Here is my original thread i created ---- http://forum.pirifor...showtopic=19830 i have not done the next step.
anyway, as instructed by Rorschach112, i was doing the SDFix's RunThis.bat on safe mode but its taking a long time and i want to know if thats how long it should take. i ran it around 9pm last night and until today (the next day) its still saying "reparing..." with cursor blinking. now i am at work and left it running, hoping its done by the time i come home.
Is that normal or should I try something else?
BTW the infection became worse. pop-ups are more frequent, and Avira keeps on detecting bad files and viruses NON-stop, it has drastically slowed down and makes it hard to do anything especially downloading the antivirus programs.
Can you help please? Thank you and hooray! for the new president!
1
HELP My help thread has been locked
Started by madeinjapan, Jan 21 2009 05:04 PM
-
This topic is locked
29 replies to this topic
#2 OFFLINE
-
- Members
-
- 34 posts
Member
Posted 22 January 2009 - 02:19 AM
so yeah, i dont think SDFix is working, it has not finished after a day. What do i do now? can anyone help please?
#3 OFFLINE
-
- Moderators
-
- 1,029 posts
Power Member
Posted 22 January 2009 - 03:53 PM
Run ComboFix
By the power of truth, I, while living, have conquered the universe.
~Scratch~
~Scratch~
#4 OFFLINE
-
- Members
-
- 34 posts
Member
Posted 23 January 2009 - 04:19 AM
OK thanks! heres the combofix log file -------
ComboFix 09-01-21.04 - HP_Administrator 2009-01-22 19:58:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1331 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Administrator\Application Data\.rdr.ini
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\LocalService\Application Data\.rdr.ini
c:\temp\17o7
c:\temp\17o7\tmpTF.log
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\system32\alevoguz.ini
c:\windows\system32\alomosah.ini
c:\windows\system32\bavadobu.dll
c:\windows\system32\beyszu.dll
c:\windows\system32\config\systemprofile\application data\.rdr.ini
c:\windows\system32\digezuru.dll
c:\windows\system32\donojawi.dll
c:\windows\system32\edodovej.ini
c:\windows\system32\ewijaneg.ini
c:\windows\system32\fadateta.dll
c:\windows\system32\fayivani.dll
c:\windows\system32\fesufima.dll
c:\windows\system32\gawajaso.dll
c:\windows\system32\genajiwe.dll
c:\windows\system32\gjjlm.ini
c:\windows\system32\gudaruma.dll
c:\windows\system32\gunawedi.dll
c:\windows\system32\hasomola.dll
c:\windows\system32\ikesulil.ini
c:\windows\system32\ilizilom.ini
c:\windows\system32\iwajonod.ini
c:\windows\system32\jajeluno.dll
c:\windows\system32\jasamohu.dll
c:\windows\system32\jenuhisu.dll
c:\windows\system32\jevodode.dll
c:\windows\system32\kawoyake.dll
c:\windows\system32\kayufegi.dll
c:\windows\system32\khfDvtUm.dll
c:\windows\system32\kibemole.dll
c:\windows\system32\kygxhh.dll
c:\windows\system32\ldmhsz.dll
c:\windows\system32\lfacpt.dll
c:\windows\system32\lugudaye.dll
c:\windows\system32\lxeasq.dll
c:\windows\system32\molizili.dll
c:\windows\system32\nesujofe.dll
c:\windows\system32\nrjulc.dll
c:\windows\system32\osajawag.ini
c:\windows\system32\pozowaha.dll.tmp
c:\windows\system32\pubufuhu.dll
c:\windows\system32\rzpldn.dll
c:\windows\system32\sadozile.dll
c:\windows\system32\savajama.dll
c:\windows\system32\seyomaju.dll
c:\windows\system32\tebudati.dll.tmp
c:\windows\system32\telezeva.dll
c:\windows\system32\tleayv.dll
c:\windows\system32\tpfqgk.dll
c:\windows\system32\ufvumc.dll
c:\windows\system32\uhiwosag.ini
c:\windows\system32\ulaguzof.ini
c:\windows\system32\ulivejit.ini
c:\windows\system32\vemisaba.dll
c:\windows\system32\viyiyini.dll
c:\windows\system32\wolijuke.dll.tmp
c:\windows\system32\wosawamu.dll
c:\windows\system32\x64
c:\windows\system32\yudaditu.dll
c:\windows\system32\zugovela.dll
c:\windows\Tasks\quhgliji.job
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_seneka
((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.
2009-01-21 19:14 . 2009-01-21 19:14 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-21 13:47 . 2009-01-21 13:47 2,098 ---hs---- c:\windows\system32\yodunika.exe
2009-01-20 20:21 . 2009-01-20 20:21 <DIR> d-------- c:\windows\ERUNT
2009-01-20 20:00 . 2009-01-21 18:05 <DIR> d-------- C:\SDFix
2009-01-10 06:53 . 2009-01-10 06:53 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-01-10 06:52 . 2009-01-10 06:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 06:52 . 2009-01-10 06:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-10 06:52 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 06:52 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 04:36 . 2009-01-10 04:36 <DIR> d-------- c:\program files\Avira
2009-01-10 04:36 . 2009-01-10 04:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-10 04:21 . 2009-01-10 04:21 <DIR> d-------- c:\program files\CCleaner
2009-01-10 04:21 . 2009-01-10 04:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-10 03:59 . 2009-01-10 03:59 <DIR> d-------- c:\windows\system32\tp2
2009-01-10 03:59 . 2009-01-10 03:59 <DIR> d-------- c:\windows\system32\enUZ
2009-01-10 03:59 . 2009-01-10 03:59 <DIR> d-------- c:\temp\tmp90
2009-01-10 03:59 . 2009-01-10 04:39 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\cogad
2009-01-08 23:37 . 2009-01-08 23:37 <DIR> d-------- c:\program files\Pcsx2_0.9.4
2009-01-08 20:13 . 2009-01-15 20:53 <DIR> d-------- c:\program files\DiskInternals
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 04:11 --------- d-----w c:\program files\Steam
2009-01-22 11:52 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-22 03:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-01-15 04:42 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2009-01-14 06:40 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\WholeSecurity
2009-01-14 01:56 --------- d-----w c:\program files\LogMeIn
2009-01-10 12:21 --------- d--h--r c:\documents and settings\HP_Administrator\Application Data\yahoo!
2009-01-09 23:00 --------- d-----w c:\program files\Norton Security Scan
2008-02-07 06:21 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-17 05:22 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-01-17 05:22 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-01-17 15:44 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-17 15:44 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-17 15:44 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-17 15:44 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-17 15:44 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2005-05-14 01:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 19:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-14 05:27 422,400 --sha-r c:\windows\x2.64.exe
2006-10-31 04:17 22 --sha-w c:\windows\SMINST\HPCD.sys
2005-10-08 03:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 20:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 23:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-22 06:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-25 08:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2006-04-27 18:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 21:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-25 08:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2008-10-07 1410296]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"Spontania Video Collaboration"="c:\program files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe" [2007-10-18 905324]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2006-11-07 972432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-22 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-26 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-14 632048]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 c:\windows\RTHDCPL.EXE]
c:\documents and settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-09-20 27136]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
PictureProject In Touch.lnk - c:\program files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-03-21 8384512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-10-20 217088]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-04-19 118784]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-10-21 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-10-21 106496]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-09-20 36903]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-01-22 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-22 03:52 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spontania Video Collaboration\\dialcomwcs.exe"=
"c:\\Program Files\\Spontania Video Collaboration\\SpontaniaVideoCollaboration.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Steam\\steamapps\\madeinjapan666\\condition zero\\hl.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-21 203264]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-09 47640]
S1 atapii;atapii;c:\windows\system32\drivers\atapii.sys --> c:\windows\system32\drivers\atapii.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
2008-05-25 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 18:23]
2009-01-10 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
.
- - - - ORPHANS REMOVED - - - -
BHO-{32fc0525-c63d-46e1-9153-5f74045c5a01} - c:\windows\system32\kawoyake.dll
BHO-{658965E0-53B9-48FE-A475-D08C0ECF8275} - (no file)
BHO-{82f43545-be63-4ee4-933d-2e5a55e16516} - c:\windows\system32\ldmhsz.dll
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = about:blank
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: trymedia.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 20:11:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1650196758-2686619159-3849565318-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91BEDCA4-E117-F5D0-F1A1-47DDDBD15D4F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1650196758-2686619159-3849565318-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96C60F29-0A4A-403C-954B-EF2A0215B971}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,b2,be,a3,5b,8e,
37,c4,3b,c8,28,51,af,b0,29,a3,98,c8,0a,03,58,aa,eb,57,62,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,de,51,7b,ab,1e,
bf,f3,bc,71,3b,04,66,8b,46,0d,96,b9,58,31,d2,af,e5,12,18,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,ec,47,94,cb,45,
7a,0f,78,25,da,ec,7e,55,20,c9,26,7f,4f,17,13,24,cb,e5,cc,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,be,27,3b,33,63,
ae,74,d9,3e,1e,9e,e0,57,5a,93,61,2b,d8,56,e3,e0,87,33,63,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,0d,03,c9,9d,6d,
54,f2,bd,cd,44,cd,b9,a6,33,6c,cd,26,f3,93,3c,b7,86,ba,d7,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,e6,7d,45,d7,63,
e0,97,2a,b0,18,ed,a7,3f,8d,37,a4,08,5b,be,2a,93,8a,1b,5e,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,70,db,3b,2e,65,
8d,aa,e0,31,77,e1,ba,b1,f8,68,02,1d,b4,0a,50,35,d0,78,3c,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,8a,89,11,db,01,
15,40,77,83,6c,56,8b,a0,85,96,ab,2a,f7,e9,a1,3f,85,59,bc,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,35,1c,df,06,81,
aa,81,47,51,fa,6e,91,28,9e,14,cc,08,62,da,a9,2b,4b,c3,54,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,58,a4,ff,3e,49,
16,36,c0,b1,cd,45,5a,a8,c4,f8,b9,06,2f,9e,05,76,58,29,c9,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,15,6b,80,80,f6,
3f,52,b5,e3,0e,66,d5,eb,bc,2f,6b,ad,c5,12,c2,d1,3c,78,73,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,39,ea,4e,cb,dc,
e9,05,13,fa,ea,66,7f,d4,3b,6b,70,c9,00,59,ba,6f,b8,e5,db,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\LMIinit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Gizmo Project\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\browser\ybrwicon.exe
c:\program files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
c:\program files\Yahoo!\browser\ycommon.exe
c:\program files\Yahoo!\YOP\yop.exe
c:\windows\ehome\ehmsas.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\hp\KBD\kbd.exe
c:\windows\system\hpsysdrv.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\DISC\DISCover.exe
c:\program files\DISC\DISCUpdMgr.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\Java\jre1.6.0_04\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-01-22 20:16:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-23 04:16:11
ComboFix2.txt 2008-01-31 07:40:22
Pre-Run: 138,075,680,768 bytes free
Post-Run: 138,519,461,888 bytes free
387 --- E O F --- 2009-01-08 06:44:09
and an HJT log ---------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:13 PM, on 1/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spontania Video Collaboration] "C:\Program Files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe" /toSystray
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 13374 bytes
ComboFix 09-01-21.04 - HP_Administrator 2009-01-22 19:58:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1331 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Administrator\Application Data\.rdr.ini
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\LocalService\Application Data\.rdr.ini
c:\temp\17o7
c:\temp\17o7\tmpTF.log
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\system32\alevoguz.ini
c:\windows\system32\alomosah.ini
c:\windows\system32\bavadobu.dll
c:\windows\system32\beyszu.dll
c:\windows\system32\config\systemprofile\application data\.rdr.ini
c:\windows\system32\digezuru.dll
c:\windows\system32\donojawi.dll
c:\windows\system32\edodovej.ini
c:\windows\system32\ewijaneg.ini
c:\windows\system32\fadateta.dll
c:\windows\system32\fayivani.dll
c:\windows\system32\fesufima.dll
c:\windows\system32\gawajaso.dll
c:\windows\system32\genajiwe.dll
c:\windows\system32\gjjlm.ini
c:\windows\system32\gudaruma.dll
c:\windows\system32\gunawedi.dll
c:\windows\system32\hasomola.dll
c:\windows\system32\ikesulil.ini
c:\windows\system32\ilizilom.ini
c:\windows\system32\iwajonod.ini
c:\windows\system32\jajeluno.dll
c:\windows\system32\jasamohu.dll
c:\windows\system32\jenuhisu.dll
c:\windows\system32\jevodode.dll
c:\windows\system32\kawoyake.dll
c:\windows\system32\kayufegi.dll
c:\windows\system32\khfDvtUm.dll
c:\windows\system32\kibemole.dll
c:\windows\system32\kygxhh.dll
c:\windows\system32\ldmhsz.dll
c:\windows\system32\lfacpt.dll
c:\windows\system32\lugudaye.dll
c:\windows\system32\lxeasq.dll
c:\windows\system32\molizili.dll
c:\windows\system32\nesujofe.dll
c:\windows\system32\nrjulc.dll
c:\windows\system32\osajawag.ini
c:\windows\system32\pozowaha.dll.tmp
c:\windows\system32\pubufuhu.dll
c:\windows\system32\rzpldn.dll
c:\windows\system32\sadozile.dll
c:\windows\system32\savajama.dll
c:\windows\system32\seyomaju.dll
c:\windows\system32\tebudati.dll.tmp
c:\windows\system32\telezeva.dll
c:\windows\system32\tleayv.dll
c:\windows\system32\tpfqgk.dll
c:\windows\system32\ufvumc.dll
c:\windows\system32\uhiwosag.ini
c:\windows\system32\ulaguzof.ini
c:\windows\system32\ulivejit.ini
c:\windows\system32\vemisaba.dll
c:\windows\system32\viyiyini.dll
c:\windows\system32\wolijuke.dll.tmp
c:\windows\system32\wosawamu.dll
c:\windows\system32\x64
c:\windows\system32\yudaditu.dll
c:\windows\system32\zugovela.dll
c:\windows\Tasks\quhgliji.job
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_seneka
((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.
2009-01-21 19:14 . 2009-01-21 19:14 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-21 13:47 . 2009-01-21 13:47 2,098 ---hs---- c:\windows\system32\yodunika.exe
2009-01-20 20:21 . 2009-01-20 20:21 <DIR> d-------- c:\windows\ERUNT
2009-01-20 20:00 . 2009-01-21 18:05 <DIR> d-------- C:\SDFix
2009-01-10 06:53 . 2009-01-10 06:53 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-01-10 06:52 . 2009-01-10 06:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 06:52 . 2009-01-10 06:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-10 06:52 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 06:52 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 04:36 . 2009-01-10 04:36 <DIR> d-------- c:\program files\Avira
2009-01-10 04:36 . 2009-01-10 04:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-10 04:21 . 2009-01-10 04:21 <DIR> d-------- c:\program files\CCleaner
2009-01-10 04:21 . 2009-01-10 04:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-10 03:59 . 2009-01-10 03:59 <DIR> d-------- c:\windows\system32\tp2
2009-01-10 03:59 . 2009-01-10 03:59 <DIR> d-------- c:\windows\system32\enUZ
2009-01-10 03:59 . 2009-01-10 03:59 <DIR> d-------- c:\temp\tmp90
2009-01-10 03:59 . 2009-01-10 04:39 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\cogad
2009-01-08 23:37 . 2009-01-08 23:37 <DIR> d-------- c:\program files\Pcsx2_0.9.4
2009-01-08 20:13 . 2009-01-15 20:53 <DIR> d-------- c:\program files\DiskInternals
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 04:11 --------- d-----w c:\program files\Steam
2009-01-22 11:52 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-22 03:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-01-15 04:42 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2009-01-14 06:40 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\WholeSecurity
2009-01-14 01:56 --------- d-----w c:\program files\LogMeIn
2009-01-10 12:21 --------- d--h--r c:\documents and settings\HP_Administrator\Application Data\yahoo!
2009-01-09 23:00 --------- d-----w c:\program files\Norton Security Scan
2008-02-07 06:21 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-17 05:22 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-01-17 05:22 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-01-17 15:44 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-17 15:44 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-17 15:44 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-17 15:44 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-17 15:44 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2005-05-14 01:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 19:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-14 05:27 422,400 --sha-r c:\windows\x2.64.exe
2006-10-31 04:17 22 --sha-w c:\windows\SMINST\HPCD.sys
2005-10-08 03:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 20:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 23:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-22 06:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-25 08:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2006-04-27 18:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 21:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-25 08:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2008-10-07 1410296]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"Spontania Video Collaboration"="c:\program files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe" [2007-10-18 905324]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2006-11-07 972432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-22 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-26 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-14 632048]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 c:\windows\RTHDCPL.EXE]
c:\documents and settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-09-20 27136]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
PictureProject In Touch.lnk - c:\program files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-03-21 8384512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-10-20 217088]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-04-19 118784]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-10-21 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-10-21 106496]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-09-20 36903]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-01-22 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-22 03:52 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spontania Video Collaboration\\dialcomwcs.exe"=
"c:\\Program Files\\Spontania Video Collaboration\\SpontaniaVideoCollaboration.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Steam\\steamapps\\madeinjapan666\\condition zero\\hl.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-21 203264]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-09 47640]
S1 atapii;atapii;c:\windows\system32\drivers\atapii.sys --> c:\windows\system32\drivers\atapii.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
2008-05-25 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 18:23]
2009-01-10 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
.
- - - - ORPHANS REMOVED - - - -
BHO-{32fc0525-c63d-46e1-9153-5f74045c5a01} - c:\windows\system32\kawoyake.dll
BHO-{658965E0-53B9-48FE-A475-D08C0ECF8275} - (no file)
BHO-{82f43545-be63-4ee4-933d-2e5a55e16516} - c:\windows\system32\ldmhsz.dll
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = about:blank
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: trymedia.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 20:11:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1650196758-2686619159-3849565318-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91BEDCA4-E117-F5D0-F1A1-47DDDBD15D4F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1650196758-2686619159-3849565318-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96C60F29-0A4A-403C-954B-EF2A0215B971}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,b2,be,a3,5b,8e,
37,c4,3b,c8,28,51,af,b0,29,a3,98,c8,0a,03,58,aa,eb,57,62,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,de,51,7b,ab,1e,
bf,f3,bc,71,3b,04,66,8b,46,0d,96,b9,58,31,d2,af,e5,12,18,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,ec,47,94,cb,45,
7a,0f,78,25,da,ec,7e,55,20,c9,26,7f,4f,17,13,24,cb,e5,cc,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,be,27,3b,33,63,
ae,74,d9,3e,1e,9e,e0,57,5a,93,61,2b,d8,56,e3,e0,87,33,63,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,0d,03,c9,9d,6d,
54,f2,bd,cd,44,cd,b9,a6,33,6c,cd,26,f3,93,3c,b7,86,ba,d7,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,e6,7d,45,d7,63,
e0,97,2a,b0,18,ed,a7,3f,8d,37,a4,08,5b,be,2a,93,8a,1b,5e,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,70,db,3b,2e,65,
8d,aa,e0,31,77,e1,ba,b1,f8,68,02,1d,b4,0a,50,35,d0,78,3c,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,8a,89,11,db,01,
15,40,77,83,6c,56,8b,a0,85,96,ab,2a,f7,e9,a1,3f,85,59,bc,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,35,1c,df,06,81,
aa,81,47,51,fa,6e,91,28,9e,14,cc,08,62,da,a9,2b,4b,c3,54,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,58,a4,ff,3e,49,
16,36,c0,b1,cd,45,5a,a8,c4,f8,b9,06,2f,9e,05,76,58,29,c9,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,15,6b,80,80,f6,
3f,52,b5,e3,0e,66,d5,eb,bc,2f,6b,ad,c5,12,c2,d1,3c,78,73,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,39,ea,4e,cb,dc,
e9,05,13,fa,ea,66,7f,d4,3b,6b,70,c9,00,59,ba,6f,b8,e5,db,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\LMIinit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Gizmo Project\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\browser\ybrwicon.exe
c:\program files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
c:\program files\Yahoo!\browser\ycommon.exe
c:\program files\Yahoo!\YOP\yop.exe
c:\windows\ehome\ehmsas.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\hp\KBD\kbd.exe
c:\windows\system\hpsysdrv.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\DISC\DISCover.exe
c:\program files\DISC\DISCUpdMgr.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\Java\jre1.6.0_04\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-01-22 20:16:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-23 04:16:11
ComboFix2.txt 2008-01-31 07:40:22
Pre-Run: 138,075,680,768 bytes free
Post-Run: 138,519,461,888 bytes free
387 --- E O F --- 2009-01-08 06:44:09
and an HJT log ---------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:13 PM, on 1/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spontania Video Collaboration] "C:\Program Files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe" /toSystray
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 13374 bytes
#5 OFFLINE
-
- Moderators
-
- 1,029 posts
Power Member
Posted 23 January 2009 - 05:13 PM
hello
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Quote
folder::
c:\windows\system32\tp2
c:\windows\system32\enUZ
c:\temp\tmp90
file::
c:\windows\system32\yodunika.exe
c:\windows\system32\drivers\atapii.sys
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
Driver::
atapii
c:\windows\system32\tp2
c:\windows\system32\enUZ
c:\temp\tmp90
file::
c:\windows\system32\yodunika.exe
c:\windows\system32\drivers\atapii.sys
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
Driver::
atapii
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
By the power of truth, I, while living, have conquered the universe.
~Scratch~
~Scratch~
#6 OFFLINE
-
- Members
-
- 34 posts
Member
Posted 23 January 2009 - 07:10 PM
here's the combofix log ------------------------------
i appreciate the help.
ComboFix 09-01-21.04 - HP_Administrator 2009-01-23 10:31:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1531 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
FILE ::
c:\windows\system32\drivers\atapii.sys
c:\windows\system32\yodunika.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\tmp90
c:\temp\tmp90\v2RI.log
c:\windows\system32\enUZ
c:\windows\system32\tp2
c:\windows\system32\tp2\EN2tC23.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATAPII
-------\Service_atapii
((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.
2009-01-22 21:14 . 2009-01-22 21:14 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-22 21:14 . 2009-01-23 10:27 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-21 19:14 . 2009-01-21 19:14 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-20 20:21 . 2009-01-20 20:21 <DIR> d-------- c:\windows\ERUNT
2009-01-20 20:00 . 2009-01-21 18:05 <DIR> d-------- C:\SDFix
2009-01-10 06:53 . 2009-01-10 06:53 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-01-10 06:52 . 2009-01-10 06:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 06:52 . 2009-01-10 06:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-10 06:52 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 06:52 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 04:21 . 2009-01-10 04:21 <DIR> d-------- c:\program files\CCleaner
2009-01-10 04:21 . 2009-01-10 04:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-10 03:59 . 2009-01-10 04:39 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\cogad
2009-01-08 23:37 . 2009-01-08 23:37 <DIR> d-------- c:\program files\Pcsx2_0.9.4
2009-01-08 20:13 . 2009-01-15 20:53 <DIR> d-------- c:\program files\DiskInternals
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 18:29 --------- d-----w c:\program files\Steam
2009-01-23 14:23 --------- d-----w c:\program files\LogMeIn
2009-01-22 11:52 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-22 03:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-01-15 04:42 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2009-01-14 06:40 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\WholeSecurity
2009-01-10 12:21 --------- d--h--r c:\documents and settings\HP_Administrator\Application Data\yahoo!
2009-01-09 23:00 --------- d-----w c:\program files\Norton Security Scan
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-02-07 06:21 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-17 05:22 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-01-17 05:22 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-01-17 15:44 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-17 15:44 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-17 15:44 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-17 15:44 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-17 15:44 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2005-05-14 01:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 19:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-14 05:27 422,400 --sha-r c:\windows\x2.64.exe
2006-10-31 04:17 22 --sha-w c:\windows\SMINST\HPCD.sys
2005-10-08 03:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 20:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 23:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-22 06:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-25 08:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2006-04-27 18:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 21:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-25 08:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-22_20.15.32.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
- 2009-01-23 04:09:25 72,020 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-23 18:33:53 72,020 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-23 04:09:25 425,830 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-23 18:33:53 425,830 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-23 18:38:34 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_32c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2008-10-07 1410296]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"Spontania Video Collaboration"="c:\program files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe" [2007-10-18 905324]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2006-11-07 972432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-26 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-14 632048]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 c:\windows\RTHDCPL.EXE]
c:\documents and settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-09-20 27136]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
PictureProject In Touch.lnk - c:\program files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-03-21 8384512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-10-20 217088]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-04-19 118784]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-10-21 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-10-21 106496]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-09-20 36903]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-01-22 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-22 03:52 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spontania Video Collaboration\\dialcomwcs.exe"=
"c:\\Program Files\\Spontania Video Collaboration\\SpontaniaVideoCollaboration.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Steam\\steamapps\\madeinjapan666\\condition zero\\hl.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-21 203264]
R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-09 47640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
2008-05-25 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 18:23]
2009-01-10 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = about:blank
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: trymedia.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 10:38:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1650196758-2686619159-3849565318-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91BEDCA4-E117-F5D0-F1A1-47DDDBD15D4F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1650196758-2686619159-3849565318-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96C60F29-0A4A-403C-954B-EF2A0215B971}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,b2,be,a3,5b,8e,
37,c4,3b,c8,28,51,af,b0,29,a3,98,c8,0a,03,58,aa,eb,57,62,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,de,51,7b,ab,1e,
bf,f3,bc,71,3b,04,66,8b,46,0d,96,b9,58,31,d2,af,e5,12,18,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,ec,47,94,cb,45,
7a,0f,78,25,da,ec,7e,55,20,c9,26,7f,4f,17,13,24,cb,e5,cc,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,be,27,3b,33,63,
ae,74,d9,3e,1e,9e,e0,57,5a,93,61,2b,d8,56,e3,e0,87,33,63,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,0d,03,c9,9d,6d,
54,f2,bd,cd,44,cd,b9,a6,33,6c,cd,26,f3,93,3c,b7,86,ba,d7,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,e6,7d,45,d7,63,
e0,97,2a,b0,18,ed,a7,3f,8d,37,a4,08,5b,be,2a,93,8a,1b,5e,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,70,db,3b,2e,65,
8d,aa,e0,31,77,e1,ba,b1,f8,68,02,1d,b4,0a,50,35,d0,78,3c,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,8a,89,11,db,01,
15,40,77,83,6c,56,8b,a0,85,96,ab,2a,f7,e9,a1,3f,85,59,bc,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,35,1c,df,06,81,
aa,81,47,51,fa,6e,91,28,9e,14,cc,08,62,da,a9,2b,4b,c3,54,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,58,a4,ff,3e,49,
16,36,c0,b1,cd,45,5a,a8,c4,f8,b9,06,2f,9e,05,76,58,29,c9,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,15,6b,80,80,f6,
3f,52,b5,e3,0e,66,d5,eb,bc,2f,6b,ad,c5,12,c2,d1,3c,78,73,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,39,ea,4e,cb,dc,
e9,05,13,fa,ea,66,7f,d4,3b,6b,70,c9,00,59,ba,6f,b8,e5,db,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\LMIinit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Gizmo Project\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\windows\system32\dllhost.exe
c:\program files\Yahoo!\browser\ybrwicon.exe
c:\program files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
c:\program files\Yahoo!\browser\ycommon.exe
c:\program files\Yahoo!\YOP\yop.exe
c:\windows\ehome\ehmsas.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\hp\KBD\kbd.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\windows\system32\wscntfy.exe
c:\windows\system\hpsysdrv.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\DISC\DISCover.exe
c:\program files\DISC\DISCUpdMgr.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\Java\jre1.6.0_04\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-01-23 10:44:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-23 18:44:42
ComboFix2.txt 2009-01-23 04:16:14
ComboFix3.txt 2008-01-31 07:40:22
Pre-Run: 138,811,559,936 bytes free
Post-Run: 138,857,869,312 bytes free
323 --- E O F --- 2009-01-23 11:00:40
i appreciate the help.
ComboFix 09-01-21.04 - HP_Administrator 2009-01-23 10:31:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1531 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
FILE ::
c:\windows\system32\drivers\atapii.sys
c:\windows\system32\yodunika.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\tmp90
c:\temp\tmp90\v2RI.log
c:\windows\system32\enUZ
c:\windows\system32\tp2
c:\windows\system32\tp2\EN2tC23.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATAPII
-------\Service_atapii
((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.
2009-01-22 21:14 . 2009-01-22 21:14 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-22 21:14 . 2009-01-23 10:27 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-21 19:14 . 2009-01-21 19:14 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-20 20:21 . 2009-01-20 20:21 <DIR> d-------- c:\windows\ERUNT
2009-01-20 20:00 . 2009-01-21 18:05 <DIR> d-------- C:\SDFix
2009-01-10 06:53 . 2009-01-10 06:53 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-01-10 06:52 . 2009-01-10 06:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 06:52 . 2009-01-10 06:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-10 06:52 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 06:52 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 04:21 . 2009-01-10 04:21 <DIR> d-------- c:\program files\CCleaner
2009-01-10 04:21 . 2009-01-10 04:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-10 03:59 . 2009-01-10 04:39 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\cogad
2009-01-08 23:37 . 2009-01-08 23:37 <DIR> d-------- c:\program files\Pcsx2_0.9.4
2009-01-08 20:13 . 2009-01-15 20:53 <DIR> d-------- c:\program files\DiskInternals
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 18:29 --------- d-----w c:\program files\Steam
2009-01-23 14:23 --------- d-----w c:\program files\LogMeIn
2009-01-22 11:52 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-22 03:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-01-15 04:42 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2009-01-14 06:40 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\WholeSecurity
2009-01-10 12:21 --------- d--h--r c:\documents and settings\HP_Administrator\Application Data\yahoo!
2009-01-09 23:00 --------- d-----w c:\program files\Norton Security Scan
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-02-07 06:21 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-17 05:22 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-01-17 05:22 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-01-17 15:44 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-17 15:44 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-17 15:44 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-17 15:44 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-17 15:44 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2005-05-14 01:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 19:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-14 05:27 422,400 --sha-r c:\windows\x2.64.exe
2006-10-31 04:17 22 --sha-w c:\windows\SMINST\HPCD.sys
2005-10-08 03:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 20:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 23:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-22 06:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-25 08:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2006-04-27 18:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 21:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-25 08:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-22_20.15.32.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
- 2009-01-23 04:09:25 72,020 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-23 18:33:53 72,020 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-23 04:09:25 425,830 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-23 18:33:53 425,830 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-23 18:38:34 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_32c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2008-10-07 1410296]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"Spontania Video Collaboration"="c:\program files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe" [2007-10-18 905324]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2006-11-07 972432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-26 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-14 632048]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 c:\windows\RTHDCPL.EXE]
c:\documents and settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-09-20 27136]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
PictureProject In Touch.lnk - c:\program files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-03-21 8384512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-10-20 217088]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-04-19 118784]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-10-21 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-10-21 106496]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-09-20 36903]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-01-22 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-22 03:52 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spontania Video Collaboration\\dialcomwcs.exe"=
"c:\\Program Files\\Spontania Video Collaboration\\SpontaniaVideoCollaboration.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Steam\\steamapps\\madeinjapan666\\condition zero\\hl.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-21 203264]
R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-09 47640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
2008-05-25 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 18:23]
2009-01-10 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = about:blank
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: trymedia.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 10:38:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1650196758-2686619159-3849565318-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91BEDCA4-E117-F5D0-F1A1-47DDDBD15D4F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1650196758-2686619159-3849565318-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96C60F29-0A4A-403C-954B-EF2A0215B971}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,b2,be,a3,5b,8e,
37,c4,3b,c8,28,51,af,b0,29,a3,98,c8,0a,03,58,aa,eb,57,62,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,de,51,7b,ab,1e,
bf,f3,bc,71,3b,04,66,8b,46,0d,96,b9,58,31,d2,af,e5,12,18,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,ec,47,94,cb,45,
7a,0f,78,25,da,ec,7e,55,20,c9,26,7f,4f,17,13,24,cb,e5,cc,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,be,27,3b,33,63,
ae,74,d9,3e,1e,9e,e0,57,5a,93,61,2b,d8,56,e3,e0,87,33,63,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,0d,03,c9,9d,6d,
54,f2,bd,cd,44,cd,b9,a6,33,6c,cd,26,f3,93,3c,b7,86,ba,d7,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,e6,7d,45,d7,63,
e0,97,2a,b0,18,ed,a7,3f,8d,37,a4,08,5b,be,2a,93,8a,1b,5e,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,70,db,3b,2e,65,
8d,aa,e0,31,77,e1,ba,b1,f8,68,02,1d,b4,0a,50,35,d0,78,3c,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,8a,89,11,db,01,
15,40,77,83,6c,56,8b,a0,85,96,ab,2a,f7,e9,a1,3f,85,59,bc,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,35,1c,df,06,81,
aa,81,47,51,fa,6e,91,28,9e,14,cc,08,62,da,a9,2b,4b,c3,54,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,58,a4,ff,3e,49,
16,36,c0,b1,cd,45,5a,a8,c4,f8,b9,06,2f,9e,05,76,58,29,c9,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,15,6b,80,80,f6,
3f,52,b5,e3,0e,66,d5,eb,bc,2f,6b,ad,c5,12,c2,d1,3c,78,73,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,39,ea,4e,cb,dc,
e9,05,13,fa,ea,66,7f,d4,3b,6b,70,c9,00,59,ba,6f,b8,e5,db,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\LMIinit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Gizmo Project\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\windows\system32\dllhost.exe
c:\program files\Yahoo!\browser\ybrwicon.exe
c:\program files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
c:\program files\Yahoo!\browser\ycommon.exe
c:\program files\Yahoo!\YOP\yop.exe
c:\windows\ehome\ehmsas.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\hp\KBD\kbd.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\windows\system32\wscntfy.exe
c:\windows\system\hpsysdrv.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\DISC\DISCover.exe
c:\program files\DISC\DISCUpdMgr.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\Java\jre1.6.0_04\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-01-23 10:44:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-23 18:44:42
ComboFix2.txt 2009-01-23 04:16:14
ComboFix3.txt 2008-01-31 07:40:22
Pre-Run: 138,811,559,936 bytes free
Post-Run: 138,857,869,312 bytes free
323 --- E O F --- 2009-01-23 11:00:40
#7 OFFLINE
-
- Moderators
-
- 1,029 posts
Power Member
Posted 24 January 2009 - 12:57 AM
hello
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
- Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity. - Click OK.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it where you can easily find it, such as your desktop.
By the power of truth, I, while living, have conquered the universe.
~Scratch~
~Scratch~
#8 OFFLINE
-
- Members
-
- 34 posts
Member
Posted 24 January 2009 - 01:55 AM
ok heres the gmer log ---------------------------------------
(it did not prompt for any detection while scanning)
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-23 17:55:54
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x95A14F20]
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91BEDCA4-E117-F5D0-F1A1-47DDDBD15D4F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96C60F29-0A4A-403C-954B-EF2A0215B971}
---- EOF - GMER 1.0.14 ----
(it did not prompt for any detection while scanning)
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-23 17:55:54
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x95A14F20]
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1420] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91BEDCA4-E117-F5D0-F1A1-47DDDBD15D4F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96C60F29-0A4A-403C-954B-EF2A0215B971}
---- EOF - GMER 1.0.14 ----
#9 OFFLINE
-
- Moderators
-
- 1,029 posts
Power Member
Posted 24 January 2009 - 02:03 PM
hello
Please download ATF Cleaner by Atribune.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
Please download ATF Cleaner by Atribune.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
By the power of truth, I, while living, have conquered the universe.
~Scratch~
~Scratch~
#10 OFFLINE
-
- Members
-
- 34 posts
Member
Posted 25 January 2009 - 05:58 PM
kaspersky log ----------------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, January 25, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 24, 2009 21:45:06
Records in database: 1700407
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
Scan statistics:
Files scanned: 236630
Threat name: 6
Infected objects: 12
Suspicious objects: 0
Duration of the scan: 02:54:03
File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F0B6E53.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EAB4DD8.exe Infected: Trojan-Dropper.Win32.Agent.bgo 1
C:\Documents and Settings\HP_Administrator\My Documents\downloaded exe\mirc621.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\hp\bin\wbug\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\QooBox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir Infected: Trojan.Win32.Agent.binp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sadozile.dll.vir Infected: Trojan.Win32.Agent.bjxa 1
D:\I386\APPS\APP02017\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP02017\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
The selected area was scanned.
malwarebytes log --------------------------------------------------------------
Malwarebytes' Anti-Malware 1.33
Database version: 1692
Windows 5.1.2600 Service Pack 2
1/25/2009 9:42:49 AM
mbam-log-2009-01-25 (09-42-49).txt
Scan type: Quick Scan
Objects scanned: 67780
Time elapsed: 4 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\byXNhgdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, January 25, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 24, 2009 21:45:06
Records in database: 1700407
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
Scan statistics:
Files scanned: 236630
Threat name: 6
Infected objects: 12
Suspicious objects: 0
Duration of the scan: 02:54:03
File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F0B6E53.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EAB4DD8.exe Infected: Trojan-Dropper.Win32.Agent.bgo 1
C:\Documents and Settings\HP_Administrator\My Documents\downloaded exe\mirc621.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\hp\bin\wbug\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\QooBox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir Infected: Trojan.Win32.Agent.binp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sadozile.dll.vir Infected: Trojan.Win32.Agent.bjxa 1
D:\I386\APPS\APP02017\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP02017\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
The selected area was scanned.
malwarebytes log --------------------------------------------------------------
Malwarebytes' Anti-Malware 1.33
Database version: 1692
Windows 5.1.2600 Service Pack 2
1/25/2009 9:42:49 AM
mbam-log-2009-01-25 (09-42-49).txt
Scan type: Quick Scan
Objects scanned: 67780
Time elapsed: 4 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\byXNhgdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
#11 OFFLINE
-
- Moderators
-
- 1,029 posts
Power Member
Posted 26 January 2009 - 03:23 PM
hello
Please download the OTMoveIt3 by OldTimer
Also post a new HJT log
Please download the OTMoveIt3 by OldTimer
- Save it to your desktop.
- Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes explorer.exe :Services :Reg :Files C:\hp\bin\wbug\HPPavillion_Spring06.exe D:\I386\APPS\APP02017\src\CompaqPresario_Spring06.exe D:\I386\APPS\APP02017\src\HPPavillion_Spring06.exe :Commands [purity] [emptytemp] [start explorer] [Reboot]
- Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
Also post a new HJT log
By the power of truth, I, while living, have conquered the universe.
~Scratch~
~Scratch~
#12 OFFLINE
-
- Members
-
- 34 posts
Member
Posted 27 January 2009 - 03:51 AM
OTMoveit3 log file -------------------------------------------------------------
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\hp\bin\wbug\HPPavillion_Spring06.exe moved successfully.
D:\I386\APPS\APP02017\src\CompaqPresario_Spring06.exe moved successfully.
D:\I386\APPS\APP02017\src\HPPavillion_Spring06.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\etilqs_dYe6vqSA2GkYXWKtCl4k scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Perflib_Perfdata_da4.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_568.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01262009_193335
Files moved on Reboot...
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\etilqs_dYe6vqSA2GkYXWKtCl4k not found!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Perflib_Perfdata_da4.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_568.dat not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\urlclassifier3.sqlite moved successfully.
HJTlog -------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:51 PM, on 1/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\WgaTray.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: (no name) - {32fc0525-c63d-46e1-9153-5f74045c5a01} - C:\WINDOWS\system32\vonatahi.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: {3c527bae-8974-09ba-54e4-cda6d7419689} - {9869147d-6adc-4e45-ab90-4798eab725c3} - C:\WINDOWS\system32\yzpufq.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zanohituvo] Rundll32.exe "C:\WINDOWS\system32\digezuru.dll",s
O4 - HKLM\..\Run: [cc2993cb] rundll32.exe "C:\WINDOWS\system32\muwesoli.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: dxkbxg.dll,C:\WINDOWS\system32\fayivani.dll yzpufq.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11699 bytes
i still get popups, oh when is it gonna end?...
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\hp\bin\wbug\HPPavillion_Spring06.exe moved successfully.
D:\I386\APPS\APP02017\src\CompaqPresario_Spring06.exe moved successfully.
D:\I386\APPS\APP02017\src\HPPavillion_Spring06.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\etilqs_dYe6vqSA2GkYXWKtCl4k scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Perflib_Perfdata_da4.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_568.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01262009_193335
Files moved on Reboot...
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\etilqs_dYe6vqSA2GkYXWKtCl4k not found!
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Perflib_Perfdata_da4.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_568.dat not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3snnksa.default\urlclassifier3.sqlite moved successfully.
HJTlog -------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:51 PM, on 1/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\WgaTray.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: (no name) - {32fc0525-c63d-46e1-9153-5f74045c5a01} - C:\WINDOWS\system32\vonatahi.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: {3c527bae-8974-09ba-54e4-cda6d7419689} - {9869147d-6adc-4e45-ab90-4798eab725c3} - C:\WINDOWS\system32\yzpufq.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zanohituvo] Rundll32.exe "C:\WINDOWS\system32\digezuru.dll",s
O4 - HKLM\..\Run: [cc2993cb] rundll32.exe "C:\WINDOWS\system32\muwesoli.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: dxkbxg.dll,C:\WINDOWS\system32\fayivani.dll yzpufq.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11699 bytes
i still get popups, oh when is it gonna end?...
#13 OFFLINE
-
- Moderators
-
- 1,029 posts
Power Member
Posted 27 January 2009 - 01:40 PM
Fix these with HJT
O2 - BHO: (no name) - {32fc0525-c63d-46e1-9153-5f74045c5a01} - C:\WINDOWS\system32\vonatahi.dll
O4 - HKLM\..\Run: [zanohituvo] Rundll32.exe "C:\WINDOWS\system32\digezuru.dll",s
O4 - HKLM\..\Run: [cc2993cb] rundll32.exe "C:\WINDOWS\system32\muwesoli.dll",b
O20 - AppInit_DLLs: dxkbxg.dll,C:\WINDOWS\system32\fayivani.dll yzpufq.dll
Reboot and post a new HJT log
O2 - BHO: (no name) - {32fc0525-c63d-46e1-9153-5f74045c5a01} - C:\WINDOWS\system32\vonatahi.dll
O4 - HKLM\..\Run: [zanohituvo] Rundll32.exe "C:\WINDOWS\system32\digezuru.dll",s
O4 - HKLM\..\Run: [cc2993cb] rundll32.exe "C:\WINDOWS\system32\muwesoli.dll",b
O20 - AppInit_DLLs: dxkbxg.dll,C:\WINDOWS\system32\fayivani.dll yzpufq.dll
Reboot and post a new HJT log
By the power of truth, I, while living, have conquered the universe.
~Scratch~
~Scratch~
#14 OFFLINE
-
- Members
-
- 34 posts
Member
Posted 28 January 2009 - 02:58 AM
ok heres the HJT log after fixing those lines.------------------------------------------------------
if it matters, the last 3 lines that you wanted me to fix had different .dll filename but i fixed it anyway.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:38 PM, on 1/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {57d7dd87-cbc8-2b5b-58b4-c748340740f0} - {0f047043-847c-4b85-b5b2-8cbc78dd7d75} - C:\WINDOWS\system32\gojowy.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11433 bytes
if it matters, the last 3 lines that you wanted me to fix had different .dll filename but i fixed it anyway.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:38 PM, on 1/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {57d7dd87-cbc8-2b5b-58b4-c748340740f0} - {0f047043-847c-4b85-b5b2-8cbc78dd7d75} - C:\WINDOWS\system32\gojowy.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11433 bytes
#15 OFFLINE
-
- Moderators
-
- 1,029 posts
Power Member
Posted 28 January 2009 - 02:19 PM
hello
Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )
- Click the Pt. Restauration button and press OK to the prompts.
- Click the Corbeille button and press OK to the prompt.
- Click the Fichiers temp button and press OK to the prompt.
- Click the Recherche button and let it run ( it may look like it freezes but let it continue )
- Once it is done click the Suppression button and let it remove anything it finds.
- Close the program
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
- Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity. - Click OK.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it where you can easily find it, such as your desktop.
By the power of truth, I, while living, have conquered the universe.
~Scratch~
~Scratch~
#16 OFFLINE
-
- Members
-
- 34 posts
Member
Posted 28 January 2009 - 07:12 PM
heres the GMER log --------------------------------------------------------
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-28 11:13:51
Windows 5.1.2600 Service Pack 3
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 96FA9400
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91BEDCA4-E117-F5D0-F1A1-47DDDBD15D4F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96C60F29-0A4A-403C-954B-EF2A0215B971}
---- EOF - GMER 1.0.14 ----
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-28 11:13:51
Windows 5.1.2600 Service Pack 3
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1196] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 96FA9400
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91BEDCA4-E117-F5D0-F1A1-47DDDBD15D4F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96C60F29-0A4A-403C-954B-EF2A0215B971}
---- EOF - GMER 1.0.14 ----
#17 OFFLINE
-
- Moderators
-
- 1,029 posts
Power Member
Posted 29 January 2009 - 02:17 AM
hello
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
By the power of truth, I, while living, have conquered the universe.
~Scratch~
~Scratch~
#18 OFFLINE
-
- Members
-
- 34 posts
Member
Posted 29 January 2009 - 04:44 AM
ComboFix 09-01-21.04 - HP_Administrator 2009-01-28 20:23:21.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1471 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\atubamen.ini
c:\windows\system32\besohaki.dll
c:\windows\system32\fayabopi.dll
c:\windows\system32\gojowy.dll
c:\windows\system32\huwepeho.dll
c:\windows\system32\ilosewum.ini
c:\windows\system32\itejojat.ini
c:\windows\system32\mofohupu.dll
c:\windows\system32\nemabuta.dll
c:\windows\system32\paroda.dll
c:\windows\system32\sxuzjx.dll
c:\windows\system32\tuhuduta.dll
c:\windows\system32\ujidojuy.ini
c:\windows\system32\vutanoko.dll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\yzpufq.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.
