10:41:18 200,192 ------w C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
+ 2002-08-29 08:28:00 143,104 ------w C:\WINDOWS\ServicePackFiles\i386\tffsport.sys
+ 2002-08-29 10:41:18 384,000 ------w C:\WINDOWS\ServicePackFiles\i386\themeui.dll
+ 2002-08-29 10:41:28 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\tracert.exe
+ 2002-08-29 10:41:18 146,432 ------w C:\WINDOWS\ServicePackFiles\i386\triedit.dll
+ 2002-08-29 10:41:18 81,920 ------w C:\WINDOWS\ServicePackFiles\i386\trkwks.dll
+ 2002-08-29 10:41:18 88,064 ------w C:\WINDOWS\ServicePackFiles\i386\tscfgwmi.dll
+ 2002-08-29 08:40:46 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\tscupgrd.exe
+ 2002-08-29 10:41:18 113,664 ------w C:\WINDOWS\ServicePackFiles\i386\tsoc.dll
+ 2002-08-29 08:35:44 9,856 ------w C:\WINDOWS\ServicePackFiles\i386\tunmp.sys
+ 2002-08-29 08:06:20 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\udfs.sys
+ 2002-08-29 10:41:18 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\udhisapi.dll
+ 2002-08-29 10:41:18 32,256 ------w C:\WINDOWS\ServicePackFiles\i386\umandlg.dll
+ 2002-08-29 10:41:18 107,008 ------w C:\WINDOWS\ServicePackFiles\i386\umpnpmgr.dll
+ 2002-08-29 10:41:18 252,416 ------w C:\WINDOWS\ServicePackFiles\i386\unidrv.dll
+ 2002-08-29 10:41:18 197,120 ------w C:\WINDOWS\ServicePackFiles\i386\unidrvui.dll
+ 2002-08-29 10:41:28 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\unregmp2.exe
+ 2002-08-29 10:41:18 302,080 ------w C:\WINDOWS\ServicePackFiles\i386\untfs.dll
+ 2002-08-29 10:41:18 120,320 ------w C:\WINDOWS\ServicePackFiles\i386\upnp.dll
+ 2002-08-29 10:41:18 164,864 ------w C:\WINDOWS\ServicePackFiles\i386\upnphost.dll
+ 2002-08-29 10:41:18 231,424 ------w C:\WINDOWS\ServicePackFiles\i386\upnpui.dll
+ 2002-08-29 10:41:28 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ups.exe
+ 2002-08-29 10:41:18 106,496 ------w C:\WINDOWS\ServicePackFiles\i386\url.dll
+ 2002-08-29 10:41:18 455,680 ------w C:\WINDOWS\ServicePackFiles\i386\urlmon.dll
+ 2002-08-29 05:59:22 32,384 ------w C:\WINDOWS\ServicePackFiles\i386\usb101et.sys
+ 2002-08-29 08:32:32 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\usbaudio.sys
+ 2002-08-29 08:32:54 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\usbccgp.sys
+ 2002-08-29 08:32:50 19,328 ------w C:\WINDOWS\ServicePackFiles\i386\usbehci.sys
+ 2002-08-29 08:32:50 51,968 ------w C:\WINDOWS\ServicePackFiles\i386\usbhub.sys
+ 2002-08-29 08:32:56 15,232 ------w C:\WINDOWS\ServicePackFiles\i386\usbintel.sys
+ 2002-08-29 08:32:50 15,744 ------w C:\WINDOWS\ServicePackFiles\i386\usbohci.sys
+ 2002-08-29 08:32:52 135,552 ------w C:\WINDOWS\ServicePackFiles\i386\usbport.sys
+ 2002-08-29 08:50:02 24,960 ------w C:\WINDOWS\ServicePackFiles\i386\usbprint.sys
+ 2002-08-29 08:48:52 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\usbscan.sys
+ 2002-08-29 08:32:52 21,760 ------w C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
+ 2002-08-29 08:32:50 19,328 ------w C:\WINDOWS\ServicePackFiles\i386\usbuhci.sys
+ 2002-08-29 10:41:18 560,128 ------w C:\WINDOWS\ServicePackFiles\i386\user32.dll
+ 2002-08-29 10:41:18 667,136 ------w C:\WINDOWS\ServicePackFiles\i386\userenv.dll
+ 2002-08-29 10:41:28 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\userinit.exe
+ 2002-08-29 10:41:18 339,456 ------w C:\WINDOWS\ServicePackFiles\i386\usp10.dll
+ 2002-08-29 10:41:28 47,616 ------w C:\WINDOWS\ServicePackFiles\i386\utilman.exe
+ 2002-08-29 10:41:18 203,264 ------w C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
+ 2002-08-29 10:41:18 479,261 ------w C:\WINDOWS\ServicePackFiles\i386\vbscript.dll
+ 2002-08-29 10:41:18 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\vdmredir.dll
+ 2002-08-29 10:41:18 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\vfwwdm32.dll
+ 2002-08-29 08:32:04 19,712 ------w C:\WINDOWS\ServicePackFiles\i386\vga.sys
+ 2002-08-29 10:41:18 802,304 ------w C:\WINDOWS\ServicePackFiles\i386\vgx.dll
+ 2002-08-29 08:27:50 4,864 ------w C:\WINDOWS\ServicePackFiles\i386\viaide.sys
+ 2002-08-29 08:32:06 70,912 ------w C:\WINDOWS\ServicePackFiles\i386\videoprt.sys
+ 2002-08-29 10:41:18 409,088 ------w C:\WINDOWS\ServicePackFiles\i386\vssapi.dll
+ 2002-08-29 10:41:18 165,376 ------w C:\WINDOWS\ServicePackFiles\i386\w32time.dll
+ 2002-08-29 10:41:18 444,928 ------w C:\WINDOWS\ServicePackFiles\i386\w95upgnt.dll
+ 2002-08-29 10:41:18 459,776 ------w C:\WINDOWS\ServicePackFiles\i386\wab32.dll
+ 2002-08-29 10:39:24 249,344 ------w C:\WINDOWS\ServicePackFiles\i386\wab32res.dll
+ 2002-08-29 08:28:36 13,056 ------w C:\WINDOWS\ServicePackFiles\i386\wacompen.sys
+ 2002-08-29 08:32:22 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\watchdog.sys
+ 2002-08-29 10:41:18 215,040 ------w C:\WINDOWS\ServicePackFiles\i386\wbemcomn.dll
+ 2002-08-29 10:41:18 480,256 ------w C:\WINDOWS\ServicePackFiles\i386\wbemcore.dll
+ 2002-08-29 10:41:18 259,072 ------w C:\WINDOWS\ServicePackFiles\i386\wbemess.dll
+ 2002-08-29 10:41:18 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\wbemprox.dll
+ 2002-08-29 10:41:18 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\wbemupgd.dll
+ 2002-08-29 09:00:48 77,440 ------w C:\WINDOWS\ServicePackFiles\i386\wdmaud.sys
+ 2002-08-29 10:41:18 258,048 ------w C:\WINDOWS\ServicePackFiles\i386\webcheck.dll
+ 2002-08-29 10:41:18 61,952 ------w C:\WINDOWS\ServicePackFiles\i386\webclnt.dll
+ 2002-08-29 10:41:18 124,928 ------w C:\WINDOWS\ServicePackFiles\i386\webvw.dll
+ 2002-08-29 10:41:28 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\wextract.exe
+ 2002-08-29 10:41:18 119,808 ------w C:\WINDOWS\ServicePackFiles\i386\wiadss.dll
+ 2002-08-29 10:41:18 316,416 ------w C:\WINDOWS\ServicePackFiles\i386\wiaservc.dll
+ 2002-08-29 09:14:20 1,813,632 ------w C:\WINDOWS\ServicePackFiles\i386\win32k.sys
+ 2002-08-29 10:41:18 99,328 ------w C:\WINDOWS\ServicePackFiles\i386\win32spl.dll
+ 2002-08-29 08:09:00 403,456 ------w C:\WINDOWS\ServicePackFiles\i386\winbrand.dll
+ 2002-08-29 10:41:28 266,752 ------w C:\WINDOWS\ServicePackFiles\i386\winhlp32.exe
+ 2002-08-29 10:41:18 310,272 ------w C:\WINDOWS\ServicePackFiles\i386\winhttp.dll
+ 2002-08-29 10:41:18 599,040 ------w C:\WINDOWS\ServicePackFiles\i386\wininet.dll
+ 2002-08-29 10:41:28 516,608 ------w C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
+ 2002-08-29 10:41:18 171,520 ------w C:\WINDOWS\ServicePackFiles\i386\winmm.dll
+ 2002-08-29 10:41:32 132,096 ------w C:\WINDOWS\ServicePackFiles\i386\winspool.drv
+ 2002-08-29 10:41:18 276,480 ------w C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
+ 2002-08-29 10:41:18 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\winsta.dll
+ 2002-08-29 10:41:18 168,448 ------w