2009-01-28 14:01 . 2009-01-28 17:45 <DIR> d-------- C:\adelpvbWINtemp
2009-01-26 19:33 . 2009-01-26 19:33 <DIR> d-------- C:\_OTMoveIt
2009-01-26 18:02 . 2009-01-26 18:02 0 --a------ c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-01-25 18:14 . 2008-10-15 17:00 1,499,136 --------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-25 18:14 . 2008-10-15 17:00 619,520 --------- c:\windows\system32\dllcache\urlmon.dll
2009-01-25 18:14 . 2008-10-24 03:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-25 18:13 . 2008-08-14 02:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-25 18:13 . 2008-08-14 02:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-25 18:13 . 2008-08-14 01:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-25 18:13 . 2008-08-14 01:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-25 18:13 . 2008-09-15 04:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2009-01-25 18:13 . 2008-10-15 08:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-01-25 18:13 . 2008-06-13 03:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-01-25 17:11 . 2009-01-25 17:11 <DIR> d-------- c:\windows\system32\scripting
2009-01-25 17:11 . 2009-01-25 17:11 <DIR> d-------- c:\windows\system32\en
2009-01-25 17:11 . 2009-01-25 17:11 <DIR> d-------- c:\windows\system32\bits
2009-01-25 17:11 . 2009-01-25 17:11 <DIR> d-------- c:\windows\l2schemas
2009-01-25 17:09 . 2009-01-25 17:11 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-25 17:06 . 2009-01-25 18:15 1,374 --a------ c:\windows\imsins.BAK
2009-01-24 15:49 . 2009-01-24 16:15 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Twain
2009-01-24 15:44 . 2009-01-24 16:12 <DIR> d-------- c:\program files\WebShow
2009-01-23 17:25 . 2009-01-28 10:57 250 --a------ c:\windows\gmer.ini
2009-01-22 21:14 . 2009-01-22 21:14 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-22 21:14 . 2009-01-28 20:21 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-22 20:07 . 2008-12-11 02:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-01-21 19:14 . 2009-01-21 19:14 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-20 20:21 . 2009-01-20 20:21 <DIR> d-------- c:\windows\ERUNT
2009-01-20 20:00 . 2009-01-21 18:05 <DIR> d-------- C:\SDFix
2009-01-10 06:53 . 2009-01-10 06:53 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-01-10 06:52 . 2009-01-25 09:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 06:52 . 2009-01-10 06:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-10 06:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 06:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 04:21 . 2009-01-10 04:21 <DIR> d-------- c:\program files\CCleaner
2009-01-10 04:21 . 2009-01-10 04:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-08 23:37 . 2009-01-08 23:37 <DIR> d-------- c:\program files\Pcsx2_0.9.4
2009-01-08 20:13 . 2009-01-15 20:53 <DIR> d-------- c:\program files\DiskInternals
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 21:19 --------- d-----w c:\program files\LogMeIn
2009-01-25 21:48 --------- d-----w c:\program files\Screen Recorder
2009-01-25 19:35 --------- d-----w c:\program files\Steam
2009-01-23 23:00 --------- d-----w c:\program files\Norton Security Scan
2009-01-22 11:52 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-22 03:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-01-15 04:42 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2009-01-14 06:40 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\WholeSecurity
2009-01-10 12:21 --------- d--h--r c:\documents and settings\HP_Administrator\Application Data\yahoo!
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-02-07 06:21 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-17 05:22 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-01-17 05:22 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2005-05-14 01:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 19:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-14 05:27 422,400 --sha-r c:\windows\x2.64.exe
2006-10-31 04:17 22 --sha-w c:\windows\SMINST\HPCD.sys
2005-10-08 03:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 20:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 23:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-22 06:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-25 08:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2006-04-27 18:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 21:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-25 08:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-22_20.15.32.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB938464_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB938464_0$\spuninst\updspapi.dll
- 2004-08-04 07:06:34 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2004-08-04 07:06:34 82,944 -c----w c:\windows\$NtUninstallKB946648_0$\msgsc.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB946648_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB946648_0$\spuninst\updspapi.dll
- 2008-02-16 09:32:06 3,066,880 -c----w c:\windows\$NtUninstallKB950759$\mshtml.dll
- 2008-02-16 09:32:09 666,112 -c----w c:\windows\$NtUninstallKB950759$\wininet.dll
+ 2008-02-16 09:32:03 1,024,000 -c----w c:\windows\$NtUninstallKB950759_0$\browseui.dll
+ 2008-02-16 09:32:03 151,040 -c----w c:\windows\$NtUninstallKB950759_0$\cdfview.dll
+ 2008-02-16 09:32:03 1,054,208 -c----w c:\windows\$NtUninstallKB950759_0$\danim.dll
+ 2008-02-16 09:32:04 357,888 -c----w c:\windows\$NtUninstallKB950759_0$\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 -c----w c:\windows\$NtUninstallKB950759_0$\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 -c----w c:\windows\$NtUninstallKB950759_0$\extmgr.dll
+ 2008-02-15 09:07:53 18,432 -c----w c:\windows\$NtUninstallKB950759_0$\iedw.exe
+ 2008-02-16 09:32:04 251,904 -c----w c:\windows\$NtUninstallKB950759_0$\iepeers.dll
+ 2008-02-16 09:32:04 96,256 -c----w c:\windows\$NtUninstallKB950759_0$\inseng.dll
+ 2008-02-16 09:32:04 16,384 -c----w c:\windows\$NtUninstallKB950759_0$\jsproxy.dll
+ 2008-02-16 09:32:06 3,066,880 -c----w c:\windows\$NtUninstallKB950759_0$\mshtml.dll
+ 2008-02-16 09:32:06 449,024 -c----w c:\windows\$NtUninstallKB950759_0$\mshtmled.dll
+ 2008-02-16 09:32:06 146,432 -c----w c:\windows\$NtUninstallKB950759_0$\msrating.dll
+ 2008-02-16 09:32:07 532,480 -c----w c:\windows\$NtUninstallKB950759_0$\mstime.dll
+ 2008-02-16 09:32:07 39,424 -c----w c:\windows\$NtUninstallKB950759_0$\pngfilt.dll
+ 2008-02-16 09:32:08 1,499,136 -c----w c:\windows\$NtUninstallKB950759_0$\shdocvw.dll
+ 2008-02-16 09:32:08 474,112 -c----w c:\windows\$NtUninstallKB950759_0$\shlwapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950759_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950759_0$\spuninst\updspapi.dll
+ 2008-02-16 09:32:08 618,496 -c----w c:\windows\$NtUninstallKB950759_0$\urlmon.dll
+ 2008-02-16 09:32:09 666,112 -c----w c:\windows\$NtUninstallKB950759_0$\wininet.dll
+ 2008-02-15 09:06:21 351,744 -c----w c:\windows\$NtUninstallKB950759_0$\xpsp3res.dll
- 2006-07-13 08:48:58 202,240 -c----w c:\windows\$NtUninstallKB950762$\rmcast.sys
+ 2006-07-13 08:48:58 202,240 -c----w c:\windows\$NtUninstallKB950762_0$\rmcast.sys
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950762_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950762_0$\spuninst\updspapi.dll
- 2005-07-26 11:39:45 243,200 -c----w c:\windows\$NtUninstallKB950974$\es.dll
+ 2005-07-26 11:39:45 243,200 -c----w c:\windows\$NtUninstallKB950974_0$\es.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950974_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB950974_0$\spuninst\updspapi.dll
- 2007-08-21 06:15:44 683,520 -c----w c:\windows\$NtUninstallKB951066$\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c----w c:\windows\$NtUninstallKB951066_0$\inetcomm.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951066_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951066_0$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951072-v2_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951072-v2_0$\spuninst\updspapi.dll
+ 2007-11-13 11:31:11 60,416 -c----w c:\windows\$NtUninstallKB951072-v2_0$\tzchange.exe
- 2006-10-04 14:05:26 39,424 ------w c:\windows\AppPatch\acadproc.dll
+ 2008-04-14 00:11:48 39,424 ----a-w c:\windows\AppPatch\acadproc.dll
- 2004-08-10 04:00:00 1,852,416 ------w c:\windows\AppPatch\AcGenral.dll
+ 2008-04-14 00:11:48 1,852,928 ----a-w c:\windows\AppPatch\acgenral.dll
- 2004-08-10 04:00:00 450,048 ------w c:\windows\AppPatch\AcLayers.dll
+ 2008-04-14 00:11:48 451,072 ----a-w c:\windows\AppPatch\aclayers.dll
- 2004-08-10 04:00:00 137,728 ------w c:\windows\AppPatch\AcLua.dll
+ 2008-04-14 00:11:48 141,312 ----a-w c:\windows\AppPatch\aclua.dll
- 2004-08-10 04:00:00 244,736 ------w c:\windows\AppPatch\AcSpecfc.dll
+ 2008-04-14 00:11:48 245,248 ----a-w c:\windows\AppPatch\acspecfc.dll
- 2004-08-10 04:00:00 116,224 ------w c:\windows\AppPatch\AcXtrnal.dll
+ 2008-04-14 00:11:48 116,224 ----a-w c:\windows\AppPatch\acxtrnal.dll
- 2005-08-31 03:58:42 8,704 ------w c:\windows\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-01-26 01:17:18 8,704 ----a-w c:\windows\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
- 2006-09-20 13:10:19 117,248 ----a-w c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2009-01-26 02:22:34 117,248 ----a-w c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
- 2005-08-31 03:58:42 12,288 ------w c:\windows\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-01-26 01:17:14 12,288 ----a-w c:\windows\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2005-08-31 03:58:42 34,816 ------w c:\windows\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-01-26 01:17:18 34,816 ----a-w c:\windows\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2006-09-20 13:10:18 102,400 ----a-w c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-01-26 02:22:33 102,400 ----a-w c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
- 2007-01-22 05:41:46 1,863,680 ----a-w c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
+ 2009-01-26 02:22:33 1,863,680 ----a-w c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
- 2006-09-20 13:10:19 192,512 ----a-w c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
+ 2009-01-26 02:22:33 192,512 ----a-w c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2007-01-22 05:41:46 868,352 ----a-w c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-01-26 02:22:33 868,352 ----a-w c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2006-09-20 13:10:18 126,976 ----a-w c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
+ 2009-01-26 02:22:33 126,976 ----a-w c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2006-09-20 13:10:19 110,592 ----a-w c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-01-26 02:22:34 110,592 ----a-w c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
- 2006-09-20 13:10:18 8,192 ----a-w c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-01-26 02:22:32 8,192 ----a-w c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
- 2006-09-20 13:10:18 73,728 ----a-w c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2009-01-26 02:22:32 73,728 ----a-w c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2006-09-20 13:10:18 167,936 ----a-w c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
+ 2009-01-26 02:22:33 167,936 ----a-w c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2007-01-22 05:41:46 204,800 ----a-w c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
+ 2009-01-26 02:22:33 204,800 ----a-w c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2006-09-20 13:10:18 389,120 ----a-w c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2009-01-26 02:22:33 389,120 ----a-w c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2006-09-20 13:10:18 18,944 ----a-w c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2009-01-26 02:22:33 18,944 ----a-w c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2006-09-20 13:10:18 278,528 ----a-w c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2009-01-26 02:22:33 278,528 ----a-w c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2006-09-20 13:10:18 122,880 ----a-w c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2009-01-26 02:22:32 122,880 ----a-w c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2006-09-20 13:10:19 53,248 ----a-w c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2009-01-26 02:22:34 53,248 ----a-w c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2006-09-20 13:10:18 389,120 ----a-w c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-01-26 02:22:33 389,120 ----a-w c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2005-08-31 03:58:42 7,168 ------w c:\windows\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-01-26 01:17:24 7,168 ----a-w c:\windows\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2005-08-31 03:58:42 32,768 ------w c:\windows\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-01-26 01:17:25 32,768 ----a-w c:\windows\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
- 2005-08-31 03:58:42 4,096 ------w c:\windows\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-01-26 01:17:25 4,096 ----a-w c:\windows\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
- 2005-08-31 03:58:42 27,136 ------w c:\windows\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-01-26 01:17:25 27,136 ----a-w c:\windows\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2005-08-31 03:58:42 712,704 ------w c:\windows\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-01-26 01:17:14 712,704 ----a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2006-09-20 13:10:19 45,056 ----a-w c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-01-26 02:22:34 45,056 ----a-w c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2005-08-31 03:58:42 28,672 ------w c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-01-26 01:17:13 28,672 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2005-08-31 03:58:42 286,720 ------w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-01-26 01:17:15 286,720 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2005-08-31 03:58:42 5,632 ------w c:\windows\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2009-01-26 01:17:16 5,632 ----a-w c:\windows\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
- 2005-08-31 03:58:42 11,264 ------w c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-01-26 01:17:11 11,264 ----a-w c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-08-31 03:58:42 18,944 ------w c:\windows\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-01-26 01:17:13 18,944 ----a-w c:\windows\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2005-08-31 03:58:42 6,656 ------w c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-01-26 01:17:12 6,656 ----a-w c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2005-08-31 03:58:42 1,564,672 ------w c:\windows\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2009-01-26 01:17:26 1,564,672 ----a-w c:\windows\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
- 2005-08-31 03:58:42 32,768 ------w c:\windows\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-01-26 01:17:16 32,768 ----a-w c:\windows\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
- 2006-09-20 13:10:19 77,824 ----a-w c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
+ 2009-01-26 02:22:34 77,824 ----a-w c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2005-08-31 03:58:42 77,824 ------w c:\windows\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-01-26 01:17:18 77,824 ----a-w c:\windows\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2005-08-31 03:58:42 1,179,648 ------w c:\windows\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
+ 2009-01-26 01:17:22 1,179,648 ----a-w c:\windows\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
- 2005-08-31 03:58:42 1,695,744 ------w c:\windows\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-01-26 01:17:23 1,695,744 ----a-w c:\windows\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
- 2005-08-31 03:58:42 86,016 ------w c:\windows\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-01-26 01:17:19 86,016 ----a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2005-08-31 03:58:42 65,536 ------w c:\windows\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-01-26 01:17:19 65,536 ----a-w c:\windows\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2005-08-31 03:58:42 462,848 ------w c:\windows\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-01-26 01:17:23 462,848 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2005-08-31 03:58:42 212,992 ------w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-01-26 01:17:17 212,992 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2005-08-31 03:58:42 48,640 ------w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2009-01-26 01:17:17 48,640 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2005-08-31 03:58:42 352,256 ------w c:\windows\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-01-26 01:17:26 352,256 ----a-w c:\windows\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
- 2005-08-31 03:58:42 241,664 ------w c:\windows\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-01-26 01:17:24 241,664 ----a-w c:\windows\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2005-08-31 03:58:42 311,296 ------w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-01-26 01:17:27 311,296 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2005-08-31 03:58:42 131,072 ------w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-01-26 01:17:27 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-08-31 03:58:42 77,824 ------w c:\windows\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-01-26 01:17:17 77,824 ----a-w c:\windows\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
- 2005-08-31 03:58:42 126,976 ------w c:\windows\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-01-26 01:17:20 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2005-08-31 03:58:42 61,440 ------w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-01-26 01:17:21 61,440 ----a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2005-08-31 03:58:42 507,904 ------w c:\windows\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-01-26 01:17:21 507,904 ----a-w c:\windows\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-07-11 10:00:45 1,200,128 ----a-w c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-01-26 01:17:20 1,200,128 ----a-w c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2005-08-31 03:58:42 2,002,944 ------w c:\windows\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-01-26 01:17:21 2,002,944 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
- 2005-08-31 03:58:42 1,302,528 ------w c:\windows\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll
+ 2009-01-26 01:17:22 1,302,528 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll
- 2005-08-31 03:58:42 1,179,648 ------w c:\windows\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2009-01-26 01:17:23 1,179,648 ----a-w c:\windows\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2009-01-26 01:12:25 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_661c5056\CustomMarshalers.dll
+ 2009-01-26 01:12:29 3,301,376 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_98237d26\mscorlib.dll
+ 2009-01-26 01:12:38 1,454,080 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_e42aa980\System.Design.dll
+ 2009-01-26 01:12:42 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_310b1031\System.Drawing.Design.dll
+ 2009-01-26 01:12:39 847,872 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_1d435a10\System.Drawing.dll
+ 2009-01-26 01:12:47 2,953,216 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_86a9658b\System.Windows.Forms.dll
+ 2009-01-26 01:12:51 2,027,520 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_6e816a7f\System.Xml.dll
+ 2009-01-26 01:12:34 1,855,488 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_faf448af\System.dll
+ 2009-01-26 02:21:18 258,048 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\BDATunePIA\6.0.3000.0__31bf3856ad364e35_ab6c93b5\BDATunePIA.dll
+ 2009-01-26 02:20:57 159,744 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehCIR\6.0.3000.0__31bf3856ad364e35_6c61103b\ehCIR.dll
+ 2009-01-26 02:21:14 2,326,528 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\EhCM\6.0.3000.0__31bf3856ad364e35_d5292104\EhCM.dll
+ 2009-01-26 02:21:15 299,008 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehcommon\6.0.3000.0__31bf3856ad364e35_220a6597\ehcommon.dll
+ 2009-01-26 02:21:09 1,306,624 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehepg\6.0.3000.0__31bf3856ad364e35_61465b09\ehepg.dll
+ 2009-01-26 02:20:58 167,936 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehepgdat\6.0.3000.0__31bf3856ad364e35_3f3e964f\ehepgdat.dll
+ 2009-01-26 02:22:04 167,936 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehExtCOM\6.0.3000.0__31bf3856ad364e35_27735a6a\ehExtCOM.dll
+ 2009-01-26 02:22:27 155,648 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehExtHost\6.0.3000.0__31bf3856ad364e35_fccb506d\ehExtHost.exe
+ 2009-01-26 02:20:48 10,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiExtCOM\6.0.3000.0__31bf3856ad364e35_04d0a30f\ehiExtCOM.dll
+ 2009-01-26 02:20:50 102,400 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiExtens\6.0.3000.0__31bf3856ad364e35_808c455f\ehiExtens.dll
+ 2009-01-26 02:21:06 266,240 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiMsgr\6.0.3000.0__31bf3856ad364e35_8c087472\ehiMsgr.dll
+ 2009-01-26 02:20:58 380,928 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiPlay\6.0.3000.0__31bf3856ad364e35_f8d4683a\ehiPlay.dll
+ 2009-01-26 02:20:59 565,248 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiProxy\6.0.3000.0__31bf3856ad364e35_7a94659c\ehiProxy.dll
+ 2009-01-26 02:21:00 40,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiUserXp\6.0.3000.0__31bf3856ad364e35_f8f95e26\ehiUserXp.dll
+ 2009-01-26 02:21:05 458,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiVidCtl\6.0.3000.0__31bf3856ad364e35_e64db0d2\ehiVidCtl.dll
+ 2009-01-26 02:20:46 180,224 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiwmp\6.0.3000.0__31bf3856ad364e35_d5b711a4\ehiwmp.dll
+ 2009-01-26 02:21:23 69,632 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiWUapi\6.0.3000.0__31bf3856ad364e35_9e008699\ehiWUapi.dll
+ 2009-01-26 02:20:55 684,032 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehRecObj\6.0.3000.0__31bf3856ad364e35_4938f5c5\ehRecObj.dll
+ 2009-01-26 02:22:26 6,336,512 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehshell\6.0.3000.0__31bf3856ad364e35_cdb9c232\ehshell.exe
+ 2009-01-26 02:21:38 65,536 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35_0a4d2038\Microsoft.MediaCenter.dll
+ 2009-01-26 02:22:14 20,480 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0_c9c41152\SonicMCEBurnEngine.dll
- 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-06-13 11:05:51 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
- 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 10:09:26 2,145,280 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,066,048 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:33:16 2,023,936 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:11:02 2,189,184 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2007-06-13 10:23:07 1,033,216 ----a-w c:\windows\explorer.exe
+ 2008-04-14 00:12:19 1,033,728 ----a-w c:\windows\explorer.exe
+ 2009-01-24 01:25:10 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 05:13:02 811,008 ----a-w c:\windows\gmer.exe
- 2004-08-10 04:00:00 34,816 ------w c:\windows\Help\sniffpol.dll
+ 2008-04-14 00:12:06 34,816 ------w c:\windows\Help\sniffpol.dll
- 2004-08-10 04:00:00 33,280 ------w c:\windows\Help\sstub.dll
+ 2008-04-14 00:12:07 33,280 ------w c:\windows\Help\sstub.dll
- 2004-08-10 04:00:00 279,040 ------w c:\windows\Help\tshoot.dll
+ 2008-04-14 00:12:07 279,040 ------w c:\windows\Help\tshoot.dll
- 2005-05-27 06:22:01 10,752 ------w c:\windows\hh.exe
+ 2008-04-14 00:12:21 10,752 ------w c:\windows\hh.exe
- 2004-08-10 04:00:00 220,160 ------w c:\windows\ime\mscandui.dll
+ 2008-04-14 00:11:58 220,160 ------w c:\windows\ime\mscandui.dll
- 2004-08-10 04:00:00 130,048 ------w c:\windows\ime\SOFTKBD.DLL
+ 2008-04-14 00:12:06 130,048 ------w c:\windows\ime\softkbd.dll
- 2004-08-10 04:00:00 62,976 ------w c:\windows\ime\SPGRMR.dll
+ 2008-04-13 16:43:18 62,976 ------w c:\windows\ime\spgrmr.dll
- 2004-08-10 04:00:00 250,880 ------w c:\windows\ime\SPTIP.dll
+ 2008-04-14 00:12:06 250,368 ------w c:\windows\ime\sptip.dll
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1471 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\atubamen.ini
c:\windows\system32\besohaki.dll
c:\windows\system32\fayabopi.dll
c:\windows\system32\gojowy.dll
c:\windows\system32\huwepeho.dll
c:\windows\system32\ilosewum.ini
c:\windows\system32\itejojat.ini
c:\windows\system32\mofohupu.dll
c:\windows\system32\nemabuta.dll
c:\windows\system32\paroda.dll
c:\windows\system32\sxuzjx.dll
c:\windows\system32\tuhuduta.dll
c:\windows\system32\ujidojuy.ini
c:\windows\system32\vutanoko.dll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\yzpufq.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.
2009-01-28 14:01 . 2009-01-28 17:45 <DIR> d-------- C:\adelpvbWINtemp
2009-01-26 19:33 . 2009-01-26 19:33 <DIR> d-------- C:\_OTMoveIt
2009-01-26 18:02 . 2009-01-26 18:02 0 --a------ c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-01-25 18:14 . 2008-10-15 17:00 1,499,136 --------- c:\windows\system32\dllcache\shdocvw.dll
2009-01-25 18:14 . 2008-10-15 17:00 619,520 --------- c:\windows\system32\dllcache\urlmon.dll
2009-01-25 18:14 . 2008-10-24 03:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-25 18:13 . 2008-08-14 02:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-25 18:13 . 2008-08-14 02:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-25 18:13 . 2008-08-14 01:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-25 18:13 . 2008-08-14 01:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-25 18:13 . 2008-09-15 04:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2009-01-25 18:13 . 2008-10-15 08:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-01-25 18:13 . 2008-06-13 03:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-01-25 17:11 . 2009-01-25 17:11 <DIR> d-------- c:\windows\system32\scripting
2009-01-25 17:11 . 2009-01-25 17:11 <DIR> d-------- c:\windows\system32\en
2009-01-25 17:11 . 2009-01-25 17:11 <DIR> d-------- c:\windows\system32\bits
2009-01-25 17:11 . 2009-01-25 17:11 <DIR> d-------- c:\windows\l2schemas
2009-01-25 17:09 . 2009-01-25 17:11 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-25 17:06 . 2009-01-25 18:15 1,374 --a------ c:\windows\imsins.BAK
2009-01-24 15:49 . 2009-01-24 16:15 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Twain
2009-01-24 15:44 . 2009-01-24 16:12 <DIR> d-------- c:\program files\WebShow
2009-01-23 17:25 . 2009-01-28 10:57 250 --a------ c:\windows\gmer.ini
2009-01-22 21:14 . 2009-01-22 21:14 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-22 21:14 . 2009-01-28 20:21 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-22 20:07 . 2008-12-11 02:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-01-21 19:14 . 2009-01-21 19:14 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-20 20:21 . 2009-01-20 20:21 <DIR> d-------- c:\windows\ERUNT
2009-01-20 20:00 . 2009-01-21 18:05 <DIR> d-------- C:\SDFix
2009-01-10 06:53 . 2009-01-10 06:53 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-01-10 06:52 . 2009-01-25 09:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 06:52 . 2009-01-10 06:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-10 06:52 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 06:52 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 04:21 . 2009-01-10 04:21 <DIR> d-------- c:\program files\CCleaner
2009-01-10 04:21 . 2009-01-10 04:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-08 23:37 . 2009-01-08 23:37 <DIR> d-------- c:\program files\Pcsx2_0.9.4
2009-01-08 20:13 . 2009-01-15 20:53 <DIR> d-------- c:\program files\DiskInternals
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 21:19 --------- d-----w c:\program files\LogMeIn
2009-01-25 21:48 --------- d-----w c:\program files\Screen Recorder
2009-01-25 19:35 --------- d-----w c:\program files\Steam
2009-01-23 23:00 --------- d-----w c:\program files\Norton Security Scan
2009-01-22 11:52 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-22 03:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-01-15 04:42 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2009-01-14 06:40 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\WholeSecurity
2009-01-10 12:21 --------- d--h--r c:\documents and settings\HP_Administrator\Application Data\yahoo!
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-02-07 06:21 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-17 05:22 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-01-17 05:22 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2005-05-14 01:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 19:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-14 05:27 422,400 --sha-r c:\windows\x2.64.exe
2006-10-31 04:17 22 --sha-w c:\windows\SMINST\HPCD.sys
2005-10-08 03:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 20:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 23:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-22 06:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-25 08:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2006-04-27 18:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 21:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-25 08:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-22_20.15.32.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB938464_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB938464_0$\spuninst\updspapi.dll
- 2004-08-04 07:06:34 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2004-08-04 07:06:34 82,944 -c----w c:\windows\$NtUninstallKB946648_0$\msgsc.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB946648_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB946648_0$\spuninst\updspapi.dll
- 2008-02-16 09:32:06 3,066,880 -c----w c:\windows\$NtUninstallKB950759$\mshtml.dll
- 2008-02-16 09:32:09 666,112 -c----w c:\windows\$NtUninstallKB950759$\wininet.dll
+ 2008-02-16 09:32:03 1,024,000 -c----w c:\windows\$NtUninstallKB950759_0$\browseui.dll
+ 2008-02-16 09:32:03 151,040 -c----w c:\windows\$NtUninstallKB950759_0$\cdfview.dll
+ 2008-02-16 09:32:03 1,054,208 -c----w c:\windows\$NtUninstallKB950759_0$\danim.dll
+ 2008-02-16 09:32:04 357,888 -c----w c:\windows\$NtUninstallKB950759_0$\dxtmsft.dll
+ 2008-02-16 09:32:04 205,312 -c----w c:\windows\$NtUninstallKB950759_0$\dxtrans.dll
+ 2008-02-16 09:32:04 55,808 -c----w c:\windows\$NtUninstallKB950759_0$\extmgr.dll
+ 2008-02-15 09:07:53 18,432 -c----w c:\windows\$NtUninstallKB950759_0$\iedw.exe
+ 2008-02-16 09:32:04 251,904 -c----w c:\windows\$NtUninstallKB950759_0$\iepeers.dll
+ 2008-02-16 09:32:04 96,256 -c----w c:\windows\$NtUninstallKB950759_0$\inseng.dll
+ 2008-02-16 09:32:04 16,384 -c----w c:\windows\$NtUninstallKB950759_0$\jsproxy.dll
+ 2008-02-16 09:32:06 3,066,880 -c----w c:\windows\$NtUninstallKB950759_0$\mshtml.dll
+ 2008-02-16 09:32:06 449,024 -c----w c:\windows\$NtUninstallKB950759_0$\mshtmled.dll
+ 2008-02-16 09:32:06 146,432 -c----w c:\windows\$NtUninstallKB950759_0$\msrating.dll
+ 2008-02-16 09:32:07 532,480 -c----w c:\windows\$NtUninstallKB950759_0$\mstime.dll
+ 2008-02-16 09:32:07 39,424 -c----w c:\windows\$NtUninstallKB950759_0$\pngfilt.dll
+ 2008-02-16 09:32:08 1,499,136 -c----w c:\windows\$NtUninstallKB950759_0$\shdocvw.dll
+ 2008-02-16 09:32:08 474,112 -c----w c:\windows\$NtUninstallKB950759_0$\shlwapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950759_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950759_0$\spuninst\updspapi.dll
+ 2008-02-16 09:32:08 618,496 -c----w c:\windows\$NtUninstallKB950759_0$\urlmon.dll
+ 2008-02-16 09:32:09 666,112 -c----w c:\windows\$NtUninstallKB950759_0$\wininet.dll
+ 2008-02-15 09:06:21 351,744 -c----w c:\windows\$NtUninstallKB950759_0$\xpsp3res.dll
- 2006-07-13 08:48:58 202,240 -c----w c:\windows\$NtUninstallKB950762$\rmcast.sys
+ 2006-07-13 08:48:58 202,240 -c----w c:\windows\$NtUninstallKB950762_0$\rmcast.sys
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950762_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950762_0$\spuninst\updspapi.dll
- 2005-07-26 11:39:45 243,200 -c----w c:\windows\$NtUninstallKB950974$\es.dll
+ 2005-07-26 11:39:45 243,200 -c----w c:\windows\$NtUninstallKB950974_0$\es.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950974_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w c:\windows\$NtUninstallKB950974_0$\spuninst\updspapi.dll
- 2007-08-21 06:15:44 683,520 -c----w c:\windows\$NtUninstallKB951066$\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c----w c:\windows\$NtUninstallKB951066_0$\inetcomm.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB951066_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951066_0$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951072-v2_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951072-v2_0$\spuninst\updspapi.dll
+ 2007-11-13 11:31:11 60,416 -c----w c:\windows\$NtUninstallKB951072-v2_0$\tzchange.exe
- 2006-10-04 14:05:26 39,424 ------w c:\windows\AppPatch\acadproc.dll
+ 2008-04-14 00:11:48 39,424 ----a-w c:\windows\AppPatch\acadproc.dll
- 2004-08-10 04:00:00 1,852,416 ------w c:\windows\AppPatch\AcGenral.dll
+ 2008-04-14 00:11:48 1,852,928 ----a-w c:\windows\AppPatch\acgenral.dll
- 2004-08-10 04:00:00 450,048 ------w c:\windows\AppPatch\AcLayers.dll
+ 2008-04-14 00:11:48 451,072 ----a-w c:\windows\AppPatch\aclayers.dll
- 2004-08-10 04:00:00 137,728 ------w c:\windows\AppPatch\AcLua.dll
+ 2008-04-14 00:11:48 141,312 ----a-w c:\windows\AppPatch\aclua.dll
- 2004-08-10 04:00:00 244,736 ------w c:\windows\AppPatch\AcSpecfc.dll
+ 2008-04-14 00:11:48 245,248 ----a-w c:\windows\AppPatch\acspecfc.dll
- 2004-08-10 04:00:00 116,224 ------w c:\windows\AppPatch\AcXtrnal.dll
+ 2008-04-14 00:11:48 116,224 ----a-w c:\windows\AppPatch\acxtrnal.dll
- 2005-08-31 03:58:42 8,704 ------w c:\windows\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-01-26 01:17:18 8,704 ----a-w c:\windows\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
- 2006-09-20 13:10:19 117,248 ----a-w c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
+ 2009-01-26 02:22:34 117,248 ----a-w c:\windows\assembly\GAC\BDATunePIA\6.0.3000.0__31bf3856ad364e35\bdatunepia.dll
- 2005-08-31 03:58:42 12,288 ------w c:\windows\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-01-26 01:17:14 12,288 ----a-w c:\windows\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2005-08-31 03:58:42 34,816 ------w c:\windows\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-01-26 01:17:18 34,816 ----a-w c:\windows\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2006-09-20 13:10:18 102,400 ----a-w c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
+ 2009-01-26 02:22:33 102,400 ----a-w c:\windows\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
- 2007-01-22 05:41:46 1,863,680 ----a-w c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
+ 2009-01-26 02:22:33 1,863,680 ----a-w c:\windows\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
- 2006-09-20 13:10:19 192,512 ----a-w c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
+ 2009-01-26 02:22:33 192,512 ----a-w c:\windows\assembly\GAC\ehcommon\6.0.3000.0__31bf3856ad364e35\ehcommon.dll
- 2007-01-22 05:41:46 868,352 ----a-w c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2009-01-26 02:22:33 868,352 ----a-w c:\windows\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2006-09-20 13:10:18 126,976 ----a-w c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
+ 2009-01-26 02:22:33 126,976 ----a-w c:\windows\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
- 2006-09-20 13:10:19 110,592 ----a-w c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
+ 2009-01-26 02:22:34 110,592 ----a-w c:\windows\assembly\GAC\ehExtCOM\6.0.3000.0__31bf3856ad364e35\ehExtCOM.dll
- 2006-09-20 13:10:18 8,192 ----a-w c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
+ 2009-01-26 02:22:32 8,192 ----a-w c:\windows\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\ehiExtCOM.dll
- 2006-09-20 13:10:18 73,728 ----a-w c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
+ 2009-01-26 02:22:32 73,728 ----a-w c:\windows\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\ehiExtens.dll
- 2006-09-20 13:10:18 167,936 ----a-w c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
+ 2009-01-26 02:22:33 167,936 ----a-w c:\windows\assembly\GAC\ehiMsgr\6.0.3000.0__31bf3856ad364e35\ehiMsgr.dll
- 2007-01-22 05:41:46 204,800 ----a-w c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
+ 2009-01-26 02:22:33 204,800 ----a-w c:\windows\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
- 2006-09-20 13:10:18 389,120 ----a-w c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
+ 2009-01-26 02:22:33 389,120 ----a-w c:\windows\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
- 2006-09-20 13:10:18 18,944 ----a-w c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
+ 2009-01-26 02:22:33 18,944 ----a-w c:\windows\assembly\GAC\ehiUserXp\6.0.3000.0__31bf3856ad364e35\ehiuserxp.dll
- 2006-09-20 13:10:18 278,528 ----a-w c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
+ 2009-01-26 02:22:33 278,528 ----a-w c:\windows\assembly\GAC\ehiVidCtl\6.0.3000.0__31bf3856ad364e35\ehiVidCtl.dll
- 2006-09-20 13:10:18 122,880 ----a-w c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2009-01-26 02:22:32 122,880 ----a-w c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2006-09-20 13:10:19 53,248 ----a-w c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
+ 2009-01-26 02:22:34 53,248 ----a-w c:\windows\assembly\GAC\ehiWUapi\6.0.3000.0__31bf3856ad364e35\ehiWUapi.dll
- 2006-09-20 13:10:18 389,120 ----a-w c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-01-26 02:22:33 389,120 ----a-w c:\windows\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
- 2005-08-31 03:58:42 7,168 ------w c:\windows\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-01-26 01:17:24 7,168 ----a-w c:\windows\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2005-08-31 03:58:42 32,768 ------w c:\windows\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-01-26 01:17:25 32,768 ----a-w c:\windows\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
- 2005-08-31 03:58:42 4,096 ------w c:\windows\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-01-26 01:17:25 4,096 ----a-w c:\windows\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
- 2005-08-31 03:58:42 27,136 ------w c:\windows\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-01-26 01:17:25 27,136 ----a-w c:\windows\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2005-08-31 03:58:42 712,704 ------w c:\windows\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-01-26 01:17:14 712,704 ----a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2006-09-20 13:10:19 45,056 ----a-w c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-01-26 02:22:34 45,056 ----a-w c:\windows\assembly\GAC\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2005-08-31 03:58:42 28,672 ------w c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-01-26 01:17:13 28,672 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2005-08-31 03:58:42 286,720 ------w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-01-26 01:17:15 286,720 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2005-08-31 03:58:42 5,632 ------w c:\windows\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2009-01-26 01:17:16 5,632 ----a-w c:\windows\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
- 2005-08-31 03:58:42 11,264 ------w c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-01-26 01:17:11 11,264 ----a-w c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-08-31 03:58:42 18,944 ------w c:\windows\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-01-26 01:17:13 18,944 ----a-w c:\windows\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2005-08-31 03:58:42 6,656 ------w c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-01-26 01:17:12 6,656 ----a-w c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2005-08-31 03:58:42 1,564,672 ------w c:\windows\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2009-01-26 01:17:26 1,564,672 ----a-w c:\windows\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
- 2005-08-31 03:58:42 32,768 ------w c:\windows\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-01-26 01:17:16 32,768 ----a-w c:\windows\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
- 2006-09-20 13:10:19 77,824 ----a-w c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
+ 2009-01-26 02:22:34 77,824 ----a-w c:\windows\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\SonicMCEBurnEngine.dll
- 2005-08-31 03:58:42 77,824 ------w c:\windows\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-01-26 01:17:18 77,824 ----a-w c:\windows\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2005-08-31 03:58:42 1,179,648 ------w c:\windows\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
+ 2009-01-26 01:17:22 1,179,648 ----a-w c:\windows\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
- 2005-08-31 03:58:42 1,695,744 ------w c:\windows\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-01-26 01:17:23 1,695,744 ----a-w c:\windows\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
- 2005-08-31 03:58:42 86,016 ------w c:\windows\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-01-26 01:17:19 86,016 ----a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2005-08-31 03:58:42 65,536 ------w c:\windows\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-01-26 01:17:19 65,536 ----a-w c:\windows\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2005-08-31 03:58:42 462,848 ------w c:\windows\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-01-26 01:17:23 462,848 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2005-08-31 03:58:42 212,992 ------w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-01-26 01:17:17 212,992 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2005-08-31 03:58:42 48,640 ------w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2009-01-26 01:17:17 48,640 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2005-08-31 03:58:42 352,256 ------w c:\windows\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-01-26 01:17:26 352,256 ----a-w c:\windows\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
- 2005-08-31 03:58:42 241,664 ------w c:\windows\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-01-26 01:17:24 241,664 ----a-w c:\windows\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2005-08-31 03:58:42 311,296 ------w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-01-26 01:17:27 311,296 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2005-08-31 03:58:42 131,072 ------w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-01-26 01:17:27 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-08-31 03:58:42 77,824 ------w c:\windows\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-01-26 01:17:17 77,824 ----a-w c:\windows\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
- 2005-08-31 03:58:42 126,976 ------w c:\windows\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-01-26 01:17:20 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2005-08-31 03:58:42 61,440 ------w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-01-26 01:17:21 61,440 ----a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2005-08-31 03:58:42 507,904 ------w c:\windows\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-01-26 01:17:21 507,904 ----a-w c:\windows\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-07-11 10:00:45 1,200,128 ----a-w c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-01-26 01:17:20 1,200,128 ----a-w c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2005-08-31 03:58:42 2,002,944 ------w c:\windows\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-01-26 01:17:21 2,002,944 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
- 2005-08-31 03:58:42 1,302,528 ------w c:\windows\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll
+ 2009-01-26 01:17:22 1,302,528 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.Xml.dll
- 2005-08-31 03:58:42 1,179,648 ------w c:\windows\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2009-01-26 01:17:23 1,179,648 ----a-w c:\windows\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2009-01-26 01:12:25 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_661c5056\CustomMarshalers.dll
+ 2009-01-26 01:12:29 3,301,376 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_98237d26\mscorlib.dll
+ 2009-01-26 01:12:38 1,454,080 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_e42aa980\System.Design.dll
+ 2009-01-26 01:12:42 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_310b1031\System.Drawing.Design.dll
+ 2009-01-26 01:12:39 847,872 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_1d435a10\System.Drawing.dll
+ 2009-01-26 01:12:47 2,953,216 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_86a9658b\System.Windows.Forms.dll
+ 2009-01-26 01:12:51 2,027,520 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_6e816a7f\System.Xml.dll
+ 2009-01-26 01:12:34 1,855,488 ----a-w c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_faf448af\System.dll
+ 2009-01-26 02:21:18 258,048 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\BDATunePIA\6.0.3000.0__31bf3856ad364e35_ab6c93b5\BDATunePIA.dll
+ 2009-01-26 02:20:57 159,744 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehCIR\6.0.3000.0__31bf3856ad364e35_6c61103b\ehCIR.dll
+ 2009-01-26 02:21:14 2,326,528 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\EhCM\6.0.3000.0__31bf3856ad364e35_d5292104\EhCM.dll
+ 2009-01-26 02:21:15 299,008 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehcommon\6.0.3000.0__31bf3856ad364e35_220a6597\ehcommon.dll
+ 2009-01-26 02:21:09 1,306,624 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehepg\6.0.3000.0__31bf3856ad364e35_61465b09\ehepg.dll
+ 2009-01-26 02:20:58 167,936 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehepgdat\6.0.3000.0__31bf3856ad364e35_3f3e964f\ehepgdat.dll
+ 2009-01-26 02:22:04 167,936 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehExtCOM\6.0.3000.0__31bf3856ad364e35_27735a6a\ehExtCOM.dll
+ 2009-01-26 02:22:27 155,648 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehExtHost\6.0.3000.0__31bf3856ad364e35_fccb506d\ehExtHost.exe
+ 2009-01-26 02:20:48 10,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiExtCOM\6.0.3000.0__31bf3856ad364e35_04d0a30f\ehiExtCOM.dll
+ 2009-01-26 02:20:50 102,400 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiExtens\6.0.3000.0__31bf3856ad364e35_808c455f\ehiExtens.dll
+ 2009-01-26 02:21:06 266,240 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiMsgr\6.0.3000.0__31bf3856ad364e35_8c087472\ehiMsgr.dll
+ 2009-01-26 02:20:58 380,928 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiPlay\6.0.3000.0__31bf3856ad364e35_f8d4683a\ehiPlay.dll
+ 2009-01-26 02:20:59 565,248 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiProxy\6.0.3000.0__31bf3856ad364e35_7a94659c\ehiProxy.dll
+ 2009-01-26 02:21:00 40,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiUserXp\6.0.3000.0__31bf3856ad364e35_f8f95e26\ehiUserXp.dll
+ 2009-01-26 02:21:05 458,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiVidCtl\6.0.3000.0__31bf3856ad364e35_e64db0d2\ehiVidCtl.dll
+ 2009-01-26 02:20:46 180,224 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiwmp\6.0.3000.0__31bf3856ad364e35_d5b711a4\ehiwmp.dll
+ 2009-01-26 02:21:23 69,632 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehiWUapi\6.0.3000.0__31bf3856ad364e35_9e008699\ehiWUapi.dll
+ 2009-01-26 02:20:55 684,032 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehRecObj\6.0.3000.0__31bf3856ad364e35_4938f5c5\ehRecObj.dll
+ 2009-01-26 02:22:26 6,336,512 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ehshell\6.0.3000.0__31bf3856ad364e35_cdb9c232\ehshell.exe
+ 2009-01-26 02:21:38 65,536 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\6.0.3100.0__31bf3856ad364e35_0a4d2038\Microsoft.MediaCenter.dll
+ 2009-01-26 02:22:14 20,480 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0_c9c41152\SonicMCEBurnEngine.dll
- 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-06-13 11:05:51 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
- 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 10:09:26 2,145,280 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,066,048 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:33:16 2,023,936 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:11:02 2,189,184 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2007-06-13 10:23:07 1,033,216 ----a-w c:\windows\explorer.exe
+ 2008-04-14 00:12:19 1,033,728 ----a-w c:\windows\explorer.exe
+ 2009-01-24 01:25:10 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 05:13:02 811,008 ----a-w c:\windows\gmer.exe
- 2004-08-10 04:00:00 34,816 ------w c:\windows\Help\sniffpol.dll
+ 2008-04-14 00:12:06 34,816 ------w c:\windows\Help\sniffpol.dll
- 2004-08-10 04:00:00 33,280 ------w c:\windows\Help\sstub.dll
+ 2008-04-14 00:12:07 33,280 ------w c:\windows\Help\sstub.dll
- 2004-08-10 04:00:00 279,040 ------w c:\windows\Help\tshoot.dll
+ 2008-04-14 00:12:07 279,040 ------w c:\windows\Help\tshoot.dll
- 2005-05-27 06:22:01 10,752 ------w c:\windows\hh.exe
+ 2008-04-14 00:12:21 10,752 ------w c:\windows\hh.exe
- 2004-08-10 04:00:00 220,160 ------w c:\windows\ime\mscandui.dll
+ 2008-04-14 00:11:58 220,160 ------w c:\windows\ime\mscandui.dll
- 2004-08-10 04:00:00 130,048 ------w c:\windows\ime\SOFTKBD.DLL
+ 2008-04-14 00:12:06 130,048 ------w c:\windows\ime\softkbd.dll
- 2004-08-10 04:00:00 62,976 ------w c:\windows\ime\SPGRMR.dll
+ 2008-04-13 16:43:18 62,976 ------w c:\windows\ime\spgrmr.dll
- 2004-08-10 04:00:00 250,880 ------w c:\windows\ime\SPTIP.dll
+ 2008-04-14 00:12:06 250,368 ------w c:\windows\ime\sptip.dll
#19 OFFLINE
-
- Members
-
- 34 posts
Member
Posted 29 January 2009 - 04:46 AM
cont....
- 2009-01-22 03:15:40 29,696 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2009-01-29 04:21:35 29,696 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
- 2009-01-22 03:15:40 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-01-29 04:21:35 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2009-01-22 03:15:40 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-01-29 04:21:35 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-01-18 15:13:09 2,247 ------w c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 10:33:51 18,917 ------w c:\windows\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 10:06:46 13,801 ------w c:\windows\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 00:11:31 25,600 ------w c:\windows\Installer\tsclientmsitrans\tscupdc.dll
- 2002-06-21 23:31:20 20,480 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_filter.dll
+ 2008-04-13 16:09:58 20,480 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_filter.dll
- 2007-01-02 23:34:04 200,704 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2008-04-13 16:09:59 200,704 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2004-08-04 04:11:06 24,576 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
+ 2008-04-13 16:10:01 24,576 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
- 2002-06-21 23:31:22 32,768 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2008-04-13 16:10:01 32,768 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2007-01-02 23:34:04 32,768 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2008-04-13 16:10:01 32,768 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2004-09-30 01:04:48 61,440 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\gacutil.exe
+ 2008-04-13 16:10:32 61,440 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\gacutil.exe
- 2007-01-02 23:28:28 2,273,280 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2007-12-17 11:58:53 2,273,280 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2007-01-02 23:28:46 2,281,472 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2007-12-17 11:59:26 2,281,472 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2007-01-15 23:11:26 73,728 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
+ 2007-12-17 11:59:53 82,976 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
- 2007-01-15 23:11:30 57,344 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2007-12-17 11:59:54 66,592 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\setregni.exe
- 2004-07-20 00:54:18 1,179,648 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\System.dll
+ 2007-12-17 11:59:56 1,179,648 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\system.dll
- 2007-01-15 23:11:30 57,344 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2007-12-17 12:00:05 66,592 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\togac.exe
- 2004-08-10 04:00:00 24,064 ------w c:\windows\msagent\agentanm.dll
+ 2008-04-14 00:11:48 24,064 ------w c:\windows\msagent\agentanm.dll
- 2004-08-10 04:00:00 214,016 ------w c:\windows\msagent\agentctl.dll
+ 2008-04-14 00:11:48 214,016 ------w c:\windows\msagent\agentctl.dll
- 2006-10-12 13:54:18 42,496 ------w c:\windows\msagent\agentdp2.dll
+ 2008-04-14 00:11:48 42,496 ------w c:\windows\msagent\agentdp2.dll
- 2007-03-09 13:58:57 57,344 ----a-w c:\windows\msagent\agentdpv.dll
+ 2008-04-14 00:11:48 57,344 ----a-w c:\windows\msagent\agentdpv.dll
- 2004-08-10 04:00:00 49,152 ------w c:\windows\msagent\agentmpx.dll
+ 2008-04-14 00:11:48 49,152 ------w c:\windows\msagent\agentmpx.dll
- 2004-08-10 04:00:00 24,064 ------w c:\windows\msagent\agentpsh.dll
+ 2008-04-14 00:11:48 24,064 ------w c:\windows\msagent\agentpsh.dll
- 2004-08-10 04:00:00 44,032 ------w c:\windows\msagent\agentsr.dll
+ 2008-04-14 00:11:48 44,032 ------w c:\windows\msagent\agentsr.dll
- 2006-10-12 11:54:07 256,512 ------w c:\windows\msagent\agentsvr.exe
+ 2008-04-14 00:12:12 256,512 ------w c:\windows\msagent\agentsvr.exe
- 2004-08-10 04:00:00 24,064 ------w c:\windows\msagent\agtintl.dll
+ 2008-04-14 00:11:49 24,064 ------w c:\windows\msagent\agtintl.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\msagent\intl\agt0405.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt0406.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\msagent\intl\agt0406.dll
- 2004-08-10 04:00:00 21,504 ------w c:\windows\msagent\intl\agt0407.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\msagent\intl\agt0407.dll
- 2004-08-10 04:00:00 22,016 ------w c:\windows\msagent\intl\agt0408.dll
+ 2007-04-02 18:26:00 22,016 ------w c:\windows\msagent\intl\agt0408.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt0409.dll
+ 2008-04-13 17:32:28 19,968 ------w c:\windows\msagent\intl\agt0409.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt040b.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\msagent\intl\agt040b.dll
- 2004-08-10 04:00:00 21,504 ------w c:\windows\msagent\intl\agt040c.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\msagent\intl\agt040c.dll
- 2004-08-10 04:00:00 19,968 ------w c:\windows\msagent\intl\agt040e.dll
+ 2007-04-02 18:26:00 19,968 ------w c:\windows\msagent\intl\agt040e.dll
- 2004-08-10 04:00:00 20,992 ------w c:\windows\msagent\intl\agt0410.dll
+ 2007-04-02 18:26:00 20,992 ------w c:\windows\msagent\intl\agt0410.dll
- 2004-08-10 04:00:00 20,992 ------w c:\windows\msagent\intl\agt0413.dll
+ 2007-04-02 18:26:01 20,992 ------w c:\windows\msagent\intl\agt0413.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\msagent\intl\agt0414.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt0415.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\msagent\intl\agt0415.dll
- 2004-08-10 04:00:00 20,480 ------w c:\windows\msagent\intl\agt0416.dll
+ 2007-04-02 18:26:01 20,480 ------w c:\windows\msagent\intl\agt0416.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\msagent\intl\agt0419.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\msagent\intl\agt041d.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt041f.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\msagent\intl\agt041f.dll
- 2004-08-10 04:00:00 20,992 ------w c:\windows\msagent\intl\agt0816.dll
+ 2007-04-02 18:26:02 20,992 ------w c:\windows\msagent\intl\agt0816.dll
- 2004-08-10 04:00:00 20,480 ------w c:\windows\msagent\intl\agt0c0a.dll
+ 2007-04-02 18:26:02 20,480 ------w c:\windows\msagent\intl\agt0c0a.dll
- 2004-08-10 04:00:00 39,936 ------w c:\windows\msagent\mslwvtts.dll
+ 2008-04-14 00:12:00 39,936 ------w c:\windows\msagent\mslwvtts.dll
- 2004-08-10 04:00:00 90,624 ------w c:\windows\mui\muisetup.exe
+ 2008-04-14 00:12:29 90,624 ------w c:\windows\mui\muisetup.exe
+ 2008-04-14 00:11:51 33,792 ------w c:\windows\network diagnostic\custsat.dll
+ 2008-04-13 18:53:32 558,080 ------w c:\windows\network diagnostic\xpnetdiag.exe
- 2004-08-10 04:00:00 69,120 ------w c:\windows\NOTEPAD.EXE
+ 2008-04-14 00:12:29 69,120 ------w c:\windows\notepad.exe
- 2004-08-10 04:00:00 768,512 ------w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-04-14 00:12:21 769,024 ------w c:\windows\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-10 04:00:00 743,936 ------w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 00:12:21 744,448 ------w c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-10 04:00:00 18,944 ------w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
+ 2008-04-14 00:12:21 18,432 ------w c:\windows\pchealth\helpctr\binaries\hscupd.exe
- 2005-09-27 07:34:26 169,984 ------w c:\windows\pchealth\helpctr\binaries\msconfig.exe
+ 2008-04-14 00:12:27 169,984 ------w c:\windows\pchealth\helpctr\binaries\msconfig.exe
- 2004-08-10 04:00:00 376,320 ------w c:\windows\pchealth\helpctr\binaries\msinfo.dll
+ 2008-04-14 00:11:59 376,832 ------w c:\windows\pchealth\helpctr\binaries\msinfo.dll
- 2004-08-10 04:00:00 102,400 ------w c:\windows\pchealth\helpctr\binaries\pchshell.dll
+ 2008-04-14 00:12:02 102,912 ------w c:\windows\pchealth\helpctr\binaries\pchshell.dll
- 2004-08-10 04:00:00 38,912 ------w c:\windows\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 00:12:02 38,400 ----a-w c:\windows\pchealth\helpctr\binaries\pchsvc.dll
- 2006-09-20 13:39:34 92,947 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-01-26 01:17:10 92,947 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2006-09-20 13:39:34 8,162 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-01-26 01:17:11 8,900 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
- 2004-08-10 04:00:00 150,528 ------w c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 00:12:38 150,528 ------w c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
- 2004-08-10 04:00:00 151,552 ------w c:\windows\PeerNet\sqldb20.dll
+ 2008-04-14 00:12:06 151,552 ------w c:\windows\PeerNet\sqldb20.dll
- 2004-08-10 04:00:00 462,848 ------w c:\windows\PeerNet\sqlqp20.dll
+ 2008-04-14 00:12:06 462,848 ------w c:\windows\PeerNet\sqlqp20.dll
- 2004-08-10 04:00:00 110,592 ------w c:\windows\PeerNet\sqlse20.dll
+ 2008-04-14 00:12:06 110,592 ------w c:\windows\PeerNet\sqlse20.dll
- 2004-08-10 11:00:00 146,432 ------w c:\windows\regedit.exe
+ 2008-04-14 00:12:32 146,432 ------w c:\windows\regedit.exe
+ 2008-04-13 18:46:18 53,376 ------w c:\windows\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 18:40:50 12,288 ------w c:\windows\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 18:46:20 48,128 ------w c:\windows\ServicePackFiles\i386\61883.sys
+ 2008-04-14 00:11:48 100,352 ------w c:\windows\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 00:11:48 136,192 ------w c:\windows\ServicePackFiles\i386\aaclient.dll
+ 2004-08-04 05:32:22 231,552 ------w c:\windows\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-04 05:32:32 84,480 ------w c:\windows\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 00:11:48 39,424 ------w c:\windows\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 00:12:11 184,320 ------w c:\windows\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 00:11:48 1,852,928 ------w c:\windows\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 00:11:48 451,072 ------w c:\windows\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 00:11:48 141,312 ------w c:\windows\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 00:11:48 115,712 ------w c:\windows\ServicePackFiles\i386\aclui.dll
+ 2008-04-13 18:36:35 187,776 ------w c:\windows\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 00:11:48 245,248 ------w c:\windows\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 00:11:48 193,536 ------w c:\windows\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 00:12:12 4,096 ------w c:\windows\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 00:11:48 98,304 ------w c:\windows\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 00:11:48 116,224 ------w c:\windows\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 00:11:48 29,696 ------w c:\windows\ServicePackFiles\i386\admexs.dll
+ 2008-04-14 00:11:48 20,540 ------w c:\windows\ServicePackFiles\i386\admin.dll
+ 2008-04-14 00:12:12 16,439 ------w c:\windows\ServicePackFiles\i386\admin.exe
+ 2004-08-04 05:32:24 10,880 ------w c:\windows\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 00:11:48 61,440 ------w c:\windows\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 00:11:48 43,520 ------w c:\windows\ServicePackFiles\i386\admwprox.dll
+ 2008-04-14 00:11:48 290,816 ------w c:\windows\ServicePackFiles\i386\adsiis51.dll
+ 2008-04-14 00:11:48 175,616 ------w c:\windows\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 00:11:48 143,360 ------w c:\windows\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 00:11:48 68,096 ------w c:\windows\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 00:11:48 263,680 ------w c:\windows\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 00:11:48 123,392 ------w c:\windows\ServicePackFiles\i386\adsnw.dll
+ 2004-07-17 18:35:20 85,813 ------w c:\windows\ServicePackFiles\i386\adsutil.vbs
+ 2008-04-14 00:11:48 4,255 ------w c:\windows\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 00:11:48 3,967 ------w c:\windows\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 00:11:48 3,615 ------w c:\windows\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 00:11:48 3,647 ------w c:\windows\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 00:11:48 3,135 ------w c:\windows\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 00:11:48 3,711 ------w c:\windows\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 00:11:48 3,775 ------w c:\windows\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 00:11:48 617,472 ------w c:\windows\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 00:11:48 99,840 ------w c:\windows\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 16:39:23 142,592 ------w c:\windows\ServicePackFiles\i386\aec.sys
+ 2008-04-13 19:19:23 138,112 ------w c:\windows\ServicePackFiles\i386\afd.sys
+ 2008-04-14 00:11:48 24,064 ------w c:\windows\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 00:11:48 214,016 ------w c:\windows\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 00:11:48 42,496 ------w c:\windows\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 00:11:48 57,344 ------w c:\windows\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 00:11:48 49,152 ------w c:\windows\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 00:11:48 24,064 ------w c:\windows\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 00:11:48 44,032 ------w c:\windows\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 00:12:12 256,512 ------w c:\windows\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 18:36:38 42,368 ------w c:\windows\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 18:36:39 44,928 ------w c:\windows\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ------w c:\windows\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ------w c:\windows\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 18:26:00 19,968 ------w c:\windows\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ------w c:\windows\ServicePackFiles\i386\agt0410.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0412.dll
+ 2007-04-02 18:26:01 20,992 ------w c:\windows\ServicePackFiles\i386\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ------w c:\windows\ServicePackFiles\i386\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt041f.dll
+ 2007-04-02 18:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt0804.dll
+ 2007-04-02 18:26:02 20,992 ------w c:\windows\ServicePackFiles\i386\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ------w c:\windows\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 00:11:49 24,064 ------w c:\windows\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 00:12:12 98,304 ------w c:\windows\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 00:12:12 44,544 ------w c:\windows\ServicePackFiles\i386\alg.exe
+ 2008-04-13 18:36:38 42,752 ------w c:\windows\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 00:11:49 17,408 ------w c:\windows\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-13 18:36:39 43,008 ------w c:\windows\ServicePackFiles\i386\amdagp.sys
+ 2008-04-13 18:31:32 37,376 ------w c:\windows\ServicePackFiles\i386\amdk6.sys
+ 2008-04-13 18:31:33 37,760 ------w c:\windows\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 00:11:49 70,656 ------w c:\windows\ServicePackFiles\i386\amstream.dll
+ 2004-08-04 05:31:20 36,224 ------w c:\windows\ServicePackFiles\i386\an983.sys
+ 2008-04-14 00:11:49 108,544 ------w c:\windows\ServicePackFiles\i386\appconf.dll
+ 2008-04-14 00:11:49 125,952 ------w c:\windows\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 00:11:49 167,936 ------w c:\windows\ServicePackFiles\i386\appmgmts.dll
+ 2008-04-14 00:11:49 295,936 ------w c:\windows\ServicePackFiles\i386\appmgr.dll
+ 2008-04-14 00:11:49 331,264 ------w c:\windows\ServicePackFiles\i386\aqueue.dll
+ 2008-04-13 18:51:25 60,800 ------w c:\windows\ServicePackFiles\i386\arp1394.sys
+ 2008-04-14 00:11:49 369,664 ------w c:\windows\ServicePackFiles\i386\asp51.dll
+ 2008-04-13 16:09:58 20,480 ------w c:\windows\ServicePackFiles\i386\aspnet_filter.dll
+ 2008-04-13 16:09:59 200,704 ------w c:\windows\ServicePackFiles\i386\aspnet_isapi.dll
+ 2008-04-13 16:10:01 24,576 ------w c:\windows\ServicePackFiles\i386\aspnet_regiis.exe
+ 2008-04-13 16:10:01 32,768 ------w c:\windows\ServicePackFiles\i386\aspnet_state.exe
+ 2008-04-13 16:10:01 32,768 ------w c:\windows\ServicePackFiles\i386\aspnet_wp.exe
+ 2008-04-14 00:12:12 30,208 ------w c:\windows\ServicePackFiles\i386\asr_fmt.exe
+ 2008-04-14 00:12:12 32,768 ------w c:\windows\ServicePackFiles\i386\asr_pfu.exe
+ 2008-04-14 00:11:49 65,024 ------w c:\windows\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-13 18:57:27 14,336 ------w c:\windows\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 00:12:12 25,088 ------w c:\windows\ServicePackFiles\i386\at.exe
+ 2008-04-13 18:40:30 96,512 ------w c:\windows\ServicePackFiles\i386\atapi.sys
+ 2004-08-04 05:29:30 56,623 ------w c:\windows\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-04 05:29:30 11,615 ------w c:\windows\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-04 05:29:30 12,047 ------w c:\windows\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-04 05:29:32 30,671 ------w c:\windows\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-04 05:29:32 63,663 ------w c:\windows\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-04 05:29:32 26,367 ------w c:\windows\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-04 05:29:32 21,343 ------w c:\windows\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-04 05:29:32 36,463 ------w c:\windows\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-04 05:29:32 29,455 ------w c:\windows\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-04 05:29:32 34,735 ------w c:\windows\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 00:11:49 229,376 ------w c:\windows\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 00:11:49 377,984 ------w c:\windows\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 00:11:49 201,728 ------w c:\windows\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-04 05:29:28 327,040 ------w c:\windows\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-04 05:29:28 701,440 ------w c:\windows\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 00:11:49 870,784 ------w c:\windows\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 00:11:49 1,057,760 ------w c:\windows\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 00:11:50 1,888,992 ------w c:\windows\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-04 05:29:28 57,856 ------w c:\windows\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-04 05:29:30 13,824 ------w c:\windows\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-04 05:29:30 14,336 ------w c:\windows\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-04 05:29:30 52,224 ------w c:\windows\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-04 05:29:32 104,960 ------w c:\windows\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-04 05:29:32 28,672 ------w c:\windows\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-04 05:29:32 13,824 ------w c:\windows\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-04 05:29:32 73,216 ------w c:\windows\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-04 05:29:32 31,744 ------w c:\windows\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-04 05:29:32 63,488 ------w c:\windows\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 00:11:50 32,768 ------w c:\windows\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 00:11:50 516,768 ------w c:\windows\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 00:11:50 58,880 ------w c:\windows\ServicePackFiles\i386\atl.dll
+ 2008-04-14 00:12:12 11,264 ------w c:\windows\ServicePackFiles\i386\atmadm.exe
+ 2008-04-13 18:51:25 59,904 ------w c:\windows\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 00:09:01 285,696 ------w c:\windows\ServicePackFiles\i386\atmfd.dll
+ 2008-04-13 18:51:30 55,808 ------w c:\windows\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 00:11:50 30,208 ------w c:\windows\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 00:12:12 12,288 ------w c:\windows\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 00:11:50 21,183 ------w c:\windows\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 00:11:50 11,359 ------w c:\windows\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 00:11:50 25,471 ------w c:\windows\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 00:11:50 14,143 ------w c:\windows\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 00:11:50 17,279 ------w c:\windows\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 00:11:50 42,496 ------w c:\windows\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 00:12:12 14,336 ------w c:\windows\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 00:11:50 20,540 ------w c:\windows\ServicePackFiles\i386\author.dll
+ 2008-04-14 00:12:12 16,439 ------w c:\windows\ServicePackFiles\i386\author.exe
+ 2008-04-14 00:11:50 62,464 ------w c:\windows\ServicePackFiles\i386\authz.dll
+ 2008-04-14 00:12:12 588,800 ------w c:\windows\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 00:12:12 602,624 ------w c:\windows\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 00:12:13 580,608 ------w c:\windows\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 00:12:13 11,264 ------w c:\windows\ServicePackFiles\i386\autolfn.exe
+ 2008-04-13 18:46:20 38,912 ------w c:\windows\ServicePackFiles\i386\avc.sys
+ 2008-04-13 18:46:07 13,696 ------w c:\windows\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 00:11:50 84,992 ------w c:\windows\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 00:11:50 233,472 ------w c:\windows\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 00:11:50 52,736 ------w c:\windows\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 00:11:50 29,184 ------w c:\windows\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 00:11:50 8,704 ------w c:\windows\ServicePackFiles\i386\batt.dll
+ 2008-04-13 18:36:32 14,208 ------w c:\windows\ServicePackFiles\i386\battc.sys
+ 2008-04-13 18:46:21 11,776 ------w c:\windows\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 00:11:50 17,408 ------w c:\windows\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 00:11:50 8,192 ------w c:\windows\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 00:11:50 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 00:11:50 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx4.dll
+ 2008-04-14 00:12:13 71,680 ------w c:\windows\ServicePackFiles\i386\blastcln.exe
+ 2008-04-14 00:12:13 142,848 ------w c:\windows\ServicePackFiles\i386\bootcfg.exe
+ 2008-04-13 18:53:23 71,552 ------w c:\windows\ServicePackFiles\i386\bridge.sys
+ 2008-04-13 17:03:24 63,488 ------w c:\windows\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 00:11:50 77,824 ------w c:\windows\ServicePackFiles\i386\browser.dll
+ 2008-04-14 00:11:50 1,025,024 ------w c:\windows\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 00:11:50 78,336 ------w c:\windows\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 00:11:50 20,992 ------w c:\windows\ServicePackFiles\i386\bthci.dll
+ 2008-04-13 18:46:33 17,024 ------w c:\windows\ServicePackFiles\i386\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w c:\windows\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w c:\windows\ServicePackFiles\i386\bthpan.sys
+ 2008-04-13 18:46:32 273,024 ------w c:\windows\ServicePackFiles\i386\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w c:\windows\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 00:11:50 30,208 ------w c:\windows\ServicePackFiles\i386\bthserv.dll
+ 2008-04-13 18:46:29 18,944 ------w c:\windows\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 00:11:50 50,688 ------w c:\windows\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 00:11:50 218,112 ------w c:\windows\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 00:11:50 60,416 ------w c:\windows\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 00:11:50 84,480 ------w c:\windows\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 00:12:13 19,968 ------w c:\windows\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 00:11:50 385,024 ------w c:\windows\ServicePackFiles\i386\callcont.dll
+ 2008-04-14 00:11:50 121,856 ------w c:\windows\ServicePackFiles\i386\camext30.dll
+ 2008-04-14 00:11:50 50,688 ------w c:\windows\ServicePackFiles\i386\camocx.dll
+ 2008-04-14 00:11:50 150,016 ------w c:\windows\ServicePackFiles\i386\capesnpn.dll
+ 2004-07-20 00:54:04 94,208 ------w c:\windows\ServicePackFiles\i386\caspol.exe
+ 2008-04-14 00:11:50 226,304 ------w c:\windows\ServicePackFiles\i386\catsrv.dll
+ 2008-04-14 00:11:50 85,504 ------w c:\windows\ServicePackFiles\i386\catsrvps.dll
+ 2008-04-14 00:11:50 625,664 ------w c:\windows\ServicePackFiles\i386\catsrvut.dll
+ 2008-04-13 18:46:23 17,024 ------w c:\windows\ServicePackFiles\i386\ccdecode.sys
+ 2008-04-13 19:14:21 63,744 ------w c:\windows\ServicePackFiles\i386\cdfs.sys
+ 2008-04-14 00:11:50 151,040 ------w c:\windows\ServicePackFiles\i386\cdfview.dll
+ 2008-04-14 00:11:50 66,560 ------w c:\windows\ServicePackFiles\i386\cdm.dll
+ 2008-04-14 00:11:50 2,091,520 ------w c:\windows\ServicePackFiles\i386\cdosys.dll
+ 2008-04-13 18:40:46 62,976 ------w c:\windows\ServicePackFiles\i386\cdrom.sys
+ 2008-04-14 00:11:50 194,560 ------w c:\windows\ServicePackFiles\i386\certcli.dll
+ 2008-04-14 00:11:50 457,728 ------w c:\windows\ServicePackFiles\i386\certmgr.dll
+ 2008-04-14 00:11:50 38,912 ------w c:\windows\ServicePackFiles\i386\cfgbkend.dll
+ 2008-04-14 00:09:05 16,896 ------w c:\windows\ServicePackFiles\i386\cfgmgr32.dll
+ 2008-04-14 00:12:14 188,480 ------w c:\windows\ServicePackFiles\i386\cfgwiz.exe
+ 2008-04-14 00:11:50 15,423 ------w c:\windows\ServicePackFiles\i386\ch7xxnt5.dll
+ 2008-04-13 18:40:58 8,192 ------w c:\windows\ServicePackFiles\i386\changer.sys
+ 2008-04-14 00:11:50 148,480 ------w c:\windows\ServicePackFiles\i386\cic.dll
+ 2008-04-14 00:11:50 1,358,848 ------w c:\windows\ServicePackFiles\i386\cimwin32.dll
+ 2008-04-14 00:11:50 69,120 ------w c:\windows\ServicePackFiles\i386\ciodm.dll
+ 2008-04-14 00:12:14 56,832 ------w c:\windows\ServicePackFiles\i386\cipher.exe
+ 2008-04-14 00:12:14 5,632 ------w c:\windows\ServicePackFiles\i386\cisvc.exe
+ 2008-04-13 19:16:22 49,536 ------w c:\windows\ServicePackFiles\i386\classpnp.sys
+ 2008-04-14 00:11:50 110,592 ------w c:\windows\ServicePackFiles\i386\clbcatex.dll
+ 2008-04-14 00:11:50 498,688 ------w c:\windows\ServicePackFiles\i386\clbcatq.dll
+ 2008-04-14 00:12:14 64,000 ------w c:\windows\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 00:11:50 77,824 ------w c:\windows\ServicePackFiles\i386\cliconfg.dll
+ 2008-04-14 00:12:14 20,480 ------w c:\windows\ServicePackFiles\i386\cliconfg.exe
+ 2008-04-14 00:12:14 102,912 ------w c:\windows\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 00:12:14 33,280 ------w c:\windows\ServicePackFiles\i386\clipsrv.exe
+ 2008-04-14 00:11:50 58,368 ------w c:\windows\ServicePackFiles\i386\clusapi.dll
+ 2008-04-13 18:36:37 13,952 ------w c:\windows\ServicePackFiles\i386\cmbatt.sys
+ 2008-04-14 00:11:50 15,872 ------w c:\windows\ServicePackFiles\i386\cmcfg32.dll
+ 2008-04-14 00:12:14 389,120 ------w c:\windows\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 00:11:50 344,064 ------w c:\windows\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 00:12:14 25,600 ------w c:\windows\ServicePackFiles\i386\cmdl32.exe
+ 2008-04-14 00:12:15 39,936 ------w c:\windows\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 00:11:50 185,344 ------w c:\windows\ServicePackFiles\i386\cmprops.dll
+ 2008-04-14 00:11:50 13,312 ------w c:\windows\ServicePackFiles\i386\cmsetacl.dll
+ 2008-04-14 00:12:15 63,488 ------w c:\windows\ServicePackFiles\i386\cmstp.exe
+ 2008-04-14 00:11:50 39,424 ------w c:\windows\ServicePackFiles\i386\cmutil.dll
+ 2008-04-14 00:11:50 47,104 ------w c:\windows\ServicePackFiles\i386\cnbjmon.dll
+ 2008-04-14 00:11:50 79,360 ------w c:\windows\ServicePackFiles\i386\cnbjmon2.dll
+ 2008-04-14 00:11:51 46,592 ------w c:\windows\ServicePackFiles\i386\coadmin.dll
+ 2008-04-13 16:44:16 17,920 ------w c:\windows\ServicePackFiles\i386\cobramsg.dll
+ 2008-04-14 00:11:51 60,416 ------w c:\windows\ServicePackFiles\i386\colbact.dll
+ 2008-04-14 00:11:51 28,160 ------w c:\windows\ServicePackFiles\i386\comaddin.dll
+ 2008-04-14 00:11:51 195,072 ------w c:\windows\ServicePackFiles\i386\comadmin.dll
+ 2008-04-14 00:11:51 617,472 ------w c:\windows\ServicePackFiles\i386\comctl32.dll
+ 2008-04-14 00:11:51 276,992 ------w c:\windows\ServicePackFiles\i386\comdlg32.dll
+ 2008-04-14 00:11:51 252,928 ------w c:\windows\ServicePackFiles\i386\compatui.dll
+ 2008-04-13 18:36:37 10,240 ------w c:\windows\ServicePackFiles\i386\compbatt.sys
+ 2008-04-14 00:11:51 24,064 ------w c:\windows\ServicePackFiles\i386\compfilt.dll
+ 2008-04-14 00:11:51 229,376 ------w c:\windows\ServicePackFiles\i386\compstui.dll
+ 2008-04-14 00:11:51 97,792 ------w c:\windows\ServicePackFiles\i386\comrepl.dll
+ 2008-04-14 00:12:15 9,728 ------w c:\windows\ServicePackFiles\i386\comrepl.exe
+ 2008-04-14 00:12:15 6,144 ------w c:\windows\ServicePackFiles\i386\comrereg.exe
+ 2008-04-14 00:11:51 792,064 ------w c:\windows\ServicePackFiles\i386\comres.dll
+ 2008-04-13 18:43:32 9,728 ------w c:\windows\ServicePackFiles\i386\comsdupd.exe
+ 2008-04-14 00:11:51 274,944 ------w c:\windows\ServicePackFiles\i386\comsetup.dll
+ 2008-04-14 00:11:51 167,424 ------w c:\windows\ServicePackFiles\i386\comsnap.dll
+ 2008-04-14 00:11:51 1,267,200 ------w c:\windows\ServicePackFiles\i386\comsvcs.dll
+ 2008-04-14 00:11:51 539,648 ------w c:\windows\ServicePackFiles\i386\comuid.dll
+ 2008-04-14 00:12:15 1,032,192 ------w c:\windows\ServicePackFiles\i386\conf.exe
+ 2008-04-14 00:11:51 45,056 ------w c:\windows\ServicePackFiles\i386\confmrsl.dll
+ 2008-04-14 00:11:51 357,888 ------w c:\windows\ServicePackFiles\i386\confmsp.dll
+ 2008-04-14 00:12:15 27,648 ------w c:\windows\ServicePackFiles\i386\conime.exe
+ 2004-08-04 04:11:12 69,632 ------w c:\windows\ServicePackFiles\i386\corperfmonext.dll
+ 2008-04-14 00:11:51 35,328 ------w c:\windows\ServicePackFiles\i386\corpol.dll
+ 2008-04-14 00:11:51 12,800 ------w c:\windows\ServicePackFiles\i386\credssp.dll
+ 2008-04-14 00:11:51 163,840 ------w c:\windows\ServicePackFiles\i386\credui.dll
+ 2008-04-13 18:31:32 36,736 ------w c:\windows\ServicePackFiles\i386\crusoe.sys
+ 2008-04-14 00:11:51 599,040 ------w c:\windows\ServicePackFiles\i386\crypt32.dll
+ 2008-04-14 00:11:51 74,752 ------w c:\windows\ServicePackFiles\i386\cryptdlg.dll
+ 2008-04-14 00:11:51 33,280 ------w c:\windows\ServicePackFiles\i386\cryptdll.dll
+ 2008-04-14 00:11:51 53,760 ------w c:\windows\ServicePackFiles\i386\cryptext.dll
+ 2008-04-14 00:11:51 64,512 ------w c:\windows\ServicePackFiles\i386\cryptnet.dll
+ 2008-04-14 00:11:51 62,464 ------w c:\windows\ServicePackFiles\i386\cryptsvc.dll
+ 2008-04-14 00:11:51 512,512 ------w c:\windows\ServicePackFiles\i386\cryptui.dll
+ 2004-08-04 04:11:18 49,152 ------w c:\windows\ServicePackFiles\i386\csc.exe
+ 2008-04-14 00:11:51 101,888 ------w c:\windows\ServicePackFiles\i386\cscdll.dll
+ 2004-07-20 00:54:04 589,824 ------w c:\windows\ServicePackFiles\i386\cscomp.dll
+ 2008-04-14 00:12:15 139,264 ------w c:\windows\ServicePackFiles\i386\cscript.exe
+ 2008-04-14 00:11:51 326,656 ------w c:\windows\ServicePackFiles\i386\cscui.dll
+ 2008-04-14 00:11:51 32,256 ------w c:\windows\ServicePackFiles\i386\csrsrv.dll
+ 2008-04-14 00:12:15 6,144 ------w c:\windows\ServicePackFiles\i386\csrss.exe
+ 2008-04-14 00:12:16 15,360 ------w c:\windows\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-14 00:11:51 249,856 ------w c:\windows\ServicePackFiles\i386\ctmasetp.dll
+ 2008-04-14 00:11:51 33,792 ------w c:\windows\ServicePackFiles\i386\custsat.dll
+ 2004-08-04 05:32:26 48,640 ------w c:\windows\ServicePackFiles\i386\cwrwdm.sys
+ 2008-04-14 00:11:51 1,179,648 ------w c:\windows\ServicePackFiles\i386\d3d8.dll
+ 2008-04-14 00:11:51 8,192 ------w c:\windows\ServicePackFiles\i386\d3d8thk.dll
+ 2008-04-14 00:11:51 1,689,088 ------w c:\windows\ServicePackFiles\i386\d3d9.dll
+ 2008-04-14 00:11:51 824,320 ------w c:\windows\ServicePackFiles\i386\d3dim700.dll
+ 2008-04-14 00:11:51 1,054,208 ------w c:\windows\ServicePackFiles\i386\danim.dll
+ 2008-03-25 04:50:25 554,008 ------w c:\windows\ServicePackFiles\i386\dao360.dll
+ 2008-04-14 00:11:51 54,272 ------w c:\windows\ServicePackFiles\i386\dataclen.dll
+ 2008-04-14 00:11:51 165,376 ------w c:\windows\ServicePackFiles\i386\datime.dll
+ 2008-04-14 00:12:16 42,496 ------w c:\windows\ServicePackFiles\i386\davcdata.exe
+ 2008-04-14 00:11:51 25,088 ------w c:\windows\ServicePackFiles\i386\davclnt.dll
+ 2008-04-14 00:11:51 640,000 ------w c:\windows\ServicePackFiles\i386\dbghelp.dll
+ 2008-04-14 00:11:51 24,576 ------w c:\windows\ServicePackFiles\i386\dbmsrpcn.dll
+ 2008-04-14 00:11:51 110,592 ------w c:\windows\ServicePackFiles\i386\dbnetlib.dll
+ 2008-04-14 00:11:51 28,672 ------w c:\windows\ServicePackFiles\i386\dbnmpntw.dll
+ 2008-04-14 00:25:26 1,804 ------w c:\windows\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 00:11:51 40,960 ------w c:\windows\ServicePackFiles\i386\dcap32.dll
+ 2008-04-14 00:11:51 8,704 ------w c:\windows\ServicePackFiles\i386\dciman32.dll
+ 2008-04-14 00:12:16 6,144 ------w c:\windows\ServicePackFiles\i386\dcomcnfg.exe
+ 2008-04-14 00:12:16 30,208 ------w c:\windows\ServicePackFiles\i386\ddeshare.exe
+ 2008-04-14 00:11:51 279,552 ------w c:\windows\ServicePackFiles\i386\ddraw.dll
+ 2008-04-14 00:11:51 27,136 ------w c:\windows\ServicePackFiles\i386\ddrawex.dll
+ 2008-04-14 00:12:16 25,088 ------w c:\windows\ServicePackFiles\i386\defrag.exe
+ 2008-04-14 00:11:51 59,904 ------w c:\windows\ServicePackFiles\i386\devenum.dll
+ 2008-04-14 00:11:51 282,624 ------w c:\windows\ServicePackFiles\i386\devmgr.dll
+ 2008-04-14 00:12:16 82,944 ------w c:\windows\ServicePackFiles\i386\dfrgfat.exe
+ 2008-04-14 00:12:16 105,472 ------w c:\windows\ServicePackFiles\i386\dfrgntfs.exe
+ 2008-04-14 00:11:51 39,424 ------w c:\windows\ServicePackFiles\i386\dfrgsnap.dll
+ 2008-04-14 00:11:51 124,416 ------w c:\windows\ServicePackFiles\i386\dfrgui.dll
+ 2008-04-14 00:11:51 28,672 ------w c:\windows\ServicePackFiles\i386\dfsshlex.dll
+ 2008-04-14 00:11:51 111,104 ------w c:\windows\ServicePackFiles\i386\dgnet.dll
+ 2008-04-14 00:11:51 126,976 ------w c:\windows\ServicePackFiles\i386\dhcpcsvc.dll
+ 2008-04-14 00:11:52 379,904 ------w c:\windows\ServicePackFiles\i386\dhcpmon.dll
+ 2008-04-14 00:11:52 48,640 ------w c:\windows\ServicePackFiles\i386\dhcpqec.dll
+ 2008-04-14 00:12:17 539,136 ------w c:\windows\ServicePackFiles\i386\dialer.exe
+ 2008-04-14 00:12:17 87,040 ------w c:\windows\ServicePackFiles\i386\diantz.exe
+ 2004-08-10 04:00:00 884,712 ------w c:\windows\ServicePackFiles\i386\digcore.exe
+ 2008-04-14 00:11:52 68,608 ------w c:\windows\ServicePackFiles\i386\digest.dll
+ 2008-04-14 00:11:52 19,456 ------w c:\windows\ServicePackFiles\i386\dimsntfy.dll