ccogswel · May 11, 2008

C:\WINDOWS\ServicePackFiles\i386\wldap32.dll
+ 2002-08-29 05:59:26 154,624 ------w C:\WINDOWS\ServicePackFiles\i386\wlluc48.sys
+ 2002-08-29 10:41:18 86,528 ------w C:\WINDOWS\ServicePackFiles\i386\wlnotify.dll
+ 2002-08-29 10:41:18 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\wmadmod.dll
+ 2002-08-29 10:41:18 442,398 ------w C:\WINDOWS\ServicePackFiles\i386\wmadmoe.dll
+ 2002-08-29 10:41:18 274,432 ------w C:\WINDOWS\ServicePackFiles\i386\wmasf.dll
+ 2002-08-29 10:39:24 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\wmerrenu.dll
+ 2002-08-29 10:41:18 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\wmicookr.dll
+ 2002-08-29 10:41:18 138,752 ------w C:\WINDOWS\ServicePackFiles\i386\wmidcprv.dll
+ 2002-08-29 10:41:18 149,504 ------w C:\WINDOWS\ServicePackFiles\i386\wmipcima.dll
+ 2002-08-29 10:41:18 122,368 ------w C:\WINDOWS\ServicePackFiles\i386\wmiprov.dll
+ 2002-08-29 10:41:18 408,576 ------w C:\WINDOWS\ServicePackFiles\i386\wmiprvsd.dll
+ 2002-08-29 10:41:28 203,776 ------w C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe
+ 2002-08-29 10:41:18 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\wmipsess.dll
+ 2002-08-29 10:41:18 101,376 ------w C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
+ 2002-08-29 10:41:18 96,256 ------w C:\WINDOWS\ServicePackFiles\i386\wmiutils.dll
+ 2002-08-29 10:41:18 110,648 ------w C:\WINDOWS\ServicePackFiles\i386\wmmfilt.dll
+ 2002-08-29 10:39:24 319,542 ------w C:\WINDOWS\ServicePackFiles\i386\wmmres.dll
+ 2002-08-29 10:41:18 163,897 ------w C:\WINDOWS\ServicePackFiles\i386\wmmutil.dll
+ 2002-08-29 10:41:18 253,952 ------w C:\WINDOWS\ServicePackFiles\i386\wmnetmgr.dll
+ 2002-08-29 10:41:18 253,952 ------w C:\WINDOWS\ServicePackFiles\i386\wmpcd.dll
+ 2002-08-29 10:41:18 1,298,432 ------w C:\WINDOWS\ServicePackFiles\i386\wmpcore.dll
+ 2002-08-29 10:41:28 520,192 ------w C:\WINDOWS\ServicePackFiles\i386\wmplayer.exe
+ 2002-08-29 10:39:24 1,998,848 ------w C:\WINDOWS\ServicePackFiles\i386\wmploc.dll
+ 2002-08-29 10:41:18 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\wmpshell.dll
+ 2002-08-29 10:41:28 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\wmpstub.exe
+ 2002-08-29 10:41:18 1,404,928 ------w C:\WINDOWS\ServicePackFiles\i386\wmpui.dll
+ 2002-08-29 10:41:18 520,192 ------w C:\WINDOWS\ServicePackFiles\i386\wmpvis.dll
+ 2002-08-29 10:41:18 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\wmsdmod.dll
+ 2002-08-29 10:41:18 118,784 ------w C:\WINDOWS\ServicePackFiles\i386\wmsdmoe.dll
+ 2002-08-29 10:41:18 296,448 ------w C:\WINDOWS\ServicePackFiles\i386\wmstream.dll
+ 2002-08-29 10:41:18 311,327 ------w C:\WINDOWS\ServicePackFiles\i386\wmv8dmod.dll
+ 2002-08-29 10:41:20 1,220,608 ------w C:\WINDOWS\ServicePackFiles\i386\wmvcore.dll
+ 2002-08-29 10:41:20 1,677,312 ------w C:\WINDOWS\ServicePackFiles\i386\wmvcore2.dll
+ 2002-08-29 10:41:20 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\wmvdmod.dll
+ 2002-08-29 10:41:20 446,464 ------w C:\WINDOWS\ServicePackFiles\i386\wmvdmoe.dll
+ 2002-08-29 10:41:28 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\wordpad.exe
+ 2002-08-29 10:41:20 247,808 ------w C:\WINDOWS\ServicePackFiles\i386\wow32.dll
+ 2002-08-29 10:41:20 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\wship6.dll
+ 2002-08-29 10:41:20 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\wsnmp32.dll
+ 2002-08-29 10:41:20 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\wtsapi32.dll
+ 2002-08-29 10:41:28 139,776 ------w C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
+ 2002-08-29 10:41:20 189,440 ------w C:\WINDOWS\ServicePackFiles\i386\wuaueng.dll
+ 2002-08-29 10:41:20 9,216 ------w C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
+ 2002-08-29 10:41:20 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\wzcdlg.dll
+ 2002-08-29 10:41:20 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\wzcsapi.dll
+ 2002-08-29 10:41:20 264,704 ------w C:\WINDOWS\ServicePackFiles\i386\wzcsvc.dll
+ 2002-08-29 10:41:20 86,016 ------w C:\WINDOWS\ServicePackFiles\i386\xactsrv.dll
+ 2002-07-17 01:55:02 172,664 ------w C:\WINDOWS\ServicePackFiles\i386\xenroll.dll
+ 2002-08-29 08:03:28 187,904 ------w C:\WINDOWS\ServicePackFiles\i386\xpsp1res.dll
+ 2002-08-29 10:41:20 316,416 ------w C:\WINDOWS\ServicePackFiles\i386\zipfldr.dll
- 2001-08-18 10:00:00 794,686 ----a-w C:\WINDOWS\srchasst\srchui.dll
+ 2002-08-29 10:41:18 798,782 ----a-w C:\WINDOWS\srchasst\srchui.dll
- 2001-08-18 18:00:00 131,584 ----a-w C:\WINDOWS\system\WINSPOOL.DRV
+ 2002-08-29 10:41:32 132,096 ----a-w C:\WINDOWS\system\winspool.drv
- 2001-08-18 18:00:00 35,840 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2002-08-29 10:40:48 59,392 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2001-08-18 18:00:00 160,768 ----a-w C:\WINDOWS\system32\adsldp.dll
+ 2002-08-29 10:40:48 162,816 ----a-w C:\WINDOWS\system32\adsldp.dll
- 2001-08-18 18:00:00 139,264 ----a-w C:\WINDOWS\system32\adsldpc.dll
+ 2002-08-29 10:40:48 139,776 ----a-w C:\WINDOWS\system32\adsldpc.dll
- 2001-08-18 18:00:00 62,464 ----a-w C:\WINDOWS\system32\adsmsext.dll
+ 2002-08-29 10:40:48 62,464 ----a-w C:\WINDOWS\system32\adsmsext.dll
- 2001-08-18 18:00:00 239,616 ----a-w C:\WINDOWS\system32\adsnt.dll
+ 2002-08-29 10:40:48 239,616 ----a-w C:\WINDOWS\system32\adsnt.dll
- 2001-08-18 18:00:00 549,888 ----a-w C:\WINDOWS\system32\advapi32.dll
+ 2002-08-29 10:40:48 558,080 ----a-w C:\WINDOWS\system32\advapi32.dll
- 2001-08-18 18:00:00 91,136 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2002-08-29 10:40:48 91,136 ----a-w C:\WINDOWS\system32\advpack.dll
- 2001-08-18 18:00:00 84,992 ----a-w C:\WINDOWS\system32\ahui.exe
+ 2002-08-29 10:41:20 91,648 ----a-w C:\WINDOWS\system32\ahui.exe
- 2001-08-18 18:00:00 40,960 ----a-w C:\WINDOWS\system32\alg.exe
+ 2002-08-29 10:41:20 41,984 ----a-w C:\WINDOWS\system32\alg.exe
- 2001-08-18 18:00:00 104,448 ----a-w C:\WINDOWS\system32\apphelp.dll
+ 2002-08-29 10:40:48 115,712 ----a-w C:\WINDOWS\system32\apphelp.dll
- 2001-08-18 18:00:00 5,120 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2002-08-29 10:40:06 5,120 ----a-w C:\WINDOWS\system32\asferror.dll
- 2001-08-18 18:00:00 14,366 ----a-w C:\WINDOWS\system32\asfsipc.dll
+ 2002-08-29 10:40:48 14,366 ----a-w C:\WINDOWS\system32\asfsipc.dll
- 2001-08-18 18:00:00 22,528 ----a-w C:\WINDOWS\system32\at.exe
+ 2002-08-29 10:41:20 22,528 ----a-w C:\WINDOWS\system32\at.exe
+ 2002-08-29 10:40:48 377,984 ------w C:\WINDOWS\system32\ati2dvaa.dll
+ 2002-08-29 10:40:48 202,496 ------w C:\WINDOWS\system32\ati2dvag.dll
- 2001-08-18 18:00:00 74,802 ----a-w C:\WINDOWS\system32\atl.dll
+ 2002-08-29 10:40:50 74,810 ----a-w C:\WINDOWS\system32\atl.dll
- 2001-08-18 18:00:00 37,888 ----a-w C:\WINDOWS\system32\audiosrv.dll
+ 2002-08-29 10:40:50 38,912 ----a-w C:\WINDOWS\system32\audiosrv.dll
- 2001-08-18 18:00:00 565,760 ----a-w C:\WINDOWS\system32\autochk.exe
+ 2002-08-29 10:41:20 565,760 ----a-w C:\WINDOWS\system32\autochk.exe
- 2001-08-18 18:00:00 8,192 ----a-w C:\WINDOWS\system32\autolfn.exe
+ 2002-08-29 10:41:20 8,192 ----a-w C:\WINDOWS\system32\autolfn.exe
- 2001-08-18 18:00:00 76,288 ----a-w C:\WINDOWS\system32\avifil32.dll
+ 2002-08-29 10:40:50 76,288 ----a-w C:\WINDOWS\system32\avifil32.dll
- 2001-08-18 18:00:00 45,056 ----a-w C:\WINDOWS\system32\basesrv.dll
+ 2002-08-29 10:40:50 44,032 ----a-w C:\WINDOWS\system32\basesrv.dll
- 2001-08-18 18:00:00 6,656 ----a-w C:\WINDOWS\system32\batt.dll
+ 2002-08-29 10:40:50 6,656 ----a-w C:\WINDOWS\system32\batt.dll
- 2001-08-18 18:00:00 62,976 ----a-w C:\WINDOWS\system32\browselc.dll
+ 2002-08-29 10:40:10 62,976 ----a-w C:\WINDOWS\system32\browselc.dll
- 2001-08-18 18:00:00 49,152 ----a-w C:\WINDOWS\system32\browser.dll
+ 2002-08-29 10:40:50 49,152 ----a-w C:\WINDOWS\system32\browser.dll
- 2001-08-18 18:00:00 1,020,416 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2002-08-29 10:40:50 1,021,952 ----a-w C:\WINDOWS\system32\browseui.dll
- 2001-08-18 18:00:00 71,680 ----a-w C:\WINDOWS\system32\browsewm.dll
+ 2002-08-29 10:40:50 71,680 ----a-w C:\WINDOWS\system32\browsewm.dll
- 2001-08-18 18:00:00 58,880 ----a-w C:\WINDOWS\system32\cabinet.dll
+ 2002-08-29 10:40:50 59,904 ----a-w C:\WINDOWS\system32\cabinet.dll
- 2001-08-18 10:00:00 583,168 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2002-08-29 10:40:50 582,656 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2001-08-18 18:00:00 184,320 ----a-w C:\WINDOWS\system32\certcli.dll
+ 2002-08-29 10:40:50 186,880 ----a-w C:\WINDOWS\system32\certcli.dll
- 2001-08-18 18:00:00 179,712 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2002-08-29 10:40:50 179,712 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2001-08-18 10:00:00 32,768 ----a-w C:\WINDOWS\system32\cfgbkend.dll
+ 2002-08-29 10:40:50 32,768 ----a-w C:\WINDOWS\system32\cfgbkend.dll
- 2001-08-18 18:00:00 62,976 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2002-08-29 10:40:50 64,512 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2001-08-18 18:00:00 10,752 ----a-w C:\WINDOWS\system32\clb.dll
+ 2001-08-18 10:00:00 100,864 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2001-08-18 10:00:00 468,480 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2008-05-02 15:55:24 1,695 ----a-w C:\WINDOWS\system32\clbcfg.dat
- 2001-08-18 10:00:00 98,816 ----a-w C:\WINDOWS\system32\clipbrd.exe
+ 2002-08-29 10:41:20 98,816 ----a-w C:\WINDOWS\system32\clipbrd.exe
- 2001-08-18 18:00:00 53,248 ----a-w C:\WINDOWS\system32\clusapi.dll
+ 2002-08-29 10:40:50 54,272 ----a-w C:\WINDOWS\system32\clusapi.dll
- 2001-08-18 18:00:00 314,880 ----a-w C:\WINDOWS\system32\cmdial32.dll
+ 2002-08-29 10:40:50 324,608 ----a-w C:\WINDOWS\system32\cmdial32.dll
- 2001-08-18 18:00:00 41,472 ----a-w C:\WINDOWS\system32\cmdl32.exe
+ 2002-08-29 10:41:22 41,472 ----a-w C:\WINDOWS\system32\cmdl32.exe
- 2001-08-18 10:00:00 186,880 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2002-08-29 10:40:50 186,880 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2001-08-18 18:00:00 557,568 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2002-08-29 10:40:50 557,056 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2001-08-18 18:00:00 258,048 ----a-w C:\WINDOWS\system32\comdlg32.dll
+ 2002-08-29 10:40:50 258,048 ----a-w C:\WINDOWS\system32\comdlg32.dll
- 2001-08-18 18:00:00 238,592 ----a-w C:\WINDOWS\system32\compatUI.dll
+ 2002-08-29 10:40:50 238,592 ----a-w C:\WINDOWS\system32\compatui.dll
- 2001-08-18 10:00:00 1,139,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2002-08-29 10:40:50 1,172,992 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2008-05-09 18:01:34 16,384 ------w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-10 15:56:52 16,384 ------w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-09 18:01:34 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-10 15:56:52 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-09 18:21:58 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
+ 2008-05-10 19:16:26 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
- 2001-08-18 18:00:00 24,576 ----a-w C:\WINDOWS\system32\conime.exe
+ 2002-08-29 10:41:22 24,576 ----a-w C:\WINDOWS\system32\conime.exe
- 2001-08-18 18:00:00 161,792 ----a-w C:\WINDOWS\system32\credui.dll
+ 2002-08-29 10:40:50 158,720 ----a-w C:\WINDOWS\system32\credui.dll
- 2001-08-18 18:00:00 554,496 ----a-w C:\WINDOWS\system32\crypt32.dll
+ 2002-08-29 10:40:50 557,568 ----a-w C:\WINDOWS\system32\crypt32.dll
- 2001-08-18 18:00:00 70,144 ----a-w C:\WINDOWS\system32\cryptdlg.dll
+ 2002-08-29 10:40:50 70,144 ----a-w C:\WINDOWS\system32\cryptdlg.dll
- 2001-08-18 18:00:00 51,200 ----a-w C:\WINDOWS\system32\cryptsvc.dll
+ 2002-08-29 10:40:50 53,248 ----a-w C:\WINDOWS\system32\cryptsvc.dll
- 2001-08-18 18:00:00 470,016 ----a-w C:\WINDOWS\system32\cryptui.dll
+ 2002-08-29 10:40:50 471,040 ----a-w C:\WINDOWS\system32\cryptui.dll
- 2001-08-18 18:00:00 305,664 ----a-w C:\WINDOWS\system32\cscui.dll
+ 2002-08-29 10:40:50 307,712 ----a-w C:\WINDOWS\system32\cscui.dll
- 2001-08-18 18:00:00 29,184 ----a-w C:\WINDOWS\system32\csrsrv.dll
+ 2002-08-29 10:40:50 29,184 ----a-w C:\WINDOWS\system32\csrsrv.dll
- 2001-08-18 18:00:00 13,312 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2002-08-29 10:41:22 13,312 ----a-w C:\WINDOWS\system32\ctfmon.exe
- 2001-08-18 18:00:00 986,112 ----a-w C:\WINDOWS\system32\danim.dll
+ 2002-08-29 10:40:50 986,112 ----a-w C:\WINDOWS\system32\danim.dll
- 2001-08-18 18:00:00 486,400 ----a-w C:\WINDOWS\system32\dbghelp.dll
+ 2002-08-29 10:40:50 489,984 ----a-w C:\WINDOWS\system32\dbghelp.dll
- 2001-08-18 18:00:00 20,480 ----a-w C:\WINDOWS\system32\dbmsadsn.dll
+ 2002-08-29 10:40:50 20,480 ----a-w C:\WINDOWS\system32\dbmsadsn.dll