+ 2008-04-14 00:11:52 39,936 ------w c:\windows\ServicePackFiles\i386\dimsroam.dll
+ 2008-04-14 00:11:52 158,720 ------w c:\windows\ServicePackFiles\i386\dinput.dll
+ 2008-04-14 00:11:52 181,760 ------w c:\windows\ServicePackFiles\i386\dinput8.dll
+ 2008-04-14 00:11:52 86,528 ------w c:\windows\ServicePackFiles\i386\directdb.dll
+ 2008-04-13 18:40:47 36,352 ------w c:\windows\ServicePackFiles\i386\disk.sys
+ 2008-04-14 00:11:52 1,504,256 ------w c:\windows\ServicePackFiles\i386\diskcopy.dll
+ 2008-04-13 18:40:44 14,208 ------w c:\windows\ServicePackFiles\i386\diskdump.sys
+ 2008-04-14 00:12:17 163,840 ------w c:\windows\ServicePackFiles\i386\diskpart.exe
+ 2008-04-14 00:11:52 32,768 ------w c:\windows\ServicePackFiles\i386\dispex.dll
+ 2008-04-14 00:12:17 5,120 ------w c:\windows\ServicePackFiles\i386\dllhost.exe
+ 2008-04-13 18:40:51 8,320 ------w c:\windows\ServicePackFiles\i386\dlttape.sys
+ 2008-04-14 00:12:17 224,768 ------w c:\windows\ServicePackFiles\i386\dmadmin.exe
+ 2008-04-14 00:11:52 28,672 ------w c:\windows\ServicePackFiles\i386\dmband.dll
+ 2008-04-13 18:44:48 799,744 ------w c:\windows\ServicePackFiles\i386\dmboot.sys
+ 2008-04-14 00:11:52 61,440 ------w c:\windows\ServicePackFiles\i386\dmcompos.dll
+ 2008-04-14 00:11:52 285,184 ------w c:\windows\ServicePackFiles\i386\dmdlgs.dll
+ 2008-04-14 00:11:52 200,704 ------w c:\windows\ServicePackFiles\i386\dmdskmgr.dll
+ 2008-04-14 00:11:52 181,248 ------w c:\windows\ServicePackFiles\i386\dmime.dll
+ 2008-04-13 18:44:46 153,344 ------w c:\windows\ServicePackFiles\i386\dmio.sys
+ 2008-04-14 00:11:52 35,840 ------w c:\windows\ServicePackFiles\i386\dmloader.dll
+ 2008-04-14 00:12:17 15,872 ------w c:\windows\ServicePackFiles\i386\dmremote.exe
+ 2008-04-14 00:11:52 82,432 ------w c:\windows\ServicePackFiles\i386\dmscript.dll
+ 2008-04-14 00:11:52 23,552 ------w c:\windows\ServicePackFiles\i386\dmserver.dll
+ 2008-04-14 00:11:52 105,984 ------w c:\windows\ServicePackFiles\i386\dmstyle.dll
+ 2008-04-14 00:11:52 103,424 ------w c:\windows\ServicePackFiles\i386\dmsynth.dll
+ 2008-04-14 00:11:52 104,448 ------w c:\windows\ServicePackFiles\i386\dmusic.dll
+ 2008-04-13 18:45:01 52,864 ------w c:\windows\ServicePackFiles\i386\dmusic.sys
+ 2008-04-14 00:11:52 52,224 ------w c:\windows\ServicePackFiles\i386\dmutil.dll
+ 2008-04-14 00:11:52 147,968 ------w c:\windows\ServicePackFiles\i386\dnsapi.dll
+ 2008-04-14 00:11:52 45,568 ------w c:\windows\ServicePackFiles\i386\dnsrslvr.dll
+ 2008-04-14 00:11:52 48,128 ------w c:\windows\ServicePackFiles\i386\docprop2.dll
+ 2004-08-10 04:00:00 53,840 ------w c:\windows\ServicePackFiles\i386\dosx.exe
+ 2008-04-14 00:11:52 26,112 ------w c:\windows\ServicePackFiles\i386\dot3api.dll
+ 2008-04-14 00:11:52 57,856 ------w c:\windows\ServicePackFiles\i386\dot3cfg.dll
+ 2008-04-14 00:11:52 39,936 ------w c:\windows\ServicePackFiles\i386\dot3clnt.dll
+ 2008-04-14 00:11:52 9,216 ------w c:\windows\ServicePackFiles\i386\dot3dlg.dll
+ 2008-04-14 00:11:52 56,320 ------w c:\windows\ServicePackFiles\i386\dot3msm.dll
+ 2008-04-14 00:11:52 132,096 ------w c:\windows\ServicePackFiles\i386\dot3svc.dll
+ 2008-04-14 00:11:52 650,752 ------w c:\windows\ServicePackFiles\i386\dot3ui.dll
+ 2008-04-13 18:39:46 206,976 ------w c:\windows\ServicePackFiles\i386\dot4.sys
+ 2008-04-14 00:11:52 102,912 ------w c:\windows\ServicePackFiles\i386\dpcdll.dll
+ 2008-04-14 00:12:17 29,696 ------w c:\windows\ServicePackFiles\i386\dplaysvr.exe
+ 2008-04-14 00:11:52 229,888 ------w c:\windows\ServicePackFiles\i386\dplayx.dll
+ 2008-04-14 00:11:52 23,552 ------w c:\windows\ServicePackFiles\i386\dpmodemx.dll
+ 2008-04-14 00:09:19 3,072 ------w c:\windows\ServicePackFiles\i386\dpnaddr.dll
+ 2008-04-14 00:11:52 375,296 ------w c:\windows\ServicePackFiles\i386\dpnet.dll
+ 2008-04-14 00:11:52 35,328 ------w c:\windows\ServicePackFiles\i386\dpnhpast.dll
+ 2008-04-14 00:11:52 60,928 ------w c:\windows\ServicePackFiles\i386\dpnhupnp.dll
+ 2008-04-14 00:09:20 3,072 ------w c:\windows\ServicePackFiles\i386\dpnlobby.dll
+ 2008-04-14 00:12:17 17,920 ------w c:\windows\ServicePackFiles\i386\dpnsvr.exe
+ 2008-04-14 00:11:52 21,504 ------w c:\windows\ServicePackFiles\i386\dpvacm.dll
+ 2008-04-14 00:11:52 212,480 ------w c:\windows\ServicePackFiles\i386\dpvoice.dll
+ 2008-04-14 00:12:18 83,456 ------w c:\windows\ServicePackFiles\i386\dpvsetup.exe
+ 2008-04-14 00:11:52 116,736 ------w c:\windows\ServicePackFiles\i386\dpvvox.dll
+ 2008-04-14 00:11:52 57,344 ------w c:\windows\ServicePackFiles\i386\dpwsockx.dll
+ 2008-04-13 18:45:14 60,160 ------w c:\windows\ServicePackFiles\i386\drmk.sys
+ 2008-04-13 18:45:13 2,944 ------w c:\windows\ServicePackFiles\i386\drmkaud.sys
+ 2008-04-14 00:11:52 14,336 ------w c:\windows\ServicePackFiles\i386\drprov.dll
+ 2008-04-14 00:12:18 62,976 ------w c:\windows\ServicePackFiles\i386\drvqry.exe
+ 2004-08-10 04:00:00 4,656 ------w c:\windows\ServicePackFiles\i386\ds16gt.dll
+ 2008-04-14 00:11:52 16,384 ------w c:\windows\ServicePackFiles\i386\ds32gt.dll
+ 2008-04-14 00:11:52 181,248 ------w c:\windows\ServicePackFiles\i386\dsdmo.dll
+ 2008-04-14 00:11:52 71,680 ------w c:\windows\ServicePackFiles\i386\dsdmoprp.dll
+ 2008-04-14 00:11:52 92,672 ------w c:\windows\ServicePackFiles\i386\dskquota.dll
+ 2008-04-14 00:11:52 155,648 ------w c:\windows\ServicePackFiles\i386\dskquoui.dll
+ 2008-04-14 00:11:52 367,616 ------w c:\windows\ServicePackFiles\i386\dsound.dll
+ 2008-04-14 00:11:52 1,293,824 ------w c:\windows\ServicePackFiles\i386\dsound3d.dll
+ 2008-04-14 00:11:52 142,848 ------w c:\windows\ServicePackFiles\i386\dsprop.dll
+ 2008-04-13 17:09:30 4,096 ------w c:\windows\ServicePackFiles\i386\dsprpres.dll
+ 2008-04-14 00:11:52 239,104 ------w c:\windows\ServicePackFiles\i386\dsquery.dll
+ 2008-04-14 00:11:52 51,200 ------w c:\windows\ServicePackFiles\i386\dssec.dll
+ 2008-04-13 17:37:57 138,752 ------w c:\windows\ServicePackFiles\i386\dssenh.dll
+ 2008-04-14 00:11:52 113,152 ------w c:\windows\ServicePackFiles\i386\dsuiext.dll
+ 2008-04-14 00:11:52 19,456 ------w c:\windows\ServicePackFiles\i386\dswave.dll
+ 2008-04-14 00:12:18 10,752 ------w c:\windows\ServicePackFiles\i386\dumprep.exe
+ 2008-04-14 00:11:52 304,128 ------w c:\windows\ServicePackFiles\i386\duser.dll
+ 2008-04-14 00:12:18 17,920 ------w c:\windows\ServicePackFiles\i386\dvdupgrd.exe
+ 2008-04-14 00:12:18 180,224 ------w c:\windows\ServicePackFiles\i386\dwwin.exe
+ 2008-04-14 00:11:52 619,008 ------w c:\windows\ServicePackFiles\i386\dx7vb.dll
+ 2008-04-14 00:11:52 1,227,264 ------w c:\windows\ServicePackFiles\i386\dx8vb.dll
+ 2008-04-14 00:12:18 1,298,432 ------w c:\windows\ServicePackFiles\i386\dxdiag.exe
+ 2008-04-14 00:11:52 2,113,536 ------w c:\windows\ServicePackFiles\i386\dxdiagn.dll
+ 2008-04-13 18:38:29 71,168 ------w c:\windows\ServicePackFiles\i386\dxg.sys
+ 2008-04-14 00:11:52 357,888 ------w c:\windows\ServicePackFiles\i386\dxtmsft.dll
+ 2008-04-14 00:11:52 205,312 ------w c:\windows\ServicePackFiles\i386\dxtrans.dll
+ 2008-04-14 00:11:52 30,720 ------w c:\windows\ServicePackFiles\i386\eapolqec.dll
+ 2008-04-14 00:11:52 184,832 ------w c:\windows\ServicePackFiles\i386\eapp3hst.dll
+ 2008-04-14 00:11:52 126,976 ------w c:\windows\ServicePackFiles\i386\eappcfg.dll
+ 2008-04-14 00:11:52 94,208 ------w c:\windows\ServicePackFiles\i386\eappgnui.dll
+ 2008-04-14 00:11:52 180,224 ------w c:\windows\ServicePackFiles\i386\eapphost.dll
+ 2008-04-14 00:11:52 40,960 ------w c:\windows\ServicePackFiles\i386\eappprxy.dll
+ 2008-04-14 00:11:52 59,392 ------w c:\windows\ServicePackFiles\i386\eapqec.dll
+ 2008-04-14 00:11:52 33,792 ------w c:\windows\ServicePackFiles\i386\eapsvc.dll
+ 2008-04-14 00:11:52 26,624 ------w c:\windows\ServicePackFiles\i386\efsadu.dll
+ 2008-04-14 00:11:53 183,296 ------w c:\windows\ServicePackFiles\i386\els.dll
+ 2008-04-14 00:11:53 20,480 ------w c:\windows\ServicePackFiles\i386\encapi.dll
+ 2008-04-14 00:11:53 186,880 ------w c:\windows\ServicePackFiles\i386\encdec.dll
+ 2008-04-13 16:26:02 40,960 ------w c:\windows\ServicePackFiles\i386\ep9res.dll
+ 2004-07-17 18:39:36 120,320 ------w c:\windows\ServicePackFiles\i386\epcl5res.dll
+ 2008-04-14 00:11:53 23,040 ------w c:\windows\ServicePackFiles\i386\ersvc.dll
+ 2008-04-14 00:11:53 246,272 ------w c:\windows\ServicePackFiles\i386\es.dll
+ 2008-04-14 00:11:53 1,082,368 ------w c:\windows\ServicePackFiles\i386\esent.dll
+ 2008-04-14 00:11:53 247,808 ------w c:\windows\ServicePackFiles\i386\esscli.dll
+ 2004-08-04 05:32:28 137,088 ------w c:\windows\ServicePackFiles\i386\essm2e.sys
+ 2008-04-14 00:12:19 193,024 ------w c:\windows\ServicePackFiles\i386\eudcedit.exe
+ 2008-04-14 00:12:19 50,688 ------w c:\windows\ServicePackFiles\i386\evcreate.exe
+ 2008-04-14 00:11:53 56,320 ------w c:\windows\ServicePackFiles\i386\eventlog.dll
+ 2004-07-20 00:54:06 798,720 ------w c:\windows\ServicePackFiles\i386\eventlogmessages.dll
+ 2008-04-14 00:11:53 101,888 ------w c:\windows\ServicePackFiles\i386\evntagnt.dll
+ 2008-04-14 00:12:19 24,064 ------w c:\windows\ServicePackFiles\i386\evntcmd.exe
+ 2008-04-14 00:11:53 21,504 ------w c:\windows\ServicePackFiles\i386\evntrprv.dll
+ 2008-04-14 00:12:19 92,160 ------w c:\windows\ServicePackFiles\i386\evntwin.exe
+ 2008-04-14 00:11:53 45,056 ------w c:\windows\ServicePackFiles\i386\evtgprov.dll
+ 2008-04-14 00:12:19 82,944 ------w c:\windows\ServicePackFiles\i386\evtrig.exe
+ 2008-04-14 00:12:19 1,033,728 ------w c:\windows\ServicePackFiles\i386\explorer.exe
+ 2008-04-14 00:11:53 380,445 ------w c:\windows\ServicePackFiles\i386\expsrv.dll
+ 2008-04-14 00:11:53 14,336 ------w c:\windows\ServicePackFiles\i386\exstrace.dll
+ 2008-04-14 00:11:53 55,808 ------w c:\windows\ServicePackFiles\i386\extmgr.dll
+ 2008-04-14 00:12:19 24,064 ------w c:\windows\ServicePackFiles\i386\extrac32.exe
+ 2008-04-14 00:11:53 125,952 ------w c:\windows\ServicePackFiles\i386\exts.dll
+ 2008-04-14 00:09:30 7,168 ------w c:\windows\ServicePackFiles\i386\f3ahvoas.dll
+ 2008-04-13 19:14:29 143,744 ------w c:\windows\ServicePackFiles\i386\fastfat.sys
+ 2008-04-14 00:11:53 472,064 ------w c:\windows\ServicePackFiles\i386\fastprox.dll
+ 2008-04-14 00:11:53 80,384 ------w c:\windows\ServicePackFiles\i386\faultrep.dll
+ 2008-04-14 00:12:20 20,992 ------w c:\windows\ServicePackFiles\i386\faxpatch.exe
+ 2008-04-13 18:40:25 27,392 ------w c:\windows\ServicePackFiles\i386\fdc.sys
+ 2008-04-14 00:11:53 124,928 ------w c:\windows\ServicePackFiles\i386\fde.dll
+ 2008-04-14 00:11:53 73,728 ------w c:\windows\ServicePackFiles\i386\fdeploy.dll
+ 2008-04-14 00:11:53 21,504 ------w c:\windows\ServicePackFiles\i386\feclient.dll
+ 2008-04-14 00:11:53 337,920 ------w c:\windows\ServicePackFiles\i386\filemgmt.dll
+ 2008-04-14 00:12:20 27,136 ------w c:\windows\ServicePackFiles\i386\findstr.exe
+ 2008-04-13 18:33:28 44,544 ------w c:\windows\ServicePackFiles\i386\fips.sys
+ 2008-04-14 00:11:53 87,552 ------w c:\windows\ServicePackFiles\i386\fldrclnr.dll
+ 2008-04-13 18:40:25 20,480 ------w c:\windows\ServicePackFiles\i386\flpydisk.sys
+ 2008-04-14 00:11:53 16,896 ------w c:\windows\ServicePackFiles\i386\fltlib.dll
+ 2008-04-14 00:12:20 23,040 ------w c:\windows\ServicePackFiles\i386\fltmc.exe
+ 2008-04-13 18:32:59 129,792 ------w c:\windows\ServicePackFiles\i386\fltmgr.sys
+ 2008-04-14 00:11:53 382,976 ------w c:\windows\ServicePackFiles\i386\fontext.dll
+ 2008-04-14 00:11:53 80,896 ------w c:\windows\ServicePackFiles\i386\fontsub.dll
+ 2008-04-14 00:12:20 20,992 ------w c:\windows\ServicePackFiles\i386\fontview.exe
+ 2008-04-14 00:12:20 7,680 ------w c:\windows\ServicePackFiles\i386\forcedos.exe
+ 2004-08-04 05:31:24 34,173 ------w c:\windows\ServicePackFiles\i386\forehe.sys
+ 2008-04-14 00:12:42 29,696 ------w c:\windows\ServicePackFiles\i386\format.com
+ 2008-04-14 00:11:53 32,828 ------w c:\windows\ServicePackFiles\i386\fp40ext.dll
+ 2008-04-14 00:11:53 184,435 ------w c:\windows\ServicePackFiles\i386\fp4amsft.dll
+ 2008-04-14 00:11:53 82,035 ------w c:\windows\ServicePackFiles\i386\fp4anscp.dll
+ 2008-04-14 00:11:53 147,513 ------w c:\windows\ServicePackFiles\i386\fp4apws.dll
+ 2008-04-14 00:11:53 49,210 ------w c:\windows\ServicePackFiles\i386\fp4areg.dll
+ 2008-04-14 00:11:53 102,509 ------w c:\windows\ServicePackFiles\i386\fp4atxt.dll
+ 2008-04-14 00:11:53 618,605 ------w c:\windows\ServicePackFiles\i386\fp4autl.dll
+ 2008-04-14 00:11:53 41,020 ------w c:\windows\ServicePackFiles\i386\fp4avnb.dll
+ 2008-04-14 00:11:53 32,826 ------w c:\windows\ServicePackFiles\i386\fp4avss.dll
+ 2008-04-14 00:11:53 49,212 ------w c:\windows\ServicePackFiles\i386\fp4awebs.dll
+ 2008-04-14 00:11:53 876,653 ------w c:\windows\ServicePackFiles\i386\fp4awel.dll
+ 2008-04-14 00:12:20 15,120 ------w c:\windows\ServicePackFiles\i386\fp98sadm.exe
+ 2008-04-14 00:12:20 109,840 ------w c:\windows\ServicePackFiles\i386\fp98swin.exe
+ 2008-04-14 00:12:20 24,632 ------w c:\windows\ServicePackFiles\i386\fpadmcgi.exe
+ 2008-04-14 00:11:53 20,541 ------w c:\windows\ServicePackFiles\i386\fpadmdll.dll
+ 2008-04-14 00:12:20 188,494 ------w c:\windows\ServicePackFiles\i386\fpcount.exe
+ 2008-04-14 00:11:53 94,208 ------w c:\windows\ServicePackFiles\i386\fpencode.dll
+ 2008-04-14 00:11:53 20,541 ------w c:\windows\ServicePackFiles\i386\fpexedll.dll
+ 2008-04-14 00:11:53 598,071 ------w c:\windows\ServicePackFiles\i386\fpmmc.dll
+ 2007-04-02 16:36:04 208,896 ------w c:\windows\ServicePackFiles\i386\fpmmcsat.dll
+ 2008-04-14 00:12:20 20,538 ------w c:\windows\ServicePackFiles\i386\fpremadm.exe
+ 2008-04-14 00:12:20 28,728 ------w c:\windows\ServicePackFiles\i386\fpsrvadm.exe
+ 2008-04-14 00:09:33 9,344 ------w c:\windows\ServicePackFiles\i386\framebuf.dll
+ 2008-04-14 00:11:53 185,344 ------w c:\windows\ServicePackFiles\i386\framedyn.dll
+ 2008-04-14 00:12:20 193,024 ------w c:\windows\ServicePackFiles\i386\fsquirt.exe
+ 2008-04-14 00:12:20 42,496 ------w c:\windows\ServicePackFiles\i386\ftp.exe
+ 2008-04-14 00:11:53 6,144 ------w c:\windows\ServicePackFiles\i386\ftpmib.dll
+ 2008-04-14 00:11:53 125,952 ------w c:\windows\ServicePackFiles\i386\ftpsv251.dll
+ 2004-07-20 00:54:06 233,472 ------w c:\windows\ServicePackFiles\i386\fusion.dll
+ 2008-04-14 00:11:53 60,416 ------w c:\windows\ServicePackFiles\i386\fwcfg.dll
+ 2008-04-14 00:11:53 451,584 ------w c:\windows\ServicePackFiles\i386\fxsapi.dll
+ 2008-04-14 00:12:21 142,848 ------w c:\windows\ServicePackFiles\i386\fxsclnt.exe
+ 2008-04-14 00:11:54 72,192 ------w c:\windows\ServicePackFiles\i386\fxscom.dll
+ 2008-04-14 00:11:54 285,184 ------w c:\windows\ServicePackFiles\i386\fxscomex.dll
+ 2008-04-14 00:12:21 229,376 ------w c:\windows\ServicePackFiles\i386\fxscover.exe
+ 2008-04-14 00:11:54 26,624 ------w c:\windows\ServicePackFiles\i386\fxsdrv.dll
+ 2008-04-14 00:11:54 55,296 ------w c:\windows\ServicePackFiles\i386\fxsevent.dll
+ 2008-04-14 00:11:54 23,552 ------w c:\windows\ServicePackFiles\i386\fxsext32.dll
+ 2008-04-14 00:11:54 23,552 ------w c:\windows\ServicePackFiles\i386\fxsmon.dll
+ 2008-04-14 00:11:54 132,608 ------w c:\windows\ServicePackFiles\i386\fxsocm.dll
+ 2008-04-14 00:11:54 8,704 ------w c:\windows\ServicePackFiles\i386\fxsperf.dll
+ 2008-04-14 00:09:33 6,656 ------w c:\windows\ServicePackFiles\i386\fxsres.dll
+ 2008-04-14 00:11:54 562,176 ------w c:\windows\ServicePackFiles\i386\fxsst.dll
+ 2008-04-14 00:12:21 267,776 ------w c:\windows\ServicePackFiles\i386\fxssvc.exe
+ 2008-04-14 00:11:54 246,272 ------w c:\windows\ServicePackFiles\i386\fxst30.dll
+ 2008-04-14 00:11:54 397,312 ------w c:\windows\ServicePackFiles\i386\fxstiff.dll
+ 2008-04-14 00:11:54 154,112 ------w c:\windows\ServicePackFiles\i386\fxsui.dll
+ 2008-04-14 00:11:54 192,512 ------w c:\windows\ServicePackFiles\i386\fxswzrd.dll
+ 2008-04-14 00:11:54 400,384 ------w c:\windows\ServicePackFiles\i386\fxsxp32.dll
+ 2008-04-13 18:36:40 46,464 ------w c:\windows\ServicePackFiles\i386\gagp30kx.sys
+ 2008-04-13 18:45:29 10,624 ------w c:\windows\ServicePackFiles\i386\gameenum.sys
+ 2008-04-13 18:45:32 59,136 ------w c:\windows\ServicePackFiles\i386\gckernel.sys
+ 2008-04-14 00:11:54 285,184 ------w c:\windows\ServicePackFiles\i386\gdi32.dll
+ 2008-04-14 00:12:21 59,904 ------w c:\windows\ServicePackFiles\i386\getmac.exe
+ 2008-04-14 00:11:54 122,880 ------w c:\windows\ServicePackFiles\i386\glu32.dll
+ 2008-04-14 00:09:35 566,784 ------w c:\windows\ServicePackFiles\i386\gpedit.dll
+ 2004-08-10 04:00:00 101,888 ------w c:\windows\ServicePackFiles\i386\gpkcsp.dll
+ 2006-12-31 01:26:44 9,728 ------w c:\windows\ServicePackFiles\i386\gpkrsrc.dll
+ 2008-04-14 00:12:21 120,832 ------w c:\windows\ServicePackFiles\i386\gprslt.exe
+ 2008-04-14 00:11:54 199,680 ------w c:\windows\ServicePackFiles\i386\gptext.dll
+ 2008-04-14 00:12:21 39,424 ------w c:\windows\ServicePackFiles\i386\grpconv.exe
+ 2008-04-13 18:40:21 28,288 ------w c:\windows\ServicePackFiles\i386\grserial.sys
+ 2008-04-14 00:11:54 133,120 ------w c:\windows\ServicePackFiles\i386\guitrn.dll
+ 2008-04-14 00:11:54 115,200 ------w c:\windows\ServicePackFiles\i386\guitrna.dll
+ 2008-04-14 00:11:54 32,256 ------w c:\windows\ServicePackFiles\i386\gzip.dll
+ 2008-04-14 00:11:54 57,344 ------w c:\windows\ServicePackFiles\i386\h323cc.dll
+ 2008-04-14 00:11:54 614,912 ------w c:\windows\ServicePackFiles\i386\h323msp.dll
+ 2008-04-13 18:31:32 105,344 ------w c:\windows\ServicePackFiles\i386\hal.dll
+ 2008-04-13 18:31:28 131,840 ------w c:\windows\ServicePackFiles\i386\halaacpi.dll
+ 2008-04-13 18:31:27 81,152 ------w c:\windows\ServicePackFiles\i386\halacpi.dll
+ 2008-04-13 18:31:28 150,528 ------w c:\windows\ServicePackFiles\i386\halapic.dll
+ 2008-04-13 18:31:28 134,400 ------w c:\windows\ServicePackFiles\i386\halmacpi.dll
+ 2008-04-13 18:31:32 152,576 ------w c:\windows\ServicePackFiles\i386\halmps.dll
+ 2008-04-13 18:31:31 77,696 ------w c:\windows\ServicePackFiles\i386\halsp.dll
+ 2008-04-14 00:11:54 7,168 ------w c:\windows\ServicePackFiles\i386\hccoin.dll
+ 2008-04-13 16:36:05 144,384 ------w c:\windows\ServicePackFiles\i386\hdaudbus.sys
+ 2008-04-14 00:12:21 15,872 ------w c:\windows\ServicePackFiles\i386\help.exe
+ 2008-04-14 00:12:21 769,024 ------w c:\windows\ServicePackFiles\i386\helpctr.exe
+ 2008-04-14 00:12:21 744,448 ------w c:\windows\ServicePackFiles\i386\helpsvc.exe
+ 2008-04-14 00:12:21 10,752 ------w c:\windows\ServicePackFiles\i386\hh.exe
+ 2008-04-14 00:11:54 41,472 ------w c:\windows\ServicePackFiles\i386\hhsetup.dll
+ 2008-04-14 00:11:54 20,992 ------w c:\windows\ServicePackFiles\i386\hid.dll
+ 2008-04-13 18:36:38 20,352 ------w c:\windows\ServicePackFiles\i386\hidbatt.sys
+ 2008-04-13 18:46:30 25,600 ------w c:\windows\ServicePackFiles\i386\hidbth.sys
+ 2008-04-13 18:45:26 36,864 ------w c:\windows\ServicePackFiles\i386\hidclass.sys
+ 2008-04-13 18:45:26 19,200 ------w c:\windows\ServicePackFiles\i386\hidir.sys
+ 2008-04-13 18:45:22 24,960 ------w c:\windows\ServicePackFiles\i386\hidparse.sys
+ 2008-04-14 00:11:54 21,504 ------w c:\windows\ServicePackFiles\i386\hidserv.dll
+ 2008-04-13 18:45:27 10,368 ------w c:\windows\ServicePackFiles\i386\hidusb.sys
+ 2008-04-14 00:11:54 72,704 ------w c:\windows\ServicePackFiles\i386\hlink.dll
+ 2008-04-14 00:11:54 38,912 ------w c:\windows\ServicePackFiles\i386\hmmapi.dll
+ 2008-04-14 00:11:54 344,064 ------w c:\windows\ServicePackFiles\i386\hnetcfg.dll
+ 2008-04-14 00:11:54 330,752 ------w c:\windows\ServicePackFiles\i386\hnetwiz.dll
+ 2008-04-14 00:11:54 39,936 ------w c:\windows\ServicePackFiles\i386\hostmib.dll
+ 2008-04-14 00:11:54 144,896 ------w c:\windows\ServicePackFiles\i386\hotplug.dll
+ 2008-04-14 00:11:54 10,752 ------w c:\windows\ServicePackFiles\i386\hpcjrr.dll
+ 2008-04-14 00:11:54 10,240 ------w c:\windows\ServicePackFiles\i386\hpcjrrps.dll
+ 2008-04-14 00:11:54 87,552 ------w c:\windows\ServicePackFiles\i386\hpfud50.dll
+ 2008-04-14 00:12:21 18,432 ------w c:\windows\ServicePackFiles\i386\hscupd.exe
+ 2004-08-04 05:41:48 220,032 ------w c:\windows\ServicePackFiles\i386\hsfbs2s2.sys
+ 2008-04-14 00:11:54 32,285 ------w c:\windows\ServicePackFiles\i386\hsfcisp2.dll
+ 2004-08-04 05:41:50 685,056 ------w c:\windows\ServicePackFiles\i386\hsfcxts2.sys
+ 2004-08-04 05:41:56 1,041,536 ------w c:\windows\ServicePackFiles\i386\hsfdpsp2.sys
+ 2008-04-13 18:53:53 264,832 ------w c:\windows\ServicePackFiles\i386\http.sys
+ 2008-04-14 00:11:54 24,576 ------w c:\windows\ServicePackFiles\i386\httpapi.dll
+ 2008-04-14 00:11:54 268,288 ------w c:\windows\ServicePackFiles\i386\httpext.dll
+ 2008-04-14 00:11:54 8,192 ------w c:\windows\ServicePackFiles\i386\httpmb51.dll
+ 2008-04-14 00:11:54 61,440 ------w c:\windows\ServicePackFiles\i386\httpod51.dll
+ 2008-04-14 00:11:54 41,984 ------w c:\windows\ServicePackFiles\i386\htui.dll
+ 2008-04-14 00:11:54 347,136 ------w c:\windows\ServicePackFiles\i386\hypertrm.dll
+ 2008-04-13 18:41:22 8,576 ------w c:\windows\ServicePackFiles\i386\i2omgmt.sys
+ 2008-04-13 18:41:22 18,560 ------w c:\windows\ServicePackFiles\i386\i2omp.sys
+ 2008-04-13 19:18:00 52,480 ------w c:\windows\ServicePackFiles\i386\i8042prt.sys
+ 2008-04-14 00:11:54 702,845 ------w c:\windows\ServicePackFiles\i386\i81xdnt5.dll
+ 2004-08-04 05:29:38 161,020 ------w c:\windows\ServicePackFiles\i386\i81xnt5.sys
+ 2008-04-14 00:11:54 119,808 ------w c:\windows\ServicePackFiles\i386\iasrad.dll
+ 2008-04-14 00:11:54 11,264 ------w c:\windows\ServicePackFiles\i386\icaapi.dll
+ 2008-04-14 00:11:54 80,384 ------w c:\windows\ServicePackFiles\i386\iccvid.dll
+ 2008-04-14 00:11:54 254,976 ------w c:\windows\ServicePackFiles\i386\icm32.dll
+ 2008-04-14 00:09:40 3,584 ------w c:\windows\ServicePackFiles\i386\icmp.dll
+ 2008-04-13 16:44:29 2,560 ------w c:\windows\ServicePackFiles\i386\iconlib.dll
+ 2008-04-14 00:11:54 61,440 ------w c:\windows\ServicePackFiles\i386\icwconn.dll
+ 2008-04-14 00:12:22 214,528 ------w c:\windows\ServicePackFiles\i386\icwconn1.exe
+ 2008-04-14 00:12:22 86,016 ------w c:\windows\ServicePackFiles\i386\icwconn2.exe
+ 2008-04-14 00:11:54 73,728 ------w c:\windows\ServicePackFiles\i386\icwdial.dll
+ 2008-04-14 00:11:54 32,768 ------w c:\windows\ServicePackFiles\i386\icwdl.dll
+ 2008-04-14 00:11:54 172,032 ------w c:\windows\ServicePackFiles\i386\icwhelp.dll
+ 2008-04-14 00:11:54 65,536 ------w c:\windows\ServicePackFiles\i386\icwphbk.dll
+ 2008-04-14 00:12:22 24,576 ------w c:\windows\ServicePackFiles\i386\icwrmind.exe
+ 2008-04-14 00:11:54 49,152 ------w c:\windows\ServicePackFiles\i386\icwutil.dll
+ 2008-04-14 00:11:54 120,832 ------w c:\windows\ServicePackFiles\i386\idq.dll
+ 2008-04-14 00:12:22 34,304 ------w c:\windows\ServicePackFiles\i386\ie4uinit.exe
+ 2008-04-14 00:11:54 143,360 ------w c:\windows\ServicePackFiles\i386\ieakeng.dll
+ 2008-04-14 00:11:54 216,576 ------w c:\windows\ServicePackFiles\i386\ieaksie.dll
+ 2008-04-14 00:11:54 323,584 ------w c:\windows\ServicePackFiles\i386\iedkcs32.dll
+ 2008-04-14 00:12:22 18,432 ------w c:\windows\ServicePackFiles\i386\iedw.exe
+ 2008-04-14 00:11:54 81,920 ------w c:\windows\ServicePackFiles\i386\ieencode.dll
+ 2007-01-02 23:29:28 8,192 ------w c:\windows\ServicePackFiles\i386\ieexec.exe
+ 2004-07-20 00:54:06 7,168 ------w c:\windows\ServicePackFiles\i386\ieexecremote.dll
+ 2004-07-20 00:54:06 32,768 ------w c:\windows\ServicePackFiles\i386\iehost.dll
+ 2008-04-14 00:11:54 251,904 ------w c:\windows\ServicePackFiles\i386\iepeers.dll
+ 2008-04-14 00:11:54 48,640 ------w c:\windows\ServicePackFiles\i386\iernonce.dll
+ 2008-04-14 00:11:54 62,976 ------w c:\windows\ServicePackFiles\i386\iesetup.dll
+ 2008-04-14 00:12:22 93,184 ------w c:\windows\ServicePackFiles\i386\iexplore.exe
+ 2008-04-14 00:12:22 114,688 ------w c:\windows\ServicePackFiles\i386\iexpress.exe
+ 2008-04-14 00:11:54 135,680 ------w c:\windows\ServicePackFiles\i386\ifmon.dll
+ 2008-04-14 00:11:54 8,192 ------w c:\windows\ServicePackFiles\i386\igmpagnt.dll
+ 2008-04-14 00:11:54 505,344 ------w c:\windows\ServicePackFiles\i386\iis.dll
+ 2008-04-14 00:11:54 25,088 ------w c:\windows\ServicePackFiles\i386\iisadmin.dll
+ 2008-04-14 00:11:54 145,408 ------w c:\windows\ServicePackFiles\i386\iische51.dll
+ 2008-04-14 00:11:54 68,608 ------w c:\windows\ServicePackFiles\i386\iisext51.dll
+ 2008-04-14 00:11:54 7,168 ------w c:\windows\ServicePackFiles\i386\iisfecnv.dll
+ 2008-04-14 00:11:54 79,872 ------w c:\windows\ServicePackFiles\i386\iislog51.dll
+ 2008-04-14 00:11:54 64,512 ------w c:\windows\ServicePackFiles\i386\iismap.dll
+ 2008-04-14 00:12:22 30,720 ------w c:\windows\ServicePackFiles\i386\iisrstas.exe
+ 2008-04-14 00:11:54 133,632 ------w c:\windows\ServicePackFiles\i386\iisrtl.dll
+ 2004-08-04 04:11:48 184,320 ------w c:\windows\ServicePackFiles\i386\ilasm.exe
+ 2008-04-14 00:11:54 81,920 ------w c:\windows\ServicePackFiles\i386\ils.dll
+ 2008-04-14 00:11:54 144,384 ------w c:\windows\ServicePackFiles\i386\imagehlp.dll
+ 2008-04-14 00:12:22 150,528 ------w c:\windows\ServicePackFiles\i386\imapi.exe
+ 2008-04-13 18:40:58 42,112 ------w c:\windows\ServicePackFiles\i386\imapi.sys
+ 2008-04-14 00:11:54 36,921 ------w c:\windows\ServicePackFiles\i386\imeshare.dll
+ 2008-04-14 00:11:54 35,840 ------w c:\windows\ServicePackFiles\i386\imgutil.dll
+ 2008-04-14 00:11:54 110,080 ------w c:\windows\ServicePackFiles\i386\imm32.dll
+ 2008-04-14 00:11:54 123,392 ------w c:\windows\ServicePackFiles\i386\imsinsnt.dll
+ 2008-04-14 00:11:54 274,432 ------w c:\windows\ServicePackFiles\i386\inetcfg.dll
+ 2008-04-14 00:11:54 691,712 ------w c:\windows\ServicePackFiles\i386\inetcomm.dll
+ 2008-04-14 00:12:22 15,360 ------w c:\windows\ServicePackFiles\i386\inetin51.exe
+ 2008-04-14 00:11:55 829,440 ------w c:\windows\ServicePackFiles\i386\inetmgr.dll
+ 2008-04-14 00:11:55 32,768 ------w c:\windows\ServicePackFiles\i386\inetmib1.dll
+ 2008-04-14 00:11:55 75,264 ------w c:\windows\ServicePackFiles\i386\inetpp.dll
+ 2008-04-14 00:11:55 15,872 ------w c:\windows\ServicePackFiles\i386\inetppui.dll
+ 2008-04-13 16:22:12 48,128 ------w c:\windows\ServicePackFiles\i386\inetres.dll
+ 2008-04-14 00:12:22 20,480 ------w c:\windows\ServicePackFiles\i386\inetwiz.exe
+ 2008-04-14 00:11:55 13,312 ------w c:\windows\ServicePackFiles\i386\infoadmn.dll
+ 2008-04-14 00:11:55 257,024 ------w c:\windows\ServicePackFiles\i386\infocomm.dll
+ 2008-04-14 00:11:55 147,456 ------w c:\windows\ServicePackFiles\i386\initpki.dll
+ 2008-04-14 00:11:55 123,392 ------w c:\windows\ServicePackFiles\i386\input.dll
+ 2008-04-14 00:11:55 96,256 ------w c:\windows\ServicePackFiles\i386\inseng.dll
+ 2004-07-20 00:54:06 24,576 ------w c:\windows\ServicePackFiles\i386\installutil.exe
+ 2008-04-13 18:40:29 5,504 ------w c:\windows\ServicePackFiles\i386\intelide.sys
+ 2008-04-13 18:31:32 36,352 ------w c:\windows\ServicePackFiles\i386\intelppm.sys
+ 2008-04-13 18:53:34 36,608 ------w c:\windows\ServicePackFiles\i386\ip6fw.sys
+ 2008-04-14 00:12:22 55,808 ------w c:\windows\ServicePackFiles\i386\ipconfig.exe
+ 2008-04-14 00:09:30 103,424 ------w c:\windows\ServicePackFiles\i386\ipevldpc.dll
+ 2008-04-14 00:09:23 24,064 ------w c:\windows\ServicePackFiles\i386\ipevlpid.dll
+ 2008-04-14 00:11:55 94,720 ------w c:\windows\ServicePackFiles\i386\iphlpapi.dll
+ 2008-04-13 18:57:07 20,864 ------w c:\windows\ServicePackFiles\i386\ipinip.sys
+ 2008-04-14 00:11:55 161,280 ------w c:\windows\ServicePackFiles\i386\ipmontr.dll
+ 2008-04-13 18:57:15 152,832 ------w c:\windows\ServicePackFiles\i386\ipnat.sys
+ 2008-04-14 00:11:55 331,264 ------w c:\windows\ServicePackFiles\i386\ipnathlp.dll
+ 2008-04-14 00:11:55 330,752 ------w c:\windows\ServicePackFiles\i386\ippromon.dll
+ 2008-04-14 00:11:55 35,328 ------w c:\windows\ServicePackFiles\i386\iprip.dll
+ 2008-04-14 00:11:55 177,152 ------w c:\windows\ServicePackFiles\i386\iprtrmgr.dll
+ 2008-04-13 19:19:42 75,264 ------w c:\windows\ServicePackFiles\i386\ipsec.sys
+ 2008-04-14 00:11:55 349,696 ------w c:\windows\ServicePackFiles\i386\ipsecsnp.dll
+ 2008-04-14 00:11:55 183,808 ------w c:\windows\ServicePackFiles\i386\ipsecsvc.dll
+ 2008-04-14 00:10:45 102,912 ------w c:\windows\ServicePackFiles\i386\ipseldpc.dll
+ 2008-04-14 00:09:24 24,064 ------w c:\windows\ServicePackFiles\i386\ipselpid.dll
+ 2008-04-14 00:11:55 384,000 ------w c:\windows\ServicePackFiles\i386\ipsmsnap.dll
+ 2008-04-14 00:12:23 53,248 ------w c:\windows\ServicePackFiles\i386\ipv6.exe
+ 2008-04-14 00:11:55 59,904 ------w c:\windows\ServicePackFiles\i386\ipv6mon.dll
+ 2008-04-14 00:12:23 23,552 ------w c:\windows\ServicePackFiles\i386\ipxroute.exe
+ 2008-04-14 00:11:55 22,016 ------w c:\windows\ServicePackFiles\i386\ipxwan.dll
+ 2008-04-14 00:11:55 120,320 ------w c:\windows\ServicePackFiles\i386\ir41_qc.dll
+ 2008-04-14 00:11:55 338,432 ------w c:\windows\ServicePackFiles\i386\ir41_qcx.dll
+ 2008-04-14 00:11:55 755,200 ------w c:\windows\ServicePackFiles\i386\ir50_32.dll
+ 2008-04-14 00:11:55 200,192 ------w c:\windows\ServicePackFiles\i386\ir50_qc.dll
+ 2008-04-14 00:11:55 183,808 ------w c:\windows\ServicePackFiles\i386\ir50_qcx.dll
+ 2008-04-13 18:45:34 46,592 ------w c:\windows\ServicePackFiles\i386\irbus.sys
+ 2008-04-13 18:54:36 88,192 ------w c:\windows\ServicePackFiles\i386\irda.sys
+ 2008-04-13 18:54:28 11,264 ------w c:\windows\ServicePackFiles\i386\irenum.sys
+ 2008-04-14 00:12:23 151,552 ------w c:\windows\ServicePackFiles\i386\irftp.exe
+ 2008-04-14 00:11:55 28,160 ------w c:\windows\ServicePackFiles\i386\irmon.dll
+ 2008-04-13 18:36:41 37,248 ------w c:\windows\ServicePackFiles\i386\isapnp.sys
+ 2008-04-14 00:11:55 68,608 ------w c:\windows\ServicePackFiles\i386\isatq.dll
+ 2008-04-14 00:11:55 26,624 ------w c:\windows\ServicePackFiles\i386\iscomlog.dll
+ 2008-04-14 00:10:32 105,984 ------w c:\windows\ServicePackFiles\i386\isdpc.dll
+ 2008-04-14 00:10:55 105,984 ------w c:\windows\ServicePackFiles\i386\isendpc.dll
+ 2008-04-14 00:10:55 24,064 ------w c:\windows\ServicePackFiles\i386\isenpid.dll
+ 2008-04-14 00:11:55 81,920 ------w c:\windows\ServicePackFiles\i386\isign32.dll
+ 2008-04-14 00:10:32 24,064 ------w c:\windows\ServicePackFiles\i386\ispid.dll
+ 2008-04-14 00:11:55 32,768 ------w c:\windows\ServicePackFiles\i386\isrdbg32.dll
+ 2008-04-14 00:11:55 155,136 ------w c:\windows\ServicePackFiles\i386\itircl.dll
+ 2008-04-14 00:11:55 138,240 ------w c:\windows\ServicePackFiles\i386\itss.dll
+ 2008-04-14 00:11:55 191,488 ------w c:\windows\ServicePackFiles\i386\iuengine.dll
+ 2008-04-14 00:11:55 54,272 ------w c:\windows\ServicePackFiles\i386\ixsso.dll
+ 2008-04-14 00:11:55 47,616 ------w c:\windows\ServicePackFiles\i386\iyuv_32.dll
+ 2008-04-14 00:11:55 163,840 ------w c:\windows\ServicePackFiles\i386\jgdw400.dll
+ 2008-04-14 00:11:55 27,648 ------w c:\windows\ServicePackFiles\i386\jgpl400.dll
+ 2004-07-20 00:54:06 40,960 ------w c:\windows\ServicePackFiles\i386\jsc.exe
+ 2008-04-14 00:11:56 512,000 ------w c:\windows\ServicePackFiles\i386\jscript.dll
+ 2008-04-14 00:11:56 15,872 ------w c:\windows\ServicePackFiles\i386\jsproxy.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbd101.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbd106.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbd106n.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdax2.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdbhc.dll
+ 2008-04-13 18:39:47 24,576 ------w c:\windows\ServicePackFiles\i386\kbdclass.sys
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdfi1.dll
+ 2008-04-13 18:39:48 14,592 ------w c:\windows\ServicePackFiles\i386\kbdhid.sys
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdibm02.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdinbe1.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdinben.dll
+ 2008-04-14 00:09:55 6,656 ------w c:\windows\ServicePackFiles\i386\kbdinmal.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdiultn.dll
+ 2008-04-14 00:09:55 6,656 ------w c:\windows\ServicePackFiles\i386\kbdlk41a.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdlk41j.dll
+ 2008-04-14 00:09:55 5,632 ------w c:\windows\ServicePackFiles\i386\kbdmaori.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdmlt47.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdmlt48.dll
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdnec.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdnepr.dll
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdno1.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdpash.dll
+ 2008-04-14 00:09:55 7,680 ------w c:\windows\ServicePackFiles\i386\kbdsmsfi.dll
+ 2008-04-14 00:09:55 7,680 ------w c:\windows\ServicePackFiles\i386\kbdsmsno.dll
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdukx.dll
+ 2008-04-13 18:31:35 7,424 ------w c:\windows\ServicePackFiles\i386\kd1394.dll
+ 2008-04-14 00:11:56 184,832 ------w c:\windows\ServicePackFiles\i386\kdcsvc.dll
+ 2008-04-14 00:11:56 48,640 ------w c:\windows\ServicePackFiles\i386\kdsui.dll
+ 2008-04-14 00:11:56 253,952 ------w c:\windows\ServicePackFiles\i386\kdsusd.dll
+ 2008-04-14 00:11:56 299,520 ------w c:\windows\ServicePackFiles\i386\kerberos.dll
+ 2008-04-14 00:11:56 989,696 ------w c:\windows\ServicePackFiles\i386\kernel32.dll
+ 2004-08-10 04:00:00 42,537 ------w c:\windows\ServicePackFiles\i386\keyboard.sys
+ 2008-04-14 00:11:56 150,528 ------w c:\windows\ServicePackFiles\i386\keymgr.dll
+ 2008-04-13 18:45:09 172,416 ------w c:\windows\ServicePackFiles\i386\kmixer.sys
+ 2008-04-14 00:11:56 61,440 ------w c:\windows\ServicePackFiles\i386\kmsvc.dll
+ 2008-04-14 00:09:56 102,912 ------w c:\windows\ServicePackFiles\i386\knperdpc.dll
+ 2008-04-14 00:09:56 24,064 ------w c:\windows\ServicePackFiles\i386\knperpid.dll
+ 2008-04-14 00:09:56 102,912 ------w c:\windows\ServicePackFiles\i386\knprodpc.dll
+ 2008-04-14 00:09:56 24,576 ------w c:\windows\ServicePackFiles\i386\knpropid.dll
+ 2008-04-14 00:11:56 8,192 ------w c:\windows\ServicePackFiles\i386\koc.dll
+ 2008-04-14 00:09:56 102,912 ------w c:\windows\ServicePackFiles\i386\kperdpc.dll
+ 2008-04-14 00:09:56 24,064 ------w c:\windows\ServicePackFiles\i386\kperpid.dll
+ 2008-04-14 00:09:56 102,912 ------w c:\windows\ServicePackFiles\i386\kprodpc.dll
+ 2008-04-14 00:09:56 24,576 ------w c:\windows\ServicePackFiles\i386\kpropid.dll
+ 2004-08-10 04:00:00 92,224 ------w c:\windows\ServicePackFiles\i386\krnl386.exe
+ 2008-04-14 00:11:56 24,576 ------w c:\windows\ServicePackFiles\i386\krnlprov.dll
+ 2008-04-13 19:16:36 141,056 ------w c:\windows\ServicePackFiles\i386\ks.sys
+ 2008-04-13 18:31:43 92,288 ------w c:\windows\ServicePackFiles\i386\ksecdd.sys
+ 2008-04-14 00:11:56 4,096 ------w c:\windows\ServicePackFiles\i386\ksuser.dll
+ 2008-04-14 00:11:56 37,376 ------w c:\windows\ServicePackFiles\i386\l2store.dll
+ 2008-04-14 00:09:05 97,792 ------w c:\windows\ServicePackFiles\i386\lang\chtmbx.dll
+ 2008-04-14 00:09:05 56,320 ------w c:\windows\ServicePackFiles\i386\lang\chtskdic.dll
+ 2008-04-14 00:09:05 173,568 ------w c:\windows\ServicePackFiles\i386\lang\chtskf.dll
+ 2008-04-14 00:09:06 198,656 ------w c:\windows\ServicePackFiles\i386\lang\cintime.dll
+ 2004-08-04 05:31:56 480,256 ------w c:\windows\ServicePackFiles\i386\lang\cintsetp.exe
+ 2004-08-04 05:31:40 57,399 ------w c:\windows\ServicePackFiles\i386\lang\cplexe.exe
+ 2008-04-14 00:09:39 13,463,552 ------w c:\windows\ServicePackFiles\i386\lang\hwxjpn.dll
+ 2008-04-14 00:09:43 106,496 ------w c:\windows\ServicePackFiles\i386\lang\imekrcic.dll
+ 2008-04-14 00:09:43 86,016 ------w c:\windows\ServicePackFiles\i386\lang\imekrmbx.dll
+ 2008-04-14 00:09:44 811,064 ------w c:\windows\ServicePackFiles\i386\lang\imjp81k.dll
+ 2008-04-14 00:09:45 368,696 ------w c:\windows\ServicePackFiles\i386\lang\imjpcic.dll
+ 2008-04-14 00:09:45 716,856 ------w c:\windows\ServicePackFiles\i386\lang\imjpcus.dll
+ 2008-04-14 00:09:45 81,976 ------w c:\windows\ServicePackFiles\i386\lang\imjpdct.dll
+ 2004-08-04 05:31:54 307,257 ------w c:\windows\ServicePackFiles\i386\lang\imjpdct.exe
+ 2004-08-04 05:31:56 155,705 ------w c:\windows\ServicePackFiles\i386\lang\imjpdsvr.exe
+ 2004-08-04 05:31:58 196,665 ------w c:\windows\ServicePackFiles\i386\lang\imjpinst.exe
+ 2004-08-04 05:32:00 208,952 ------w c:\windows\ServicePackFiles\i386\lang\imjpmig.exe
+ 2004-08-04 05:32:12 233,527 ------w c:\windows\ServicePackFiles\i386\lang\imjprw.exe
+ 2004-08-04 05:32:16 262,200 ------w c:\windows\ServicePackFiles\i386\lang\imjputy.exe
+ 2008-04-14 00:09:46 274,489 ------w c:\windows\ServicePackFiles\i386\lang\imjputyc.dll
+ 2008-04-14 00:09:46 102,456 ------w c:\windows\ServicePackFiles\i386\lang\imlang.dll
+ 2004-08-04 05:31:50 59,392 ------w c:\windows\ServicePackFiles\i386\lang\imscinst.exe
+ 2008-04-14 00:09:47 315,455 ------w c:\windows\ServicePackFiles\i386\lang\imskf.dll
+ 2008-04-14 00:10:33 15,872 ------w c:\windows\ServicePackFiles\i386\lang\padrs404.dll
+ 2008-04-14 00:10:33 15,360 ------w c:\windows\ServicePackFiles\i386\lang\padrs804.dll
+ 2008-04-14 00:10:34 175,104 ------w c:\windows\ServicePackFiles\i386\lang\pintlcsa.dll
+ 2008-04-14 00:10:34 53,760 ------w c:\windows\ServicePackFiles\i386\lang\pintlcsd.dll
+ 2008-04-13 16:43:36 70,144 ------w c:\windows\ServicePackFiles\i386\lang\pintlphr.exe
+ 2008-04-14 00:10:34 67,584 ------w c:\windows\ServicePackFiles\i386\lang\pmigrate.dll
+ 2004-08-04 05:32:16 44,032 ------w c:\windows\ServicePackFiles\i386\lang\tintlphr.exe
+ 2004-08-04 05:32:16 455,168 ------w c:\windows\ServicePackFiles\i386\lang\tintsetp.exe
+ 2008-04-14 00:10:59 10,240 ------w c:\windows\ServicePackFiles\i386\lang\tmigrate.dll
+ 2008-04-14 00:11:01 76,288 ------w c:\windows\ServicePackFiles\i386\lang\uniime.dll
+ 2008-04-14 00:11:04 426,041 ------w c:\windows\ServicePackFiles\i386\lang\voicepad.dll
+ 2008-04-14 00:11:04 86,073 ------w c:\windows\ServicePackFiles\i386\lang\voicesub.dll
+ 2008-04-13 18:40:26 34,688 ------w c:\windows\ServicePackFiles\i386\lbrtfdc.sys
+ 2008-04-14 00:12:23 677,888 ------w c:\windows\ServicePackFiles\i386\lhmstsc.exe
+ 2008-04-14 00:11:56 2,061,824 ------w c:\windows\ServicePackFiles\i386\lhmstscx.dll
+ 2008-04-14 12:41:58 423,936 ------w c:\windows\ServicePackFiles\i386\licdll.dll
+ 2008-04-14 00:11:56 22,016 ------w c:\windows\ServicePackFiles\i386\licmgr10.dll
+ 2008-04-14 00:11:56 58,880 ------w c:\windows\ServicePackFiles\i386\licwmi.dll
+ 2008-04-14 00:11:56 19,968 ------w c:\windows\ServicePackFiles\i386\linkinfo.dll
+ 2008-04-14 00:11:56 13,824 ------w c:\windows\ServicePackFiles\i386\lmhsvc.dll
+ 2008-04-14 00:11:56 33,792 ------w c:\windows\ServicePackFiles\i386\lmmib2.dll
+ 2008-04-14 00:11:56 399,872 ------w c:\windows\ServicePackFiles\i386\lmrt.dll
+ 2008-04-14 00:11:56 97,280 ------w c:\windows\ServicePackFiles\i386\loadperf.dll
+ 2008-04-14 00:11:56 221,696 ------w c:\windows\ServicePackFiles\i386\localsec.dll
+ 2008-04-14 00:11:56 343,040 ------w c:\windows\ServicePackFiles\i386\localspl.dll
+ 2008-04-14 00:11:56 11,776 ------w c:\windows\ServicePackFiles\i386\localui.dll
+ 2008-04-14 00:12:24 75,264 ------w c:\windows\ServicePackFiles\i386\locator.exe
+ 2008-04-14 00:11:56 19,968 ------w c:\windows\ServicePackFiles\i386\log.dll
+ 2008-04-14 00:12:24 59,392 ------w c:\windows\ServicePackFiles\i386\logman.exe
+ 2008-04-14 00:12:43 220,672 ------w c:\windows\ServicePackFiles\i386\logon.scr
+ 2008-04-14 00:12:24 514,560 ------w c:\windows\ServicePackFiles\i386\logonui.exe
+ 2008-04-14 00:11:56 13,312 ------w c:\windows\ServicePackFiles\i386\lonsint.dll
+ 2008-04-14 00:11:56 22,528 ------w c:\windows\ServicePackFiles\i386\lpdsvc.dll
+ 2008-04-14 00:11:56 22,016 ------w c:\windows\ServicePackFiles\i386\lpk.dll
+ 2008-04-14 00:11:56 10,240 ------w c:\windows\ServicePackFiles\i386\lprhelp.dll
+ 2008-04-14 00:11:56 18,944 ------w c:\windows\ServicePackFiles\i386\lprmon.dll
+ 2008-04-14 00:11:56 728,064 ------w c:\windows\ServicePackFiles\i386\lsasrv.dll
+ 2008-04-14 00:12:24 13,312 ------w c:\windows\ServicePackFiles\i386\lsass.exe
+ 2004-08-04 05:41:36 606,684 ------w c:\windows\ServicePackFiles\i386\ltmdmnt.sys
+ 2004-08-04 05:41:38 420,992 ------w c:\windows\ServicePackFiles\i386\ltmdmntt.sys
+ 2008-04-13 18:40:52 7,040 ------w c:\windows\ServicePackFiles\i386\ltotape.sys
+ 2004-08-04 05:39:32 20,864 ------w c:\windows\ServicePackFiles\i386\lwadihid.sys
+ 2008-04-14 00:12:24 72,704 ------w c:\windows\ServicePackFiles\i386\magnify.exe
+ 2008-04-14 00:12:25 57,344 ------w c:\windows\ServicePackFiles\i386\makecab.exe
+ 2008-04-14 00:11:56 14,336 ------w c:\windows\ServicePackFiles\i386\mcastmib.dll
+ 2008-04-14 00:11:56 84,480 ------w c:\windows\ServicePackFiles\i386\mciavi32.dll
+ 2008-04-14 00:11:56 35,328 ------w c:\windows\ServicePackFiles\i386\mciqtz32.dll
+ 2008-04-14 00:11:56 23,040 ------w c:\windows\ServicePackFiles\i386\mciseq.dll
+ 2008-04-14 00:11:56 23,552 ------w c:\windows\ServicePackFiles\i386\mciwave.dll
+ 2008-04-14 00:11:56 37,888 ------w c:\windows\ServicePackFiles\i386\md5filt.dll
+ 2008-04-14 00:11:56 118,272 ------w c:\windows\ServicePackFiles\i386\mdminst.dll
+ 2008-04-14 00:11:56 86,016 ------w c:\windows\ServicePackFiles\i386\mdmxsdk.dll
+ 2004-08-04 05:41:56 11,868 ------w c:\windows\ServicePackFiles\i386\mdmxsdk.sys
+ 2008-04-14 00:11:56 16,896 ------w c:\windows\ServicePackFiles\i386\medctroc.dll
+ 2008-04-13 18:41:21 26,112 ------w c:\windows\ServicePackFiles\i386\memstpci.sys
+ 2008-04-14 00:11:56 85,504 ------w c:\windows\ServicePackFiles\i386\metada51.dll
+ 2008-04-13 18:36:41 63,744 ------w c:\windows\ServicePackFiles\i386\mf.sys
+ 2008-04-14 00:11:56 40,960 ------w c:\windows\ServicePackFiles\i386\mf3216.dll
+ 2008-04-14 00:11:56 927,504 ------w c:\windows\ServicePackFiles\i386\mfc40u.dll
+ 2008-04-14 00:11:56 1,028,096 ------w c:\windows\ServicePackFiles\i386\mfc42.dll
+ 2006-10-14 08:13:25 981,760 ------w c:\windows\ServicePackFiles\i386\mfc42u.dll
+ 2008-04-14 00:11:56 22,528 ------w c:\windows\ServicePackFiles\i386\mfcsubs.dll
+ 2008-04-14 00:11:56 14,848 ------w c:\windows\ServicePackFiles\i386\mgmtapi.dll
+ 2004-07-20 00:54:06 712,704 ------w c:\windows\ServicePackFiles\i386\microsoft.jscript.dll
+ 2004-07-20 00:54:06 286,720 ------w c:\windows\ServicePackFiles\i386\microsoft.visualbasic.dll
+ 2008-04-14 00:11:57 18,944 ------w c:\windows\ServicePackFiles\i386\midimap.dll
+ 2008-04-14 00:11:57 274,432 ------w c:\windows\ServicePackFiles\i386\migism.dll
+ 2008-04-14 00:11:57 261,120 ------w c:\windows\ServicePackFiles\i386\migisma.dll
+ 2008-04-14 00:11:57 60,928 ------w c:\windows\ServicePackFiles\i386\miglibnt.dll
+ 2008-04-14 00:12:25 103,936 ------w c:\windows\ServicePackFiles\i386\migload.exe
+ 2008-04-14 00:12:25 7,680 ------w c:\windows\ServicePackFiles\i386\migregdb.exe
+ 2008-04-14 00:12:25 245,248 ------w c:\windows\ServicePackFiles\i386\migwiz.exe
+ 2008-04-14 00:12:25 241,152 ------w c:\windows\ServicePackFiles\i386\migwiza.exe
+ 2008-04-14 00:11:57 29,696 ------w c:\windows\ServicePackFiles\i386\mimefilt.dll
+ 2008-04-14 00:11:57 586,240 ------w c:\windows\ServicePackFiles\i386\mlang.dll
+ 2008-04-14 00:12:25 1,414,656 ------w c:\windows\ServicePackFiles\i386\mmc.exe
+ 2008-04-14 00:11:57 184,320 ------w c:\windows\ServicePackFiles\i386\mmc30.dll
+ 2008-04-14 00:11:57 28,672 ------w c:\windows\ServicePackFiles\i386\mmc30r.dll
+ 2008-04-14 00:11:57 163,328 ------w c:\windows\ServicePackFiles\i386\mmcbase.dll
+ 2008-04-14 00:11:57 397,312 ------w c:\windows\ServicePackFiles\i386\mmcex.dll
+ 2008-04-14 00:11:57 40,960 ------w c:\windows\ServicePackFiles\i386\mmcexr.dll
+ 2008-04-14 00:11:57 106,496 ------w c:\windows\ServicePackFiles\i386\mmcfxc.dll
+ 2008-04-14 00:11:57 6,656 ------w c:\windows\ServicePackFiles\i386\mmcfxcr.dll
+ 2008-04-14 00:11:57 1,872,896 ------w c:\windows\ServicePackFiles\i386\mmcndmgr.dll
+ 2008-04-14 00:12:25 33,792 ------w c:\windows\ServicePackFiles\i386\mmcperf.exe
+ 2008-04-14 00:11:57 61,440 ------w c:\windows\ServicePackFiles\i386\mmcshext.dll
+ 2008-04-14 00:11:57 17,408 ------w c:\windows\ServicePackFiles\i386\mmfutil.dll
+ 2004-08-10 04:00:00 68,768 ------w c:\windows\ServicePackFiles\i386\mmsystem.dll
+ 2008-04-14 00:11:57 34,560 ------w c:\windows\ServicePackFiles\i386\mnmdd.dll
+ 2008-04-14 00:12:25 32,768 ------w c:\windows\ServicePackFiles\i386\mnmsrvc.exe
+ 2008-04-14 00:11:57 207,360 ------w c:\windows\ServicePackFiles\i386\mobsync.dll
+ 2008-04-14 00:12:26 143,360 ------w c:\windows\ServicePackFiles\i386\mobsync.exe
+ 2008-04-13 19:00:19 30,080 ------w c:\windows\ServicePackFiles\i386\modem.sys
+ 2008-04-14 00:11:57 153,600 ------w c:\windows\ServicePackFiles\i386\modemui.dll
+ 2008-04-14 00:12:26 16,384 ------w c:\windows\ServicePackFiles\i386\mofcomp.exe
+ 2008-04-14 00:11:57 123,904 ------w c:\windows\ServicePackFiles\i386\mofd.dll
+ 2008-04-14 00:12:42 16,896 ------w c:\windows\ServicePackFiles\i386\more.com
+ 2008-04-13 16:45:30 216,064 ------w c:\windows\ServicePackFiles\i386\moricons.dll
+ 2008-04-13 18:39:47 23,040 ------w c:\windows\ServicePackFiles\i386\mouclass.sys
+ 2008-04-13 18:39:46 42,368 ------w c:\windows\ServicePackFiles\i386\mountmgr.sys
+ 2008-04-14 00:12:27 3,558,912 ------w c:\windows\ServicePackFiles\i386\moviemk.exe
+ 2008-04-13 18:46:22 15,232 ------w c:\windows\ServicePackFiles\i386\mpe.sys
+ 2008-04-14 00:12:27 123,392 ------w c:\windows\ServicePackFiles\i386\mplay32.exe
+ 2008-04-14 00:11:57 59,904 ------w c:\windows\ServicePackFiles\i386\mpr.dll
+ 2008-04-14 00:11:57 87,040 ------w c:\windows\ServicePackFiles\i386\mprapi.dll
+ 2008-04-14 00:11:57 53,248 ------w c:\windows\ServicePackFiles\i386\mprdim.dll
+ 2008-04-13 18:39:44 92,544 ------w c:\windows\ServicePackFiles\i386\mqac.sys
+ 2008-04-14 00:11:57 138,240 ------w c:\windows\ServicePackFiles\i386\mqad.dll
+ 2008-04-14 00:12:27 19,968 ------w c:\windows\ServicePackFiles\i386\mqbkup.exe
+ 2008-04-14 00:11:57 47,616 ------w c:\windows\ServicePackFiles\i386\mqdscli.dll
+ 2008-04-14 00:11:57 16,896 ------w c:\windows\ServicePackFiles\i386\mqise.dll
+ 2008-04-14 00:11:57 89,088 ------w c:\windows\ServicePackFiles\i386\mqlogmgr.dll
+ 2008-04-14 00:11:57 225,280 ------w c:\windows\ServicePackFiles\i386\mqoa.dll
+ 2008-04-14 00:11:57 663,040 ------w c:\windows\ServicePackFiles\i386\mqqm.dll
+ 2008-04-14 00:11:57 177,152 ------w c:\windows\ServicePackFiles\i386\mqrt.dll
+ 2008-04-14 00:11:57 123,904 ------w c:\windows\ServicePackFiles\i386\mqrtdep.dll
+ 2008-04-14 00:11:57 95,744 ------w c:\windows\ServicePackFiles\i386\mqsec.dll
+ 2008-04-14 00:11:58 517,632 ------w c:\windows\ServicePackFiles\i386\mqsnap.dll
+ 2008-04-14 00:12:27 4,608 ------w c:\windows\ServicePackFiles\i386\mqsvc.exe
+ 2008-04-14 00:12:27 117,248 ------w c:\windows\ServicePackFiles\i386\mqtgsvc.exe
+ 2008-04-14 00:11:58 187,392 ------w c:\windows\ServicePackFiles\i386\mqtrig.dll
+ 2008-04-14 00:11:58 49,152 ------w c:\windows\ServicePackFiles\i386\mqupgrd.dll
+ 2008-04-14 00:11:58 471,552 ------w c:\windows\ServicePackFiles\i386\mqutil.dll
+ 2008-04-13 18:32:44 180,608 ------w c:\windows\ServicePackFiles\i386\mrxdav.sys
+ 2008-04-13 19:17:01 456,576 ------w c:\windows\ServicePackFiles\i386\mrxsmb.sys
+ 2008-04-14 00:11:58 71,680 ------w c:\windows\ServicePackFiles\i386\msacm32.dll
+ 2008-04-14 00:11:58 331,776 ------w c:\windows\ServicePackFiles\i386\msadce.dll
+ 2008-04-13 17:25:57 20,480 ------w c:\windows\ServicePackFiles\i386\msadcer.dll
+ 2008-04-14 00:11:58 61,440 ------w c:\windows\ServicePackFiles\i386\msadcf.dll
+ 2008-04-13 17:25:57 16,384 ------w c:\windows\ServicePackFiles\i386\msadcfr.dll
+ 2008-04-14 00:11:58 143,360 ------w c:\windows\ServicePackFiles\i386\msadco.dll
+ 2008-04-13 17:25:57 16,384 ------w c:\windows\ServicePackFiles\i386\msadcor.dll
+ 2008-04-14 00:11:58 53,248 ------w c:\windows\ServicePackFiles\i386\msadcs.dll
+ 2008-04-14 00:11:58 155,648 ------w c:\windows\ServicePackFiles\i386\msadds.dll
+ 2008-04-13 17:25:58 24,576 ------w c:\windows\ServicePackFiles\i386\msaddsr.dll
+ 2008-04-13 17:26:17 24,576 ------w c:\windows\ServicePackFiles\i386\msader15.dll
+ 2008-04-14 00:11:58 536,576 ------w c:\windows\ServicePackFiles\i386\msado15.dll
+ 2008-04-14 00:11:58 180,224 ------w c:\windows\ServicePackFiles\i386\msadomd.dll
+ 2008-04-14 00:11:58 57,344 ------w c:\windows\ServicePackFiles\i386\msador15.dll
+ 2008-04-14 00:11:58 200,704 ------w c:\windows\ServicePackFiles\i386\msadox.dll
+ 2008-04-14 00:11:58 57,344 ------w c:\windows\ServicePackFiles\i386\msadrh15.dll
+ 2008-04-14 00:10:06 3,584 ------w c:\windows\ServicePackFiles\i386\msafd.dll
+ 2008-04-14 00:11:58 86,016 ------w c:\windows\ServicePackFiles\i386\msapsspc.dll
+ 2008-04-14 00:11:58 57,344 ------w c:\windows\ServicePackFiles\i386\msasn1.dll
+ 2008-04-14 00:11:58 220,160 ------w c:\windows\ServicePackFiles\i386\mscandui.dll
+ 2008-04-14 00:11:58 73,728 ------w c:\windows\ServicePackFiles\i386\mscms.dll
+ 2008-04-14 00:11:58 69,632 ------w c:\windows\ServicePackFiles\i386\msconf.dll
+ 2008-04-14 00:12:27 169,984 ------w c:\windows\ServicePackFiles\i386\msconfig.exe
+ 2004-07-17 18:42:20 116,288 ------w c:\windows\ServicePackFiles\i386\msconv97.dll
+ 2004-07-20 00:54:06 1,564,672 ------w c:\windows\ServicePackFiles\i386\mscorcfg.dll
+ 2004-08-04 04:12:02 69,632 ------w c:\windows\ServicePackFiles\i386\mscordbc.dll
+ 2004-08-04 04:12:02 221,184 ------w c:\windows\ServicePackFiles\i386\mscordbi.dll
+ 2007-06-27 12:55:10 131,072 ------w c:\windows\ServicePackFiles\i386\mscoree.dll
- 2009-01-22 03:15:40 29,696 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2009-01-29 04:21:35 29,696 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
- 2009-01-22 03:15:40 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-01-29 04:21:35 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2009-01-22 03:15:40 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-01-29 04:21:35 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-01-18 15:13:09 2,247 ------w c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 10:33:51 18,917 ------w c:\windows\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 10:06:46 13,801 ------w c:\windows\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 00:11:31 25,600 ------w c:\windows\Installer\tsclientmsitrans\tscupdc.dll
- 2002-06-21 23:31:20 20,480 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_filter.dll
+ 2008-04-13 16:09:58 20,480 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_filter.dll
- 2007-01-02 23:34:04 200,704 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2008-04-13 16:09:59 200,704 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2004-08-04 04:11:06 24,576 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
+ 2008-04-13 16:10:01 24,576 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
- 2002-06-21 23:31:22 32,768 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2008-04-13 16:10:01 32,768 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2007-01-02 23:34:04 32,768 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2008-04-13 16:10:01 32,768 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2004-09-30 01:04:48 61,440 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\gacutil.exe
+ 2008-04-13 16:10:32 61,440 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\gacutil.exe
- 2007-01-02 23:28:28 2,273,280 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2007-12-17 11:58:53 2,273,280 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2007-01-02 23:28:46 2,281,472 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2007-12-17 11:59:26 2,281,472 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2007-01-15 23:11:26 73,728 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
+ 2007-12-17 11:59:53 82,976 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
- 2007-01-15 23:11:30 57,344 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2007-12-17 11:59:54 66,592 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\setregni.exe
- 2004-07-20 00:54:18 1,179,648 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\System.dll
+ 2007-12-17 11:59:56 1,179,648 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\system.dll
- 2007-01-15 23:11:30 57,344 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2007-12-17 12:00:05 66,592 ------w c:\windows\Microsoft.NET\Framework\v1.0.3705\togac.exe
- 2004-08-10 04:00:00 24,064 ------w c:\windows\msagent\agentanm.dll
+ 2008-04-14 00:11:48 24,064 ------w c:\windows\msagent\agentanm.dll
- 2004-08-10 04:00:00 214,016 ------w c:\windows\msagent\agentctl.dll
+ 2008-04-14 00:11:48 214,016 ------w c:\windows\msagent\agentctl.dll
- 2006-10-12 13:54:18 42,496 ------w c:\windows\msagent\agentdp2.dll
+ 2008-04-14 00:11:48 42,496 ------w c:\windows\msagent\agentdp2.dll
- 2007-03-09 13:58:57 57,344 ----a-w c:\windows\msagent\agentdpv.dll
+ 2008-04-14 00:11:48 57,344 ----a-w c:\windows\msagent\agentdpv.dll
- 2004-08-10 04:00:00 49,152 ------w c:\windows\msagent\agentmpx.dll
+ 2008-04-14 00:11:48 49,152 ------w c:\windows\msagent\agentmpx.dll
- 2004-08-10 04:00:00 24,064 ------w c:\windows\msagent\agentpsh.dll
+ 2008-04-14 00:11:48 24,064 ------w c:\windows\msagent\agentpsh.dll
- 2004-08-10 04:00:00 44,032 ------w c:\windows\msagent\agentsr.dll
+ 2008-04-14 00:11:48 44,032 ------w c:\windows\msagent\agentsr.dll
- 2006-10-12 11:54:07 256,512 ------w c:\windows\msagent\agentsvr.exe
+ 2008-04-14 00:12:12 256,512 ------w c:\windows\msagent\agentsvr.exe
- 2004-08-10 04:00:00 24,064 ------w c:\windows\msagent\agtintl.dll
+ 2008-04-14 00:11:49 24,064 ------w c:\windows\msagent\agtintl.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\msagent\intl\agt0405.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt0406.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\msagent\intl\agt0406.dll
- 2004-08-10 04:00:00 21,504 ------w c:\windows\msagent\intl\agt0407.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\msagent\intl\agt0407.dll
- 2004-08-10 04:00:00 22,016 ------w c:\windows\msagent\intl\agt0408.dll
+ 2007-04-02 18:26:00 22,016 ------w c:\windows\msagent\intl\agt0408.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt0409.dll
+ 2008-04-13 17:32:28 19,968 ------w c:\windows\msagent\intl\agt0409.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt040b.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\msagent\intl\agt040b.dll
- 2004-08-10 04:00:00 21,504 ------w c:\windows\msagent\intl\agt040c.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\msagent\intl\agt040c.dll
- 2004-08-10 04:00:00 19,968 ------w c:\windows\msagent\intl\agt040e.dll
+ 2007-04-02 18:26:00 19,968 ------w c:\windows\msagent\intl\agt040e.dll
- 2004-08-10 04:00:00 20,992 ------w c:\windows\msagent\intl\agt0410.dll
+ 2007-04-02 18:26:00 20,992 ------w c:\windows\msagent\intl\agt0410.dll
- 2004-08-10 04:00:00 20,992 ------w c:\windows\msagent\intl\agt0413.dll
+ 2007-04-02 18:26:01 20,992 ------w c:\windows\msagent\intl\agt0413.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\msagent\intl\agt0414.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt0415.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\msagent\intl\agt0415.dll
- 2004-08-10 04:00:00 20,480 ------w c:\windows\msagent\intl\agt0416.dll
+ 2007-04-02 18:26:01 20,480 ------w c:\windows\msagent\intl\agt0416.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\msagent\intl\agt0419.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\msagent\intl\agt041d.dll
- 2004-08-10 04:00:00 19,456 ------w c:\windows\msagent\intl\agt041f.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\msagent\intl\agt041f.dll
- 2004-08-10 04:00:00 20,992 ------w c:\windows\msagent\intl\agt0816.dll
+ 2007-04-02 18:26:02 20,992 ------w c:\windows\msagent\intl\agt0816.dll
- 2004-08-10 04:00:00 20,480 ------w c:\windows\msagent\intl\agt0c0a.dll
+ 2007-04-02 18:26:02 20,480 ------w c:\windows\msagent\intl\agt0c0a.dll
- 2004-08-10 04:00:00 39,936 ------w c:\windows\msagent\mslwvtts.dll
+ 2008-04-14 00:12:00 39,936 ------w c:\windows\msagent\mslwvtts.dll
- 2004-08-10 04:00:00 90,624 ------w c:\windows\mui\muisetup.exe
+ 2008-04-14 00:12:29 90,624 ------w c:\windows\mui\muisetup.exe
+ 2008-04-14 00:11:51 33,792 ------w c:\windows\network diagnostic\custsat.dll
+ 2008-04-13 18:53:32 558,080 ------w c:\windows\network diagnostic\xpnetdiag.exe
- 2004-08-10 04:00:00 69,120 ------w c:\windows\NOTEPAD.EXE
+ 2008-04-14 00:12:29 69,120 ------w c:\windows\notepad.exe
- 2004-08-10 04:00:00 768,512 ------w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-04-14 00:12:21 769,024 ------w c:\windows\pchealth\helpctr\binaries\helpctr.exe
- 2004-08-10 04:00:00 743,936 ------w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 00:12:21 744,448 ------w c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2004-08-10 04:00:00 18,944 ------w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
+ 2008-04-14 00:12:21 18,432 ------w c:\windows\pchealth\helpctr\binaries\hscupd.exe
- 2005-09-27 07:34:26 169,984 ------w c:\windows\pchealth\helpctr\binaries\msconfig.exe
+ 2008-04-14 00:12:27 169,984 ------w c:\windows\pchealth\helpctr\binaries\msconfig.exe
- 2004-08-10 04:00:00 376,320 ------w c:\windows\pchealth\helpctr\binaries\msinfo.dll
+ 2008-04-14 00:11:59 376,832 ------w c:\windows\pchealth\helpctr\binaries\msinfo.dll
- 2004-08-10 04:00:00 102,400 ------w c:\windows\pchealth\helpctr\binaries\pchshell.dll
+ 2008-04-14 00:12:02 102,912 ------w c:\windows\pchealth\helpctr\binaries\pchshell.dll
- 2004-08-10 04:00:00 38,912 ------w c:\windows\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 00:12:02 38,400 ----a-w c:\windows\pchealth\helpctr\binaries\pchsvc.dll
- 2006-09-20 13:39:34 92,947 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2009-01-26 01:17:10 92,947 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2006-09-20 13:39:34 8,162 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2009-01-26 01:17:11 8,900 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
- 2004-08-10 04:00:00 150,528 ------w c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 00:12:38 150,528 ------w c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
- 2004-08-10 04:00:00 151,552 ------w c:\windows\PeerNet\sqldb20.dll
+ 2008-04-14 00:12:06 151,552 ------w c:\windows\PeerNet\sqldb20.dll
- 2004-08-10 04:00:00 462,848 ------w c:\windows\PeerNet\sqlqp20.dll
+ 2008-04-14 00:12:06 462,848 ------w c:\windows\PeerNet\sqlqp20.dll
- 2004-08-10 04:00:00 110,592 ------w c:\windows\PeerNet\sqlse20.dll
+ 2008-04-14 00:12:06 110,592 ------w c:\windows\PeerNet\sqlse20.dll
- 2004-08-10 11:00:00 146,432 ------w c:\windows\regedit.exe
+ 2008-04-14 00:12:32 146,432 ------w c:\windows\regedit.exe
+ 2008-04-13 18:46:18 53,376 ------w c:\windows\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 18:40:50 12,288 ------w c:\windows\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 18:46:20 48,128 ------w c:\windows\ServicePackFiles\i386\61883.sys
+ 2008-04-14 00:11:48 100,352 ------w c:\windows\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 00:11:48 136,192 ------w c:\windows\ServicePackFiles\i386\aaclient.dll
+ 2004-08-04 05:32:22 231,552 ------w c:\windows\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-04 05:32:32 84,480 ------w c:\windows\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 00:11:48 39,424 ------w c:\windows\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 00:12:11 184,320 ------w c:\windows\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 00:11:48 1,852,928 ------w c:\windows\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 00:11:48 451,072 ------w c:\windows\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 00:11:48 141,312 ------w c:\windows\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 00:11:48 115,712 ------w c:\windows\ServicePackFiles\i386\aclui.dll
+ 2008-04-13 18:36:35 187,776 ------w c:\windows\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 00:11:48 245,248 ------w c:\windows\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 00:11:48 193,536 ------w c:\windows\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 00:12:12 4,096 ------w c:\windows\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 00:11:48 98,304 ------w c:\windows\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 00:11:48 116,224 ------w c:\windows\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 00:11:48 29,696 ------w c:\windows\ServicePackFiles\i386\admexs.dll
+ 2008-04-14 00:11:48 20,540 ------w c:\windows\ServicePackFiles\i386\admin.dll
+ 2008-04-14 00:12:12 16,439 ------w c:\windows\ServicePackFiles\i386\admin.exe
+ 2004-08-04 05:32:24 10,880 ------w c:\windows\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 00:11:48 61,440 ------w c:\windows\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 00:11:48 43,520 ------w c:\windows\ServicePackFiles\i386\admwprox.dll
+ 2008-04-14 00:11:48 290,816 ------w c:\windows\ServicePackFiles\i386\adsiis51.dll
+ 2008-04-14 00:11:48 175,616 ------w c:\windows\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 00:11:48 143,360 ------w c:\windows\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 00:11:48 68,096 ------w c:\windows\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 00:11:48 263,680 ------w c:\windows\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 00:11:48 123,392 ------w c:\windows\ServicePackFiles\i386\adsnw.dll
+ 2004-07-17 18:35:20 85,813 ------w c:\windows\ServicePackFiles\i386\adsutil.vbs
+ 2008-04-14 00:11:48 4,255 ------w c:\windows\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 00:11:48 3,967 ------w c:\windows\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 00:11:48 3,615 ------w c:\windows\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 00:11:48 3,647 ------w c:\windows\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 00:11:48 3,135 ------w c:\windows\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 00:11:48 3,711 ------w c:\windows\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 00:11:48 3,775 ------w c:\windows\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 00:11:48 617,472 ------w c:\windows\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 00:11:48 99,840 ------w c:\windows\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 16:39:23 142,592 ------w c:\windows\ServicePackFiles\i386\aec.sys
+ 2008-04-13 19:19:23 138,112 ------w c:\windows\ServicePackFiles\i386\afd.sys
+ 2008-04-14 00:11:48 24,064 ------w c:\windows\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 00:11:48 214,016 ------w c:\windows\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 00:11:48 42,496 ------w c:\windows\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 00:11:48 57,344 ------w c:\windows\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 00:11:48 49,152 ------w c:\windows\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 00:11:48 24,064 ------w c:\windows\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 00:11:48 44,032 ------w c:\windows\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 00:12:12 256,512 ------w c:\windows\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 18:36:38 42,368 ------w c:\windows\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 18:36:39 44,928 ------w c:\windows\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ------w c:\windows\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ------w c:\windows\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 18:26:00 19,968 ------w c:\windows\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ------w c:\windows\ServicePackFiles\i386\agt0410.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0412.dll
+ 2007-04-02 18:26:01 20,992 ------w c:\windows\ServicePackFiles\i386\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ------w c:\windows\ServicePackFiles\i386\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt041f.dll
+ 2007-04-02 18:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt0804.dll
+ 2007-04-02 18:26:02 20,992 ------w c:\windows\ServicePackFiles\i386\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ------w c:\windows\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 00:11:49 24,064 ------w c:\windows\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 00:12:12 98,304 ------w c:\windows\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 00:12:12 44,544 ------w c:\windows\ServicePackFiles\i386\alg.exe
+ 2008-04-13 18:36:38 42,752 ------w c:\windows\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 00:11:49 17,408 ------w c:\windows\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-13 18:36:39 43,008 ------w c:\windows\ServicePackFiles\i386\amdagp.sys
+ 2008-04-13 18:31:32 37,376 ------w c:\windows\ServicePackFiles\i386\amdk6.sys
+ 2008-04-13 18:31:33 37,760 ------w c:\windows\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 00:11:49 70,656 ------w c:\windows\ServicePackFiles\i386\amstream.dll
+ 2004-08-04 05:31:20 36,224 ------w c:\windows\ServicePackFiles\i386\an983.sys
+ 2008-04-14 00:11:49 108,544 ------w c:\windows\ServicePackFiles\i386\appconf.dll
+ 2008-04-14 00:11:49 125,952 ------w c:\windows\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 00:11:49 167,936 ------w c:\windows\ServicePackFiles\i386\appmgmts.dll
+ 2008-04-14 00:11:49 295,936 ------w c:\windows\ServicePackFiles\i386\appmgr.dll
+ 2008-04-14 00:11:49 331,264 ------w c:\windows\ServicePackFiles\i386\aqueue.dll
+ 2008-04-13 18:51:25 60,800 ------w c:\windows\ServicePackFiles\i386\arp1394.sys
+ 2008-04-14 00:11:49 369,664 ------w c:\windows\ServicePackFiles\i386\asp51.dll
+ 2008-04-13 16:09:58 20,480 ------w c:\windows\ServicePackFiles\i386\aspnet_filter.dll
+ 2008-04-13 16:09:59 200,704 ------w c:\windows\ServicePackFiles\i386\aspnet_isapi.dll
+ 2008-04-13 16:10:01 24,576 ------w c:\windows\ServicePackFiles\i386\aspnet_regiis.exe
+ 2008-04-13 16:10:01 32,768 ------w c:\windows\ServicePackFiles\i386\aspnet_state.exe
+ 2008-04-13 16:10:01 32,768 ------w c:\windows\ServicePackFiles\i386\aspnet_wp.exe
+ 2008-04-14 00:12:12 30,208 ------w c:\windows\ServicePackFiles\i386\asr_fmt.exe
+ 2008-04-14 00:12:12 32,768 ------w c:\windows\ServicePackFiles\i386\asr_pfu.exe
+ 2008-04-14 00:11:49 65,024 ------w c:\windows\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-13 18:57:27 14,336 ------w c:\windows\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 00:12:12 25,088 ------w c:\windows\ServicePackFiles\i386\at.exe
+ 2008-04-13 18:40:30 96,512 ------w c:\windows\ServicePackFiles\i386\atapi.sys
+ 2004-08-04 05:29:30 56,623 ------w c:\windows\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-04 05:29:30 11,615 ------w c:\windows\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-04 05:29:30 12,047 ------w c:\windows\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-04 05:29:32 30,671 ------w c:\windows\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-04 05:29:32 63,663 ------w c:\windows\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-04 05:29:32 26,367 ------w c:\windows\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-04 05:29:32 21,343 ------w c:\windows\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-04 05:29:32 36,463 ------w c:\windows\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-04 05:29:32 29,455 ------w c:\windows\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-04 05:29:32 34,735 ------w c:\windows\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 00:11:49 229,376 ------w c:\windows\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 00:11:49 377,984 ------w c:\windows\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 00:11:49 201,728 ------w c:\windows\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-04 05:29:28 327,040 ------w c:\windows\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-04 05:29:28 701,440 ------w c:\windows\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 00:11:49 870,784 ------w c:\windows\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 00:11:49 1,057,760 ------w c:\windows\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 00:11:50 1,888,992 ------w c:\windows\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-04 05:29:28 57,856 ------w c:\windows\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-04 05:29:30 13,824 ------w c:\windows\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-04 05:29:30 14,336 ------w c:\windows\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-04 05:29:30 52,224 ------w c:\windows\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-04 05:29:32 104,960 ------w c:\windows\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-04 05:29:32 28,672 ------w c:\windows\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-04 05:29:32 13,824 ------w c:\windows\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-04 05:29:32 73,216 ------w c:\windows\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-04 05:29:32 31,744 ------w c:\windows\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-04 05:29:32 63,488 ------w c:\windows\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 00:11:50 32,768 ------w c:\windows\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 00:11:50 516,768 ------w c:\windows\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 00:11:50 58,880 ------w c:\windows\ServicePackFiles\i386\atl.dll
+ 2008-04-14 00:12:12 11,264 ------w c:\windows\ServicePackFiles\i386\atmadm.exe
+ 2008-04-13 18:51:25 59,904 ------w c:\windows\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 00:09:01 285,696 ------w c:\windows\ServicePackFiles\i386\atmfd.dll
+ 2008-04-13 18:51:30 55,808 ------w c:\windows\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 00:11:50 30,208 ------w c:\windows\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 00:12:12 12,288 ------w c:\windows\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 00:11:50 21,183 ------w c:\windows\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 00:11:50 11,359 ------w c:\windows\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 00:11:50 25,471 ------w c:\windows\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 00:11:50 14,143 ------w c:\windows\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 00:11:50 17,279 ------w c:\windows\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 00:11:50 42,496 ------w c:\windows\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 00:12:12 14,336 ------w c:\windows\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 00:11:50 20,540 ------w c:\windows\ServicePackFiles\i386\author.dll
+ 2008-04-14 00:12:12 16,439 ------w c:\windows\ServicePackFiles\i386\author.exe
+ 2008-04-14 00:11:50 62,464 ------w c:\windows\ServicePackFiles\i386\authz.dll
+ 2008-04-14 00:12:12 588,800 ------w c:\windows\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 00:12:12 602,624 ------w c:\windows\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 00:12:13 580,608 ------w c:\windows\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 00:12:13 11,264 ------w c:\windows\ServicePackFiles\i386\autolfn.exe