- 2001-08-18 18:00:00 24,576 ----a-w C:\WINDOWS\system32\dbmsrpcn.dll
+ 2002-08-29 07:36:06 24,576 ----a-w C:\WINDOWS\system32\dbmsrpcn.dll
- 2001-08-18 18:00:00 24,576 ----a-w C:\WINDOWS\system32\dbmsvinn.dLL
+ 2002-08-29 07:36:06 24,576 ----a-w C:\WINDOWS\system32\dbmsvinn.dll
- 2001-08-18 18:00:00 65,536 ----a-w C:\WINDOWS\system32\dbnetlib.dll
+ 2002-08-29 10:40:00 61,440 ----a-w C:\WINDOWS\system32\dbnetlib.dll
- 2001-08-18 18:00:00 28,672 ----a-w C:\WINDOWS\system32\dbnmpntw.dll
+ 2002-08-29 07:34:36 28,672 ----a-w C:\WINDOWS\system32\dbnmpntw.dll
+ 2002-08-29 10:57:58 1,740 ----a-w C:\WINDOWS\system32\dcache.bin
- 2001-08-18 18:00:00 109,568 ----a-w C:\WINDOWS\system32\defrag.exe
+ 2002-08-29 10:41:22 70,656 ----a-w C:\WINDOWS\system32\defrag.exe
- 2001-08-18 18:00:00 263,680 ----a-w C:\WINDOWS\system32\devmgr.dll
+ 2002-08-29 10:40:50 263,168 ----a-w C:\WINDOWS\system32\devmgr.dll
- 2001-08-18 18:00:00 73,216 ----a-w C:\WINDOWS\system32\dfrgfat.exe
+ 2002-08-29 10:41:22 76,288 ----a-w C:\WINDOWS\system32\dfrgfat.exe
- 2001-08-18 18:00:00 85,504 ----a-w C:\WINDOWS\system32\dfrgntfs.exe
+ 2002-08-29 10:41:22 99,328 ----a-w C:\WINDOWS\system32\dfrgntfs.exe
- 2001-08-18 18:00:00 41,984 ----a-w C:\WINDOWS\system32\dfrgsnap.dll
+ 2002-08-29 10:40:50 35,328 ----a-w C:\WINDOWS\system32\dfrgsnap.dll
- 2001-08-18 18:00:00 124,928 ----a-w C:\WINDOWS\system32\dfrgui.dll
+ 2002-08-29 10:40:50 113,152 ----a-w C:\WINDOWS\system32\dfrgui.dll
- 2001-08-18 18:00:00 25,088 ----a-w C:\WINDOWS\system32\dfsshlex.dll
+ 2002-08-29 10:40:50 25,600 ----a-w C:\WINDOWS\system32\dfsshlex.dll
- 2001-08-18 18:00:00 103,424 ----a-w C:\WINDOWS\system32\dgnet.dll
+ 2002-08-29 10:40:50 103,424 ----a-w C:\WINDOWS\system32\dgnet.dll
- 2001-08-18 18:00:00 98,816 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2002-08-29 10:40:50 99,840 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
- 2001-08-18 18:00:00 55,808 ----a-w C:\WINDOWS\system32\digest.dll
+ 2002-08-29 10:40:50 55,296 ----a-w C:\WINDOWS\system32\digest.dll
- 2002-08-29 09:40:00 648,704 ----a-w C:\WINDOWS\system32\dinput.dll
+ 2002-08-29 10:40:50 151,552 ----a-w C:\WINDOWS\system32\dinput.dll
- 2002-08-29 09:40:00 667,648 ----a-w C:\WINDOWS\system32\dinput8.dll
+ 2002-08-29 10:40:50 168,960 ----a-w C:\WINDOWS\system32\dinput8.dll
+ 2001-08-18 18:00:00 10,752 ----a-w C:\WINDOWS\system32\dllcache\clb.dll
+ 2001-08-18 10:00:00 100,864 ----a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2001-08-18 10:00:00 468,480 ----a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
- 2001-08-18 18:00:00 139,264 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2002-08-29 10:40:50 139,264 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2001-08-18 18:00:00 45,056 ----a-w C:\WINDOWS\system32\docprop2.dll
+ 2002-08-29 10:40:50 45,568 ----a-w C:\WINDOWS\system32\docprop2.dll
- 2001-08-18 18:00:00 116,736 ----a-w C:\WINDOWS\system32\dpcdll.dll
+ 2002-08-29 09:20:28 115,200 ----a-w C:\WINDOWS\system32\dpcdll.dll
- 2001-08-18 18:00:00 179,200 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
+ 2002-08-29 08:09:06 179,328 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
- 2001-07-23 23:25:14 122,472 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2002-08-29 06:16:38 142,208 ----a-w C:\WINDOWS\system32\drivers\aec.sys
- 2001-08-18 18:00:00 130,688 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2002-08-29 09:01:14 131,968 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2001-08-18 18:00:00 32,000 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
+ 2002-08-29 08:05:06 32,000 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
+ 2002-08-29 08:05:08 32,512 ------w C:\WINDOWS\system32\drivers\amdk7.sys
- 2001-08-18 18:00:00 54,016 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
+ 2002-08-29 08:33:30 57,344 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
- 2001-08-17 19:51:56 86,656 ----a-w C:\WINDOWS\system32\drivers\atapi.sys
+ 2002-08-29 08:27:50 86,912 ----a-w C:\WINDOWS\system32\drivers\atapi.sys
- 2001-08-18 18:00:00 53,888 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
+ 2002-08-29 08:33:36 53,888 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
- 2001-08-18 18:00:00 53,376 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
+ 2002-08-29 08:34:42 68,864 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
- 2001-08-18 18:00:00 62,208 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
+ 2002-08-29 08:58:52 59,648 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
- 2001-08-18 18:00:00 47,488 ----a-w C:\WINDOWS\system32\drivers\cdrom.sys
+ 2002-08-29 08:27:56 47,488 ----a-w C:\WINDOWS\system32\drivers\cdrom.sys
- 2001-08-18 18:00:00 44,928 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
+ 2002-08-29 09:08:44 46,336 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
- 2001-08-18 18:00:00 31,360 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
+ 2002-08-29 08:05:08 31,488 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
- 2001-08-18 18:00:00 33,664 ----a-w C:\WINDOWS\system32\drivers\disk.sys
+ 2002-08-29 08:27:58 33,792 ----a-w C:\WINDOWS\system32\drivers\disk.sys
- 2001-08-18 18:00:00 13,184 ----a-w C:\WINDOWS\system32\drivers\diskdump.sys
+ 2002-08-29 08:27:56 13,184 ----a-w C:\WINDOWS\system32\drivers\diskdump.sys
- 2001-08-17 20:01:20 57,344 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2002-08-29 08:32:34 57,856 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2001-08-17 20:01:16 2,816 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2002-08-29 08:32:34 2,816 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2001-08-18 18:00:00 68,224 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
+ 2002-08-29 10:40:44 68,992 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
- 2001-08-18 18:00:00 144,768 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
+ 2002-08-29 09:12:46 145,152 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
- 2001-08-18 18:00:00 19,712 ----a-w C:\WINDOWS\system32\drivers\flpydisk.sys
+ 2002-08-29 08:27:44 19,712 ----a-w C:\WINDOWS\system32\drivers\flpydisk.sys
- 2001-08-18 18:00:00 33,152 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
+ 2002-08-29 08:32:42 34,560 ----a-w C:\WINDOWS\system32\drivers\hidclass.sys
- 2001-08-18 18:00:00 50,944 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
+ 2002-08-29 09:06:38 51,072 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
- 2001-08-18 18:00:00 39,296 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
+ 2002-08-29 08:28:08 39,808 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
- 2001-08-18 18:00:00 76,288 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2002-08-29 08:36:14 79,488 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
- 2001-08-18 18:00:00 56,064 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
+ 2002-08-29 09:07:22 57,984 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
- 2001-08-18 18:00:00 23,424 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2002-08-29 08:27:02 23,424 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
- 2001-08-17 20:00:54 159,232 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2002-08-29 08:32:30 159,360 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
- 2001-08-18 18:00:00 22,016 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
+ 2002-08-29 08:27:02 22,016 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
- 2001-08-18 18:00:00 407,680 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2002-08-29 08:59:54 407,552 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2001-08-18 18:00:00 103,936 ----a-w C:\WINDOWS\system32\drivers\mup.sys
+ 2002-08-29 09:12:54 104,064 ----a-w C:\WINDOWS\system32\drivers\mup.sys
- 2001-08-18 18:00:00 161,536 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
+ 2002-08-29 09:09:26 167,552 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
- 2001-08-18 18:00:00 12,160 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
+ 2002-08-29 08:35:42 12,288 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
- 2001-08-18 18:00:00 88,320 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
+ 2002-08-29 08:58:40 87,552 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
- 2001-08-18 18:00:00 33,152 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
+ 2002-08-29 08:35:46 33,152 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
- 2001-08-18 18:00:00 150,272 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
+ 2002-08-29 09:01:58 157,056 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
- 2001-08-18 18:00:00 56,960 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
+ 2002-08-29 08:33:32 57,984 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
- 2001-08-18 18:00:00 37,760 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
+ 2002-08-29 08:34:34 38,272 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
- 2001-08-18 18:00:00 516,480 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2002-08-29 09:13:40 561,920 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2002-08-29 06:16:30 891,711 ------w C:\WINDOWS\system32\drivers\nv4_mini.sys
- 2001-08-18 18:00:00 34,816 ----a-w C:\WINDOWS\system32\drivers\p3.sys
+ 2002-08-29 08:05:06 37,504 ----a-w C:\WINDOWS\system32\drivers\p3.sys
- 2001-08-18 18:00:00 76,160 ----a-w C:\WINDOWS\system32\drivers\parport.sys
+ 2002-08-29 08:27:32 76,032 ----a-w C:\WINDOWS\system32\drivers\parport.sys
- 2001-08-17 19:58:06 62,464 ----a-w C:\WINDOWS\system32\drivers\pci.sys
+ 2002-08-29 08:09:12 62,976 ----a-w C:\WINDOWS\system32\drivers\pci.sys
- 2001-08-17 19:51:50 23,680 ----a-w C:\WINDOWS\system32\drivers\pciidex.sys
+ 2002-08-29 08:27:48 23,680 ----a-w C:\WINDOWS\system32\drivers\pciidex.sys
- 2001-08-18 18:00:00 116,352 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
+ 2002-08-29 08:09:12 115,712 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
- 2001-08-18 04:24:38 135,040 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2002-08-29 09:01:00 134,272 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
- 2001-08-18 18:00:00 30,592 ----a-w C:\WINDOWS\system32\drivers\processr.sys
+ 2002-08-29 08:05:06 30,592 ----a-w C:\WINDOWS\system32\drivers\processr.sys
- 2001-08-18 18:00:00 65,920 ----a-w C:\WINDOWS\system32\drivers\psched.sys
+ 2002-08-29 08:35:56 66,048 ----a-w C:\WINDOWS\system32\drivers\psched.sys
- 2001-08-18 18:00:00 48,640 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
+ 2002-08-29 09:06:38 48,384 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
- 2001-08-18 18:00:00 46,464 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
+ 2002-08-29 09:12:48 46,336 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
- 2001-08-18 18:00:00 163,840 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2002-08-29 08:58:50 163,328 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2001-08-17 19:50:48 181,632 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
+ 2002-08-29 08:06:36 182,400 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
- 2001-08-18 10:00:00 107,912 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2002-08-29 10:46:44 115,976 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
- 2001-08-17 19:51:42 55,808 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
+ 2002-08-29 08:27:46 56,576 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
- 2001-08-18 18:00:00 89,984 ----a-w C:\WINDOWS\system32\drivers\scsiport.sys
+ 2002-08-29 08:27:50 90,240 ----a-w C:\WINDOWS\system32\drivers\scsiport.sys
- 2001-08-18 18:00:00 62,464 ----a-w C:\WINDOWS\system32\drivers\serial.sys
+ 2002-08-29 09:08:28 62,464 ----a-w C:\WINDOWS\system32\drivers\serial.sys
- 2001-08-18 18:00:00 10,496 ----a-w C:\WINDOWS\system32\drivers\sfloppy.sys
+ 2002-08-29 08:27:58 10,496 ----a-w C:\WINDOWS\system32\drivers\sfloppy.sys
+ 2002-08-29 08:09:04 5,504 ------w C:\WINDOWS\system32\drivers\smbali.sys
- 2001-08-18 18:00:00 24,064 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
+ 2002-08-29 08:33:16 24,448 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
- 2001-08-17 20:00:46 5,632 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2002-08-29 08:32:28 5,888 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
- 2001-08-18 10:00:00 70,400 ----a-w C:\WINDOWS\system32\drivers\sr.sys
+ 2002-08-29 08:17:58 69,248 ----a-w C:\WINDOWS\system32\drivers\sr.sys
- 2001-08-18 04:24:44 57,472 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
+ 2002-08-29 09:01:18 56,832 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
- 2001-08-18 18:00:00 13,696 ----a-w C:\WINDOWS\system32\drivers\tape.sys
+ 2002-08-29 08:28:00 13,824 ----a-w