+ 2008-04-13 18:46:20 38,912 ------w c:\windows\ServicePackFiles\i386\avc.sys
+ 2008-04-13 18:46:07 13,696 ------w c:\windows\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 00:11:50 84,992 ------w c:\windows\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 00:11:50 233,472 ------w c:\windows\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 00:11:50 52,736 ------w c:\windows\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 00:11:50 29,184 ------w c:\windows\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 00:11:50 8,704 ------w c:\windows\ServicePackFiles\i386\batt.dll
+ 2008-04-13 18:36:32 14,208 ------w c:\windows\ServicePackFiles\i386\battc.sys
+ 2008-04-13 18:46:21 11,776 ------w c:\windows\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 00:11:50 17,408 ------w c:\windows\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 00:11:50 8,192 ------w c:\windows\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 00:11:50 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 00:11:50 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx4.dll
+ 2008-04-14 00:12:13 71,680 ------w c:\windows\ServicePackFiles\i386\blastcln.exe
+ 2008-04-14 00:12:13 142,848 ------w c:\windows\ServicePackFiles\i386\bootcfg.exe
+ 2008-04-13 18:53:23 71,552 ------w c:\windows\ServicePackFiles\i386\bridge.sys
+ 2008-04-13 17:03:24 63,488 ------w c:\windows\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 00:11:50 77,824 ------w c:\windows\ServicePackFiles\i386\browser.dll
+ 2008-04-14 00:11:50 1,025,024 ------w c:\windows\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 00:11:50 78,336 ------w c:\windows\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 00:11:50 20,992 ------w c:\windows\ServicePackFiles\i386\bthci.dll
+ 2008-04-13 18:46:33 17,024 ------w c:\windows\ServicePackFiles\i386\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w c:\windows\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w c:\windows\ServicePackFiles\i386\bthpan.sys
+ 2008-04-13 18:46:32 273,024 ------w c:\windows\ServicePackFiles\i386\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w c:\windows\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 00:11:50 30,208 ------w c:\windows\ServicePackFiles\i386\bthserv.dll
+ 2008-04-13 18:46:29 18,944 ------w c:\windows\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 00:11:50 50,688 ------w c:\windows\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 00:11:50 218,112 ------w c:\windows\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 00:11:50 60,416 ------w c:\windows\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 00:11:50 84,480 ------w c:\windows\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 00:12:13 19,968 ------w c:\windows\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 00:11:50 385,024 ------w c:\windows\ServicePackFiles\i386\callcont.dll
+ 2008-04-14 00:11:50 121,856 ------w c:\windows\ServicePackFiles\i386\camext30.dll
+ 2008-04-14 00:11:50 50,688 ------w c:\windows\ServicePackFiles\i386\camocx.dll
+ 2008-04-14 00:11:50 150,016 ------w c:\windows\ServicePackFiles\i386\capesnpn.dll
+ 2004-07-20 00:54:04 94,208 ------w c:\windows\ServicePackFiles\i386\caspol.exe
+ 2008-04-14 00:11:50 226,304 ------w c:\windows\ServicePackFiles\i386\catsrv.dll
+ 2008-04-14 00:11:50 85,504 ------w c:\windows\ServicePackFiles\i386\catsrvps.dll
+ 2008-04-14 00:11:50 625,664 ------w c:\windows\ServicePackFiles\i386\catsrvut.dll
+ 2008-04-13 18:46:23 17,024 ------w c:\windows\ServicePackFiles\i386\ccdecode.sys
+ 2008-04-13 19:14:21 63,744 ------w c:\windows\ServicePackFiles\i386\cdfs.sys
+ 2008-04-14 00:11:50 151,040 ------w c:\windows\ServicePackFiles\i386\cdfview.dll
+ 2008-04-14 00:11:50 66,560 ------w c:\windows\ServicePackFiles\i386\cdm.dll
+ 2008-04-14 00:11:50 2,091,520 ------w c:\windows\ServicePackFiles\i386\cdosys.dll
+ 2008-04-13 18:40:46 62,976 ------w c:\windows\ServicePackFiles\i386\cdrom.sys
+ 2008-04-14 00:11:50 194,560 ------w c:\windows\ServicePackFiles\i386\certcli.dll
+ 2008-04-14 00:11:50 457,728 ------w c:\windows\ServicePackFiles\i386\certmgr.dll
+ 2008-04-14 00:11:50 38,912 ------w c:\windows\ServicePackFiles\i386\cfgbkend.dll
+ 2008-04-14 00:09:05 16,896 ------w c:\windows\ServicePackFiles\i386\cfgmgr32.dll
+ 2008-04-14 00:12:14 188,480 ------w c:\windows\ServicePackFiles\i386\cfgwiz.exe
+ 2008-04-14 00:11:50 15,423 ------w c:\windows\ServicePackFiles\i386\ch7xxnt5.dll
+ 2008-04-13 18:40:58 8,192 ------w c:\windows\ServicePackFiles\i386\changer.sys
+ 2008-04-14 00:11:50 148,480 ------w c:\windows\ServicePackFiles\i386\cic.dll
+ 2008-04-14 00:11:50 1,358,848 ------w c:\windows\ServicePackFiles\i386\cimwin32.dll
+ 2008-04-14 00:11:50 69,120 ------w c:\windows\ServicePackFiles\i386\ciodm.dll
+ 2008-04-14 00:12:14 56,832 ------w c:\windows\ServicePackFiles\i386\cipher.exe
+ 2008-04-14 00:12:14 5,632 ------w c:\windows\ServicePackFiles\i386\cisvc.exe
+ 2008-04-13 19:16:22 49,536 ------w c:\windows\ServicePackFiles\i386\classpnp.sys
+ 2008-04-14 00:11:50 110,592 ------w c:\windows\ServicePackFiles\i386\clbcatex.dll
+ 2008-04-14 00:11:50 498,688 ------w c:\windows\ServicePackFiles\i386\clbcatq.dll
+ 2008-04-14 00:12:14 64,000 ------w c:\windows\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 00:11:50 77,824 ------w c:\windows\ServicePackFiles\i386\cliconfg.dll
+ 2008-04-14 00:12:14 20,480 ------w c:\windows\ServicePackFiles\i386\cliconfg.exe
+ 2008-04-14 00:12:14 102,912 ------w c:\windows\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 00:12:14 33,280 ------w c:\windows\ServicePackFiles\i386\clipsrv.exe
+ 2008-04-14 00:11:50 58,368 ------w c:\windows\ServicePackFiles\i386\clusapi.dll
+ 2008-04-13 18:36:37 13,952 ------w c:\windows\ServicePackFiles\i386\cmbatt.sys
+ 2008-04-14 00:11:50 15,872 ------w c:\windows\ServicePackFiles\i386\cmcfg32.dll
+ 2008-04-14 00:12:14 389,120 ------w c:\windows\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 00:11:50 344,064 ------w c:\windows\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 00:12:14 25,600 ------w c:\windows\ServicePackFiles\i386\cmdl32.exe
+ 2008-04-14 00:12:15 39,936 ------w c:\windows\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 00:11:50 185,344 ------w c:\windows\ServicePackFiles\i386\cmprops.dll
+ 2008-04-14 00:11:50 13,312 ------w c:\windows\ServicePackFiles\i386\cmsetacl.dll
+ 2008-04-14 00:12:15 63,488 ------w c:\windows\ServicePackFiles\i386\cmstp.exe
+ 2008-04-14 00:11:50 39,424 ------w c:\windows\ServicePackFiles\i386\cmutil.dll
+ 2008-04-14 00:11:50 47,104 ------w c:\windows\ServicePackFiles\i386\cnbjmon.dll
+ 2008-04-14 00:11:50 79,360 ------w c:\windows\ServicePackFiles\i386\cnbjmon2.dll
+ 2008-04-14 00:11:51 46,592 ------w c:\windows\ServicePackFiles\i386\coadmin.dll
+ 2008-04-13 16:44:16 17,920 ------w c:\windows\ServicePackFiles\i386\cobramsg.dll
+ 2008-04-14 00:11:51 60,416 ------w c:\windows\ServicePackFiles\i386\colbact.dll
+ 2008-04-14 00:11:51 28,160 ------w c:\windows\ServicePackFiles\i386\comaddin.dll
+ 2008-04-14 00:11:51 195,072 ------w c:\windows\ServicePackFiles\i386\comadmin.dll
+ 2008-04-14 00:11:51 617,472 ------w c:\windows\ServicePackFiles\i386\comctl32.dll
+ 2008-04-14 00:11:51 276,992 ------w c:\windows\ServicePackFiles\i386\comdlg32.dll
+ 2008-04-14 00:11:51 252,928 ------w c:\windows\ServicePackFiles\i386\compatui.dll
+ 2008-04-13 18:36:37 10,240 ------w c:\windows\ServicePackFiles\i386\compbatt.sys
+ 2008-04-14 00:11:51 24,064 ------w c:\windows\ServicePackFiles\i386\compfilt.dll
+ 2008-04-14 00:11:51 229,376 ------w c:\windows\ServicePackFiles\i386\compstui.dll
+ 2008-04-14 00:11:51 97,792 ------w c:\windows\ServicePackFiles\i386\comrepl.dll
+ 2008-04-14 00:12:15 9,728 ------w c:\windows\ServicePackFiles\i386\comrepl.exe
+ 2008-04-14 00:12:15 6,144 ------w c:\windows\ServicePackFiles\i386\comrereg.exe
+ 2008-04-14 00:11:51 792,064 ------w c:\windows\ServicePackFiles\i386\comres.dll
+ 2008-04-13 18:43:32 9,728 ------w c:\windows\ServicePackFiles\i386\comsdupd.exe
+ 2008-04-14 00:11:51 274,944 ------w c:\windows\ServicePackFiles\i386\comsetup.dll
+ 2008-04-14 00:11:51 167,424 ------w c:\windows\ServicePackFiles\i386\comsnap.dll
+ 2008-04-14 00:11:51 1,267,200 ------w c:\windows\ServicePackFiles\i386\comsvcs.dll
+ 2008-04-14 00:11:51 539,648 ------w c:\windows\ServicePackFiles\i386\comuid.dll
+ 2008-04-14 00:12:15 1,032,192 ------w c:\windows\ServicePackFiles\i386\conf.exe
+ 2008-04-14 00:11:51 45,056 ------w c:\windows\ServicePackFiles\i386\confmrsl.dll
+ 2008-04-14 00:11:51 357,888 ------w c:\windows\ServicePackFiles\i386\confmsp.dll
+ 2008-04-14 00:12:15 27,648 ------w c:\windows\ServicePackFiles\i386\conime.exe
+ 2004-08-04 04:11:12 69,632 ------w c:\windows\ServicePackFiles\i386\corperfmonext.dll
+ 2008-04-14 00:11:51 35,328 ------w c:\windows\ServicePackFiles\i386\corpol.dll
+ 2008-04-14 00:11:51 12,800 ------w c:\windows\ServicePackFiles\i386\credssp.dll
+ 2008-04-14 00:11:51 163,840 ------w c:\windows\ServicePackFiles\i386\credui.dll
+ 2008-04-13 18:31:32 36,736 ------w c:\windows\ServicePackFiles\i386\crusoe.sys
+ 2008-04-14 00:11:51 599,040 ------w c:\windows\ServicePackFiles\i386\crypt32.dll
+ 2008-04-14 00:11:51 74,752 ------w c:\windows\ServicePackFiles\i386\cryptdlg.dll
+ 2008-04-14 00:11:51 33,280 ------w c:\windows\ServicePackFiles\i386\cryptdll.dll
+ 2008-04-14 00:11:51 53,760 ------w c:\windows\ServicePackFiles\i386\cryptext.dll
+ 2008-04-14 00:11:51 64,512 ------w c:\windows\ServicePackFiles\i386\cryptnet.dll
+ 2008-04-14 00:11:51 62,464 ------w c:\windows\ServicePackFiles\i386\cryptsvc.dll
+ 2008-04-14 00:11:51 512,512 ------w c:\windows\ServicePackFiles\i386\cryptui.dll
+ 2004-08-04 04:11:18 49,152 ------w c:\windows\ServicePackFiles\i386\csc.exe
+ 2008-04-14 00:11:51 101,888 ------w c:\windows\ServicePackFiles\i386\cscdll.dll
+ 2004-07-20 00:54:04 589,824 ------w c:\windows\ServicePackFiles\i386\cscomp.dll
+ 2008-04-14 00:12:15 139,264 ------w c:\windows\ServicePackFiles\i386\cscript.exe
+ 2008-04-14 00:11:51 326,656 ------w c:\windows\ServicePackFiles\i386\cscui.dll
+ 2008-04-14 00:11:51 32,256 ------w c:\windows\ServicePackFiles\i386\csrsrv.dll
+ 2008-04-14 00:12:15 6,144 ------w c:\windows\ServicePackFiles\i386\csrss.exe
+ 2008-04-14 00:12:16 15,360 ------w c:\windows\ServicePackFiles\i386\ctfmon.exe
+ 2008-04-14 00:11:51 249,856 ------w c:\windows\ServicePackFiles\i386\ctmasetp.dll
+ 2008-04-14 00:11:51 33,792 ------w c:\windows\ServicePackFiles\i386\custsat.dll
+ 2004-08-04 05:32:26 48,640 ------w c:\windows\ServicePackFiles\i386\cwrwdm.sys
+ 2008-04-14 00:11:51 1,179,648 ------w c:\windows\ServicePackFiles\i386\d3d8.dll
+ 2008-04-14 00:11:51 8,192 ------w c:\windows\ServicePackFiles\i386\d3d8thk.dll
+ 2008-04-14 00:11:51 1,689,088 ------w c:\windows\ServicePackFiles\i386\d3d9.dll
+ 2008-04-14 00:11:51 824,320 ------w c:\windows\ServicePackFiles\i386\d3dim700.dll
+ 2008-04-14 00:11:51 1,054,208 ------w c:\windows\ServicePackFiles\i386\danim.dll
+ 2008-03-25 04:50:25 554,008 ------w c:\windows\ServicePackFiles\i386\dao360.dll
+ 2008-04-14 00:11:51 54,272 ------w c:\windows\ServicePackFiles\i386\dataclen.dll
+ 2008-04-14 00:11:51 165,376 ------w c:\windows\ServicePackFiles\i386\datime.dll
+ 2008-04-14 00:12:16 42,496 ------w c:\windows\ServicePackFiles\i386\davcdata.exe
+ 2008-04-14 00:11:51 25,088 ------w c:\windows\ServicePackFiles\i386\davclnt.dll
+ 2008-04-14 00:11:51 640,000 ------w c:\windows\ServicePackFiles\i386\dbghelp.dll
+ 2008-04-14 00:11:51 24,576 ------w c:\windows\ServicePackFiles\i386\dbmsrpcn.dll
+ 2008-04-14 00:11:51 110,592 ------w c:\windows\ServicePackFiles\i386\dbnetlib.dll
+ 2008-04-14 00:11:51 28,672 ------w c:\windows\ServicePackFiles\i386\dbnmpntw.dll
+ 2008-04-14 00:25:26 1,804 ------w c:\windows\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 00:11:51 40,960 ------w c:\windows\ServicePackFiles\i386\dcap32.dll
+ 2008-04-14 00:11:51 8,704 ------w c:\windows\ServicePackFiles\i386\dciman32.dll
+ 2008-04-14 00:12:16 6,144 ------w c:\windows\ServicePackFiles\i386\dcomcnfg.exe
+ 2008-04-14 00:12:16 30,208 ------w c:\windows\ServicePackFiles\i386\ddeshare.exe
+ 2008-04-14 00:11:51 279,552 ------w c:\windows\ServicePackFiles\i386\ddraw.dll
+ 2008-04-14 00:11:51 27,136 ------w c:\windows\ServicePackFiles\i386\ddrawex.dll
+ 2008-04-14 00:12:16 25,088 ------w c:\windows\ServicePackFiles\i386\defrag.exe
+ 2008-04-14 00:11:51 59,904 ------w c:\windows\ServicePackFiles\i386\devenum.dll
+ 2008-04-14 00:11:51 282,624 ------w c:\windows\ServicePackFiles\i386\devmgr.dll
+ 2008-04-14 00:12:16 82,944 ------w c:\windows\ServicePackFiles\i386\dfrgfat.exe
+ 2008-04-14 00:12:16 105,472 ------w c:\windows\ServicePackFiles\i386\dfrgntfs.exe
+ 2008-04-14 00:11:51 39,424 ------w c:\windows\ServicePackFiles\i386\dfrgsnap.dll
+ 2008-04-14 00:11:51 124,416 ------w c:\windows\ServicePackFiles\i386\dfrgui.dll
+ 2008-04-14 00:11:51 28,672 ------w c:\windows\ServicePackFiles\i386\dfsshlex.dll
+ 2008-04-14 00:11:51 111,104 ------w c:\windows\ServicePackFiles\i386\dgnet.dll
+ 2008-04-14 00:11:51 126,976 ------w c:\windows\ServicePackFiles\i386\dhcpcsvc.dll
+ 2008-04-14 00:11:52 379,904 ------w c:\windows\ServicePackFiles\i386\dhcpmon.dll
+ 2008-04-14 00:11:52 48,640 ------w c:\windows\ServicePackFiles\i386\dhcpqec.dll
+ 2008-04-14 00:12:17 539,136 ------w c:\windows\ServicePackFiles\i386\dialer.exe
+ 2008-04-14 00:12:17 87,040 ------w c:\windows\ServicePackFiles\i386\diantz.exe
+ 2004-08-10 04:00:00 884,712 ------w c:\windows\ServicePackFiles\i386\digcore.exe
+ 2008-04-14 00:11:52 68,608 ------w c:\windows\ServicePackFiles\i386\digest.dll
+ 2008-04-14 00:11:52 19,456 ------w c:\windows\ServicePackFiles\i386\dimsntfy.dll
+ 2008-04-14 00:11:52 39,936 ------w c:\windows\ServicePackFiles\i386\dimsroam.dll
+ 2008-04-14 00:11:52 158,720 ------w c:\windows\ServicePackFiles\i386\dinput.dll
+ 2008-04-14 00:11:52 181,760 ------w c:\windows\ServicePackFiles\i386\dinput8.dll
+ 2008-04-14 00:11:52 86,528 ------w c:\windows\ServicePackFiles\i386\directdb.dll
+ 2008-04-13 18:40:47 36,352 ------w c:\windows\ServicePackFiles\i386\disk.sys
+ 2008-04-14 00:11:52 1,504,256 ------w c:\windows\ServicePackFiles\i386\diskcopy.dll
+ 2008-04-13 18:40:44 14,208 ------w c:\windows\ServicePackFiles\i386\diskdump.sys
+ 2008-04-14 00:12:17 163,840 ------w c:\windows\ServicePackFiles\i386\diskpart.exe
+ 2008-04-14 00:11:52 32,768 ------w c:\windows\ServicePackFiles\i386\dispex.dll
+ 2008-04-14 00:12:17 5,120 ------w c:\windows\ServicePackFiles\i386\dllhost.exe
+ 2008-04-13 18:40:51 8,320 ------w c:\windows\ServicePackFiles\i386\dlttape.sys
+ 2008-04-14 00:12:17 224,768 ------w c:\windows\ServicePackFiles\i386\dmadmin.exe
+ 2008-04-14 00:11:52 28,672 ------w c:\windows\ServicePackFiles\i386\dmband.dll
+ 2008-04-13 18:44:48 799,744 ------w c:\windows\ServicePackFiles\i386\dmboot.sys
+ 2008-04-14 00:11:52 61,440 ------w c:\windows\ServicePackFiles\i386\dmcompos.dll
+ 2008-04-14 00:11:52 285,184 ------w c:\windows\ServicePackFiles\i386\dmdlgs.dll
+ 2008-04-14 00:11:52 200,704 ------w c:\windows\ServicePackFiles\i386\dmdskmgr.dll
+ 2008-04-14 00:11:52 181,248 ------w c:\windows\ServicePackFiles\i386\dmime.dll
+ 2008-04-13 18:44:46 153,344 ------w c:\windows\ServicePackFiles\i386\dmio.sys
+ 2008-04-14 00:11:52 35,840 ------w c:\windows\ServicePackFiles\i386\dmloader.dll
+ 2008-04-14 00:12:17 15,872 ------w c:\windows\ServicePackFiles\i386\dmremote.exe
+ 2008-04-14 00:11:52 82,432 ------w c:\windows\ServicePackFiles\i386\dmscript.dll
+ 2008-04-14 00:11:52 23,552 ------w c:\windows\ServicePackFiles\i386\dmserver.dll
+ 2008-04-14 00:11:52 105,984 ------w c:\windows\ServicePackFiles\i386\dmstyle.dll
+ 2008-04-14 00:11:52 103,424 ------w c:\windows\ServicePackFiles\i386\dmsynth.dll
+ 2008-04-14 00:11:52 104,448 ------w c:\windows\ServicePackFiles\i386\dmusic.dll
+ 2008-04-13 18:45:01 52,864 ------w c:\windows\ServicePackFiles\i386\dmusic.sys
+ 2008-04-14 00:11:52 52,224 ------w c:\windows\ServicePackFiles\i386\dmutil.dll
+ 2008-04-14 00:11:52 147,968 ------w c:\windows\ServicePackFiles\i386\dnsapi.dll
+ 2008-04-14 00:11:52 45,568 ------w c:\windows\ServicePackFiles\i386\dnsrslvr.dll
+ 2008-04-14 00:11:52 48,128 ------w c:\windows\ServicePackFiles\i386\docprop2.dll
+ 2004-08-10 04:00:00 53,840 ------w c:\windows\ServicePackFiles\i386\dosx.exe
+ 2008-04-14 00:11:52 26,112 ------w c:\windows\ServicePackFiles\i386\dot3api.dll
+ 2008-04-14 00:11:52 57,856 ------w c:\windows\ServicePackFiles\i386\dot3cfg.dll
+ 2008-04-14 00:11:52 39,936 ------w c:\windows\ServicePackFiles\i386\dot3clnt.dll
+ 2008-04-14 00:11:52 9,216 ------w c:\windows\ServicePackFiles\i386\dot3dlg.dll
+ 2008-04-14 00:11:52 56,320 ------w c:\windows\ServicePackFiles\i386\dot3msm.dll
+ 2008-04-14 00:11:52 132,096 ------w c:\windows\ServicePackFiles\i386\dot3svc.dll
+ 2008-04-14 00:11:52 650,752 ------w c:\windows\ServicePackFiles\i386\dot3ui.dll
+ 2008-04-13 18:39:46 206,976 ------w c:\windows\ServicePackFiles\i386\dot4.sys
+ 2008-04-14 00:11:52 102,912 ------w c:\windows\ServicePackFiles\i386\dpcdll.dll
+ 2008-04-14 00:12:17 29,696 ------w c:\windows\ServicePackFiles\i386\dplaysvr.exe
+ 2008-04-14 00:11:52 229,888 ------w c:\windows\ServicePackFiles\i386\dplayx.dll
+ 2008-04-14 00:11:52 23,552 ------w c:\windows\ServicePackFiles\i386\dpmodemx.dll
+ 2008-04-14 00:09:19 3,072 ------w c:\windows\ServicePackFiles\i386\dpnaddr.dll
+ 2008-04-14 00:11:52 375,296 ------w c:\windows\ServicePackFiles\i386\dpnet.dll
+ 2008-04-14 00:11:52 35,328 ------w c:\windows\ServicePackFiles\i386\dpnhpast.dll
+ 2008-04-14 00:11:52 60,928 ------w c:\windows\ServicePackFiles\i386\dpnhupnp.dll
+ 2008-04-14 00:09:20 3,072 ------w c:\windows\ServicePackFiles\i386\dpnlobby.dll
+ 2008-04-14 00:12:17 17,920 ------w c:\windows\ServicePackFiles\i386\dpnsvr.exe
+ 2008-04-14 00:11:52 21,504 ------w c:\windows\ServicePackFiles\i386\dpvacm.dll
+ 2008-04-14 00:11:52 212,480 ------w c:\windows\ServicePackFiles\i386\dpvoice.dll
+ 2008-04-14 00:12:18 83,456 ------w c:\windows\ServicePackFiles\i386\dpvsetup.exe
+ 2008-04-14 00:11:52 116,736 ------w c:\windows\ServicePackFiles\i386\dpvvox.dll
+ 2008-04-14 00:11:52 57,344 ------w c:\windows\ServicePackFiles\i386\dpwsockx.dll
+ 2008-04-13 18:45:14 60,160 ------w c:\windows\ServicePackFiles\i386\drmk.sys
+ 2008-04-13 18:45:13 2,944 ------w c:\windows\ServicePackFiles\i386\drmkaud.sys
+ 2008-04-14 00:11:52 14,336 ------w c:\windows\ServicePackFiles\i386\drprov.dll
+ 2008-04-14 00:12:18 62,976 ------w c:\windows\ServicePackFiles\i386\drvqry.exe
+ 2004-08-10 04:00:00 4,656 ------w c:\windows\ServicePackFiles\i386\ds16gt.dll
+ 2008-04-14 00:11:52 16,384 ------w c:\windows\ServicePackFiles\i386\ds32gt.dll
+ 2008-04-14 00:11:52 181,248 ------w c:\windows\ServicePackFiles\i386\dsdmo.dll
+ 2008-04-14 00:11:52 71,680 ------w c:\windows\ServicePackFiles\i386\dsdmoprp.dll
+ 2008-04-14 00:11:52 92,672 ------w c:\windows\ServicePackFiles\i386\dskquota.dll
+ 2008-04-14 00:11:52 155,648 ------w c:\windows\ServicePackFiles\i386\dskquoui.dll
+ 2008-04-14 00:11:52 367,616 ------w c:\windows\ServicePackFiles\i386\dsound.dll
+ 2008-04-14 00:11:52 1,293,824 ------w c:\windows\ServicePackFiles\i386\dsound3d.dll
+ 2008-04-14 00:11:52 142,848 ------w c:\windows\ServicePackFiles\i386\dsprop.dll
+ 2008-04-13 17:09:30 4,096 ------w c:\windows\ServicePackFiles\i386\dsprpres.dll
+ 2008-04-14 00:11:52 239,104 ------w c:\windows\ServicePackFiles\i386\dsquery.dll
+ 2008-04-14 00:11:52 51,200 ------w c:\windows\ServicePackFiles\i386\dssec.dll
+ 2008-04-13 17:37:57 138,752 ------w c:\windows\ServicePackFiles\i386\dssenh.dll
+ 2008-04-14 00:11:52 113,152 ------w c:\windows\ServicePackFiles\i386\dsuiext.dll
+ 2008-04-14 00:11:52 19,456 ------w c:\windows\ServicePackFiles\i386\dswave.dll
+ 2008-04-14 00:12:18 10,752 ------w c:\windows\ServicePackFiles\i386\dumprep.exe
+ 2008-04-14 00:11:52 304,128 ------w c:\windows\ServicePackFiles\i386\duser.dll
+ 2008-04-14 00:12:18 17,920 ------w c:\windows\ServicePackFiles\i386\dvdupgrd.exe
+ 2008-04-14 00:12:18 180,224 ------w c:\windows\ServicePackFiles\i386\dwwin.exe
+ 2008-04-14 00:11:52 619,008 ------w c:\windows\ServicePackFiles\i386\dx7vb.dll
+ 2008-04-14 00:11:52 1,227,264 ------w c:\windows\ServicePackFiles\i386\dx8vb.dll
+ 2008-04-14 00:12:18 1,298,432 ------w c:\windows\ServicePackFiles\i386\dxdiag.exe
+ 2008-04-14 00:11:52 2,113,536 ------w c:\windows\ServicePackFiles\i386\dxdiagn.dll
+ 2008-04-13 18:38:29 71,168 ------w c:\windows\ServicePackFiles\i386\dxg.sys
+ 2008-04-14 00:11:52 357,888 ------w c:\windows\ServicePackFiles\i386\dxtmsft.dll
+ 2008-04-14 00:11:52 205,312 ------w c:\windows\ServicePackFiles\i386\dxtrans.dll
+ 2008-04-14 00:11:52 30,720 ------w c:\windows\ServicePackFiles\i386\eapolqec.dll
+ 2008-04-14 00:11:52 184,832 ------w c:\windows\ServicePackFiles\i386\eapp3hst.dll
+ 2008-04-14 00:11:52 126,976 ------w c:\windows\ServicePackFiles\i386\eappcfg.dll
+ 2008-04-14 00:11:52 94,208 ------w c:\windows\ServicePackFiles\i386\eappgnui.dll
+ 2008-04-14 00:11:52 180,224 ------w c:\windows\ServicePackFiles\i386\eapphost.dll
+ 2008-04-14 00:11:52 40,960 ------w c:\windows\ServicePackFiles\i386\eappprxy.dll
+ 2008-04-14 00:11:52 59,392 ------w c:\windows\ServicePackFiles\i386\eapqec.dll
+ 2008-04-14 00:11:52 33,792 ------w c:\windows\ServicePackFiles\i386\eapsvc.dll
+ 2008-04-14 00:11:52 26,624 ------w c:\windows\ServicePackFiles\i386\efsadu.dll
+ 2008-04-14 00:11:53 183,296 ------w c:\windows\ServicePackFiles\i386\els.dll
+ 2008-04-14 00:11:53 20,480 ------w c:\windows\ServicePackFiles\i386\encapi.dll
+ 2008-04-14 00:11:53 186,880 ------w c:\windows\ServicePackFiles\i386\encdec.dll
+ 2008-04-13 16:26:02 40,960 ------w c:\windows\ServicePackFiles\i386\ep9res.dll
+ 2004-07-17 18:39:36 120,320 ------w c:\windows\ServicePackFiles\i386\epcl5res.dll
+ 2008-04-14 00:11:53 23,040 ------w c:\windows\ServicePackFiles\i386\ersvc.dll
+ 2008-04-14 00:11:53 246,272 ------w c:\windows\ServicePackFiles\i386\es.dll
+ 2008-04-14 00:11:53 1,082,368 ------w c:\windows\ServicePackFiles\i386\esent.dll
+ 2008-04-14 00:11:53 247,808 ------w c:\windows\ServicePackFiles\i386\esscli.dll
+ 2004-08-04 05:32:28 137,088 ------w c:\windows\ServicePackFiles\i386\essm2e.sys
+ 2008-04-14 00:12:19 193,024 ------w c:\windows\ServicePackFiles\i386\eudcedit.exe
+ 2008-04-14 00:12:19 50,688 ------w c:\windows\ServicePackFiles\i386\evcreate.exe
+ 2008-04-14 00:11:53 56,320 ------w c:\windows\ServicePackFiles\i386\eventlog.dll
+ 2004-07-20 00:54:06 798,720 ------w c:\windows\ServicePackFiles\i386\eventlogmessages.dll
+ 2008-04-14 00:11:53 101,888 ------w c:\windows\ServicePackFiles\i386\evntagnt.dll
+ 2008-04-14 00:12:19 24,064 ------w c:\windows\ServicePackFiles\i386\evntcmd.exe
+ 2008-04-14 00:11:53 21,504 ------w c:\windows\ServicePackFiles\i386\evntrprv.dll
+ 2008-04-14 00:12:19 92,160 ------w c:\windows\ServicePackFiles\i386\evntwin.exe
+ 2008-04-14 00:11:53 45,056 ------w c:\windows\ServicePackFiles\i386\evtgprov.dll
+ 2008-04-14 00:12:19 82,944 ------w c:\windows\ServicePackFiles\i386\evtrig.exe
+ 2008-04-14 00:12:19 1,033,728 ------w c:\windows\ServicePackFiles\i386\explorer.exe
+ 2008-04-14 00:11:53 380,445 ------w c:\windows\ServicePackFiles\i386\expsrv.dll
+ 2008-04-14 00:11:53 14,336 ------w c:\windows\ServicePackFiles\i386\exstrace.dll
+ 2008-04-14 00:11:53 55,808 ------w c:\windows\ServicePackFiles\i386\extmgr.dll
+ 2008-04-14 00:12:19 24,064 ------w c:\windows\ServicePackFiles\i386\extrac32.exe
+ 2008-04-14 00:11:53 125,952 ------w c:\windows\ServicePackFiles\i386\exts.dll
+ 2008-04-14 00:09:30 7,168 ------w c:\windows\ServicePackFiles\i386\f3ahvoas.dll
+ 2008-04-13 19:14:29 143,744 ------w c:\windows\ServicePackFiles\i386\fastfat.sys
+ 2008-04-14 00:11:53 472,064 ------w c:\windows\ServicePackFiles\i386\fastprox.dll
+ 2008-04-14 00:11:53 80,384 ------w c:\windows\ServicePackFiles\i386\faultrep.dll
+ 2008-04-14 00:12:20 20,992 ------w c:\windows\ServicePackFiles\i386\faxpatch.exe
+ 2008-04-13 18:40:25 27,392 ------w c:\windows\ServicePackFiles\i386\fdc.sys
+ 2008-04-14 00:11:53 124,928 ------w c:\windows\ServicePackFiles\i386\fde.dll
+ 2008-04-14 00:11:53 73,728 ------w c:\windows\ServicePackFiles\i386\fdeploy.dll
+ 2008-04-14 00:11:53 21,504 ------w c:\windows\ServicePackFiles\i386\feclient.dll
+ 2008-04-14 00:11:53 337,920 ------w c:\windows\ServicePackFiles\i386\filemgmt.dll
+ 2008-04-14 00:12:20 27,136 ------w c:\windows\ServicePackFiles\i386\findstr.exe
+ 2008-04-13 18:33:28 44,544 ------w c:\windows\ServicePackFiles\i386\fips.sys
+ 2008-04-14 00:11:53 87,552 ------w c:\windows\ServicePackFiles\i386\fldrclnr.dll
+ 2008-04-13 18:40:25 20,480 ------w c:\windows\ServicePackFiles\i386\flpydisk.sys
+ 2008-04-14 00:11:53 16,896 ------w c:\windows\ServicePackFiles\i386\fltlib.dll
+ 2008-04-14 00:12:20 23,040 ------w c:\windows\ServicePackFiles\i386\fltmc.exe
+ 2008-04-13 18:32:59 129,792 ------w c:\windows\ServicePackFiles\i386\fltmgr.sys
+ 2008-04-14 00:11:53 382,976 ------w c:\windows\ServicePackFiles\i386\fontext.dll
+ 2008-04-14 00:11:53 80,896 ------w c:\windows\ServicePackFiles\i386\fontsub.dll
+ 2008-04-14 00:12:20 20,992 ------w c:\windows\ServicePackFiles\i386\fontview.exe
+ 2008-04-14 00:12:20 7,680 ------w c:\windows\ServicePackFiles\i386\forcedos.exe
+ 2004-08-04 05:31:24 34,173 ------w c:\windows\ServicePackFiles\i386\forehe.sys
+ 2008-04-14 00:12:42 29,696 ------w c:\windows\ServicePackFiles\i386\format.com
+ 2008-04-14 00:11:53 32,828 ------w c:\windows\ServicePackFiles\i386\fp40ext.dll
+ 2008-04-14 00:11:53 184,435 ------w c:\windows\ServicePackFiles\i386\fp4amsft.dll
+ 2008-04-14 00:11:53 82,035 ------w c:\windows\ServicePackFiles\i386\fp4anscp.dll
+ 2008-04-14 00:11:53 147,513 ------w c:\windows\ServicePackFiles\i386\fp4apws.dll
+ 2008-04-14 00:11:53 49,210 ------w c:\windows\ServicePackFiles\i386\fp4areg.dll
+ 2008-04-14 00:11:53 102,509 ------w c:\windows\ServicePackFiles\i386\fp4atxt.dll
+ 2008-04-14 00:11:53 618,605 ------w c:\windows\ServicePackFiles\i386\fp4autl.dll
+ 2008-04-14 00:11:53 41,020 ------w c:\windows\ServicePackFiles\i386\fp4avnb.dll
+ 2008-04-14 00:11:53 32,826 ------w c:\windows\ServicePackFiles\i386\fp4avss.dll
+ 2008-04-14 00:11:53 49,212 ------w c:\windows\ServicePackFiles\i386\fp4awebs.dll
+ 2008-04-14 00:11:53 876,653 ------w c:\windows\ServicePackFiles\i386\fp4awel.dll
+ 2008-04-14 00:12:20 15,120 ------w c:\windows\ServicePackFiles\i386\fp98sadm.exe
+ 2008-04-14 00:12:20 109,840 ------w c:\windows\ServicePackFiles\i386\fp98swin.exe
+ 2008-04-14 00:12:20 24,632 ------w c:\windows\ServicePackFiles\i386\fpadmcgi.exe
+ 2008-04-14 00:11:53 20,541 ------w c:\windows\ServicePackFiles\i386\fpadmdll.dll
+ 2008-04-14 00:12:20 188,494 ------w c:\windows\ServicePackFiles\i386\fpcount.exe
+ 2008-04-14 00:11:53 94,208 ------w c:\windows\ServicePackFiles\i386\fpencode.dll
+ 2008-04-14 00:11:53 20,541 ------w c:\windows\ServicePackFiles\i386\fpexedll.dll
+ 2008-04-14 00:11:53 598,071 ------w c:\windows\ServicePackFiles\i386\fpmmc.dll
+ 2007-04-02 16:36:04 208,896 ------w c:\windows\ServicePackFiles\i386\fpmmcsat.dll
+ 2008-04-14 00:12:20 20,538 ------w c:\windows\ServicePackFiles\i386\fpremadm.exe
+ 2008-04-14 00:12:20 28,728 ------w c:\windows\ServicePackFiles\i386\fpsrvadm.exe
+ 2008-04-14 00:09:33 9,344 ------w c:\windows\ServicePackFiles\i386\framebuf.dll
+ 2008-04-14 00:11:53 185,344 ------w c:\windows\ServicePackFiles\i386\framedyn.dll
+ 2008-04-14 00:12:20 193,024 ------w c:\windows\ServicePackFiles\i386\fsquirt.exe
+ 2008-04-14 00:12:20 42,496 ------w c:\windows\ServicePackFiles\i386\ftp.exe
+ 2008-04-14 00:11:53 6,144 ------w c:\windows\ServicePackFiles\i386\ftpmib.dll
+ 2008-04-14 00:11:53 125,952 ------w c:\windows\ServicePackFiles\i386\ftpsv251.dll
+ 2004-07-20 00:54:06 233,472 ------w c:\windows\ServicePackFiles\i386\fusion.dll
+ 2008-04-14 00:11:53 60,416 ------w c:\windows\ServicePackFiles\i386\fwcfg.dll
+ 2008-04-14 00:11:53 451,584 ------w c:\windows\ServicePackFiles\i386\fxsapi.dll
+ 2008-04-14 00:12:21 142,848 ------w c:\windows\ServicePackFiles\i386\fxsclnt.exe
+ 2008-04-14 00:11:54 72,192 ------w c:\windows\ServicePackFiles\i386\fxscom.dll
+ 2008-04-14 00:11:54 285,184 ------w c:\windows\ServicePackFiles\i386\fxscomex.dll
+ 2008-04-14 00:12:21 229,376 ------w c:\windows\ServicePackFiles\i386\fxscover.exe
+ 2008-04-14 00:11:54 26,624 ------w c:\windows\ServicePackFiles\i386\fxsdrv.dll
+ 2008-04-14 00:11:54 55,296 ------w c:\windows\ServicePackFiles\i386\fxsevent.dll
+ 2008-04-14 00:11:54 23,552 ------w c:\windows\ServicePackFiles\i386\fxsext32.dll
+ 2008-04-14 00:11:54 23,552 ------w c:\windows\ServicePackFiles\i386\fxsmon.dll
+ 2008-04-14 00:11:54 132,608 ------w c:\windows\ServicePackFiles\i386\fxsocm.dll
+ 2008-04-14 00:11:54 8,704 ------w c:\windows\ServicePackFiles\i386\fxsperf.dll
+ 2008-04-14 00:09:33 6,656 ------w c:\windows\ServicePackFiles\i386\fxsres.dll
+ 2008-04-14 00:11:54 562,176 ------w c:\windows\ServicePackFiles\i386\fxsst.dll
+ 2008-04-14 00:12:21 267,776 ------w c:\windows\ServicePackFiles\i386\fxssvc.exe
+ 2008-04-14 00:11:54 246,272 ------w c:\windows\ServicePackFiles\i386\fxst30.dll
+ 2008-04-14 00:11:54 397,312 ------w c:\windows\ServicePackFiles\i386\fxstiff.dll
+ 2008-04-14 00:11:54 154,112 ------w c:\windows\ServicePackFiles\i386\fxsui.dll
+ 2008-04-14 00:11:54 192,512 ------w c:\windows\ServicePackFiles\i386\fxswzrd.dll
+ 2008-04-14 00:11:54 400,384 ------w c:\windows\ServicePackFiles\i386\fxsxp32.dll
+ 2008-04-13 18:36:40 46,464 ------w c:\windows\ServicePackFiles\i386\gagp30kx.sys
+ 2008-04-13 18:45:29 10,624 ------w c:\windows\ServicePackFiles\i386\gameenum.sys
+ 2008-04-13 18:45:32 59,136 ------w c:\windows\ServicePackFiles\i386\gckernel.sys
+ 2008-04-14 00:11:54 285,184 ------w c:\windows\ServicePackFiles\i386\gdi32.dll
+ 2008-04-14 00:12:21 59,904 ------w c:\windows\ServicePackFiles\i386\getmac.exe
+ 2008-04-14 00:11:54 122,880 ------w c:\windows\ServicePackFiles\i386\glu32.dll
+ 2008-04-14 00:09:35 566,784 ------w c:\windows\ServicePackFiles\i386\gpedit.dll
+ 2004-08-10 04:00:00 101,888 ------w c:\windows\ServicePackFiles\i386\gpkcsp.dll
+ 2006-12-31 01:26:44 9,728 ------w c:\windows\ServicePackFiles\i386\gpkrsrc.dll
+ 2008-04-14 00:12:21 120,832 ------w c:\windows\ServicePackFiles\i386\gprslt.exe
+ 2008-04-14 00:11:54 199,680 ------w c:\windows\ServicePackFiles\i386\gptext.dll
+ 2008-04-14 00:12:21 39,424 ------w c:\windows\ServicePackFiles\i386\grpconv.exe
+ 2008-04-13 18:40:21 28,288 ------w c:\windows\ServicePackFiles\i386\grserial.sys
+ 2008-04-14 00:11:54 133,120 ------w c:\windows\ServicePackFiles\i386\guitrn.dll
+ 2008-04-14 00:11:54 115,200 ------w c:\windows\ServicePackFiles\i386\guitrna.dll
+ 2008-04-14 00:11:54 32,256 ------w c:\windows\ServicePackFiles\i386\gzip.dll
+ 2008-04-14 00:11:54 57,344 ------w c:\windows\ServicePackFiles\i386\h323cc.dll
+ 2008-04-14 00:11:54 614,912 ------w c:\windows\ServicePackFiles\i386\h323msp.dll
+ 2008-04-13 18:31:32 105,344 ------w c:\windows\ServicePackFiles\i386\hal.dll
+ 2008-04-13 18:31:28 131,840 ------w c:\windows\ServicePackFiles\i386\halaacpi.dll
+ 2008-04-13 18:31:27 81,152 ------w c:\windows\ServicePackFiles\i386\halacpi.dll
+ 2008-04-13 18:31:28 150,528 ------w c:\windows\ServicePackFiles\i386\halapic.dll
+ 2008-04-13 18:31:28 134,400 ------w c:\windows\ServicePackFiles\i386\halmacpi.dll
+ 2008-04-13 18:31:32 152,576 ------w c:\windows\ServicePackFiles\i386\halmps.dll
+ 2008-04-13 18:31:31 77,696 ------w c:\windows\ServicePackFiles\i386\halsp.dll
+ 2008-04-14 00:11:54 7,168 ------w c:\windows\ServicePackFiles\i386\hccoin.dll
+ 2008-04-13 16:36:05 144,384 ------w c:\windows\ServicePackFiles\i386\hdaudbus.sys
+ 2008-04-14 00:12:21 15,872 ------w c:\windows\ServicePackFiles\i386\help.exe
+ 2008-04-14 00:12:21 769,024 ------w c:\windows\ServicePackFiles\i386\helpctr.exe
+ 2008-04-14 00:12:21 744,448 ------w c:\windows\ServicePackFiles\i386\helpsvc.exe
+ 2008-04-14 00:12:21 10,752 ------w c:\windows\ServicePackFiles\i386\hh.exe
+ 2008-04-14 00:11:54 41,472 ------w c:\windows\ServicePackFiles\i386\hhsetup.dll
+ 2008-04-14 00:11:54 20,992 ------w c:\windows\ServicePackFiles\i386\hid.dll
+ 2008-04-13 18:36:38 20,352 ------w c:\windows\ServicePackFiles\i386\hidbatt.sys
+ 2008-04-13 18:46:30 25,600 ------w c:\windows\ServicePackFiles\i386\hidbth.sys
+ 2008-04-13 18:45:26 36,864 ------w c:\windows\ServicePackFiles\i386\hidclass.sys
+ 2008-04-13 18:45:26 19,200 ------w c:\windows\ServicePackFiles\i386\hidir.sys
+ 2008-04-13 18:45:22 24,960 ------w c:\windows\ServicePackFiles\i386\hidparse.sys
+ 2008-04-14 00:11:54 21,504 ------w c:\windows\ServicePackFiles\i386\hidserv.dll
+ 2008-04-13 18:45:27 10,368 ------w c:\windows\ServicePackFiles\i386\hidusb.sys
+ 2008-04-14 00:11:54 72,704 ------w c:\windows\ServicePackFiles\i386\hlink.dll
+ 2008-04-14 00:11:54 38,912 ------w c:\windows\ServicePackFiles\i386\hmmapi.dll
+ 2008-04-14 00:11:54 344,064 ------w c:\windows\ServicePackFiles\i386\hnetcfg.dll
+ 2008-04-14 00:11:54 330,752 ------w c:\windows\ServicePackFiles\i386\hnetwiz.dll
+ 2008-04-14 00:11:54 39,936 ------w c:\windows\ServicePackFiles\i386\hostmib.dll
+ 2008-04-14 00:11:54 144,896 ------w c:\windows\ServicePackFiles\i386\hotplug.dll
+ 2008-04-14 00:11:54 10,752 ------w c:\windows\ServicePackFiles\i386\hpcjrr.dll
+ 2008-04-14 00:11:54 10,240 ------w c:\windows\ServicePackFiles\i386\hpcjrrps.dll
+ 2008-04-14 00:11:54 87,552 ------w c:\windows\ServicePackFiles\i386\hpfud50.dll
+ 2008-04-14 00:12:21 18,432 ------w c:\windows\ServicePackFiles\i386\hscupd.exe
+ 2004-08-04 05:41:48 220,032 ------w c:\windows\ServicePackFiles\i386\hsfbs2s2.sys
+ 2008-04-14 00:11:54 32,285 ------w c:\windows\ServicePackFiles\i386\hsfcisp2.dll
+ 2004-08-04 05:41:50 685,056 ------w c:\windows\ServicePackFiles\i386\hsfcxts2.sys
+ 2004-08-04 05:41:56 1,041,536 ------w c:\windows\ServicePackFiles\i386\hsfdpsp2.sys
+ 2008-04-13 18:53:53 264,832 ------w c:\windows\ServicePackFiles\i386\http.sys
+ 2008-04-14 00:11:54 24,576 ------w c:\windows\ServicePackFiles\i386\httpapi.dll
+ 2008-04-14 00:11:54 268,288 ------w c:\windows\ServicePackFiles\i386\httpext.dll
+ 2008-04-14 00:11:54 8,192 ------w c:\windows\ServicePackFiles\i386\httpmb51.dll
+ 2008-04-14 00:11:54 61,440 ------w c:\windows\ServicePackFiles\i386\httpod51.dll
+ 2008-04-14 00:11:54 41,984 ------w c:\windows\ServicePackFiles\i386\htui.dll
+ 2008-04-14 00:11:54 347,136 ------w c:\windows\ServicePackFiles\i386\hypertrm.dll
+ 2008-04-13 18:41:22 8,576 ------w c:\windows\ServicePackFiles\i386\i2omgmt.sys
+ 2008-04-13 18:41:22 18,560 ------w c:\windows\ServicePackFiles\i386\i2omp.sys
+ 2008-04-13 19:18:00 52,480 ------w c:\windows\ServicePackFiles\i386\i8042prt.sys
+ 2008-04-14 00:11:54 702,845 ------w c:\windows\ServicePackFiles\i386\i81xdnt5.dll
+ 2004-08-04 05:29:38 161,020 ------w c:\windows\ServicePackFiles\i386\i81xnt5.sys
+ 2008-04-14 00:11:54 119,808 ------w c:\windows\ServicePackFiles\i386\iasrad.dll
+ 2008-04-14 00:11:54 11,264 ------w c:\windows\ServicePackFiles\i386\icaapi.dll
+ 2008-04-14 00:11:54 80,384 ------w c:\windows\ServicePackFiles\i386\iccvid.dll