ccogswel · May 11, 2008

C:\WINDOWS\system32\drivers\tape.sys
- 2001-08-18 18:00:00 327,168 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2002-08-29 08:58:12 332,928 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2001-08-18 18:00:00 180,032 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2002-08-29 08:37:54 196,288 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2001-08-18 04:38:00 37,896 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
+ 2002-08-29 10:46:42 38,024 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
+ 2002-08-29 08:35:44 9,856 ------w C:\WINDOWS\system32\drivers\tunmp.sys
- 2001-08-18 18:00:00 63,872 ----a-w C:\WINDOWS\system32\drivers\udfs.sys
+ 2002-08-29 08:06:20 64,000 ----a-w C:\WINDOWS\system32\drivers\udfs.sys
- 2001-08-17 20:03:32 24,960 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
+ 2002-08-29 08:32:54 28,160 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
- 2001-08-17 20:03:16 50,688 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
+ 2002-08-29 08:32:50 51,968 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
- 2001-08-18 18:00:00 15,104 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
+ 2002-08-29 08:32:56 15,232 ----a-w C:\WINDOWS\system32\drivers\usbintel.sys
- 2001-08-17 20:03:18 123,264 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
+ 2002-08-29 08:32:52 135,552 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
- 2001-08-17 20:00:30 24,832 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
+ 2002-08-29 08:50:02 24,960 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
- 2001-08-17 19:53:30 13,824 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys
+ 2002-08-29 08:48:52 14,208 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys
- 2001-08-17 20:03:22 21,760 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS
+ 2002-08-29 08:32:52 21,760 ----a-w C:\WINDOWS\system32\drivers\usbstor.sys
- 2001-08-17 20:03:08 18,944 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
+ 2002-08-29 08:32:50 19,328 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
- 2001-08-18 18:00:00 19,584 ----a-w C:\WINDOWS\system32\drivers\vga.sys
+ 2002-08-29 08:32:04 19,712 ----a-w C:\WINDOWS\system32\drivers\vga.sys
- 2001-08-18 18:00:00 65,024 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
+ 2002-08-29 08:32:06 70,912 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
+ 2002-08-29 08:28:36 13,056 ------w C:\WINDOWS\system32\drivers\wacompen.sys
- 2001-08-18 04:24:46 79,616 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2002-08-29 09:00:48 77,440 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
- 2001-08-18 18:00:00 16,384 ----a-w C:\WINDOWS\system32\ds32gt.dll
+ 2002-08-29 10:40:50 16,384 ----a-w C:\WINDOWS\system32\ds32gt.dll
- 2001-08-18 18:00:00 131,072 ----a-w C:\WINDOWS\system32\dsprop.dll
+ 2002-08-29 10:40:50 135,680 ----a-w C:\WINDOWS\system32\dsprop.dll
- 2001-08-18 18:00:00 227,840 ----a-w C:\WINDOWS\system32\dsquery.dll
+ 2002-08-29 10:40:52 227,840 ----a-w C:\WINDOWS\system32\dsquery.dll
- 2001-08-18 18:00:00 122,880 ----a-w C:\WINDOWS\system32\dssenh.dll
+ 2002-08-29 05:27:32 124,928 ----a-w C:\WINDOWS\system32\dssenh.dll
- 2001-08-18 18:00:00 30,208 ----a-w C:\WINDOWS\system32\dumprep.exe
+ 2002-08-29 10:41:22 9,216 ----a-w C:\WINDOWS\system32\dumprep.exe
- 2001-08-18 18:00:00 261,120 ----a-w C:\WINDOWS\system32\duser.dll
+ 2002-08-29 10:40:52 263,680 ----a-w C:\WINDOWS\system32\duser.dll
- 2001-08-18 18:00:00 162,128 ----a-w C:\WINDOWS\system32\dwwin.exe
+ 2002-08-29 10:41:22 180,224 ----a-w C:\WINDOWS\system32\dwwin.exe
- 2001-08-18 18:00:00 498,205 ----a-w C:\WINDOWS\system32\dxmasf.dll
+ 2002-08-29 10:40:52 498,205 ----a-w C:\WINDOWS\system32\dxmasf.dll
- 2001-08-18 18:00:00 802,816 ----a-w C:\WINDOWS\system32\dxmrtp.dll
+ 2002-08-29 10:40:52 802,304 ----a-w C:\WINDOWS\system32\dxmrtp.dll
- 2001-08-18 18:00:00 337,920 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2002-08-29 10:40:52 337,920 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2001-08-18 18:00:00 194,560 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2002-08-29 10:40:52 194,560 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2001-08-18 18:00:00 173,568 ----a-w C:\WINDOWS\system32\els.dll
+ 2002-08-29 10:40:52 165,376 ----a-w C:\WINDOWS\system32\els.dll
- 2001-08-18 18:00:00 17,408 ----a-w C:\WINDOWS\system32\ersvc.dll
+ 2002-08-29 10:40:52 19,456 ----a-w C:\WINDOWS\system32\ersvc.dll
- 2001-08-18 18:00:00 224,768 ----a-w C:\WINDOWS\system32\es.dll
+ 2002-08-29 10:40:52 225,280 ----a-w C:\WINDOWS\system32\es.dll
- 2001-08-18 18:00:00 178,688 ----a-w C:\WINDOWS\system32\eudcedit.exe
+ 2002-08-29 10:41:24 178,688 ----a-w C:\WINDOWS\system32\eudcedit.exe
- 2001-08-18 18:00:00 47,616 ----a-w C:\WINDOWS\system32\eventlog.dll
+ 2002-08-29 10:40:52 49,152 ----a-w C:\WINDOWS\system32\eventlog.dll
- 2001-08-18 18:00:00 379,152 ----a-w C:\WINDOWS\system32\expsrv.dll
+ 2002-08-29 10:40:54 380,445 ----a-w C:\WINDOWS\system32\expsrv.dll
- 2001-08-18 18:00:00 61,952 ----a-w C:\WINDOWS\system32\faultrep.dll
+ 2002-08-29 10:40:54 66,560 ----a-w C:\WINDOWS\system32\faultrep.dll
- 2001-08-18 18:00:00 84,992 ----a-w C:\WINDOWS\system32\fldrclnr.dll
+ 2002-08-29 10:40:54 82,432 ----a-w C:\WINDOWS\system32\fldrclnr.dll
- 2007-11-17 18:07:10 265,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-10 15:58:12 265,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2001-08-18 18:00:00 18,944 ----a-w C:\WINDOWS\system32\fontview.exe
+ 2002-08-29 10:41:24 19,456 ----a-w C:\WINDOWS\system32\fontview.exe
- 2001-08-18 18:00:00 8,832 ----a-w C:\WINDOWS\system32\framebuf.dll
+ 2002-08-29 10:40:44 8,832 ----a-w C:\WINDOWS\system32\framebuf.dll
- 2001-08-18 18:00:00 40,448 ----a-w C:\WINDOWS\system32\ftp.exe
+ 2002-08-29 10:41:24 40,448 ----a-w C:\WINDOWS\system32\ftp.exe
- 2001-08-18 18:00:00 250,880 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2002-08-29 10:40:56 250,368 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2001-08-18 18:00:00 128,768 ----a-w C:\WINDOWS\system32\hal.dll
+ 2002-08-29 08:05:04 127,872 ----a-w C:\WINDOWS\system32\HAL.DLL
- 2001-08-18 18:00:00 67,612 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2002-08-29 10:40:56 37,888 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2001-08-18 18:00:00 240,640 ----a-w C:\WINDOWS\system32\hnetcfg.dll
+ 2002-08-29 10:40:56 240,640 ----a-w C:\WINDOWS\system32\hnetcfg.dll
- 2001-08-18 10:00:00 8,704 ----a-w C:\WINDOWS\system32\icaapi.dll
+ 2002-08-29 10:40:56 9,216 ----a-w C:\WINDOWS\system32\icaapi.dll
- 2001-08-18 18:00:00 236,032 ----a-w C:\WINDOWS\system32\icm32.dll
+ 2002-08-29 10:40:56 236,032 ----a-w C:\WINDOWS\system32\icm32.dll
- 2001-08-18 18:00:00 110,592 ----a-w C:\WINDOWS\system32\idq.dll
+ 2002-08-29 10:40:56 113,152 ----a-w C:\WINDOWS\system32\idq.dll
- 2001-08-18 18:00:00 28,160 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2002-08-29 10:41:24 28,672 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2001-08-18 18:00:00 126,976 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2002-08-29 10:40:56 126,976 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2001-08-18 18:00:00 203,776 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2002-08-29 10:40:56 204,288 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2001-08-18 18:00:00 294,912 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2002-08-29 10:40:56 294,912 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2001-08-18 18:00:00 230,400 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2002-08-29 10:40:56 231,424 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2001-08-18 18:00:00 59,392 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2002-08-29 10:40:56 59,392 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2001-08-18 10:00:00 73,728 ----a-w C:\WINDOWS\system32\ils.dll
+ 2002-08-29 10:40:56 73,728 ----a-w C:\WINDOWS\system32\ils.dll
- 2001-08-18 18:00:00 126,976 ----a-w C:\WINDOWS\system32\imagehlp.dll
+ 2002-08-29 10:40:56 126,976 ----a-w C:\WINDOWS\system32\imagehlp.dll
- 2001-08-18 18:00:00 118,784 ----a-w C:\WINDOWS\system32\imapi.exe
+ 2002-08-29 10:41:26 123,904 ----a-w C:\WINDOWS\system32\imapi.exe
- 2001-08-18 18:00:00 36,921 ----a-w C:\WINDOWS\system32\imeshare.dll
+ 2002-08-29 10:40:56 36,922 ----a-w C:\WINDOWS\system32\imeshare.dll
- 2001-08-18 18:00:00 30,208 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2002-08-29 10:40:56 30,208 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2001-08-18 18:00:00 96,768 ----a-w C:\WINDOWS\system32\imm32.dll
+ 2002-08-29 10:40:56 103,936 ----a-w C:\WINDOWS\system32\imm32.dll
- 2001-08-18 10:00:00 593,920 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2002-08-29 10:40:56 587,776 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2001-08-18 18:00:00 104,448 ----a-w C:\WINDOWS\system32\input.dll
+ 2002-08-29 10:40:58 114,176 ----a-w C:\WINDOWS\system32\input.dll
- 2001-08-18 18:00:00 69,632 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2002-08-29 10:40:58 69,632 ----a-w C:\WINDOWS\system32\inseng.dll
- 2001-08-18 18:00:00 49,664 ----a-w C:\WINDOWS\system32\ipconfig.exe
+ 2002-08-29 10:41:26 51,712 ----a-w C:\WINDOWS\system32\ipconfig.exe
- 2001-08-18 18:00:00 77,312 ----a-w C:\WINDOWS\system32\iphlpapi.dll
+ 2002-08-29 10:40:58 82,944 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2001-08-18 18:00:00 453,632 ----a-w C:\WINDOWS\system32\ipnathlp.dll
+ 2002-08-29 10:40:58 435,200 ----a-w C:\WINDOWS\system32\ipnathlp.dll
- 2001-08-18 18:00:00 318,976 ----a-w C:\WINDOWS\system32\ippromon.dll
+ 2002-08-29 10:40:58 318,464 ----a-w C:\WINDOWS\system32\ippromon.dll
- 2001-08-18 18:00:00 152,576 ----a-w C:\WINDOWS\system32\ipsecsvc.dll
+ 2002-08-29 10:40:58 155,648 ----a-w C:\WINDOWS\system32\ipsecsvc.dll
- 2001-08-18 18:00:00 58,368 ----a-w C:\WINDOWS\system32\ipv6.exe
+ 2002-08-29 10:41:26 60,928 ----a-w C:\WINDOWS\system32\ipv6.exe
- 2001-08-18 18:00:00 121,344 ----a-w C:\WINDOWS\system32\ipv6mon.dll
+ 2002-08-29 10:40:58 134,144 ----a-w C:\WINDOWS\system32\ipv6mon.dll
- 2001-08-18 18:00:00 155,552 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2002-08-29 10:40:58 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
- 2001-08-18 18:00:00 138,048 ----a-w C:\WINDOWS\system32\itss.dll
+ 2002-08-29 10:40:58 122,368 ----a-w C:\WINDOWS\system32\itss.dll
- 2001-08-18 18:00:00 60,928 ----a-w C:\WINDOWS\system32\iuctl.dll
+ 2002-08-29 10:40:58 91,648 ----a-w C:\WINDOWS\system32\iuctl.dll
- 2001-08-18 18:00:00 49,152 ----a-w C:\WINDOWS\system32\ixsso.dll
+ 2002-08-29 10:40:58 49,664 ----a-w C:\WINDOWS\system32\ixsso.dll
- 2001-08-18 18:00:00 44,160 ----a-w C:\WINDOWS\system32\kd1394.dll
+ 2002-08-29 08:05:10 7,040 ----a-w C:\WINDOWS\system32\kd1394.dll
- 2001-08-18 18:00:00 265,216 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2002-08-29 10:41:00 272,896 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2001-08-18 18:00:00 926,720 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2002-08-29 10:41:00 930,304 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2001-08-18 18:00:00 42,537 ----a-w C:\WINDOWS\system32\keyboard.sys
+ 2002-08-29 04:23:06 42,537 ----a-w C:\WINDOWS\system32\keyboard.sys
- 2001-08-18 18:00:00 308,736 ----a-w C:\WINDOWS\system32\licdll.dll
+ 2002-08-29 09:41:00 367,616 ----a-w C:\WINDOWS\system32\licdll.dll
- 2001-08-18 18:00:00 19,456 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2002-08-29 10:41:00 19,456 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2001-08-18 10:00:00 57,344 ----a-w C:\WINDOWS\system32\licwmi.dll
+ 2002-08-29 10:41:00 57,856 ----a-w C:\WINDOWS\system32\licwmi.dll
- 2001-08-18 18:00:00 381,440 ----a-w C:\WINDOWS\system32\lmrt.dll
+ 2002-08-29 10:41:00 381,440 ----a-w C:\WINDOWS\system32\lmrt.dll
- 2001-08-18 18:00:00 292,352 ----a-w C:\WINDOWS\system32\localspl.dll
+ 2002-08-29 10:41:00 295,936 ----a-w C:\WINDOWS\system32\localspl.dll
- 2001-08-18 18:00:00 10,240 ----a-w C:\WINDOWS\system32\localui.dll
+ 2002-08-29 10:41:00 10,240 ----a-w C:\WINDOWS\system32\localui.dll
- 2001-08-18 18:00:00 321,536 ----a-w C:\WINDOWS\system32\logon.scr
+ 2002-08-29 10:41:28 219,648 ----a-w C:\WINDOWS\system32\logon.scr
- 2001-08-18 18:00:00 504,320 ----a-w C:\WINDOWS\system32\logonui.exe
+ 2002-08-29 10:41:26 504,320 ----a-w C:\WINDOWS\system32\logonui.exe
- 2001-08-18 18:00:00 669,696 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2002-08-29 10:41:00 671,744 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2001-08-18 18:00:00 11,776 ----a-w C:\WINDOWS\system32\lsass.exe
+ 2002-08-29 10:41:26 11,776 ----a-w C:\WINDOWS\system32\lsass.exe
- 2001-08-18 18:00:00 163,840 ----a-w C:\WINDOWS\system32\mindex.dll
+ 2002-08-29 10:41:00 163,840 ----a-w C:\WINDOWS\system32\mindex.dll
- 2001-08-18 18:00:00 1,136,128 ----a-w C:\WINDOWS\system32\mmcndmgr.dll
+ 2002-08-29 10:41:00 1,128,960 ----a-w C:\WINDOWS\system32\mmcndmgr.dll
- 2001-08-18 10:00:00 32,384 ----a-w C:\WINDOWS\system32\mnmdd.dll
+ 2002-08-29 10:41:00 32,256 ----a-w C:\WINDOWS\system32\mnmdd.dll
- 2001-08-18 18:00:00 196,096 ----a-w C:\WINDOWS\system32\mobsync.dll
+ 2002-08-29 10:41:00 196,096 ----a-w C:\WINDOWS\system32\mobsync.dll
- 2001-08-18 18:00:00 185,344 ----a-w C:\WINDOWS\system32\moricons.dll
+ 2002-08-29 10:39:42 210,944 ----a-w C:\WINDOWS\system32\moricons.dll
- 2001-08-18 10:00:00 116,736 ----a-w C:\WINDOWS\system32\mplay32.exe
+ 2002-08-29 10:41:26 116,736 ----a-w C:\WINDOWS\system32\mplay32.exe
- 2001-08-18 18:00:00 68,096 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2002-08-29 10:41:02 68,096 ----a-w C:\WINDOWS\system32\mscms.dll
- 2001-08-18 10:00:00 65,536 ----a-w C:\WINDOWS\system32\msconf.dll
+ 2002-08-29 10:41:02 65,536 ----a-w C:\WINDOWS\system32\msconf.dll
- 2001-08-18 18:00:00 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dLL
+ 2002-08-29 10:39:46 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
- 2001-08-18 18:00:00 293,888 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2002-08-29 10:41:02 266,752 ----a-w C:\WINDOWS\system32\msctf.dll
- 2001-08-18 18:00:00 65,536 ----a-w C:\WINDOWS\system32\MSCTFP.dll
+ 2002-08-29 10:41:02 67,584 ----a-w C:\WINDOWS\system32\msctfp.dll
- 2001-08-18 18:00:00 126,976 ----a-w C:\WINDOWS\system32\msdart.dll
+ 2002-08-29 10:41:02 126,976 ----a-w C:\WINDOWS\system32\msdart.dll
- 2001-08-18 10:00:00 360,960 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2002-08-29 10:41:04 359,936 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2001-08-18 18:00:00 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
+ 2002-08-29 10:39:46 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
- 2001-08-18 18:00:00 512,074 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2002-08-29 10:41:04 512,031 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2001-08-18 18:00:00 319,562 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2002-08-29 10:41:04 319,519 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2002-08-29 10:41:04 504,832 ------w C:\WINDOWS\system32\msftedit.dll
- 2001-08-18 18:00:00 967,680 ----a-w C:\WINDOWS\system32\msgina.dll
+ 2002-08-29 10:41:04 968,192 ----a-w C:\WINDOWS\system32\msgina.dll
- 2001-08-18 10:00:00 184,320 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2002-08-29 10:41:32 184,320 ----a-w C:\WINDOWS\system32\msh261.drv
- 2001-08-18 04:37:04 286,720 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2002-08-29 10:41:32 286,720 ----a-w C:\WINDOWS\system32\msh263.drv
- 2001-08-18 18:00:00 2,793,984 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2002-08-29 10:41:04 2,833,920 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2001-08-18 18:00:00 438,272 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2002-08-29 10:41:04 440,320 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2001-08-18 18:00:00 56,320 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2002-08-29 10:39:46 56,320 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2001-08-18 18:00:00 2,044,928 ----a-w C:\WINDOWS\system32\msi.dll
+ 2002-08-29 10:41:04 2,086,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2001-08-18 18:00:00 232,448 ----a-w C:\WINDOWS\system32\msieftp.dll
+ 2002-08-29 10:41:04 229,888 ----a-w C:\WINDOWS\system32\msieftp.dll
- 2001-08-18 18:00:00 63,488 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2002-08-29 10:41:26 64,512 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2001-08-18 18:00:00 304,640 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2002-08-29 10:41:04 305,664 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2001-08-18 18:00:00 4,608 ----a-w C:\WINDOWS\system32\msimg32.dll
+ 2002-08-29 10:41:04 4,608 ----a-w C:\WINDOWS\system32\msimg32.dll
- 2001-08-18 18:00:00 156,672 ----a-w C:\WINDOWS\system32\MSIMTF.dll
+ 2002-08-29 10:41:04 143,872 ----a-w C:\WINDOWS\system32\msimtf.dll
- 2001-08-18 18:00:00 368,710 ----a-w C:\WINDOWS\system32\msisam11.dll
+ 2002-08-29 10:41:04 368,710 ----a-w C:\WINDOWS\system32\msisam11.dll
- 2001-08-18 18:00:00 1,503,260 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2002-08-29 10:41:06 1,503,262 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2001-08-18 18:00:00 348,238 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2002-08-29 10:41:06 348,195 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2001-08-18 18:00:00 241,695 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2002-08-29 10:41:06 241,695 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2001-08-18 18:00:00 46,080 ----a-w C:\WINDOWS\system32\mslbui.dll
+ 2002-08-29 10:41:06 22,528 ----a-w C:\WINDOWS\system32\mslbui.dll
- 2001-08-18 18:00:00 213,066 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2002-08-29 10:41:06 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2001-08-18 18:00:00 116,272 ----a-w C:\WINDOWS\system32\msnsspc.dll
+ 2002-08-29 10:41:06 319,760 ----a-w C:\WINDOWS\system32\msnsspc.dll
- 2001-08-18 10:00:00 228,864 ----a-w C:\WINDOWS\system32\msoeacct.dll
+ 2002-08-29 10:41:06 228,864 ----a-w C:\WINDOWS\system32\msoeacct.dll
- 2001-08-18 10:00:00 90,624 ----a-w C:\WINDOWS\system32\msoert2.dll
+ 2002-08-29 10:41:06 81,408 ----a-w C:\WINDOWS\system32\msoert2.dll
- 2001-08-18 18:00:00 131,072 ----a-w C:\WINDOWS\system32\msorcl32.dll
+ 2002-08-29 10:41:06 131,072 ----a-w C:\WINDOWS\system32\msorcl32.dll
- 2001-08-18 10:00:00 339,968 ----a-w C:\WINDOWS\system32\mspaint.exe
+ 2002-08-29 10:41:26 339,968 ----a-w C:\WINDOWS\system32\mspaint.exe
- 2001-08-18 18:00:00 348,234 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2002-08-29 10:41:06 348,191 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2001-08-18 18:00:00 175,104 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2002-08-29 10:41:06 175,104 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2001-08-18 18:00:00 132,096 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2002-08-29 10:41:06 132,096 ----a-w C:\WINDOWS\system32\msrating.dll
- 2001-08-18 18:00:00 421,962 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2002-08-29 10:41:06 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2001-08-18 18:00:00 497,152 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2002-08-29 10:41:08 496,128 ----a-w C:\WINDOWS\system32\mstime.dll
- 2001-08-18 18:00:00 108,032 ----a-w C:\WINDOWS\system32\msv1_0.dll
+ 2002-08-29 10:41:08 108,544 ----a-w C:\WINDOWS\system32\msv1_0.dll
- 2001-08-18 18:00:00 309,760 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2002-08-29 10:41:08 309,248 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2001-08-18 18:00:00 238,080 ----a-w C:\WINDOWS\system32\newdev.dll
+ 2002-08-29 10:41:08 238,080 ----a-w C:\WINDOWS\system32\newdev.dll
- 2001-08-18 18:00:00 91,136 ----a-w C:\WINDOWS\system32\nlhtml.dll
+ 2002-08-29 10:41:08 95,744 ----a-w C:\WINDOWS\system32\nlhtml.dll
- 2001-08-18 10:00:00 24,576 ----a-w C:\WINDOWS\system32\nmmkcert.dll
+ 2002-08-29 10:41:08 24,576 ----a-w C:\WINDOWS\system32\nmmkcert.dll
- 2001-08-18 18:00:00 55,808 ----a-w C:\WINDOWS\system32\npp\ndisnpp.dll
+ 2002-08-29 10:41:08 54,272 ----a-w C:\WINDOWS\system32\npp\ndisnpp.dll
- 2001-08-18 18:00:00 13,824 ----a-w C:\WINDOWS\system32\npp\nppagent.exe
+ 2002-08-29 10:41:28 13,824 ----a-w C:\WINDOWS\system32\npp\nppagent.exe
- 2001-08-18 18:00:00 49,152 ----a-w C:\WINDOWS\system32\npptools.dll
+ 2002-08-29 10:41:08 49,152 ----a-w C:\WINDOWS\system32\npptools.dll
- 2001-08-18 18:00:00 674,304 ----a-w C:\WINDOWS\system32\ntdll.dll
+ 2002-08-29 10:40:42 668,672 ----a-w C:\WINDOWS\system32\ntdll.dll
- 2001-08-18 18:00:00 33,808 ----a-w C:\WINDOWS\system32\ntio.sys
+ 2002-08-29 04:22:26 33,808 ----a-w C:\WINDOWS\system32\ntio.sys
- 2001-08-18 18:00:00 1,897,856 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2002-08-29 08:04:56 1,947,904 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2001-08-18 18:00:00 38,400 ----a-w C:\WINDOWS\system32\ntlanman.dll
+ 2002-08-29 10:41:08 38,400 ----a-w C:\WINDOWS\system32\ntlanman.dll
- 2001-08-18 18:00:00 110,080 ----a-w C:\WINDOWS\system32\ntmarta.dll
+ 2002-08-29 10:41:08 112,128 ----a-w C:\WINDOWS\system32\ntmarta.dll
- 2001-08-18 18:00:00 37,376 ----a-w C:\WINDOWS\system32\ntmsapi.dll
+ 2002-08-29 10:41:08 38,400 ----a-w C:\WINDOWS\system32\ntmsapi.dll
- 2001-08-18 18:00:00 165,888 ----a-w C:\WINDOWS\system32\ntmsdba.dll
+ 2002-08-29 10:41:08 165,888 ----a-w C:\WINDOWS\system32\ntmsdba.dll
- 2001-08-18 18:00:00 392,192 ----a-w C:\WINDOWS\system32\ntmssvc.dll
+ 2002-08-29 10:41:08 392,704 ----a-w C:\WINDOWS\system32\ntmssvc.dll
- 2001-08-18 18:00:00 1,875,584 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2002-08-29 09:03:30 2,042,240 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2001-08-18 18:00:00 80,896 ----a-w C:\WINDOWS\system32\ntprint.dll
+ 2002-08-29 10:41:08 80,896 ----a-w C:\WINDOWS\system32\ntprint.dll
- 2001-08-18 18:00:00 137,216 ----a-w C:\WINDOWS\system32\ntshrui.dll
+ 2002-08-29 10:41:08 137,216 ----a-w C:\WINDOWS\system32\ntshrui.dll
- 2001-08-18 18:00:00 395,776 ----a-w C:\WINDOWS\system32\ntvdm.exe
+ 2002-08-29 10:41:28 395,776 ----a-w C:\WINDOWS\system32\ntvdm.exe
+ 2002-08-29 10:41:10 3,494,303 ------w C:\WINDOWS\system32\nv4_disp.dll
- 2001-08-18 18:00:00 133,632 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2002-08-29 10:41:10 133,632 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2001-08-18 18:00:00 210,432 ----a-w C:\WINDOWS\system32\oakley.dll
+ 2002-08-29 10:41:10 328,704 ----a-w C:\WINDOWS\system32\oakley.dll
- 2001-08-18 18:00:00 200,704 ----a-w C:\WINDOWS\system32\odbc32.dll
+ 2002-08-29 10:41:10 200,704 ----a-w C:\WINDOWS\system32\odbc32.dll
- 2001-08-18 18:00:00 16,384 ----a-w C:\WINDOWS\system32\odbc32gt.dll
+ 2002-08-29 10:41:10 16,384 ----a-w C:\WINDOWS\system32\odbc32gt.dll
- 2001-08-18 18:00:00 32,768 ----a-w C:\WINDOWS\system32\odbcad32.exe
+ 2002-08-29 10:41:28 32,768 ----a-w C:\WINDOWS\system32\odbcad32.exe
- 2001-08-18 18:00:00 24,576 ----a-w C:\WINDOWS\system32\odbcbcp.dll
+ 2002-08-29 10:41:10 24,576 ----a-w C:\WINDOWS\system32\odbcbcp.dll
- 2001-08-18 18:00:00 122,880 ----a-w C:\WINDOWS\system32\odbcconf.dll
+ 2002-08-29 10:41:10 122,880 ----a-w C:\WINDOWS\system32\odbcconf.dll
- 2001-08-18 18:00:00 53,248 ----a-w C:\WINDOWS\system32\odbcconf.exe
+ 2002-08-29 10:41:28 53,248 ----a-w C:\WINDOWS\system32\odbcconf.exe
- 2001-08-18 18:00:00 94,208 ----a-w C:\WINDOWS\system32\odbccp32.dll
+ 2002-08-29 10:41:10 94,208 ----a-w C:\WINDOWS\system32\odbccp32.dll
- 2001-08-18 18:00:00 61,440 ----a-w C:\WINDOWS\system32\odbccr32.dll
+ 2002-08-29 10:41:10 61,440 ----a-w C:\WINDOWS\system32\odbccr32.dll
- 2001-08-18 18:00:00 61,440 ----a-w C:\WINDOWS\system32\odbccu32.dll
+ 2002-08-29 10:41:10 61,440 ----a-w C:\WINDOWS\system32\odbccu32.dll
- 2001-08-18 18:00:00 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
+ 2002-08-29 10:39:36 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
- 2001-08-18 18:00:00 147,456 ----a-w C:\WINDOWS\system32\odbctrac.dll
+ 2002-08-29 10:41:10 147,456 ----a-w C:\WINDOWS\system32\odbctrac.dll
- 2001-08-18 18:00:00 102,400 ----a-w C:\WINDOWS\system32\offfilt.dll