+ 2008-04-14 00:11:54 254,976 ------w c:\windows\ServicePackFiles\i386\icm32.dll
+ 2008-04-14 00:09:40 3,584 ------w c:\windows\ServicePackFiles\i386\icmp.dll
+ 2008-04-13 16:44:29 2,560 ------w c:\windows\ServicePackFiles\i386\iconlib.dll
+ 2008-04-14 00:11:54 61,440 ------w c:\windows\ServicePackFiles\i386\icwconn.dll
+ 2008-04-14 00:12:22 214,528 ------w c:\windows\ServicePackFiles\i386\icwconn1.exe
+ 2008-04-14 00:12:22 86,016 ------w c:\windows\ServicePackFiles\i386\icwconn2.exe
+ 2008-04-14 00:11:54 73,728 ------w c:\windows\ServicePackFiles\i386\icwdial.dll
+ 2008-04-14 00:11:54 32,768 ------w c:\windows\ServicePackFiles\i386\icwdl.dll
+ 2008-04-14 00:11:54 172,032 ------w c:\windows\ServicePackFiles\i386\icwhelp.dll
+ 2008-04-14 00:11:54 65,536 ------w c:\windows\ServicePackFiles\i386\icwphbk.dll
+ 2008-04-14 00:12:22 24,576 ------w c:\windows\ServicePackFiles\i386\icwrmind.exe
+ 2008-04-14 00:11:54 49,152 ------w c:\windows\ServicePackFiles\i386\icwutil.dll
+ 2008-04-14 00:11:54 120,832 ------w c:\windows\ServicePackFiles\i386\idq.dll
+ 2008-04-14 00:12:22 34,304 ------w c:\windows\ServicePackFiles\i386\ie4uinit.exe
+ 2008-04-14 00:11:54 143,360 ------w c:\windows\ServicePackFiles\i386\ieakeng.dll
+ 2008-04-14 00:11:54 216,576 ------w c:\windows\ServicePackFiles\i386\ieaksie.dll
+ 2008-04-14 00:11:54 323,584 ------w c:\windows\ServicePackFiles\i386\iedkcs32.dll
+ 2008-04-14 00:12:22 18,432 ------w c:\windows\ServicePackFiles\i386\iedw.exe
+ 2008-04-14 00:11:54 81,920 ------w c:\windows\ServicePackFiles\i386\ieencode.dll
+ 2007-01-02 23:29:28 8,192 ------w c:\windows\ServicePackFiles\i386\ieexec.exe
+ 2004-07-20 00:54:06 7,168 ------w c:\windows\ServicePackFiles\i386\ieexecremote.dll
+ 2004-07-20 00:54:06 32,768 ------w c:\windows\ServicePackFiles\i386\iehost.dll
+ 2008-04-14 00:11:54 251,904 ------w c:\windows\ServicePackFiles\i386\iepeers.dll
+ 2008-04-14 00:11:54 48,640 ------w c:\windows\ServicePackFiles\i386\iernonce.dll
+ 2008-04-14 00:11:54 62,976 ------w c:\windows\ServicePackFiles\i386\iesetup.dll
+ 2008-04-14 00:12:22 93,184 ------w c:\windows\ServicePackFiles\i386\iexplore.exe
+ 2008-04-14 00:12:22 114,688 ------w c:\windows\ServicePackFiles\i386\iexpress.exe
+ 2008-04-14 00:11:54 135,680 ------w c:\windows\ServicePackFiles\i386\ifmon.dll
+ 2008-04-14 00:11:54 8,192 ------w c:\windows\ServicePackFiles\i386\igmpagnt.dll
+ 2008-04-14 00:11:54 505,344 ------w c:\windows\ServicePackFiles\i386\iis.dll
+ 2008-04-14 00:11:54 25,088 ------w c:\windows\ServicePackFiles\i386\iisadmin.dll
+ 2008-04-14 00:11:54 145,408 ------w c:\windows\ServicePackFiles\i386\iische51.dll
+ 2008-04-14 00:11:54 68,608 ------w c:\windows\ServicePackFiles\i386\iisext51.dll
+ 2008-04-14 00:11:54 7,168 ------w c:\windows\ServicePackFiles\i386\iisfecnv.dll
+ 2008-04-14 00:11:54 79,872 ------w c:\windows\ServicePackFiles\i386\iislog51.dll
+ 2008-04-14 00:11:54 64,512 ------w c:\windows\ServicePackFiles\i386\iismap.dll
+ 2008-04-14 00:12:22 30,720 ------w c:\windows\ServicePackFiles\i386\iisrstas.exe
+ 2008-04-14 00:11:54 133,632 ------w c:\windows\ServicePackFiles\i386\iisrtl.dll
+ 2004-08-04 04:11:48 184,320 ------w c:\windows\ServicePackFiles\i386\ilasm.exe
+ 2008-04-14 00:11:54 81,920 ------w c:\windows\ServicePackFiles\i386\ils.dll
+ 2008-04-14 00:11:54 144,384 ------w c:\windows\ServicePackFiles\i386\imagehlp.dll
+ 2008-04-14 00:12:22 150,528 ------w c:\windows\ServicePackFiles\i386\imapi.exe
+ 2008-04-13 18:40:58 42,112 ------w c:\windows\ServicePackFiles\i386\imapi.sys
+ 2008-04-14 00:11:54 36,921 ------w c:\windows\ServicePackFiles\i386\imeshare.dll
+ 2008-04-14 00:11:54 35,840 ------w c:\windows\ServicePackFiles\i386\imgutil.dll
+ 2008-04-14 00:11:54 110,080 ------w c:\windows\ServicePackFiles\i386\imm32.dll
+ 2008-04-14 00:11:54 123,392 ------w c:\windows\ServicePackFiles\i386\imsinsnt.dll
+ 2008-04-14 00:11:54 274,432 ------w c:\windows\ServicePackFiles\i386\inetcfg.dll
+ 2008-04-14 00:11:54 691,712 ------w c:\windows\ServicePackFiles\i386\inetcomm.dll
+ 2008-04-14 00:12:22 15,360 ------w c:\windows\ServicePackFiles\i386\inetin51.exe
+ 2008-04-14 00:11:55 829,440 ------w c:\windows\ServicePackFiles\i386\inetmgr.dll
+ 2008-04-14 00:11:55 32,768 ------w c:\windows\ServicePackFiles\i386\inetmib1.dll
+ 2008-04-14 00:11:55 75,264 ------w c:\windows\ServicePackFiles\i386\inetpp.dll
+ 2008-04-14 00:11:55 15,872 ------w c:\windows\ServicePackFiles\i386\inetppui.dll
+ 2008-04-13 16:22:12 48,128 ------w c:\windows\ServicePackFiles\i386\inetres.dll
+ 2008-04-14 00:12:22 20,480 ------w c:\windows\ServicePackFiles\i386\inetwiz.exe
+ 2008-04-14 00:11:55 13,312 ------w c:\windows\ServicePackFiles\i386\infoadmn.dll
+ 2008-04-14 00:11:55 257,024 ------w c:\windows\ServicePackFiles\i386\infocomm.dll
+ 2008-04-14 00:11:55 147,456 ------w c:\windows\ServicePackFiles\i386\initpki.dll
+ 2008-04-14 00:11:55 123,392 ------w c:\windows\ServicePackFiles\i386\input.dll
+ 2008-04-14 00:11:55 96,256 ------w c:\windows\ServicePackFiles\i386\inseng.dll
+ 2004-07-20 00:54:06 24,576 ------w c:\windows\ServicePackFiles\i386\installutil.exe
+ 2008-04-13 18:40:29 5,504 ------w c:\windows\ServicePackFiles\i386\intelide.sys
+ 2008-04-13 18:31:32 36,352 ------w c:\windows\ServicePackFiles\i386\intelppm.sys
+ 2008-04-13 18:53:34 36,608 ------w c:\windows\ServicePackFiles\i386\ip6fw.sys
+ 2008-04-14 00:12:22 55,808 ------w c:\windows\ServicePackFiles\i386\ipconfig.exe
+ 2008-04-14 00:09:30 103,424 ------w c:\windows\ServicePackFiles\i386\ipevldpc.dll
+ 2008-04-14 00:09:23 24,064 ------w c:\windows\ServicePackFiles\i386\ipevlpid.dll
+ 2008-04-14 00:11:55 94,720 ------w c:\windows\ServicePackFiles\i386\iphlpapi.dll
+ 2008-04-13 18:57:07 20,864 ------w c:\windows\ServicePackFiles\i386\ipinip.sys
+ 2008-04-14 00:11:55 161,280 ------w c:\windows\ServicePackFiles\i386\ipmontr.dll
+ 2008-04-13 18:57:15 152,832 ------w c:\windows\ServicePackFiles\i386\ipnat.sys
+ 2008-04-14 00:11:55 331,264 ------w c:\windows\ServicePackFiles\i386\ipnathlp.dll
+ 2008-04-14 00:11:55 330,752 ------w c:\windows\ServicePackFiles\i386\ippromon.dll
+ 2008-04-14 00:11:55 35,328 ------w c:\windows\ServicePackFiles\i386\iprip.dll
+ 2008-04-14 00:11:55 177,152 ------w c:\windows\ServicePackFiles\i386\iprtrmgr.dll
+ 2008-04-13 19:19:42 75,264 ------w c:\windows\ServicePackFiles\i386\ipsec.sys
+ 2008-04-14 00:11:55 349,696 ------w c:\windows\ServicePackFiles\i386\ipsecsnp.dll
+ 2008-04-14 00:11:55 183,808 ------w c:\windows\ServicePackFiles\i386\ipsecsvc.dll
+ 2008-04-14 00:10:45 102,912 ------w c:\windows\ServicePackFiles\i386\ipseldpc.dll
+ 2008-04-14 00:09:24 24,064 ------w c:\windows\ServicePackFiles\i386\ipselpid.dll
+ 2008-04-14 00:11:55 384,000 ------w c:\windows\ServicePackFiles\i386\ipsmsnap.dll
+ 2008-04-14 00:12:23 53,248 ------w c:\windows\ServicePackFiles\i386\ipv6.exe
+ 2008-04-14 00:11:55 59,904 ------w c:\windows\ServicePackFiles\i386\ipv6mon.dll
+ 2008-04-14 00:12:23 23,552 ------w c:\windows\ServicePackFiles\i386\ipxroute.exe
+ 2008-04-14 00:11:55 22,016 ------w c:\windows\ServicePackFiles\i386\ipxwan.dll
+ 2008-04-14 00:11:55 120,320 ------w c:\windows\ServicePackFiles\i386\ir41_qc.dll
+ 2008-04-14 00:11:55 338,432 ------w c:\windows\ServicePackFiles\i386\ir41_qcx.dll
+ 2008-04-14 00:11:55 755,200 ------w c:\windows\ServicePackFiles\i386\ir50_32.dll
+ 2008-04-14 00:11:55 200,192 ------w c:\windows\ServicePackFiles\i386\ir50_qc.dll
+ 2008-04-14 00:11:55 183,808 ------w c:\windows\ServicePackFiles\i386\ir50_qcx.dll
+ 2008-04-13 18:45:34 46,592 ------w c:\windows\ServicePackFiles\i386\irbus.sys
+ 2008-04-13 18:54:36 88,192 ------w c:\windows\ServicePackFiles\i386\irda.sys
+ 2008-04-13 18:54:28 11,264 ------w c:\windows\ServicePackFiles\i386\irenum.sys
+ 2008-04-14 00:12:23 151,552 ------w c:\windows\ServicePackFiles\i386\irftp.exe
+ 2008-04-14 00:11:55 28,160 ------w c:\windows\ServicePackFiles\i386\irmon.dll
+ 2008-04-13 18:36:41 37,248 ------w c:\windows\ServicePackFiles\i386\isapnp.sys
+ 2008-04-14 00:11:55 68,608 ------w c:\windows\ServicePackFiles\i386\isatq.dll
+ 2008-04-14 00:11:55 26,624 ------w c:\windows\ServicePackFiles\i386\iscomlog.dll
+ 2008-04-14 00:10:32 105,984 ------w c:\windows\ServicePackFiles\i386\isdpc.dll
+ 2008-04-14 00:10:55 105,984 ------w c:\windows\ServicePackFiles\i386\isendpc.dll
+ 2008-04-14 00:10:55 24,064 ------w c:\windows\ServicePackFiles\i386\isenpid.dll
+ 2008-04-14 00:11:55 81,920 ------w c:\windows\ServicePackFiles\i386\isign32.dll
+ 2008-04-14 00:10:32 24,064 ------w c:\windows\ServicePackFiles\i386\ispid.dll
+ 2008-04-14 00:11:55 32,768 ------w c:\windows\ServicePackFiles\i386\isrdbg32.dll
+ 2008-04-14 00:11:55 155,136 ------w c:\windows\ServicePackFiles\i386\itircl.dll
+ 2008-04-14 00:11:55 138,240 ------w c:\windows\ServicePackFiles\i386\itss.dll
+ 2008-04-14 00:11:55 191,488 ------w c:\windows\ServicePackFiles\i386\iuengine.dll
+ 2008-04-14 00:11:55 54,272 ------w c:\windows\ServicePackFiles\i386\ixsso.dll
+ 2008-04-14 00:11:55 47,616 ------w c:\windows\ServicePackFiles\i386\iyuv_32.dll
+ 2008-04-14 00:11:55 163,840 ------w c:\windows\ServicePackFiles\i386\jgdw400.dll
+ 2008-04-14 00:11:55 27,648 ------w c:\windows\ServicePackFiles\i386\jgpl400.dll
+ 2004-07-20 00:54:06 40,960 ------w c:\windows\ServicePackFiles\i386\jsc.exe
+ 2008-04-14 00:11:56 512,000 ------w c:\windows\ServicePackFiles\i386\jscript.dll
+ 2008-04-14 00:11:56 15,872 ------w c:\windows\ServicePackFiles\i386\jsproxy.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbd101.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbd106.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbd106n.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdax2.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdbhc.dll
+ 2008-04-13 18:39:47 24,576 ------w c:\windows\ServicePackFiles\i386\kbdclass.sys
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdfi1.dll
+ 2008-04-13 18:39:48 14,592 ------w c:\windows\ServicePackFiles\i386\kbdhid.sys
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdibm02.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdinbe1.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdinben.dll
+ 2008-04-14 00:09:55 6,656 ------w c:\windows\ServicePackFiles\i386\kbdinmal.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdiultn.dll
+ 2008-04-14 00:09:55 6,656 ------w c:\windows\ServicePackFiles\i386\kbdlk41a.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdlk41j.dll
+ 2008-04-14 00:09:55 5,632 ------w c:\windows\ServicePackFiles\i386\kbdmaori.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdmlt47.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdmlt48.dll
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdnec.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdnepr.dll
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdno1.dll
+ 2008-04-14 00:09:55 6,144 ------w c:\windows\ServicePackFiles\i386\kbdpash.dll
+ 2008-04-14 00:09:55 7,680 ------w c:\windows\ServicePackFiles\i386\kbdsmsfi.dll
+ 2008-04-14 00:09:55 7,680 ------w c:\windows\ServicePackFiles\i386\kbdsmsno.dll
+ 2008-04-14 00:09:55 7,168 ------w c:\windows\ServicePackFiles\i386\kbdukx.dll
+ 2008-04-13 18:31:35 7,424 ------w c:\windows\ServicePackFiles\i386\kd1394.dll
+ 2008-04-14 00:11:56 184,832 ------w c:\windows\ServicePackFiles\i386\kdcsvc.dll
+ 2008-04-14 00:11:56 48,640 ------w c:\windows\ServicePackFiles\i386\kdsui.dll
+ 2008-04-14 00:11:56 253,952 ------w c:\windows\ServicePackFiles\i386\kdsusd.dll
+ 2008-04-14 00:11:56 299,520 ------w c:\windows\ServicePackFiles\i386\kerberos.dll
+ 2008-04-14 00:11:56 989,696 ------w c:\windows\ServicePackFiles\i386\kernel32.dll
+ 2004-08-10 04:00:00 42,537 ------w c:\windows\ServicePackFiles\i386\keyboard.sys
+ 2008-04-14 00:11:56 150,528 ------w c:\windows\ServicePackFiles\i386\keymgr.dll
+ 2008-04-13 18:45:09 172,416 ------w c:\windows\ServicePackFiles\i386\kmixer.sys
+ 2008-04-14 00:11:56 61,440 ------w c:\windows\ServicePackFiles\i386\kmsvc.dll
+ 2008-04-14 00:09:56 102,912 ------w c:\windows\ServicePackFiles\i386\knperdpc.dll
+ 2008-04-14 00:09:56 24,064 ------w c:\windows\ServicePackFiles\i386\knperpid.dll
+ 2008-04-14 00:09:56 102,912 ------w c:\windows\ServicePackFiles\i386\knprodpc.dll
+ 2008-04-14 00:09:56 24,576 ------w c:\windows\ServicePackFiles\i386\knpropid.dll
+ 2008-04-14 00:11:56 8,192 ------w c:\windows\ServicePackFiles\i386\koc.dll
+ 2008-04-14 00:09:56 102,912 ------w c:\windows\ServicePackFiles\i386\kperdpc.dll
+ 2008-04-14 00:09:56 24,064 ------w c:\windows\ServicePackFiles\i386\kperpid.dll
+ 2008-04-14 00:09:56 102,912 ------w c:\windows\ServicePackFiles\i386\kprodpc.dll
+ 2008-04-14 00:09:56 24,576 ------w c:\windows\ServicePackFiles\i386\kpropid.dll
+ 2004-08-10 04:00:00 92,224 ------w c:\windows\ServicePackFiles\i386\krnl386.exe
+ 2008-04-14 00:11:56 24,576 ------w c:\windows\ServicePackFiles\i386\krnlprov.dll
+ 2008-04-13 19:16:36 141,056 ------w c:\windows\ServicePackFiles\i386\ks.sys
+ 2008-04-13 18:31:43 92,288 ------w c:\windows\ServicePackFiles\i386\ksecdd.sys
+ 2008-04-14 00:11:56 4,096 ------w c:\windows\ServicePackFiles\i386\ksuser.dll
+ 2008-04-14 00:11:56 37,376 ------w c:\windows\ServicePackFiles\i386\l2store.dll
+ 2008-04-14 00:09:05 97,792 ------w c:\windows\ServicePackFiles\i386\lang\chtmbx.dll
+ 2008-04-14 00:09:05 56,320 ------w c:\windows\ServicePackFiles\i386\lang\chtskdic.dll
+ 2008-04-14 00:09:05 173,568 ------w c:\windows\ServicePackFiles\i386\lang\chtskf.dll
+ 2008-04-14 00:09:06 198,656 ------w c:\windows\ServicePackFiles\i386\lang\cintime.dll
+ 2004-08-04 05:31:56 480,256 ------w c:\windows\ServicePackFiles\i386\lang\cintsetp.exe
+ 2004-08-04 05:31:40 57,399 ------w c:\windows\ServicePackFiles\i386\lang\cplexe.exe
+ 2008-04-14 00:09:39 13,463,552 ------w c:\windows\ServicePackFiles\i386\lang\hwxjpn.dll
+ 2008-04-14 00:09:43 106,496 ------w c:\windows\ServicePackFiles\i386\lang\imekrcic.dll
+ 2008-04-14 00:09:43 86,016 ------w c:\windows\ServicePackFiles\i386\lang\imekrmbx.dll
+ 2008-04-14 00:09:44 811,064 ------w c:\windows\ServicePackFiles\i386\lang\imjp81k.dll
+ 2008-04-14 00:09:45 368,696 ------w c:\windows\ServicePackFiles\i386\lang\imjpcic.dll
+ 2008-04-14 00:09:45 716,856 ------w c:\windows\ServicePackFiles\i386\lang\imjpcus.dll
+ 2008-04-14 00:09:45 81,976 ------w c:\windows\ServicePackFiles\i386\lang\imjpdct.dll
+ 2004-08-04 05:31:54 307,257 ------w c:\windows\ServicePackFiles\i386\lang\imjpdct.exe
+ 2004-08-04 05:31:56 155,705 ------w c:\windows\ServicePackFiles\i386\lang\imjpdsvr.exe
+ 2004-08-04 05:31:58 196,665 ------w c:\windows\ServicePackFiles\i386\lang\imjpinst.exe
+ 2004-08-04 05:32:00 208,952 ------w c:\windows\ServicePackFiles\i386\lang\imjpmig.exe
+ 2004-08-04 05:32:12 233,527 ------w c:\windows\ServicePackFiles\i386\lang\imjprw.exe
+ 2004-08-04 05:32:16 262,200 ------w c:\windows\ServicePackFiles\i386\lang\imjputy.exe
+ 2008-04-14 00:09:46 274,489 ------w c:\windows\ServicePackFiles\i386\lang\imjputyc.dll
+ 2008-04-14 00:09:46 102,456 ------w c:\windows\ServicePackFiles\i386\lang\imlang.dll
+ 2004-08-04 05:31:50 59,392 ------w c:\windows\ServicePackFiles\i386\lang\imscinst.exe
+ 2008-04-14 00:09:47 315,455 ------w c:\windows\ServicePackFiles\i386\lang\imskf.dll
+ 2008-04-14 00:10:33 15,872 ------w c:\windows\ServicePackFiles\i386\lang\padrs404.dll
+ 2008-04-14 00:10:33 15,360 ------w c:\windows\ServicePackFiles\i386\lang\padrs804.dll
+ 2008-04-14 00:10:34 175,104 ------w c:\windows\ServicePackFiles\i386\lang\pintlcsa.dll
+ 2008-04-14 00:10:34 53,760 ------w c:\windows\ServicePackFiles\i386\lang\pintlcsd.dll
+ 2008-04-13 16:43:36 70,144 ------w c:\windows\ServicePackFiles\i386\lang\pintlphr.exe
+ 2008-04-14 00:10:34 67,584 ------w c:\windows\ServicePackFiles\i386\lang\pmigrate.dll
+ 2004-08-04 05:32:16 44,032 ------w c:\windows\ServicePackFiles\i386\lang\tintlphr.exe
+ 2004-08-04 05:32:16 455,168 ------w c:\windows\ServicePackFiles\i386\lang\tintsetp.exe
+ 2008-04-14 00:10:59 10,240 ------w c:\windows\ServicePackFiles\i386\lang\tmigrate.dll
+ 2008-04-14 00:11:01 76,288 ------w c:\windows\ServicePackFiles\i386\lang\uniime.dll
+ 2008-04-14 00:11:04 426,041 ------w c:\windows\ServicePackFiles\i386\lang\voicepad.dll
+ 2008-04-14 00:11:04 86,073 ------w c:\windows\ServicePackFiles\i386\lang\voicesub.dll
+ 2008-04-13 18:40:26 34,688 ------w c:\windows\ServicePackFiles\i386\lbrtfdc.sys
+ 2008-04-14 00:12:23 677,888 ------w c:\windows\ServicePackFiles\i386\lhmstsc.exe
+ 2008-04-14 00:11:56 2,061,824 ------w c:\windows\ServicePackFiles\i386\lhmstscx.dll
+ 2008-04-14 12:41:58 423,936 ------w c:\windows\ServicePackFiles\i386\licdll.dll
+ 2008-04-14 00:11:56 22,016 ------w c:\windows\ServicePackFiles\i386\licmgr10.dll
+ 2008-04-14 00:11:56 58,880 ------w c:\windows\ServicePackFiles\i386\licwmi.dll
+ 2008-04-14 00:11:56 19,968 ------w c:\windows\ServicePackFiles\i386\linkinfo.dll
+ 2008-04-14 00:11:56 13,824 ------w c:\windows\ServicePackFiles\i386\lmhsvc.dll
+ 2008-04-14 00:11:56 33,792 ------w c:\windows\ServicePackFiles\i386\lmmib2.dll
+ 2008-04-14 00:11:56 399,872 ------w c:\windows\ServicePackFiles\i386\lmrt.dll
+ 2008-04-14 00:11:56 97,280 ------w c:\windows\ServicePackFiles\i386\loadperf.dll
+ 2008-04-14 00:11:56 221,696 ------w c:\windows\ServicePackFiles\i386\localsec.dll
+ 2008-04-14 00:11:56 343,040 ------w c:\windows\ServicePackFiles\i386\localspl.dll
+ 2008-04-14 00:11:56 11,776 ------w c:\windows\ServicePackFiles\i386\localui.dll
+ 2008-04-14 00:12:24 75,264 ------w c:\windows\ServicePackFiles\i386\locator.exe
+ 2008-04-14 00:11:56 19,968 ------w c:\windows\ServicePackFiles\i386\log.dll
+ 2008-04-14 00:12:24 59,392 ------w c:\windows\ServicePackFiles\i386\logman.exe
+ 2008-04-14 00:12:43 220,672 ------w c:\windows\ServicePackFiles\i386\logon.scr
+ 2008-04-14 00:12:24 514,560 ------w c:\windows\ServicePackFiles\i386\logonui.exe
+ 2008-04-14 00:11:56 13,312 ------w c:\windows\ServicePackFiles\i386\lonsint.dll
+ 2008-04-14 00:11:56 22,528 ------w c:\windows\ServicePackFiles\i386\lpdsvc.dll
+ 2008-04-14 00:11:56 22,016 ------w c:\windows\ServicePackFiles\i386\lpk.dll
+ 2008-04-14 00:11:56 10,240 ------w c:\windows\ServicePackFiles\i386\lprhelp.dll
+ 2008-04-14 00:11:56 18,944 ------w c:\windows\ServicePackFiles\i386\lprmon.dll
+ 2008-04-14 00:11:56 728,064 ------w c:\windows\ServicePackFiles\i386\lsasrv.dll
+ 2008-04-14 00:12:24 13,312 ------w c:\windows\ServicePackFiles\i386\lsass.exe
+ 2004-08-04 05:41:36 606,684 ------w c:\windows\ServicePackFiles\i386\ltmdmnt.sys
+ 2004-08-04 05:41:38 420,992 ------w c:\windows\ServicePackFiles\i386\ltmdmntt.sys
+ 2008-04-13 18:40:52 7,040 ------w c:\windows\ServicePackFiles\i386\ltotape.sys
+ 2004-08-04 05:39:32 20,864 ------w c:\windows\ServicePackFiles\i386\lwadihid.sys
+ 2008-04-14 00:12:24 72,704 ------w c:\windows\ServicePackFiles\i386\magnify.exe
+ 2008-04-14 00:12:25 57,344 ------w c:\windows\ServicePackFiles\i386\makecab.exe
+ 2008-04-14 00:11:56 14,336 ------w c:\windows\ServicePackFiles\i386\mcastmib.dll
+ 2008-04-14 00:11:56 84,480 ------w c:\windows\ServicePackFiles\i386\mciavi32.dll
+ 2008-04-14 00:11:56 35,328 ------w c:\windows\ServicePackFiles\i386\mciqtz32.dll
+ 2008-04-14 00:11:56 23,040 ------w c:\windows\ServicePackFiles\i386\mciseq.dll
+ 2008-04-14 00:11:56 23,552 ------w c:\windows\ServicePackFiles\i386\mciwave.dll
+ 2008-04-14 00:11:56 37,888 ------w c:\windows\ServicePackFiles\i386\md5filt.dll
+ 2008-04-14 00:11:56 118,272 ------w c:\windows\ServicePackFiles\i386\mdminst.dll
+ 2008-04-14 00:11:56 86,016 ------w c:\windows\ServicePackFiles\i386\mdmxsdk.dll
+ 2004-08-04 05:41:56 11,868 ------w c:\windows\ServicePackFiles\i386\mdmxsdk.sys
+ 2008-04-14 00:11:56 16,896 ------w c:\windows\ServicePackFiles\i386\medctroc.dll
+ 2008-04-13 18:41:21 26,112 ------w c:\windows\ServicePackFiles\i386\memstpci.sys
+ 2008-04-14 00:11:56 85,504 ------w c:\windows\ServicePackFiles\i386\metada51.dll
+ 2008-04-13 18:36:41 63,744 ------w c:\windows\ServicePackFiles\i386\mf.sys
+ 2008-04-14 00:11:56 40,960 ------w c:\windows\ServicePackFiles\i386\mf3216.dll
+ 2008-04-14 00:11:56 927,504 ------w c:\windows\ServicePackFiles\i386\mfc40u.dll
+ 2008-04-14 00:11:56 1,028,096 ------w c:\windows\ServicePackFiles\i386\mfc42.dll
+ 2006-10-14 08:13:25 981,760 ------w c:\windows\ServicePackFiles\i386\mfc42u.dll
+ 2008-04-14 00:11:56 22,528 ------w c:\windows\ServicePackFiles\i386\mfcsubs.dll
+ 2008-04-14 00:11:56 14,848 ------w c:\windows\ServicePackFiles\i386\mgmtapi.dll
+ 2004-07-20 00:54:06 712,704 ------w c:\windows\ServicePackFiles\i386\microsoft.jscript.dll
+ 2004-07-20 00:54:06 286,720 ------w c:\windows\ServicePackFiles\i386\microsoft.visualbasic.dll
+ 2008-04-14 00:11:57 18,944 ------w c:\windows\ServicePackFiles\i386\midimap.dll
+ 2008-04-14 00:11:57 274,432 ------w c:\windows\ServicePackFiles\i386\migism.dll
+ 2008-04-14 00:11:57 261,120 ------w c:\windows\ServicePackFiles\i386\migisma.dll
+ 2008-04-14 00:11:57 60,928 ------w c:\windows\ServicePackFiles\i386\miglibnt.dll
+ 2008-04-14 00:12:25 103,936 ------w c:\windows\ServicePackFiles\i386\migload.exe
+ 2008-04-14 00:12:25 7,680 ------w c:\windows\ServicePackFiles\i386\migregdb.exe
+ 2008-04-14 00:12:25 245,248 ------w c:\windows\ServicePackFiles\i386\migwiz.exe
+ 2008-04-14 00:12:25 241,152 ------w c:\windows\ServicePackFiles\i386\migwiza.exe
+ 2008-04-14 00:11:57 29,696 ------w c:\windows\ServicePackFiles\i386\mimefilt.dll
+ 2008-04-14 00:11:57 586,240 ------w c:\windows\ServicePackFiles\i386\mlang.dll
+ 2008-04-14 00:12:25 1,414,656 ------w c:\windows\ServicePackFiles\i386\mmc.exe
+ 2008-04-14 00:11:57 184,320 ------w c:\windows\ServicePackFiles\i386\mmc30.dll
+ 2008-04-14 00:11:57 28,672 ------w c:\windows\ServicePackFiles\i386\mmc30r.dll
+ 2008-04-14 00:11:57 163,328 ------w c:\windows\ServicePackFiles\i386\mmcbase.dll
+ 2008-04-14 00:11:57 397,312 ------w c:\windows\ServicePackFiles\i386\mmcex.dll
+ 2008-04-14 00:11:57 40,960 ------w c:\windows\ServicePackFiles\i386\mmcexr.dll
+ 2008-04-14 00:11:57 106,496 ------w c:\windows\ServicePackFiles\i386\mmcfxc.dll
+ 2008-04-14 00:11:57 6,656 ------w c:\windows\ServicePackFiles\i386\mmcfxcr.dll
+ 2008-04-14 00:11:57 1,872,896 ------w c:\windows\ServicePackFiles\i386\mmcndmgr.dll
+ 2008-04-14 00:12:25 33,792 ------w c:\windows\ServicePackFiles\i386\mmcperf.exe
+ 2008-04-14 00:11:57 61,440 ------w c:\windows\ServicePackFiles\i386\mmcshext.dll
+ 2008-04-14 00:11:57 17,408 ------w c:\windows\ServicePackFiles\i386\mmfutil.dll
+ 2004-08-10 04:00:00 68,768 ------w c:\windows\ServicePackFiles\i386\mmsystem.dll
+ 2008-04-14 00:11:57 34,560 ------w c:\windows\ServicePackFiles\i386\mnmdd.dll
+ 2008-04-14 00:12:25 32,768 ------w c:\windows\ServicePackFiles\i386\mnmsrvc.exe
+ 2008-04-14 00:11:57 207,360 ------w c:\windows\ServicePackFiles\i386\mobsync.dll
+ 2008-04-14 00:12:26 143,360 ------w c:\windows\ServicePackFiles\i386\mobsync.exe
+ 2008-04-13 19:00:19 30,080 ------w c:\windows\ServicePackFiles\i386\modem.sys
+ 2008-04-14 00:11:57 153,600 ------w c:\windows\ServicePackFiles\i386\modemui.dll
+ 2008-04-14 00:12:26 16,384 ------w c:\windows\ServicePackFiles\i386\mofcomp.exe
+ 2008-04-14 00:11:57 123,904 ------w c:\windows\ServicePackFiles\i386\mofd.dll
+ 2008-04-14 00:12:42 16,896 ------w c:\windows\ServicePackFiles\i386\more.com
+ 2008-04-13 16:45:30 216,064 ------w c:\windows\ServicePackFiles\i386\moricons.dll
+ 2008-04-13 18:39:47 23,040 ------w c:\windows\ServicePackFiles\i386\mouclass.sys
+ 2008-04-13 18:39:46 42,368 ------w c:\windows\ServicePackFiles\i386\mountmgr.sys
+ 2008-04-14 00:12:27 3,558,912 ------w c:\windows\ServicePackFiles\i386\moviemk.exe
+ 2008-04-13 18:46:22 15,232 ------w c:\windows\ServicePackFiles\i386\mpe.sys
+ 2008-04-14 00:12:27 123,392 ------w c:\windows\ServicePackFiles\i386\mplay32.exe
+ 2008-04-14 00:11:57 59,904 ------w c:\windows\ServicePackFiles\i386\mpr.dll
+ 2008-04-14 00:11:57 87,040 ------w c:\windows\ServicePackFiles\i386\mprapi.dll
+ 2008-04-14 00:11:57 53,248 ------w c:\windows\ServicePackFiles\i386\mprdim.dll
+ 2008-04-13 18:39:44 92,544 ------w c:\windows\ServicePackFiles\i386\mqac.sys
+ 2008-04-14 00:11:57 138,240 ------w c:\windows\ServicePackFiles\i386\mqad.dll
+ 2008-04-14 00:12:27 19,968 ------w c:\windows\ServicePackFiles\i386\mqbkup.exe
+ 2008-04-14 00:11:57 47,616 ------w c:\windows\ServicePackFiles\i386\mqdscli.dll
+ 2008-04-14 00:11:57 16,896 ------w c:\windows\ServicePackFiles\i386\mqise.dll
+ 2008-04-14 00:11:57 89,088 ------w c:\windows\ServicePackFiles\i386\mqlogmgr.dll
+ 2008-04-14 00:11:57 225,280 ------w c:\windows\ServicePackFiles\i386\mqoa.dll
+ 2008-04-14 00:11:57 663,040 ------w c:\windows\ServicePackFiles\i386\mqqm.dll
+ 2008-04-14 00:11:57 177,152 ------w c:\windows\ServicePackFiles\i386\mqrt.dll
+ 2008-04-14 00:11:57 123,904 ------w c:\windows\ServicePackFiles\i386\mqrtdep.dll
+ 2008-04-14 00:11:57 95,744 ------w c:\windows\ServicePackFiles\i386\mqsec.dll
+ 2008-04-14 00:11:58 517,632 ------w c:\windows\ServicePackFiles\i386\mqsnap.dll
+ 2008-04-14 00:12:27 4,608 ------w c:\windows\ServicePackFiles\i386\mqsvc.exe
+ 2008-04-14 00:12:27 117,248 ------w c:\windows\ServicePackFiles\i386\mqtgsvc.exe
+ 2008-04-14 00:11:58 187,392 ------w c:\windows\ServicePackFiles\i386\mqtrig.dll
+ 2008-04-14 00:11:58 49,152 ------w c:\windows\ServicePackFiles\i386\mqupgrd.dll
+ 2008-04-14 00:11:58 471,552 ------w c:\windows\ServicePackFiles\i386\mqutil.dll
+ 2008-04-13 18:32:44 180,608 ------w c:\windows\ServicePackFiles\i386\mrxdav.sys
+ 2008-04-13 19:17:01 456,576 ------w c:\windows\ServicePackFiles\i386\mrxsmb.sys
+ 2008-04-14 00:11:58 71,680 ------w c:\windows\ServicePackFiles\i386\msacm32.dll
+ 2008-04-14 00:11:58 331,776 ------w c:\windows\ServicePackFiles\i386\msadce.dll
+ 2008-04-13 17:25:57 20,480 ------w c:\windows\ServicePackFiles\i386\msadcer.dll
+ 2008-04-14 00:11:58 61,440 ------w c:\windows\ServicePackFiles\i386\msadcf.dll
+ 2008-04-13 17:25:57 16,384 ------w c:\windows\ServicePackFiles\i386\msadcfr.dll
+ 2008-04-14 00:11:58 143,360 ------w c:\windows\ServicePackFiles\i386\msadco.dll
+ 2008-04-13 17:25:57 16,384 ------w c:\windows\ServicePackFiles\i386\msadcor.dll
+ 2008-04-14 00:11:58 53,248 ------w c:\windows\ServicePackFiles\i386\msadcs.dll
+ 2008-04-14 00:11:58 155,648 ------w c:\windows\ServicePackFiles\i386\msadds.dll
+ 2008-04-13 17:25:58 24,576 ------w c:\windows\ServicePackFiles\i386\msaddsr.dll
+ 2008-04-13 17:26:17 24,576 ------w c:\windows\ServicePackFiles\i386\msader15.dll
+ 2008-04-14 00:11:58 536,576 ------w c:\windows\ServicePackFiles\i386\msado15.dll
+ 2008-04-14 00:11:58 180,224 ------w c:\windows\ServicePackFiles\i386\msadomd.dll
+ 2008-04-14 00:11:58 57,344 ------w c:\windows\ServicePackFiles\i386\msador15.dll
+ 2008-04-14 00:11:58 200,704 ------w c:\windows\ServicePackFiles\i386\msadox.dll
+ 2008-04-14 00:11:58 57,344 ------w c:\windows\ServicePackFiles\i386\msadrh15.dll
+ 2008-04-14 00:10:06 3,584 ------w c:\windows\ServicePackFiles\i386\msafd.dll
+ 2008-04-14 00:11:58 86,016 ------w c:\windows\ServicePackFiles\i386\msapsspc.dll
+ 2008-04-14 00:11:58 57,344 ------w c:\windows\ServicePackFiles\i386\msasn1.dll
+ 2008-04-14 00:11:58 220,160 ------w c:\windows\ServicePackFiles\i386\mscandui.dll
+ 2008-04-14 00:11:58 73,728 ------w c:\windows\ServicePackFiles\i386\mscms.dll
+ 2008-04-14 00:11:58 69,632 ------w c:\windows\ServicePackFiles\i386\msconf.dll
+ 2008-04-14 00:12:27 169,984 ------w c:\windows\ServicePackFiles\i386\msconfig.exe
+ 2004-07-17 18:42:20 116,288 ------w c:\windows\ServicePackFiles\i386\msconv97.dll
+ 2004-07-20 00:54:06 1,564,672 ------w c:\windows\ServicePackFiles\i386\mscorcfg.dll
+ 2004-08-04 04:12:02 69,632 ------w c:\windows\ServicePackFiles\i386\mscordbc.dll
+ 2004-08-04 04:12:02 221,184 ------w c:\windows\ServicePackFiles\i386\mscordbi.dll
+ 2007-06-27 12:55:10 131,072 ------w c:\windows\ServicePackFiles\i386\mscoree.dll
#20 OFFLINE
-
- Members
-
- 34 posts
Member
Posted 29 January 2009 - 04:48 AM
cont....
+ 2007-01-02 23:29:12 73,728 ------w c:\windows\ServicePackFiles\i386\mscorie.dll
+ 2004-07-20 00:54:08 303,104 ------w c:\windows\ServicePackFiles\i386\mscorjit.dll
+ 2007-01-02 23:29:12 86,016 ------w c:\windows\ServicePackFiles\i386\mscorld.dll
+ 2007-01-02 23:21:20 1,998,848 ------w c:\windows\ServicePackFiles\i386\mscorlib.dll
+ 2004-08-04 04:12:08 94,208 ------w c:\windows\ServicePackFiles\i386\mscorpe.dll
+ 2004-08-04 04:12:08 143,360 ------w c:\windows\ServicePackFiles\i386\mscorrc.chs.dll
+ 2004-08-04 04:12:08 143,360 ------w c:\windows\ServicePackFiles\i386\mscorrc.cht.dll
+ 2004-08-04 04:12:08 143,360 ------w c:\windows\ServicePackFiles\i386\mscorrc.dll
+ 2004-08-04 04:12:10 172,032 ------w c:\windows\ServicePackFiles\i386\mscorrc.es.dll
+ 2004-08-04 04:12:10 172,032 ------w c:\windows\ServicePackFiles\i386\mscorrc.fr.dll
+ 2004-08-04 04:12:10 167,936 ------w c:\windows\ServicePackFiles\i386\mscorrc.ger.dll
+ 2004-08-04 04:12:10 167,936 ------w c:\windows\ServicePackFiles\i386\mscorrc.it.dll
+ 2004-08-04 04:12:10 143,360 ------w c:\windows\ServicePackFiles\i386\mscorrc.ja.dll
+ 2004-08-04 04:12:10 143,360 ------w c:\windows\ServicePackFiles\i386\mscorrc.kor.dll
+ 2004-08-04 04:12:10 46,592 ------w c:\windows\ServicePackFiles\i386\mscorsec.dll
+ 2004-08-04 04:12:10 69,632 ------w c:\windows\ServicePackFiles\i386\mscorsn.dll
+ 2007-12-17 11:58:53 2,273,280 ------w c:\windows\ServicePackFiles\i386\mscorsvr.dll
+ 2004-08-04 04:12:14 8,704 ------w c:\windows\ServicePackFiles\i386\mscortim.dll
+ 2007-12-17 11:59:26 2,281,472 ------w c:\windows\ServicePackFiles\i386\mscorwks.dll
+ 2008-04-13 17:26:07 12,288 ------w c:\windows\ServicePackFiles\i386\mscpx32r.dll
+ 2008-04-14 00:11:58 36,864 ------w c:\windows\ServicePackFiles\i386\mscpxl32.dll
+ 2008-04-14 00:11:58 297,984 ------w c:\windows\ServicePackFiles\i386\msctf.dll
+ 2008-04-14 00:11:58 68,608 ------w c:\windows\ServicePackFiles\i386\msctfp.dll
+ 2008-04-14 00:11:58 4,096 ------w c:\windows\ServicePackFiles\i386\msdadc.dll
+ 2008-04-14 00:11:58 118,784 ------w c:\windows\ServicePackFiles\i386\msdadiag.dll
+ 2008-04-14 00:11:58 4,096 ------w c:\windows\ServicePackFiles\i386\msdaenum.dll
+ 2008-04-14 00:11:58 4,096 ------w c:\windows\ServicePackFiles\i386\msdaer.dll
+ 2008-04-14 00:11:58 532,480 ------w c:\windows\ServicePackFiles\i386\msdaipp.dll
+ 2008-04-14 00:11:58 233,472 ------w c:\windows\ServicePackFiles\i386\msdaora.dll
+ 2008-04-13 17:24:14 16,384 ------w c:\windows\ServicePackFiles\i386\msdaorar.dll
+ 2008-04-14 00:11:58 77,824 ------w c:\windows\ServicePackFiles\i386\msdaosp.dll
+ 2008-04-13 17:25:58 16,384 ------w c:\windows\ServicePackFiles\i386\msdaprsr.dll
+ 2008-04-14 00:11:58 200,704 ------w c:\windows\ServicePackFiles\i386\msdaprst.dll
+ 2008-04-14 00:11:59 204,800 ------w c:\windows\ServicePackFiles\i386\msdaps.dll
+ 2008-04-14 00:11:59 118,784 ------w c:\windows\ServicePackFiles\i386\msdarem.dll
+ 2008-04-13 17:25:58 16,384 ------w c:\windows\ServicePackFiles\i386\msdaremr.dll
+ 2008-04-14 00:11:59 151,552 ------w c:\windows\ServicePackFiles\i386\msdart.dll
+ 2008-04-14 00:11:59 4,096 ------w c:\windows\ServicePackFiles\i386\msdasc.dll
+ 2008-04-14 00:11:59 315,392 ------w c:\windows\ServicePackFiles\i386\msdasql.dll
+ 2008-04-13 17:26:07 16,384 ------w c:\windows\ServicePackFiles\i386\msdasqlr.dll
+ 2008-04-14 00:11:59 94,208 ------w c:\windows\ServicePackFiles\i386\msdatl3.dll
+ 2008-04-14 00:11:59 20,480 ------w c:\windows\ServicePackFiles\i386\msdatt.dll
+ 2008-04-14 00:11:59 4,096 ------w c:\windows\ServicePackFiles\i386\msdaurl.dll
+ 2008-04-14 00:11:59 36,864 ------w c:\windows\ServicePackFiles\i386\msdfmap.dll
+ 2008-04-14 00:11:59 14,336 ------w c:\windows\ServicePackFiles\i386\msdmo.dll
+ 2008-04-14 00:12:27 6,144 ------w c:\windows\ServicePackFiles\i386\msdtc.exe
+ 2008-04-14 00:11:59 58,880 ------w c:\windows\ServicePackFiles\i386\msdtclog.dll
+ 2008-04-14 00:11:59 427,008 ------w c:\windows\ServicePackFiles\i386\msdtcprx.dll
+ 2008-04-14 00:11:59 90,112 ------w c:\windows\ServicePackFiles\i386\msdtcstp.dll
+ 2008-04-14 00:11:59 956,928 ------w c:\windows\ServicePackFiles\i386\msdtctm.dll
+ 2008-04-14 00:11:59 161,792 ------w c:\windows\ServicePackFiles\i386\msdtcuiu.dll
+ 2008-04-13 18:46:09 51,200 ------w c:\windows\ServicePackFiles\i386\msdv.sys
+ 2008-03-25 04:50:28 518,944 ------w c:\windows\ServicePackFiles\i386\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w c:\windows\ServicePackFiles\i386\msexcl40.dll
+ 2008-04-13 18:32:39 19,072 ------w c:\windows\ServicePackFiles\i386\msfs.sys
+ 2008-04-14 00:11:59 539,136 ------w c:\windows\ServicePackFiles\i386\msftedit.dll
+ 2008-04-14 00:11:59 997,376 ------w c:\windows\ServicePackFiles\i386\msgina.dll
+ 2008-04-13 18:56:32 35,072 ------w c:\windows\ServicePackFiles\i386\msgpc.sys
+ 2008-04-14 00:11:59 3,166,208 ------w c:\windows\ServicePackFiles\i386\msgr3en.dll
+ 2008-04-14 00:11:59 15,360 ------w c:\windows\ServicePackFiles\i386\msgrocm.dll
+ 2008-04-14 00:11:59 82,944 ------w c:\windows\ServicePackFiles\i386\msgsc.dll
+ 2008-04-13 17:30:28 180,224 ------w c:\windows\ServicePackFiles\i386\msgslang.dll
+ 2008-04-14 00:11:59 33,792 ------w c:\windows\ServicePackFiles\i386\msgsvc.dll
+ 2008-04-14 00:12:45 188,416 ------w c:\windows\ServicePackFiles\i386\msh261.drv
+ 2008-04-14 00:12:45 294,912 ------w c:\windows\ServicePackFiles\i386\msh263.drv
+ 2008-04-14 00:12:27 29,184 ------w c:\windows\ServicePackFiles\i386\mshta.exe
+ 2008-04-14 00:11:59 3,066,880 ------w c:\windows\ServicePackFiles\i386\mshtml.dll
+ 2008-04-14 00:11:59 449,024 ------w c:\windows\ServicePackFiles\i386\mshtmled.dll
+ 2008-04-13 16:26:26 56,832 ------w c:\windows\ServicePackFiles\i386\mshtmler.dll
+ 2008-04-14 00:11:59 2,843,136 ------w c:\windows\ServicePackFiles\i386\msi.dll
+ 2008-04-14 00:11:59 51,712 ------w c:\windows\ServicePackFiles\i386\msident.dll
+ 2008-04-14 00:11:59 6,656 ------w c:\windows\ServicePackFiles\i386\msidle.dll
+ 2008-04-14 00:11:59 248,832 ------w c:\windows\ServicePackFiles\i386\msieftp.dll
+ 2008-04-14 00:12:28 78,848 ------w c:\windows\ServicePackFiles\i386\msiexec.exe
+ 2008-04-14 00:11:59 271,360 ------w c:\windows\ServicePackFiles\i386\msihnd.dll
+ 2008-04-14 00:11:59 4,608 ------w c:\windows\ServicePackFiles\i386\msimg32.dll
+ 2008-04-14 00:12:28 60,416 ------w c:\windows\ServicePackFiles\i386\msimn.exe
+ 2008-04-13 15:39:43 884,736 ------w c:\windows\ServicePackFiles\i386\msimsg.dll
+ 2008-04-14 00:11:59 159,232 ------w c:\windows\ServicePackFiles\i386\msimtf.dll
+ 2008-04-14 00:11:59 376,832 ------w c:\windows\ServicePackFiles\i386\msinfo.dll
+ 2008-04-13 18:54:28 22,016 ------w c:\windows\ServicePackFiles\i386\msircomm.sys
+ 2008-04-14 00:12:28 40,960 ------w c:\windows\ServicePackFiles\i386\msiregmv.exe
+ 2008-04-14 00:11:59 15,360 ------w c:\windows\ServicePackFiles\i386\msisip.dll
+ 2008-03-25 04:50:34 1,516,568 ------w c:\windows\ServicePackFiles\i386\msjet40.dll
+ 2008-03-25 04:50:40 355,112 ------w c:\windows\ServicePackFiles\i386\msjetol1.dll
+ 2008-04-14 00:12:00 151,583 ------w c:\windows\ServicePackFiles\i386\msjint40.dll
+ 2008-04-14 00:12:00 102,400 ------w c:\windows\ServicePackFiles\i386\msjro.dll
+ 2008-03-25 04:50:42 60,192 ------w c:\windows\ServicePackFiles\i386\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w c:\windows\ServicePackFiles\i386\msjtes40.dll