+ 2002-08-29 10:41:10 109,568 ----a-w C:\WINDOWS\system32\offfilt.dll
- 2001-08-18 18:00:00 1,141,248 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2002-08-29 10:41:10 1,169,920 ----a-w C:\WINDOWS\system32\ole32.dll
- 2001-08-18 18:00:00 569,344 ------w C:\WINDOWS\system32\oleaut32.dll
+ 2002-08-29 10:41:10 569,344 ------w C:\WINDOWS\system32\oleaut32.dll
- 2001-08-18 18:00:00 98,304 ----a-w C:\WINDOWS\system32\oleprn.dll
+ 2002-08-29 10:41:10 98,304 ----a-w C:\WINDOWS\system32\oleprn.dll
- 2001-08-18 10:00:00 107,008 ----a-w C:\WINDOWS\system32\oobe\msobcomm.dll
+ 2002-08-29 10:41:06 112,128 ----a-w C:\WINDOWS\system32\oobe\msobcomm.dll
- 2001-08-18 10:00:00 532,480 ----a-w C:\WINDOWS\system32\oobe\msobmain.dll
+ 2002-08-29 10:41:06 536,576 ----a-w C:\WINDOWS\system32\oobe\msobmain.dll
- 2001-08-18 10:00:00 49,664 ----a-w C:\WINDOWS\system32\oobe\oobebaln.exe
+ 2002-08-29 10:41:28 49,664 ----a-w C:\WINDOWS\system32\oobe\oobebaln.exe
- 2001-08-18 18:00:00 685,568 ----a-w C:\WINDOWS\system32\opengl32.dll
+ 2002-08-29 10:41:10 686,080 ----a-w C:\WINDOWS\system32\opengl32.dll
- 2001-08-18 18:00:00 212,480 ----a-w C:\WINDOWS\system32\osk.exe
+ 2002-08-29 10:41:28 212,480 ----a-w C:\WINDOWS\system32\osk.exe
- 2001-08-18 18:00:00 52,224 ----a-w C:\WINDOWS\system32\packager.exe
+ 2002-08-29 10:41:28 53,248 ----a-w C:\WINDOWS\system32\packager.exe
- 2001-08-18 18:00:00 58,368 ----a-w C:\WINDOWS\system32\pautoenr.dll
+ 2002-08-29 10:41:10 58,880 ----a-w C:\WINDOWS\system32\pautoenr.dll
- 2001-08-18 18:00:00 250,880 ----a-w C:\WINDOWS\system32\pdh.dll
+ 2002-08-29 10:41:10 254,976 ----a-w C:\WINDOWS\system32\pdh.dll
- 2008-05-02 15:45:28 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-10 15:59:36 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-02 15:45:28 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-10 15:59:36 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2001-08-18 18:00:00 27,136 ----a-w C:\WINDOWS\system32\pidgen.dll
+ 2002-08-29 08:08:22 27,648 ----a-w C:\WINDOWS\system32\pidgen.dll
- 2001-08-18 18:00:00 14,848 ----a-w C:\WINDOWS\system32\ping.exe
+ 2002-08-29 10:41:28 16,384 ----a-w C:\WINDOWS\system32\ping.exe
- 2001-08-18 18:00:00 30,208 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2002-08-29 10:41:10 34,304 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2001-08-18 18:00:00 522,240 ----a-w C:\WINDOWS\system32\printui.dll
+ 2002-08-29 10:41:10 522,240 ----a-w C:\WINDOWS\system32\printui.dll
- 2001-08-18 18:00:00 17,408 ----a-w C:\WINDOWS\system32\psapi.dll
+ 2002-08-29 10:41:10 17,408 ----a-w C:\WINDOWS\system32\psapi.dll
- 2001-08-18 18:00:00 82,944 ----a-w C:\WINDOWS\system32\psbase.dll
+ 2002-08-29 10:41:10 82,944 ----a-w C:\WINDOWS\system32\psbase.dll
- 2001-08-18 18:00:00 214,528 ----a-w C:\WINDOWS\system32\rasapi32.dll
+ 2002-08-29 10:41:10 217,088 ----a-w C:\WINDOWS\system32\rasapi32.dll
- 2001-08-18 18:00:00 34,304 ----a-w C:\WINDOWS\system32\raschap.dll
+ 2002-08-29 10:41:10 57,856 ----a-w C:\WINDOWS\system32\raschap.dll
- 2001-08-18 18:00:00 630,784 ----a-w C:\WINDOWS\system32\rasdlg.dll
+ 2002-08-29 10:41:10 631,808 ----a-w C:\WINDOWS\system32\rasdlg.dll
- 2001-08-18 18:00:00 55,808 ----a-w C:\WINDOWS\system32\rasman.dll
+ 2002-08-29 10:41:10 55,808 ----a-w C:\WINDOWS\system32\rasman.dll
- 2001-08-18 18:00:00 159,744 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2002-08-29 10:41:10 158,720 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2001-08-18 18:00:00 193,536 ----a-w C:\WINDOWS\system32\rasppp.dll
+ 2002-08-29 10:41:10 193,536 ----a-w C:\WINDOWS\system32\rasppp.dll
- 2001-08-18 18:00:00 13,824 ----a-w C:\WINDOWS\system32\rassapi.dll
+ 2002-08-29 10:41:10 13,824 ----a-w C:\WINDOWS\system32\rassapi.dll
- 2001-08-18 18:00:00 53,760 ----a-w C:\WINDOWS\system32\rastapi.dll
+ 2002-08-29 10:41:10 54,272 ----a-w C:\WINDOWS\system32\rastapi.dll
- 2001-08-18 18:00:00 52,224 ----a-w C:\WINDOWS\system32\rastls.dll
+ 2002-08-29 10:41:10 91,136 ----a-w C:\WINDOWS\system32\rastls.dll
- 2001-08-18 18:00:00 34,304 ----a-w C:\WINDOWS\system32\rcimlby.exe
+ 2002-08-29 10:41:28 34,304 ----a-w C:\WINDOWS\system32\rcimlby.exe
- 2001-08-18 10:00:00 134,656 ----a-w C:\WINDOWS\system32\rdchost.dll
+ 2002-08-29 10:41:10 135,680 ----a-w C:\WINDOWS\system32\rdchost.dll
- 2001-08-18 10:00:00 41,984 ----a-w C:\WINDOWS\system32\rdpclip.exe
+ 2002-08-29 10:41:28 44,032 ----a-w C:\WINDOWS\system32\rdpclip.exe
- 2001-08-18 18:00:00 87,048 ----a-w C:\WINDOWS\system32\rdpdd.dll
+ 2002-08-29 10:46:44 87,304 ----a-w C:\WINDOWS\system32\rdpdd.dll
- 2001-08-18 10:00:00 14,848 ----a-w C:\WINDOWS\system32\rdpsnd.dll
+ 2002-08-29 10:41:10 14,848 ----a-w C:\WINDOWS\system32\rdpsnd.dll
- 2001-08-18 10:00:00 73,864 ----a-w C:\WINDOWS\system32\rdpwsx.dll
+ 2002-08-29 10:46:44 75,912 ----a-w C:\WINDOWS\system32\rdpwsx.dll
- 2001-08-18 10:00:00 12,288 ----a-w C:\WINDOWS\system32\rdsaddin.exe
+ 2002-08-29 10:41:28 12,288 ----a-w C:\WINDOWS\system32\rdsaddin.exe
- 2001-08-18 18:00:00 3,338 ----a-w C:\WINDOWS\system32\redir.exe
+ 2002-08-29 04:24:16 3,338 ----a-w C:\WINDOWS\system32\redir.exe
- 2001-08-18 18:00:00 48,128 ----a-w C:\WINDOWS\system32\reg.exe
+ 2002-08-29 10:41:28 48,128 ----a-w C:\WINDOWS\system32\reg.exe
- 2001-08-18 18:00:00 44,032 ----a-w C:\WINDOWS\system32\regapi.dll
+ 2002-08-29 10:41:10 44,032 ----a-w C:\WINDOWS\system32\regapi.dll
- 2001-08-18 10:00:00 56,320 ----a-w C:\WINDOWS\system32\remotepg.dll
+ 2002-08-29 10:41:10 56,320 ----a-w C:\WINDOWS\system32\remotepg.dll
- 2001-08-18 10:00:00 366,080 ----a-w C:\WINDOWS\system32\Restore\rstrui.exe
+ 2002-08-29 10:41:28 370,688 ----a-w C:\WINDOWS\system32\Restore\rstrui.exe
- 2001-08-18 18:00:00 426,496 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2002-08-29 10:41:10 423,424 ----a-w C:\WINDOWS\system32\riched20.dll
- 2001-08-18 18:00:00 35,840 ----a-w C:\WINDOWS\system32\rshx32.dll
+ 2002-08-29 10:41:10 36,352 ----a-w C:\WINDOWS\system32\rshx32.dll
- 2001-08-18 18:00:00 54,784 ----a-w C:\WINDOWS\system32\samlib.dll
+ 2002-08-29 10:41:12 54,784 ----a-w C:\WINDOWS\system32\samlib.dll
- 2001-08-18 18:00:00 19,456 ----a-w C:\WINDOWS\system32\savedump.exe
+ 2002-08-29 10:41:28 19,456 ----a-w C:\WINDOWS\system32\savedump.exe
- 2001-08-18 18:00:00 133,632 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2002-08-29 10:41:12 136,704 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2002-04-11 00:18:00 4,573 ------w C:\WINDOWS\system32\secupd.dat
- 2001-08-18 10:00:00 130,048 ----a-w C:\WINDOWS\system32\sessmgr.exe
+ 2002-08-29 10:41:28 129,024 ----a-w C:\WINDOWS\system32\sessmgr.exe
- 2001-08-18 18:00:00 32,828 ----a-w C:\WINDOWS\system32\Setup\fp40ext.dll
+ 2002-08-29 10:40:54 32,828 ----a-w C:\WINDOWS\system32\Setup\fp40ext.dll
- 2001-08-18 18:00:00 122,368 ----a-w C:\WINDOWS\system32\Setup\fxsocm.dll
+ 2002-08-29 10:40:56 122,880 ----a-w C:\WINDOWS\system32\Setup\fxsocm.dll
- 2001-08-18 18:00:00 468,480 ------w C:\WINDOWS\system32\Setup\iis.dll
+ 2002-08-29 10:40:56 468,480 ------w C:\WINDOWS\system32\Setup\iis.dll
- 2001-08-18 18:00:00 24,606 ----a-w C:\WINDOWS\system32\Setup\msgrocm.dll
+ 2002-08-29 10:41:04 57,374 ----a-w C:\WINDOWS\system32\Setup\msgrocm.dll
- 2001-08-18 18:00:00 71,168 ----a-w C:\WINDOWS\system32\Setup\netoc.dll
+ 2002-08-29 10:41:08 71,168 ----a-w C:\WINDOWS\system32\Setup\netoc.dll
- 2001-08-18 18:00:00 11,776 ----a-w C:\WINDOWS\system32\Setup\ocgen.dll
+ 2002-08-29 10:41:10 12,800 ----a-w C:\WINDOWS\system32\Setup\ocgen.dll
- 2001-08-18 18:00:00 36,864 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll
+ 2002-08-29 10:39:36 40,960 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll
- 2001-08-18 18:00:00 96,768 ----a-w C:\WINDOWS\system32\Setup\setupqry.dll
+ 2002-08-29 10:41:12 99,328 ----a-w C:\WINDOWS\system32\Setup\setupqry.dll
- 2001-08-18 18:00:00 99,840 ----a-w C:\WINDOWS\system32\Setup\tsoc.dll
+ 2002-08-29 10:41:18 113,664 ----a-w C:\WINDOWS\system32\Setup\tsoc.dll
- 2001-08-18 18:00:00 922,624 ----a-w C:\WINDOWS\system32\setupapi.dll
+ 2002-08-29 10:41:12 932,864 ----a-w C:\WINDOWS\system32\setupapi.dll
- 2001-08-18 18:00:00 132,608 ----a-w C:\WINDOWS\system32\sfc_os.dll
+ 2002-08-29 10:41:12 133,120 ----a-w C:\WINDOWS\system32\sfc_os.dll
- 2001-08-18 18:00:00 1,562,112 ----a-w C:\WINDOWS\system32\sfcfiles.dll
+ 2002-08-29 10:41:12 1,157,632 ----a-w C:\WINDOWS\system32\sfcfiles.dll
- 2001-08-18 18:00:00 1,338,880 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2002-08-29 10:41:12 1,341,440 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2001-08-18 18:00:00 8,222,208 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2002-08-29 10:41:12 8,336,384 ----a-w C:\WINDOWS\system32\shell32.dll
- 2001-08-18 18:00:00 397,824 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2002-08-29 10:41:12 401,920 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2001-08-18 18:00:00 21,504 ----a-w C:\WINDOWS\system32\shmgrate.exe
+ 2002-08-29 10:41:28 33,280 ----a-w C:\WINDOWS\system32\shmgrate.exe
- 2001-08-18 18:00:00 114,688 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2002-08-29 10:41:12 116,224 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2001-08-18 18:00:00 11,776 ----a-w C:\WINDOWS\system32\sigtab.dll
+ 2002-08-29 10:41:12 11,776 ----a-w C:\WINDOWS\system32\sigtab.dll
- 2001-08-18 18:00:00 66,048 ----a-w C:\WINDOWS\system32\sigverif.exe
+ 2002-08-29 10:41:28 66,048 ----a-w C:\WINDOWS\system32\sigverif.exe
- 2001-08-18 18:00:00 24,064 ----a-w C:\WINDOWS\system32\skeys.exe
+ 2002-08-29 10:41:28 24,064 ----a-w C:\WINDOWS\system32\skeys.exe
- 2001-08-18 18:00:00 22,016 ----a-w C:\WINDOWS\system32\slayerxp.dll
+ 2002-08-29 10:41:12 22,528 ----a-w C:\WINDOWS\system32\slayerxp.dll
- 2001-08-18 18:00:00 332,288 ----a-w C:\WINDOWS\system32\smlogcfg.dll
+ 2002-08-29 10:41:12 334,848 ----a-w C:\WINDOWS\system32\smlogcfg.dll
- 2001-08-18 18:00:00 86,016 ----a-w C:\WINDOWS\system32\smlogsvc.exe
+ 2002-08-29 10:41:28 82,944 ----a-w C:\WINDOWS\system32\smlogsvc.exe
- 2001-08-18 18:00:00 45,568 ----a-w C:\WINDOWS\system32\smss.exe
+ 2002-08-29 10:41:28 45,568 ----a-w C:\WINDOWS\system32\smss.exe
- 2001-08-18 18:00:00 16,896 ----a-w C:\WINDOWS\system32\snmpapi.dll
+ 2002-08-29 10:41:14 16,896 ----a-w C:\WINDOWS\system32\snmpapi.dll
- 2001-08-18 10:00:00 534,016 ----a-w C:\WINDOWS\system32\spider.exe
+ 2002-08-29 10:41:28 534,016 ----a-w C:\WINDOWS\system32\spider.exe
- 2001-08-18 18:00:00 66,560 ----a-w C:\WINDOWS\system32\spoolss.dll
+ 2002-08-29 10:41:14 66,560 ----a-w C:\WINDOWS\system32\spoolss.dll
- 2001-08-18 18:00:00 356,352 ----a-w C:\WINDOWS\system32\sqlsrv32.dll
+ 2002-08-08 01:25:02 385,024 ----a-w C:\WINDOWS\system32\sqlsrv32.dll
- 2001-08-18 18:00:00 927,232 ----a-w C:\WINDOWS\system32\syssetup.dll
+ 2002-08-29 10:41:18 938,496 ----a-w C:\WINDOWS\system32\syssetup.dll
- 2001-08-18 18:00:00 383,488 ----a-w C:\WINDOWS\system32\themeui.dll
+ 2002-08-29 10:41:18 384,000 ----a-w C:\WINDOWS\system32\themeui.dll
- 2001-08-18 18:00:00 9,728 ----a-w C:\WINDOWS\system32\tracert.exe
+ 2002-08-29 10:41:28 10,752 ----a-w C:\WINDOWS\system32\tracert.exe
- 2001-08-18 18:00:00 80,384 ----a-w C:\WINDOWS\system32\trkwks.dll
+ 2002-08-29 10:41:18 81,920 ----a-w C:\WINDOWS\system32\trkwks.dll
- 2001-08-18 10:00:00 88,576 ----a-w C:\WINDOWS\system32\tscfgwmi.dll
+ 2002-08-29 10:41:18 88,064 ----a-w C:\WINDOWS\system32\tscfgwmi.dll
- 2001-08-18 10:00:00 40,448 ----a-w C:\WINDOWS\system32\tscupgrd.exe
+ 2002-08-29 08:40:46 40,960 ----a-w C:\WINDOWS\system32\tscupgrd.exe
- 2001-08-18 18:00:00 21,504 ----a-w C:\WINDOWS\system32\udhisapi.dll
+ 2002-08-29 10:41:18 22,016 ----a-w C:\WINDOWS\system32\udhisapi.dll
- 2001-08-18 18:00:00 31,744 ----a-w C:\WINDOWS\system32\umandlg.dll
+ 2002-08-29 10:41:18 32,256 ----a-w C:\WINDOWS\system32\umandlg.dll
- 2001-08-18 18:00:00 105,472 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2002-08-29 10:41:18 107,008 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2001-08-18 18:00:00 302,080 ----a-w C:\WINDOWS\system32\untfs.dll
+ 2002-08-29 10:41:18 302,080 ----a-w C:\WINDOWS\system32\untfs.dll
- 2001-08-18 18:00:00 119,808 ----a-w C:\WINDOWS\system32\upnp.dll
+ 2002-08-29 10:41:18 120,320 ----a-w C:\WINDOWS\system32\upnp.dll
- 2001-08-18 18:00:00 162,816 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2002-08-29 10:41:18 164,864 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2001-08-18 18:00:00 231,424 ----a-w C:\WINDOWS\system32\upnpui.dll
+ 2002-08-29 10:41:18 231,424 ----a-w C:\WINDOWS\system32\upnpui.dll
- 2001-08-18 18:00:00 16,384 ----a-w C:\WINDOWS\system32\ups.exe
+ 2002-08-29 10:41:28 16,384 ----a-w C:\WINDOWS\system32\ups.exe
- 2001-08-18 18:00:00 109,568 ----a-w C:\WINDOWS\system32\url.dll
+ 2002-08-29 10:41:18 106,496 ----a-w C:\WINDOWS\system32\url.dll
- 2001-08-18 18:00:00 452,096 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2002-08-29 10:41:18 455,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2001-08-18 18:00:00 561,152 ----a-w C:\WINDOWS\system32\user32.dll
+ 2002-08-29 10:41:18 560,128 ----a-w C:\WINDOWS\system32\user32.dll
- 2001-08-18 18:00:00 656,896 ----a-w C:\WINDOWS\system32\userenv.dll
+ 2002-08-29 10:41:18 667,136 ----a-w C:\WINDOWS\system32\userenv.dll
- 2001-08-18 18:00:00 21,504 ----a-w C:\WINDOWS\system32\userinit.exe
+ 2002-08-29 10:41:28 22,016 ----a-w C:\WINDOWS\system32\userinit.exe
- 2001-08-18 18:00:00 113,664 ----a-w C:\WINDOWS\system32\usmt\guitrn.dll
+ 2002-08-29 10:40:56 114,688 ----a-w C:\WINDOWS\system32\usmt\guitrn.dll
- 2001-08-18 18:00:00 100,864 ----a-w C:\WINDOWS\system32\usmt\guitrn_a.dll
+ 2002-08-29 10:40:56 100,352 ----a-w C:\WINDOWS\system32\usmt\guitrn_a.dll
- 2001-08-18 18:00:00 16,896 ----a-w C:\WINDOWS\system32\usmt\log.dll
+ 2002-08-29 10:41:00 17,408 ----a-w C:\WINDOWS\system32\usmt\log.dll
- 2001-08-18 18:00:00 185,344 ----a-w C:\WINDOWS\system32\usmt\migism.dll
+ 2002-08-29 10:41:00 179,200 ----a-w C:\WINDOWS\system32\usmt\migism.dll
- 2001-08-18 18:00:00 179,200 ----a-w C:\WINDOWS\system32\usmt\migism_a.dll
+ 2002-08-29 10:41:00 170,496 ----a-w C:\WINDOWS\system32\usmt\migism_a.dll
- 2001-08-18 18:00:00 98,816 ----a-w C:\WINDOWS\system32\usmt\migload.exe
+ 2002-08-29 10:41:26 98,816 ----a-w C:\WINDOWS\system32\usmt\migload.exe
- 2001-08-18 18:00:00 230,400 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
+ 2002-08-29 10:41:26 230,400 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe
- 2001-08-18 18:00:00 226,816 ----a-w C:\WINDOWS\system32\usmt\migwiz_a.exe
+ 2002-08-29 10:41:26 226,816 ----a-w C:\WINDOWS\system32\usmt\migwiz_a.exe
- 2001-08-18 18:00:00 186,368 ----a-w C:\WINDOWS\system32\usmt\script.dll
+ 2002-08-29 10:41:12 173,056 ----a-w C:\WINDOWS\system32\usmt\script.dll
- 2001-08-18 18:00:00 167,424 ----a-w C:\WINDOWS\system32\usmt\script_a.dll
+ 2002-08-29 10:41:12 158,720 ----a-w C:\WINDOWS\system32\usmt\script_a.dll
- 2001-08-18 18:00:00 141,312 ----a-w C:\WINDOWS\system32\usmt\sysmod.dll
+ 2002-08-29 10:41:18 141,312 ----a-w C:\WINDOWS\system32\usmt\sysmod.dll
- 2001-08-18 18:00:00 130,560 ----a-w C:\WINDOWS\system32\usmt\sysmod_a.dll
+ 2002-08-29 10:41:18 130,048 ----a-w C:\WINDOWS\system32\usmt\sysmod_a.dll
- 2001-08-18 18:00:00 339,456 ----a-w C:\WINDOWS\system32\usp10.dll
+ 2002-08-29 10:41:18 339,456 ----a-w C:\WINDOWS\system32\usp10.dll
- 2001-08-18 18:00:00 46,592 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2002-08-29 10:41:28 47,616 ----a-w C:\WINDOWS\system32\utilman.exe
- 2001-08-18 18:00:00 202,752 ----a-w C:\WINDOWS\system32\uxtheme.dll
+ 2002-08-29 10:41:18 203,264 ----a-w C:\WINDOWS\system32\uxtheme.dll
- 2001-08-18 18:00:00 479,261 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2002-08-29 10:41:18 479,261 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2001-08-18 18:00:00 48,640 ----a-w C:\WINDOWS\system32\vdmredir.dll
+ 2002-08-29 10:41:18 48,640 ----a-w C:\WINDOWS\system32\vdmredir.dll
- 2001-08-18 04:36:34 49,664 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
+ 2002-08-29 10:41:18 49,664 ----a-w C:\WINDOWS\system32\vfwwdm32.dll
- 2001-08-18 18:00:00 409,088 ----a-w C:\WINDOWS\system32\vssapi.dll
+ 2002-08-29 10:41:18 409,088 ----a-w C:\WINDOWS\system32\vssapi.dll
- 2001-08-18 18:00:00 165,376 ----a-w C:\WINDOWS\system32\w32time.dll
+ 2002-08-29 10:41:18 165,376 ----a-w C:\WINDOWS\system32\w32time.dll
- 2001-08-18 18:00:00 14,592 ----a-w C:\WINDOWS\system32\watchdog.sys
+ 2002-08-29 08:32:22 16,384 ----a-w C:\WINDOWS\system32\watchdog.sys
- 2001-08-18 10:00:00 1,266,688 ----a-w C:\WINDOWS\system32\wbem\cimwin32.dll
+ 2002-08-29 10:40:50 1,267,712 ----a-w C:\WINDOWS\system32\wbem\cimwin32.dll
- 2001-08-18 10:00:00 235,520 ----a-w C:\WINDOWS\system32\wbem\esscli.dll
+ 2002-08-29 10:40:52 235,520 ----a-w C:\WINDOWS\system32\wbem\esscli.dll
- 2001-08-18 18:00:00 19,456 ----a-w C:\WINDOWS\system32\wbem\evntrprv.dll
+ 2002-08-29 10:40:52 19,456 ----a-w C:\WINDOWS\system32\wbem\evntrprv.dll
- 2001-08-18 10:00:00 585,216 ----a-w C:\WINDOWS\system32\wbem\fastprox.dll
+ 2002-08-29 10:40:54 565,248 ----a-w C:\WINDOWS\system32\wbem\fastprox.dll
- 2001-08-18 10:00:00 14,336 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe
+ 2002-08-29 10:41:26 15,360 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe
- 2001-08-18 10:00:00 104,960 ----a-w C:\WINDOWS\system32\wbem\mofd.dll
+ 2002-08-29 10:41:00 104,960 ----a-w C:\WINDOWS\system32\wbem\mofd.dll
- 2001-08-18 10:00:00 60,928 ----a-w C:\WINDOWS\system32\wbem\ncprov.dll
+ 2002-08-29 10:41:08 60,416 ----a-w C:\WINDOWS\system32\wbem\ncprov.dll
- 2001-08-18 10:00:00 137,216 ----a-w C:\WINDOWS\system32\wbem\repdrvfs.dll
+ 2002-08-29 10:41:10 138,240 ----a-w C:\WINDOWS\system32\wbem\repdrvfs.dll
- 2001-08-18 10:00:00 80,896 ----a-w C:\WINDOWS\system32\wbem\stdprov.dll
+ 2002-08-29 10:41:18 80,896 ----a-w C:\WINDOWS\system32\wbem\stdprov.dll
- 2001-08-18 10:00:00 214,528 ----a-w C:\WINDOWS\system32\wbem\wbemcomn.dll
+ 2002-08-29 10:41:18 215,040 ----a-w C:\WINDOWS\system32\wbem\wbemcomn.dll
- 2001-08-18 10:00:00 477,184 ----a-w C:\WINDOWS\system32\wbem\wbemcore.dll
+ 2002-08-29 10:41:18 480,256 ----a-w C:\WINDOWS\system32\wbem\wbemcore.dll
- 2001-08-18 10:00:00 259,072 ----a-w C:\WINDOWS\system32\wbem\wbemess.dll
+ 2002-08-29 10:41:18 259,072 ----a-w C:\WINDOWS\system32\wbem\wbemess.dll
- 2001-08-18 10:00:00 28,160 ----a-w C:\WINDOWS\system32\wbem\wbemprox.dll
+ 2002-08-29 10:41:18 28,160 ----a-w C:\WINDOWS\system32\wbem\wbemprox.dll
- 2001-08-18 10:00:00 106,496 ----a-w C:\WINDOWS\system32\wbem\wbemupgd.dll
+ 2002-08-29 10:41:18 111,104 ----a-w C:\WINDOWS\system32\wbem\wbemupgd.dll
- 2001-08-18 10:00:00 55,808 ----a-w C:\WINDOWS\system32\wbem\wmicookr.dll
+ 2002-08-29 10:41:18 55,808 ----a-w C:\WINDOWS\system32\wbem\wmicookr.dll
- 2001-08-18 10:00:00 138,752 ----a-w C:\WINDOWS\system32\wbem\wmidcprv.dll
+ 2002-08-29 10:41:18 138,752 ----a-w C:\WINDOWS\system32\wbem\wmidcprv.dll
- 2001-08-18 10:00:00 149,504 ----a-w C:\WINDOWS\system32\wbem\wmipcima.dll
+ 2002-08-29 10:41:18 149,504 ----a-w C:\WINDOWS\system32\wbem\wmipcima.dll
- 2001-08-18 10:00:00 122,368 ----a-w C:\WINDOWS\system32\wbem\wmiprov.dll
+ 2002-08-29 10:41:18 122,368 ----a-w C:\WINDOWS\system32\wbem\wmiprov.dll
- 2001-08-18 10:00:00 407,040 ----a-w C:\WINDOWS\system32\wbem\wmiprvsd.dll
+ 2002-08-29 10:41:18 408,576 ----a-w C:\WINDOWS\system32\wbem\wmiprvsd.dll
- 2001-08-18 10:00:00 203,264 ----a-w C:\WINDOWS\system32\wbem\wmiprvse.exe
+ 2002-08-29 10:41:28 203,776 ----a-w C:\WINDOWS\system32\wbem\wmiprvse.exe
- 2001-08-18 10:00:00 38,912 ----a-w C:\WINDOWS\system32\wbem\wmipsess.dll
+ 2002-08-29 10:41:18 38,912 ----a-w C:\WINDOWS\system32\wbem\wmipsess.dll
- 2001-08-18 10:00:00 100,864 ----a-w C:\WINDOWS\system32\wbem\wmisvc.dll
+ 2002-08-29 10:41:18 101,376 ----a-w C:\WINDOWS\system32\wbem\wmisvc.dll
- 2001-08-18 10:00:00 95,744 ----a-w C:\WINDOWS\system32\wbem\wmiutils.dll
+ 2002-08-29 10:41:18 96,256 ----a-w C:\WINDOWS\system32\wbem\wmiutils.dll
- 2001-08-18 18:00:00 258,560 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2002-08-29 10:41:18 258,048 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2001-08-18 18:00:00 61,440 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2002-08-29 10:41:18 61,952 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2001-08-18 18:00:00 124,928 ----a-w C:\WINDOWS\system32\webvw.dll
+ 2002-08-29 10:41:18 124,928 ----a-w C:\WINDOWS\system32\webvw.dll
- 2001-08-18 18:00:00 60,416 ----a-w C:\WINDOWS\system32\wextract.exe
+ 2002-08-29 10:41:28 60,416 ----a-w C:\WINDOWS\system32\wextract.exe
- 2001-08-18 18:00:00 118,272 ----a-w C:\WINDOWS\system32\wiadss.dll
+ 2002-08-29 10:41:18 119,808 ----a-w C:\WINDOWS\system32\wiadss.dll
- 2001-08-18 18:00:00 314,368 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2002-08-29 10:41:18 316,416 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2001-08-18 18:00:00 1,670,912 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2002-08-29 09:14:20 1,813,632 ----a-w C:\WINDOWS\system32\win32k.sys
- 2001-08-18 18:00:00 95,232 ----a-w C:\WINDOWS\system32\win32spl.dll
+ 2002-08-29 10:41:18 99,328 ----a-w C:\WINDOWS\system32\win32spl.dll
+ 2002-08-29 08:09:00 403,456 ------w C:\WINDOWS\system32\winbrand.dll
- 2001-08-18 18:00:00 593,920 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2002-08-29 10:41:18 599,040 ----a-w C:\WINDOWS\system32\wininet.dll
- 2001-08-18 18:00:00 429,056 ----a-w C:\WINDOWS\system32\winlogon.exe
+ 2002-08-29 10:41:28 516,608 ----a-w C:\WINDOWS\system32\winlogon.exe
- 2001-08-18 18:00:00 170,496 ----a-w C:\WINDOWS\system32\winmm.dll
+ 2002-08-29 10:41:18 171,520 ----a-w C:\WINDOWS\system32\winmm.dll
- 2001-08-18 18:00:00 131,584 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2002-08-29 10:41:32 132,096 ----a-w C:\WINDOWS\system32\winspool.drv
- 2001-08-18 18:00:00 275,968 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2002-08-29 10:41:18 276,480 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2001-08-18 18:00:00 47,104 ----a-w C:\WINDOWS\system32\winsta.dll
+ 2002-08-29 10:41:18 48,128 ----a-w C:\WINDOWS\system32\winsta.dll
- 2001-08-18 18:00:00 167,936 ----a-w C:\WINDOWS\system32\wldap32.dll
+ 2002-08-29 10:41:18 168,448 ----a-w C:\WINDOWS\system32\wldap32.dll
- 2001-08-18 18:00:00 86,016 ----a-w C:\WINDOWS\system32\wlnotify.dll
+ 2002-08-29 10:41:18 86,528 ----a-w C:\WINDOWS\system32\wlnotify.dll
- 2001-08-18 18:00:00 51,200 ----a-w C:\WINDOWS\system32\wmerrenu.dll
+ 2002-08-29 10:39:24 51,200 ----a-w C:\WINDOWS\system32\wmerrenu.dll
- 2001-08-18 18:00:00 253,952 ----a-w C:\WINDOWS\system32\wmpcd.dll
+ 2002-08-29 10:41:18 253,952 ----a-w C:\WINDOWS\system32\wmpcd.dll
+ 2002-08-29 10:41:20 1,677,312 ------w C:\WINDOWS\system32\wmvcore2.dll
+ 2002-08-29 08:03:28 187,904 ------w C:\WINDOWS\system32\xpsp1res.dll
- 2001-08-18 18:00:00 317,952 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2002-08-29 10:41:20 316,416 ----a-w C:\WINDOWS\system32\zipfldr.dll
- 2001-08-18 18:00:00 266,752 ----a-w C:\WINDOWS\winhlp32.exe
+ 2002-08-29 10:41:28 266,752 ----a-w C:\WINDOWS\winhlp32.exe
+ 2002-08-29 09:41:32 921,600 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
+ 2002-08-29 09:41:32 50,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcirt.dll
+ 2002-08-29 09:41:32 323,072 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll
+ 2002-08-29 09:41:32 1,703,936 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 04:41 1511453]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-20 05:18 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-24 20:17 98304]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 13:12 2061816]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 11:55 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 11:51 118784]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-28 19:02 198184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iZone Monitor.lnk - C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe [2007-11-01 17:01:14 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastAccess Help]
--a------ 2007-10-03 08:19 108421 C:\Program Files\BellSouth Application Management\content\..\Start.exe

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-01-28 14:56]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\System32\Drivers\Ca536av.sys [2004-06-29 21:21]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\System32\DRIVERS\mr97310v.sys [2004-03-30 11:29]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 11:53]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 11:53]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\System32\Drivers\Bulk536.sys [2003-05-14 23:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-01 23:46:40 C:\WINDOWS\Tasks\System Restore.job"
- C:\WINDOWS\system32\Restore\rstrui.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 13:17:07
Windows 5.1.2600 Service Pack 1 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
.
**************************************************************************
.
Completion time: 2008-05-11 13:17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-11 19:17:48
ComboFix3.txt 2008-05-09 18:21:18
ComboFix2.txt 2008-05-10 07:12:28

Pre-Run: 19,842,777,088 bytes free
Post-Run: 19,841,908,736 bytes free

2078

ccogswel · May 11, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:53 PM, on 5/11/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.forums.spybot.info
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3B48A7-1C39-43AD-9D30-353181A238A5}: NameServer = 207.69.188.187 207.69.188.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C3B48A7-1C39-43AD-9D30-353181A238A5}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 3924 bytes

Blade81 · May 12, 2008

Hi

Looking better

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\system32\clbcfg.dat

Save this as
CFScript

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Please run an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, click Yes.

The program will launch and start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings and select the following:

Scan using the following Anti-Virus database:

Extended (If available, otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK.
Under
select a target to scan
, select My Computer.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

Once the scan is complete:

Click on the Save as Text button.
Save the file to your desktop.
Copy and paste that information into your next post if the AV content will fit into one post only. Post a fresh hjt (and above meantioned ComboFix resultant log) too.
If the results of the anti virus scan itself will take more than one post to contain, you may upload it to http://rapidshare.com

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

After those please download the Registry Search tool by clicking on the
hard drive
icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for clbdriver.sys and click OK. Post the logfile from the tool here for me. Repeat search with this clbImageData string.

Oh do I have problems

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

New member

New member

New member

Security Expert: Emeritus