+ 2008-04-13 18:39:52 7,552 ------w c:\windows\ServicePackFiles\i386\mskssrv.sys
+ 2008-04-14 00:12:00 25,088 ------w c:\windows\ServicePackFiles\i386\mslbui.dll
+ 2008-03-25 04:50:44 219,936 ------w c:\windows\ServicePackFiles\i386\msltus40.dll
+ 2008-04-14 00:12:00 39,936 ------w c:\windows\ServicePackFiles\i386\mslwvtts.dll
+ 2008-04-14 00:12:00 170,496 ------w c:\windows\ServicePackFiles\i386\msmqocm.dll
+ 2008-04-14 00:12:28 1,695,232 ------w c:\windows\ServicePackFiles\i386\msmsgs.exe
+ 2004-08-10 04:00:00 11,053,008 ------w c:\windows\ServicePackFiles\i386\msncli.exe
+ 2008-04-14 00:12:00 290,816 ------w c:\windows\ServicePackFiles\i386\msnsspc.dll
+ 2004-08-10 04:00:00 1,327,320 ------w c:\windows\ServicePackFiles\i386\msnsusii.exe
+ 2008-04-14 00:12:00 122,368 ------w c:\windows\ServicePackFiles\i386\msobcomm.dll
+ 2008-04-14 00:12:00 16,384 ------w c:\windows\ServicePackFiles\i386\msobdl.dll
+ 2008-04-14 00:12:00 565,248 ------w c:\windows\ServicePackFiles\i386\msobmain.dll
+ 2008-04-14 00:12:00 30,720 ------w c:\windows\ServicePackFiles\i386\msobshel.dll
+ 2008-04-14 00:12:00 19,456 ------w c:\windows\ServicePackFiles\i386\msobweb.dll
+ 2008-04-14 00:12:00 1,314,816 ------w c:\windows\ServicePackFiles\i386\msoe.dll
+ 2008-04-14 00:12:00 252,928 ------w c:\windows\ServicePackFiles\i386\msoeacct.dll
+ 2008-04-13 16:23:54 2,479,616 ------w c:\windows\ServicePackFiles\i386\msoeres.dll
+ 2008-04-14 00:12:00 105,984 ------w c:\windows\ServicePackFiles\i386\msoert2.dll
+ 2008-04-14 00:12:28 29,184 ------w c:\windows\ServicePackFiles\i386\msoobe.exe
+ 2008-04-13 17:24:14 20,480 ------w c:\windows\ServicePackFiles\i386\msorc32r.dll
+ 2008-04-14 00:12:00 143,360 ------w c:\windows\ServicePackFiles\i386\msorcl32.dll
+ 2008-04-14 00:12:28 343,040 ------w c:\windows\ServicePackFiles\i386\mspaint.exe
+ 2008-04-14 00:12:00 29,696 ------w c:\windows\ServicePackFiles\i386\mspatcha.dll
+ 2008-03-25 04:50:45 355,104 ------w c:\windows\ServicePackFiles\i386\mspbde40.dll
+ 2008-04-13 18:39:50 5,376 ------w c:\windows\ServicePackFiles\i386\mspclock.sys
+ 2008-04-13 18:39:51 4,992 ------w c:\windows\ServicePackFiles\i386\mspqm.sys
+ 2008-04-13 16:23:31 48,128 ------w c:\windows\ServicePackFiles\i386\msprivs.dll
+ 2008-04-14 00:12:00 146,432 ------w c:\windows\ServicePackFiles\i386\msrating.dll
+ 2008-03-25 04:50:47 432,928 ------w c:\windows\ServicePackFiles\i386\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 ------w c:\windows\ServicePackFiles\i386\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w c:\windows\ServicePackFiles\i386\msrepl40.dll
+ 2008-04-14 00:12:00 11,264 ------w c:\windows\ServicePackFiles\i386\msrle32.dll
+ 2008-04-14 00:12:00 134,656 ------w c:\windows\ServicePackFiles\i386\mssap.dll
+ 2008-04-14 00:12:00 155,136 ------w c:\windows\ServicePackFiles\i386\mssha.dll
+ 2008-04-13 18:14:58 76,800 ------w c:\windows\ServicePackFiles\i386\msshamsg.dll
+ 2008-04-13 18:36:46 15,488 ------w c:\windows\ServicePackFiles\i386\mssmbios.sys
+ 2008-04-14 00:12:00 274,432 ------w c:\windows\ServicePackFiles\i386\mst120.dll
+ 2008-04-14 00:12:00 57,344 ------w c:\windows\ServicePackFiles\i386\mst123.dll
+ 2008-04-13 18:46:08 49,024 ------w c:\windows\ServicePackFiles\i386\mstape.sys
+ 2008-04-14 00:12:00 274,944 ------w c:\windows\ServicePackFiles\i386\mstask.dll
+ 2008-04-13 18:39:50 5,504 ------w c:\windows\ServicePackFiles\i386\mstee.sys
+ 2008-03-25 04:50:55 264,992 ------w c:\windows\ServicePackFiles\i386\mstext40.dll
+ 2008-04-14 00:12:00 532,480 ------w c:\windows\ServicePackFiles\i386\mstime.dll
+ 2008-04-14 00:12:29 12,288 ------w c:\windows\ServicePackFiles\i386\mstinit.exe
+ 2008-04-14 00:12:00 116,224 ------w c:\windows\ServicePackFiles\i386\mstlsapi.dll
+ 2008-04-14 00:12:00 195,072 ------w c:\windows\ServicePackFiles\i386\msutb.dll
+ 2008-04-14 00:12:00 132,608 ------w c:\windows\ServicePackFiles\i386\msv1_0.dll
+ 2008-04-14 00:12:00 1,384,479 ------w c:\windows\ServicePackFiles\i386\msvbvm60.dll
+ 2008-04-14 00:12:01 57,344 ------w c:\windows\ServicePackFiles\i386\msvcirt.dll
+ 2008-04-14 00:12:01 413,696 ------w c:\windows\ServicePackFiles\i386\msvcp60.dll
+ 2008-04-14 00:12:01 343,040 ------w c:\windows\ServicePackFiles\i386\msvcrt.dll
+ 2008-04-13 18:30:46 61,440 ------w c:\windows\ServicePackFiles\i386\msvcrt40.dll
+ 2008-04-14 00:12:01 121,344 ------w c:\windows\ServicePackFiles\i386\msvfw32.dll
+ 2008-04-14 00:12:01 1,428,992 ------w c:\windows\ServicePackFiles\i386\msvidctl.dll
+ 2008-04-14 00:12:01 72,704 ------w c:\windows\ServicePackFiles\i386\msw3prt.dll
+ 2008-03-25 04:50:57 838,432 ------w c:\windows\ServicePackFiles\i386\mswdat10.dll
+ 2008-04-14 00:12:01 203,776 ------w c:\windows\ServicePackFiles\i386\mswebdvd.dll
+ 2008-04-14 00:12:01 245,248 ------w c:\windows\ServicePackFiles\i386\mswsock.dll
+ 2008-03-25 04:50:58 621,344 ------w c:\windows\ServicePackFiles\i386\mswstr10.dll
+ 2008-04-14 00:12:01 24,576 ------w c:\windows\ServicePackFiles\i386\msxactps.dll
+ 2008-03-25 04:50:58 355,104 ------w c:\windows\ServicePackFiles\i386\msxbde40.dll
+ 2008-04-14 00:12:01 506,368 ------w c:\windows\ServicePackFiles\i386\msxml.dll
+ 2008-04-14 00:12:01 701,440 ------w c:\windows\ServicePackFiles\i386\msxml2.dll
+ 2008-04-14 00:12:01 1,104,896 ------w c:\windows\ServicePackFiles\i386\msxml3.dll
+ 2008-04-14 00:12:01 16,896 ------w c:\windows\ServicePackFiles\i386\msyuv.dll
+ 2004-08-04 05:41:40 126,686 ------w c:\windows\ServicePackFiles\i386\mtlmnt5.sys
+ 2004-08-04 05:41:38 1,309,184 ------w c:\windows\ServicePackFiles\i386\mtlstrm.sys
+ 2008-04-14 00:12:29 119,808 ------w c:\windows\ServicePackFiles\i386\mtstocom.exe
+ 2008-04-14 00:12:01 66,560 ------w c:\windows\ServicePackFiles\i386\mtxclu.dll
+ 2008-04-14 00:12:01 30,720 ------w c:\windows\ServicePackFiles\i386\mtxdm.dll
+ 2008-04-14 00:12:01 4,096 ------w c:\windows\ServicePackFiles\i386\mtxex.dll
+ 2008-04-14 00:12:01 34,304 ------w c:\windows\ServicePackFiles\i386\mtxlegih.dll
+ 2008-04-14 00:12:01 91,648 ------w c:\windows\ServicePackFiles\i386\mtxoci.dll
+ 2008-04-14 00:12:01 1,737,856 ------w c:\windows\ServicePackFiles\i386\mtxparhd.dll
+ 2004-08-04 05:29:38 452,736 ------w c:\windows\ServicePackFiles\i386\mtxparhm.sys
+ 2008-04-14 00:12:29 90,624 ------w c:\windows\ServicePackFiles\i386\muisetup.exe
+ 2008-04-13 19:17:05 105,344 ------w c:\windows\ServicePackFiles\i386\mup.sys
+ 2008-04-13 18:43:55 12,672 ------w c:\windows\ServicePackFiles\i386\mutohpen.sys
+ 2008-04-14 00:12:01 90,624 ------w c:\windows\ServicePackFiles\i386\mydocs.dll
+ 2008-04-13 18:46:25 85,248 ------w c:\windows\ServicePackFiles\i386\nabtsfec.sys
+ 2008-04-14 00:12:01 221,184 ------w c:\windows\ServicePackFiles\i386\nac.dll
+ 2008-04-14 00:12:01 30,208 ------w c:\windows\ServicePackFiles\i386\napipsec.dll
+ 2008-04-14 00:12:01 193,024 ------w c:\windows\ServicePackFiles\i386\napmontr.dll
+ 2008-04-14 00:12:29 176,640 ------w c:\windows\ServicePackFiles\i386\napstat.exe
+ 2008-04-14 00:12:29 53,760 ------w c:\windows\ServicePackFiles\i386\narrator.exe
+ 2008-04-14 00:12:01 36,352 ------w c:\windows\ServicePackFiles\i386\ncobjapi.dll
+ 2008-04-14 00:12:01 47,104 ------w c:\windows\ServicePackFiles\i386\ncprov.dll
+ 2008-04-14 00:12:01 9,728 ------w c:\windows\ServicePackFiles\i386\ncpsres.dll
+ 2008-04-14 00:12:01 17,920 ------w c:\windows\ServicePackFiles\i386\nddeapi.dll
+ 2008-04-14 00:12:29 4,096 ------w c:\windows\ServicePackFiles\i386\nddeapir.exe
+ 2008-04-14 00:12:01 18,944 ------w c:\windows\ServicePackFiles\i386\nddenb32.dll
+ 2008-04-13 19:20:37 182,656 ------w c:\windows\ServicePackFiles\i386\ndis.sys
+ 2008-04-13 18:46:22 10,880 ------w c:\windows\ServicePackFiles\i386\ndisip.sys
+ 2008-04-14 00:12:01 57,344 ------w c:\windows\ServicePackFiles\i386\ndisnpp.dll
+ 2008-04-13 18:57:27 10,112 ------w c:\windows\ServicePackFiles\i386\ndistapi.sys
+ 2008-04-13 18:55:58 14,592 ------w c:\windows\ServicePackFiles\i386\ndisuio.sys
+ 2008-04-13 19:20:42 91,520 ------w c:\windows\ServicePackFiles\i386\ndiswan.sys
+ 2008-04-13 18:57:29 40,576 ------w c:\windows\ServicePackFiles\i386\ndproxy.sys
+ 2008-04-14 00:12:29 42,496 ------w c:\windows\ServicePackFiles\i386\net.exe
+ 2008-04-14 00:12:29 124,928 ------w c:\windows\ServicePackFiles\i386\net1.exe
+ 2008-04-14 00:12:01 337,408 ------w c:\windows\ServicePackFiles\i386\netapi32.dll
+ 2008-04-13 18:56:02 34,688 ------w c:\windows\ServicePackFiles\i386\netbios.sys
+ 2008-04-13 19:21:00 162,816 ------w c:\windows\ServicePackFiles\i386\netbt.sys
+ 2008-04-14 00:12:01 622,592 ------w c:\windows\ServicePackFiles\i386\netcfgx.dll
+ 2008-04-14 00:12:29 111,104 ------w c:\windows\ServicePackFiles\i386\netdde.exe
+ 2004-08-10 04:00:00 126,976 ------w c:\windows\ServicePackFiles\i386\netfxocm.dll
+ 2007-12-17 11:59:53 82,976 ------w c:\windows\ServicePackFiles\i386\netfxupdate.exe
+ 2008-04-14 00:12:01 139,264 ------w c:\windows\ServicePackFiles\i386\netid.dll
+ 2008-04-14 00:12:01 407,040 ------w c:\windows\ServicePackFiles\i386\netlogon.dll
+ 2008-04-14 00:12:01 198,144 ------w c:\windows\ServicePackFiles\i386\netman.dll
+ 2008-04-14 00:12:01 77,312 ------w c:\windows\ServicePackFiles\i386\netoc.dll
+ 2008-04-14 00:12:01 875,008 ------w c:\windows\ServicePackFiles\i386\netplwiz.dll
+ 2008-04-14 00:12:01 11,776 ------w c:\windows\ServicePackFiles\i386\netrap.dll
+ 2008-04-14 00:16:51 329,728 ------w c:\windows\ServicePackFiles\i386\netsetup.exe
+ 2008-04-14 00:12:29 86,016 ------w c:\windows\ServicePackFiles\i386\netsh.exe
+ 2008-04-14 00:12:02 1,703,936 ------w c:\windows\ServicePackFiles\i386\netshell.dll
+ 2008-04-14 00:12:29 36,864 ------w c:\windows\ServicePackFiles\i386\netstat.exe
+ 2008-04-14 00:12:02 80,896 ------w c:\windows\ServicePackFiles\i386\netui0.dll
+ 2008-04-14 00:12:02 245,760 ------w c:\windows\ServicePackFiles\i386\netui1.dll
+ 2004-08-04 05:31:42 132,695 ------w c:\windows\ServicePackFiles\i386\netwlan5.sys
+ 2008-04-14 00:12:02 247,808 ------w c:\windows\ServicePackFiles\i386\newdev.dll
+ 2004-08-04 04:12:20 147,456 ------w c:\windows\ServicePackFiles\i386\ngen.exe
+ 2008-04-13 18:51:25 61,824 ------w c:\windows\ServicePackFiles\i386\nic1394.sys
+ 2008-04-14 00:12:02 98,304 ------w c:\windows\ServicePackFiles\i386\nlhtml.dll
+ 2008-04-14 00:12:02 229,376 ------w c:\windows\ServicePackFiles\i386\nmas.dll
+ 2008-04-14 00:12:02 28,672 ------w c:\windows\ServicePackFiles\i386\nmasnt.dll
+ 2008-04-14 00:12:02 81,920 ------w c:\windows\ServicePackFiles\i386\nmchat.dll
+ 2008-04-14 00:12:02 77,824 ------w c:\windows\ServicePackFiles\i386\nmcom.dll
+ 2008-04-14 00:12:02 151,552 ------w c:\windows\ServicePackFiles\i386\nmft.dll
+ 2008-04-14 00:12:02 28,672 ------w c:\windows\ServicePackFiles\i386\nmmkcert.dll
+ 2008-04-13 18:53:09 40,320 ------w c:\windows\ServicePackFiles\i386\nmnt.sys
+ 2008-04-14 00:12:02 172,032 ------w c:\windows\ServicePackFiles\i386\nmoldwb.dll
+ 2008-04-14 00:12:02 188,416 ------w c:\windows\ServicePackFiles\i386\nmwb.dll
+ 2008-04-14 00:12:29 69,120 ------w c:\windows\ServicePackFiles\i386\notepad.exe
+ 2008-04-13 18:32:39 30,848 ------w c:\windows\ServicePackFiles\i386\npfs.sys
+ 2008-04-14 00:12:29 15,360 ------w c:\windows\ServicePackFiles\i386\nppagent.exe
+ 2008-04-14 00:12:02 54,784 ------w c:\windows\ServicePackFiles\i386\npptools.dll
+ 2008-04-13 18:54:36 28,672 ------w c:\windows\ServicePackFiles\i386\nscirda.sys
+ 2008-04-14 00:12:02 44,544 ------w c:\windows\ServicePackFiles\i386\nsepm.dll
+ 2008-04-14 00:12:29 76,800 ------w c:\windows\ServicePackFiles\i386\nslookup.exe
+ 2008-04-14 00:12:30 1,200,640 ------w c:\windows\ServicePackFiles\i386\ntbackup.exe
+ 2004-08-09 21:00:00 47,564 ------w c:\windows\ServicePackFiles\i386\ntdetect.com
+ 2008-04-14 00:11:24 706,048 ------w c:\windows\ServicePackFiles\i386\ntdll.dll
+ 2008-04-14 00:12:02 67,072 ------w c:\windows\ServicePackFiles\i386\ntdsapi.dll
+ 2008-04-14 00:12:02 212,992 ------w c:\windows\ServicePackFiles\i386\ntevt.dll
+ 2008-04-13 19:15:53 574,976 ------w c:\windows\ServicePackFiles\i386\ntfs.sys
+ 2004-08-10 04:00:00 33,840 ------w c:\windows\ServicePackFiles\i386\ntio.sys
+ 2004-08-10 04:00:00 34,560 ------w c:\windows\ServicePackFiles\i386\ntio404.sys
+ 2004-08-10 04:00:00 35,648 ------w c:\windows\ServicePackFiles\i386\ntio411.sys
+ 2004-08-10 04:00:00 35,424 ------w c:\windows\ServicePackFiles\i386\ntio412.sys
+ 2004-08-10 04:00:00 34,560 ------w c:\windows\ServicePackFiles\i386\ntio804.sys
+ 2008-04-13 19:24:37 2,145,280 ------w c:\windows\ServicePackFiles\i386\ntkrnlmp.exe
+ 2008-04-13 18:31:21 2,065,792 ------w c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
+ 2008-04-13 18:31:21 2,023,936 ------w c:\windows\ServicePackFiles\i386\ntkrpamp.exe
+ 2008-04-14 00:12:02 44,032 ------w c:\windows\ServicePackFiles\i386\ntlanman.dll
+ 2008-04-14 00:12:02 8,192 ------w c:\windows\ServicePackFiles\i386\ntlsapi.dll
+ 2008-04-14 00:12:02 118,784 ------w c:\windows\ServicePackFiles\i386\ntmarta.dll
+ 2008-04-14 00:12:02 40,960 ------w c:\windows\ServicePackFiles\i386\ntmsapi.dll
+ 2008-04-14 00:12:02 179,200 ------w c:\windows\ServicePackFiles\i386\ntmsdba.dll
+ 2008-04-14 00:12:02 488,448 ------w c:\windows\ServicePackFiles\i386\ntmsmgr.dll
+ 2008-04-14 00:12:02 435,200 ------w c:\windows\ServicePackFiles\i386\ntmssvc.dll
+ 2004-08-04 05:41:40 180,360 ------w c:\windows\ServicePackFiles\i386\ntmtlfax.sys
+ 2008-04-14 00:12:02 62,976 ------w c:\windows\ServicePackFiles\i386\ntoc.dll
+ 2008-04-13 19:27:53 2,188,928 ------w c:\windows\ServicePackFiles\i386\ntoskrnl.exe
+ 2008-04-14 00:12:02 91,136 ------w c:\windows\ServicePackFiles\i386\ntprint.dll
+ 2008-04-14 00:12:02 143,360 ------w c:\windows\ServicePackFiles\i386\ntshrui.dll
+ 2008-04-14 00:12:30 420,864 ------w c:\windows\ServicePackFiles\i386\ntvdm.exe
+ 2008-04-14 00:12:02 15,360 ------w c:\windows\ServicePackFiles\i386\ntvdmd.dll
+ 2008-04-14 00:12:02 4,274,816 ------w c:\windows\ServicePackFiles\i386\nv4_disp.dll
+ 2004-08-04 05:29:56 1,897,408 ------w c:\windows\ServicePackFiles\i386\nv4_mini.sys
+ 2008-04-14 00:12:02 64,000 ------w c:\windows\ServicePackFiles\i386\nwapi32.dll
+ 2008-04-13 18:56:06 88,320 ------w c:\windows\ServicePackFiles\i386\nwlnkipx.sys
+ 2008-04-14 00:12:02 142,336 ------w c:\windows\ServicePackFiles\i386\nwprovau.dll
+ 2008-04-13 18:34:12 163,584 ------w c:\windows\ServicePackFiles\i386\nwrdr.sys
+ 2008-04-14 00:12:02 65,536 ------w c:\windows\ServicePackFiles\i386\nwwks.dll
+ 2008-04-14 00:12:02 270,336 ------w c:\windows\ServicePackFiles\i386\oakley.dll
+ 2008-04-14 00:10:30 229,376 ------w c:\windows\ServicePackFiles\i386\obelog.dll
+ 2008-04-14 00:10:30 966,656 ------w c:\windows\ServicePackFiles\i386\obemetal.dll
+ 2007-04-02 18:44:11 77,824 ------w c:\windows\ServicePackFiles\i386\obemtllc.dll
+ 2008-04-14 00:10:30 86,016 ------w c:\windows\ServicePackFiles\i386\obepopc.dll
+ 2008-04-14 00:12:02 286,208 ------w c:\windows\ServicePackFiles\i386\objsel.dll
+ 2008-04-13 18:40:07 393,728 ------w c:\windows\ServicePackFiles\i386\obrb0401.dll
+ 2008-04-13 18:40:23 212,480 ------w c:\windows\ServicePackFiles\i386\obrb0404.dll
+ 2008-04-13 18:40:24 428,032 ------w c:\windows\ServicePackFiles\i386\obrb0405.dll
+ 2008-04-13 18:40:27 418,816 ------w c:\windows\ServicePackFiles\i386\obrb0406.dll
+ 2008-04-13 18:40:34 403,456 ------w c:\windows\ServicePackFiles\i386\obrb0407.dll
+ 2008-04-13 18:40:30 419,328 ------w c:\windows\ServicePackFiles\i386\obrb0408.dll
+ 2008-04-13 18:40:32 405,504 ------w c:\windows\ServicePackFiles\i386\obrb040b.dll
+ 2008-04-13 18:40:33 410,624 ------w c:\windows\ServicePackFiles\i386\obrb040c.dll
+ 2008-04-13 18:40:32 384,000 ------w c:\windows\ServicePackFiles\i386\obrb040d.dll
+ 2008-04-13 18:40:39 434,176 ------w c:\windows\ServicePackFiles\i386\obrb040e.dll
+ 2008-04-13 18:40:39 413,696 ------w c:\windows\ServicePackFiles\i386\obrb0410.dll
+ 2008-04-13 18:40:44 275,456 ------w c:\windows\ServicePackFiles\i386\obrb0411.dll
+ 2008-04-13 18:40:48 306,688 ------w c:\windows\ServicePackFiles\i386\obrb0412.dll
+ 2008-04-13 18:40:44 401,920 ------w c:\windows\ServicePackFiles\i386\obrb0413.dll
+ 2008-04-13 18:40:44 353,792 ------w c:\windows\ServicePackFiles\i386\obrb0414.dll
+ 2008-04-13 18:40:47 391,680 ------w c:\windows\ServicePackFiles\i386\obrb0415.dll
+ 2008-04-13 18:40:10 409,600 ------w c:\windows\ServicePackFiles\i386\obrb0416.dll
+ 2008-04-13 18:40:50 427,008 ------w c:\windows\ServicePackFiles\i386\obrb0419.dll
+ 2008-04-13 18:40:52 405,504 ------w c:\windows\ServicePackFiles\i386\obrb041b.dll
+ 2008-04-13 18:40:56 363,008 ------w c:\windows\ServicePackFiles\i386\obrb041d.dll
+ 2008-04-13 18:41:00 390,144 ------w c:\windows\ServicePackFiles\i386\obrb041f.dll
+ 2008-04-13 18:40:56 408,576 ------w c:\windows\ServicePackFiles\i386\obrb0424.dll
+ 2008-04-13 18:40:24 270,336 ------w c:\windows\ServicePackFiles\i386\obrb0804.dll
+ 2008-04-13 18:40:48 435,200 ------w c:\windows\ServicePackFiles\i386\obrb0816.dll
+ 2008-04-13 18:40:30 446,464 ------w c:\windows\ServicePackFiles\i386\obrb0c0a.dll
+ 2008-04-14 00:12:02 96,256 ------w c:\windows\ServicePackFiles\i386\occache.dll
+ 2008-04-14 00:12:02 15,360 ------w c:\windows\ServicePackFiles\i386\ocgen.dll
+ 2008-04-14 00:12:02 67,584 ------w c:\windows\ServicePackFiles\i386\ocmanage.dll
+ 2008-04-14 00:12:02 17,408 ------w c:\windows\ServicePackFiles\i386\ocmsn.dll
+ 2004-08-10 04:00:00 26,224 ------w c:\windows\ServicePackFiles\i386\odbc16gt.dll
+ 2008-04-14 00:12:02 249,856 ------w c:\windows\ServicePackFiles\i386\odbc32.dll
+ 2008-04-14 00:12:02 16,384 ------w c:\windows\ServicePackFiles\i386\odbc32gt.dll
+ 2008-04-14 00:12:30 32,768 ------w c:\windows\ServicePackFiles\i386\odbcad32.exe
+ 2008-04-14 00:12:02 24,576 ------w c:\windows\ServicePackFiles\i386\odbcbcp.dll
+ 2008-04-14 00:12:02 135,168 ------w c:\windows\ServicePackFiles\i386\odbcconf.dll
+ 2008-04-14 00:12:30 69,632 ------w c:\windows\ServicePackFiles\i386\odbcconf.exe
+ 2008-04-14 00:12:02 106,496 ------w c:\windows\ServicePackFiles\i386\odbccp32.dll
+ 2008-04-14 00:12:02 65,536 ------w c:\windows\ServicePackFiles\i386\odbccr32.dll
+ 2008-04-14 00:12:02 65,536 ------w c:\windows\ServicePackFiles\i386\odbccu32.dll
+ 2008-04-13 17:26:05 94,208 ------w c:\windows\ServicePackFiles\i386\odbcint.dll
+ 2008-04-14 00:10:31 53,279 ------w c:\windows\ServicePackFiles\i386\odbcji32.dll
+ 2008-04-14 00:12:02 278,559 ------w c:\windows\ServicePackFiles\i386\odbcjt32.dll
+ 2008-04-13 17:26:05 12,288 ------w c:\windows\ServicePackFiles\i386\odbcp32r.dll
+ 2008-04-14 00:12:02 147,456 ------w c:\windows\ServicePackFiles\i386\odbctrac.dll
+ 2008-04-14 00:12:02 20,511 ------w c:\windows\ServicePackFiles\i386\oddbse32.dll
+ 2008-04-14 00:12:02 20,510 ------w c:\windows\ServicePackFiles\i386\odexl32.dll
+ 2008-04-14 00:12:02 20,510 ------w c:\windows\ServicePackFiles\i386\odfox32.dll
+ 2008-04-14 00:12:02 20,510 ------w c:\windows\ServicePackFiles\i386\odpdx32.dll
+ 2008-04-14 00:12:02 20,511 ------w c:\windows\ServicePackFiles\i386\odtext32.dll
+ 2008-04-14 00:12:02 104,448 ------w c:\windows\ServicePackFiles\i386\oeimport.dll
+ 2008-04-14 00:12:30 60,416 ------w c:\windows\ServicePackFiles\i386\oemig50.exe
+ 2008-04-14 00:12:02 35,328 ------w c:\windows\ServicePackFiles\i386\oemiglib.dll
+ 2008-04-14 00:12:02 192,000 ------w c:\windows\ServicePackFiles\i386\offfilt.dll
+ 2008-04-13 18:46:18 61,696 ------w c:\windows\ServicePackFiles\i386\ohci1394.sys
+ 2008-04-14 00:12:02 1,287,168 ------w c:\windows\ServicePackFiles\i386\ole32.dll
+ 2008-04-14 00:12:02 551,936 ------w c:\windows\ServicePackFiles\i386\oleaut32.dll
+ 2008-04-14 00:12:02 74,752 ------w c:\windows\ServicePackFiles\i386\olecli32.dll
+ 2008-04-14 00:12:02 37,376 ------w c:\windows\ServicePackFiles\i386\olecnv32.dll
+ 2008-04-14 00:12:02 487,424 ------w c:\windows\ServicePackFiles\i386\oledb32.dll
+ 2008-04-14 00:12:02 65,536 ------w c:\windows\ServicePackFiles\i386\oledb32r.dll
+ 2008-04-14 00:12:02 122,880 ------w c:\windows\ServicePackFiles\i386\oledlg.dll
+ 2008-04-14 00:12:02 107,008 ------w c:\windows\ServicePackFiles\i386\oleprn.dll
+ 2008-04-14 00:12:02 84,992 ------w c:\windows\ServicePackFiles\i386\olepro32.dll
+ 2008-04-14 00:12:02 144,384 ------w c:\windows\ServicePackFiles\i386\onex.dll
+ 2008-04-14 00:12:31 51,200 ------w c:\windows\ServicePackFiles\i386\oobebaln.exe
+ 2008-04-14 00:12:02 713,728 ------w c:\windows\ServicePackFiles\i386\opengl32.dll
+ 2008-04-14 00:12:31 67,584 ------w c:\windows\ServicePackFiles\i386\opnfiles.exe
+ 2008-04-13 18:32:32 166,912 ------w c:\windows\ServicePackFiles\i386\oschoice.exe
+ 2008-04-14 00:12:31 215,552 ------w c:\windows\ServicePackFiles\i386\osk.exe
+ 2008-04-13 18:31:43 230,400 ------w c:\windows\ServicePackFiles\i386\osloader.exe
+ 2008-04-14 00:12:02 67,584 ------w c:\windows\ServicePackFiles\i386\osuninst.dll
+ 2008-04-14 00:12:02 153,600 ------w c:\windows\ServicePackFiles\i386\p2p.dll
+ 2008-04-14 00:12:02 105,472 ------w c:\windows\ServicePackFiles\i386\p2pgasvc.dll
+ 2008-04-14 00:12:02 313,856 ------w c:\windows\ServicePackFiles\i386\p2pgraph.dll
+ 2008-04-14 00:12:02 115,712 ------w c:\windows\ServicePackFiles\i386\p2pnetsh.dll
+ 2008-04-14 00:12:02 554,496 ------w c:\windows\ServicePackFiles\i386\p2psvc.dll
+ 2008-04-13 18:31:31 42,752 ------w c:\windows\ServicePackFiles\i386\p3.sys
+ 2008-04-14 00:12:31 58,368 ------w c:\windows\ServicePackFiles\i386\packager.exe
+ 2008-04-13 18:40:10 80,128 ------w c:\windows\ServicePackFiles\i386\parport.sys
+ 2008-04-13 18:40:49 19,712 ------w c:\windows\ServicePackFiles\i386\partmgr.sys
+ 2008-04-14 00:12:02 67,584 ------w c:\windows\ServicePackFiles\i386\pautoenr.dll
+ 2004-08-04 05:31:24 29,502 ------w c:\windows\ServicePackFiles\i386\pca200e.sys
+ 2008-04-14 00:12:02 102,912 ------w c:\windows\ServicePackFiles\i386\pchshell.dll
+ 2008-04-14 00:12:02 38,400 ------w c:\windows\ServicePackFiles\i386\pchsvc.dll
+ 2008-04-13 18:36:44 68,224 ------w c:\windows\ServicePackFiles\i386\pci.sys
+ 2008-04-13 18:40:29 24,960 ------w c:\windows\ServicePackFiles\i386\pciidex.sys
+ 2007-05-15 08:08:11 288,768 ------w c:\windows\ServicePackFiles\i386\pcl4res.dll
+ 2007-05-15 08:08:13 1,058,816 ------w c:\windows\ServicePackFiles\i386\pcl5eres.dll
+ 2007-05-15 08:08:14 1,057,280 ------w c:\windows\ServicePackFiles\i386\pcl5ures.dll
+ 2007-05-15 08:08:14 207,872 ------w c:\windows\ServicePackFiles\i386\pclxl.dll
+ 2008-04-13 18:36:43 120,192 ------w c:\windows\ServicePackFiles\i386\pcmcia.sys
+ 2004-08-04 05:06:18 169,984 ------w c:\windows\ServicePackFiles\i386\pcx500.sys
+ 2008-04-14 00:12:02 284,160 ------w c:\windows\ServicePackFiles\i386\pdh.dll
+ 2004-08-04 04:12:20 20,480 ------w c:\windows\ServicePackFiles\i386\perfcounter.dll
+ 2008-04-14 00:12:02 39,936 ------w c:\windows\ServicePackFiles\i386\perfctrs.dll
+ 2008-04-14 00:12:02 26,624 ------w c:\windows\ServicePackFiles\i386\perfdisk.dll
+ 2008-04-14 00:12:31 15,872 ------w c:\windows\ServicePackFiles\i386\perfmon.exe
+ 2008-04-14 00:12:02 17,920 ------w c:\windows\ServicePackFiles\i386\perfnet.dll
+ 2008-04-14 00:12:02 25,088 ------w c:\windows\ServicePackFiles\i386\perfos.dll
+ 2008-04-14 00:12:02 34,816 ------w c:\windows\ServicePackFiles\i386\perfproc.dll
+ 2008-04-13 18:44:29 27,904 ------w c:\windows\ServicePackFiles\i386\perm2.sys
+ 2008-04-14 00:10:34 211,584 ------w c:\windows\ServicePackFiles\i386\perm2dll.dll
+ 2008-04-13 18:44:30 28,032 ------w c:\windows\ServicePackFiles\i386\perm3.sys
+ 2008-04-14 00:10:34 259,328 ------w c:\windows\ServicePackFiles\i386\perm3dd.dll
+ 2008-04-14 00:12:02 176,128 ------w c:\windows\ServicePackFiles\i386\photowiz.dll
+ 2008-04-14 00:12:02 35,328 ------w c:\windows\ServicePackFiles\i386\pid.dll
+ 2008-04-14 00:11:09 24,064 ------w c:\windows\ServicePackFiles\i386\pidgen.dll
+ 2008-04-14 00:12:31 281,088 ------w c:\windows\ServicePackFiles\i386\pinball.exe
+ 2008-04-14 00:12:31 17,920 ------w c:\windows\ServicePackFiles\i386\ping.exe
+ 2008-04-14 00:12:02 15,360 ------w c:\windows\ServicePackFiles\i386\pjlmon.dll
+ 2008-04-14 00:12:02 44,544 ------w c:\windows\ServicePackFiles\i386\plotter.dll
+ 2008-04-14 00:12:02 52,736 ------w c:\windows\ServicePackFiles\i386\plotui.dll
+ 2008-04-14 00:12:02 412,160 ------w c:\windows\ServicePackFiles\i386\pmh.dll
+ 2008-04-14 00:12:02 39,424 ------w c:\windows\ServicePackFiles\i386\pngfilt.dll
+ 2008-04-14 00:12:02 58,880 ------w c:\windows\ServicePackFiles\i386\pnrpnsp.dll
+ 2008-04-14 00:12:02 92,672 ------w c:\windows\ServicePackFiles\i386\policman.dll
+ 2008-04-14 00:12:02 105,472 ------w c:\windows\ServicePackFiles\i386\polstore.dll
+ 2008-04-13 19:19:41 146,048 ------w c:\windows\ServicePackFiles\i386\portcls.sys
+ 2008-04-14 00:12:31 49,152 ------w c:\windows\ServicePackFiles\i386\powercfg.exe
+ 2008-04-13 18:40:56 8,832 ------w c:\windows\ServicePackFiles\i386\powerfil.sys
+ 2008-04-14 00:12:03 17,408 ------w c:\windows\ServicePackFiles\i386\powrprof.dll
+ 2008-04-13 18:41:00 17,664 ------w c:\windows\ServicePackFiles\i386\ppa3.sys
+ 2008-04-14 00:12:03 560,640 ------w c:\windows\ServicePackFiles\i386\printui.dll
+ 2008-04-13 18:31:30 35,840 ------w c:\windows\ServicePackFiles\i386\processr.sys
+ 2008-04-14 00:12:03 27,648 ------w c:\windows\ServicePackFiles\i386\profmap.dll
+ 2008-04-14 00:12:31 109,568 ------w c:\windows\ServicePackFiles\i386\progman.exe
+ 2008-04-14 00:12:32 50,176 ------w c:\windows\ServicePackFiles\i386\proquota.exe
+ 2008-04-14 00:12:03 237,056 ------w c:\windows\ServicePackFiles\i386\provthrd.dll
+ 2008-04-14 00:12:32 9,216 ------w c:\windows\ServicePackFiles\i386\proxycfg.exe
+ 2008-04-14 00:12:03 728,576 ------w c:\windows\ServicePackFiles\i386\ps5ui.dll
+ 2008-04-14 00:12:03 23,040 ------w c:\windows\ServicePackFiles\i386\psapi.dll
+ 2008-04-14 00:12:03 96,768 ------w c:\windows\ServicePackFiles\i386\psbase.dll
+ 2008-04-13 18:56:38 69,120 ------w c:\windows\ServicePackFiles\i386\psched.sys
+ 2008-04-14 00:12:03 543,232 ------w c:\windows\ServicePackFiles\i386\pscript5.dll
+ 2008-04-14 00:12:03 363,520 ------w c:\windows\ServicePackFiles\i386\psisdecd.dll
+ 2008-04-14 00:12:03 43,520 ------w c:\windows\ServicePackFiles\i386\pstorec.dll
+ 2008-04-14 00:12:03 34,304 ------w c:\windows\ServicePackFiles\i386\pstorsvc.dll
+ 2008-04-14 00:12:03 159,232 ------w c:\windows\ServicePackFiles\i386\ptpusd.dll
+ 2008-04-14 00:12:03 7,680 ------w c:\windows\ServicePackFiles\i386\pwsdata.dll
+ 2008-04-14 00:12:03 150,528 ------w c:\windows\ServicePackFiles\i386\qagent.dll
+ 2008-04-14 00:12:03 291,328 ------w c:\windows\ServicePackFiles\i386\qagentrt.dll
+ 2008-04-14 00:12:03 237,568 ------w c:\windows\ServicePackFiles\i386\qasf.dll
+ 2008-04-14 00:12:03 192,512 ------w c:\windows\ServicePackFiles\i386\qcap.dll
+ 2008-04-14 00:12:03 62,464 ------w c:\windows\ServicePackFiles\i386\qcliprov.dll
+ 2008-04-14 00:12:03 279,040 ------w c:\windows\ServicePackFiles\i386\qdv.dll
+ 2008-04-14 00:12:03 386,048 ------w c:\windows\ServicePackFiles\i386\qdvd.dll
+ 2008-04-14 00:12:03 562,176 ------w c:\windows\ServicePackFiles\i386\qedit.dll
+ 2008-04-13 17:21:32 733,696 ------w c:\windows\ServicePackFiles\i386\qedwipes.dll
+ 2008-04-13 18:40:52 6,016 ------w c:\windows\ServicePackFiles\i386\qic157.sys
+ 2008-04-14 00:12:03 409,088 ------w c:\windows\ServicePackFiles\i386\qmgr.dll
+ 2008-04-14 00:12:03 18,944 ------w c:\windows\ServicePackFiles\i386\qmgrprxy.dll
+ 2008-04-14 00:12:32 19,968 ------w c:\windows\ServicePackFiles\i386\qprocess.exe
+ 2008-04-14 00:12:03 1,288,192 ------w c:\windows\ServicePackFiles\i386\quartz.dll
+ 2008-04-14 00:12:03 1,435,648 ------w c:\windows\ServicePackFiles\i386\query.dll
+ 2008-04-14 00:12:03 76,800 ------w c:\windows\ServicePackFiles\i386\qutil.dll
+ 2008-04-14 00:12:03 43,520 ------w c:\windows\ServicePackFiles\i386\racpldlg.dll
+ 2008-04-13 18:41:23 20,736 ------w c:\windows\ServicePackFiles\i386\ramdisk.sys
+ 2008-04-14 00:12:03 7,680 ------w c:\windows\ServicePackFiles\i386\rasadhlp.dll
+ 2008-04-14 00:12:03 237,056 ------w c:\windows\ServicePackFiles\i386\rasapi32.dll
+ 2008-04-14 00:12:03 88,576 ------w c:\windows\ServicePackFiles\i386\rasauto.dll
+ 2008-04-14 00:12:03 79,872 ------w c:\windows\ServicePackFiles\i386\raschap.dll
+ 2008-04-14 00:12:03 658,432 ------w c:\windows\ServicePackFiles\i386\rasdlg.dll
+ 2008-04-13 19:19:43 51,328 ------w c:\windows\ServicePackFiles\i386\rasl2tp.sys
+ 2008-04-14 00:12:03 61,440 ------w c:\windows\ServicePackFiles\i386\rasman.dll
+ 2008-04-14 00:12:03 186,368 ------w c:\windows\ServicePackFiles\i386\rasmans.dll
+ 2008-04-14 00:12:32 56,832 ------w c:\windows\ServicePackFiles\i386\rasphone.exe
+ 2008-04-14 00:12:03 210,944 ------w c:\windows\ServicePackFiles\i386\rasppp.dll
+ 2008-04-13 18:57:32 41,472 ------w c:\windows\ServicePackFiles\i386\raspppoe.sys
+ 2008-04-13 19:19:48 48,384 ------w c:\windows\ServicePackFiles\i386\raspptp.sys
+ 2008-04-14 00:12:03 61,952 ------w c:\windows\ServicePackFiles\i386\rasqec.dll
+ 2008-04-14 00:12:03 16,384 ------w c:\windows\ServicePackFiles\i386\rassapi.dll
+ 2008-04-14 00:12:03 58,368 ------w c:\windows\ServicePackFiles\i386\rastapi.dll
+ 2008-04-14 00:12:03 150,016 ------w c:\windows\ServicePackFiles\i386\rastls.dll
+ 2008-04-14 00:12:03 102,400 ------w c:\windows\ServicePackFiles\i386\rcbdyctl.dll
+ 2008-04-14 00:12:32 35,840 ------w c:\windows\ServicePackFiles\i386\rcimlby.exe
+ 2008-04-14 00:12:32 21,504 ------w c:\windows\ServicePackFiles\i386\rcp.exe
+ 2008-04-13 19:28:39 175,744 ------w c:\windows\ServicePackFiles\i386\rdbss.sys
+ 2008-04-14 00:12:03 147,968 ------w c:\windows\ServicePackFiles\i386\rdchost.dll
+ 2008-04-14 00:12:32 62,976 ------w c:\windows\ServicePackFiles\i386\rdpclip.exe
+ 2008-04-14 00:13:22 92,424 ------w c:\windows\ServicePackFiles\i386\rdpdd.dll
+ 2008-04-13 18:32:51 196,224 ------w c:\windows\ServicePackFiles\i386\rdpdr.sys
+ 2008-04-14 00:12:04 19,968 ------w c:\windows\ServicePackFiles\i386\rdpsnd.dll
+ 2008-04-14 00:13:22 139,656 ------w c:\windows\ServicePackFiles\i386\rdpwd.sys
+ 2008-04-14 00:13:22 87,176 ------w c:\windows\ServicePackFiles\i386\rdpwsx.dll
+ 2008-04-14 00:12:32 13,824 ------w c:\windows\ServicePackFiles\i386\rdsaddin.exe
+ 2008-04-14 00:12:32 67,072 ------w c:\windows\ServicePackFiles\i386\rdshost.exe
+ 2004-08-04 05:41:40 13,776 ------w c:\windows\ServicePackFiles\i386\recagent.sys
+ 2008-04-13 18:40:27 57,600 ------w c:\windows\ServicePackFiles\i386\redbook.sys
+ 2004-08-10 04:00:00 3,338 ------w c:\windows\ServicePackFiles\i386\redir.exe
+ 2008-04-14 00:12:32 50,176 ------w c:\windows\ServicePackFiles\i386\reg.exe
+ 2008-04-14 00:12:04 49,664 ------w c:\windows\ServicePackFiles\i386\regapi.dll
+ 2004-07-20 00:54:16 28,672 ------w c:\windows\ServicePackFiles\i386\regasm.exe
+ 2004-07-20 00:54:16 32,768 ------w c:\windows\ServicePackFiles\i386\regcode.dll
+ 2008-04-14 00:12:32 146,432 ------w c:\windows\ServicePackFiles\i386\regedit.exe
+ 2008-04-14 00:12:04 59,904 ------w c:\windows\ServicePackFiles\i386\regsvc.dll
+ 2004-07-20 00:54:16 11,264 ------w c:\windows\ServicePackFiles\i386\regsvcs.exe
+ 2008-04-14 00:12:32 11,776 ------w c:\windows\ServicePackFiles\i386\regsvr32.exe
+ 2008-04-14 00:12:04 397,824 ------w c:\windows\ServicePackFiles\i386\regwizc.dll
+ 2008-04-14 00:12:04 60,416 ------w c:\windows\ServicePackFiles\i386\remotepg.dll
+ 2008-04-14 00:12:04 178,176 ------w c:\windows\ServicePackFiles\i386\repdrvfs.dll
+ 2008-04-14 00:12:04 58,880 ------w c:\windows\ServicePackFiles\i386\resutils.dll
+ 2008-04-14 00:12:33 13,824 ------w c:\windows\ServicePackFiles\i386\rexec.exe
+ 2008-04-13 18:46:32 59,136 ------w c:\windows\ServicePackFiles\i386\rfcomm.sys
+ 2008-04-14 00:12:04 290,304 ------w c:\windows\ServicePackFiles\i386\rhttpaa.dll
+ 2008-04-14 00:12:04 123,392 ------w c:\windows\ServicePackFiles\i386\riafres.dll
+ 2008-04-14 00:12:04 11,776 ------w c:\windows\ServicePackFiles\i386\riafui1.dll
+ 2008-04-14 00:12:04 11,776 ------w c:\windows\ServicePackFiles\i386\riafui2.dll
+ 2008-04-14 00:12:04 433,664 ------w c:\windows\ServicePackFiles\i386\riched20.dll
+ 2008-04-13 18:55:08 202,624 ------w c:\windows\ServicePackFiles\i386\rmcast.sys
+ 2008-04-13 18:56:49 30,592 ------w c:\windows\ServicePackFiles\i386\rndismp.sys
+ 2008-04-13 18:56:49 30,592 ------w c:\windows\ServicePackFiles\i386\rndismpx.sys
+ 2008-04-13 18:40:14 79,104 ------w c:\windows\ServicePackFiles\i386\rocket.sys
+ 2008-04-14 00:12:04 4,096 ------w c:\windows\ServicePackFiles\i386\rpcref.dll
+ 2008-04-14 00:12:04 584,704 ------w c:\windows\ServicePackFiles\i386\rpcrt4.dll
+ 2008-04-14 00:12:04 399,360 ------w c:\windows\ServicePackFiles\i386\rpcss.dll
+ 2008-04-14 00:12:04 61,440 ------w c:\windows\ServicePackFiles\i386\rrcm.dll
+ 2008-04-13 17:37:57 208,384 ------w c:\windows\ServicePackFiles\i386\rsaenh.dll
+ 2008-04-14 00:12:33 14,848 ------w c:\windows\ServicePackFiles\i386\rsh.exe
+ 2008-04-14 00:12:04 39,936 ------w c:\windows\ServicePackFiles\i386\rshx32.dll
+ 2008-04-14 00:12:04 18,944 ------w c:\windows\ServicePackFiles\i386\rsmps.dll
+ 2008-04-14 00:12:33 107,520 ------w c:\windows\ServicePackFiles\i386\rsnotify.exe
+ 2008-04-14 00:12:33 380,416 ------w c:\windows\ServicePackFiles\i386\rstrui.exe
+ 2008-04-14 00:12:04 92,672 ------w c:\windows\ServicePackFiles\i386\rsvpsp.dll
+ 2008-04-14 00:12:33 77,312 ------w c:\windows\ServicePackFiles\i386\rtcshare.exe
+ 2008-04-14 00:12:04 31,744 ------w c:\windows\ServicePackFiles\i386\rtipxmib.dll
+ 2004-08-03 21:31:34 20,992 ------w c:\windows\ServicePackFiles\i386\rtl8139.sys
+ 2008-04-14 00:12:04 44,032 ------w c:\windows\ServicePackFiles\i386\rtutils.dll
+ 2008-04-14 00:12:33 33,280 ------w c:\windows\ServicePackFiles\i386\rundll32.exe
+ 2008-04-14 00:12:33 14,336 ------w c:\windows\ServicePackFiles\i386\runonce.exe
+ 2008-04-14 00:12:04 27,648 ------w c:\windows\ServicePackFiles\i386\rw001ext.dll
+ 2008-04-14 00:12:04 29,184 ------w c:\windows\ServicePackFiles\i386\rw330ext.dll
+ 2008-04-14 00:12:04 27,648 ------w c:\windows\ServicePackFiles\i386\rw430ext.dll
+ 2008-04-14 00:12:04 29,696 ------w c:\windows\ServicePackFiles\i386\rw450ext.dll
+ 2008-04-14 00:12:04 9,728 ------w c:\windows\ServicePackFiles\i386\rwnh.dll
+ 2008-04-14 00:12:04 397,056 ------w c:\windows\ServicePackFiles\i386\s3gnb.dll
+ 2004-08-04 05:29:52 166,912 ------w c:\windows\ServicePackFiles\i386\s3gnbm.sys
+ 2008-04-14 00:12:04 43,520 ------w c:\windows\ServicePackFiles\i386\safrcdlg.dll
+ 2008-04-14 00:12:04 29,696 ------w c:\windows\ServicePackFiles\i386\safrdm.dll
+ 2008-04-14 00:12:04 45,568 ------w c:\windows\ServicePackFiles\i386\safrslv.dll
+ 2008-04-14 00:12:04 64,000 ------w c:\windows\ServicePackFiles\i386\samlib.dll
+ 2008-04-14 00:12:04 415,744 ------w c:\windows\ServicePackFiles\i386\samsrv.dll
+ 2008-04-14 00:12:04 741,376 ------w c:\windows\ServicePackFiles\i386\sapi.dll
+ 2008-04-14 00:12:33 13,312 ------w c:\windows\ServicePackFiles\i386\savedump.exe
+ 2008-04-14 00:12:04 270,848 ------w c:\windows\ServicePackFiles\i386\sbe.dll
+ 2008-04-14 00:12:04 159,232 ------w c:\windows\ServicePackFiles\i386\sbeio.dll
+ 2008-04-13 18:40:48 43,904 ------w c:\windows\ServicePackFiles\i386\sbp2port.sys
+ 2008-04-14 00:12:04 69,632 ------w c:\windows\ServicePackFiles\i386\scarddlg.dll
+ 2008-04-14 00:12:33 95,744 ------w c:\windows\ServicePackFiles\i386\scardsvr.exe
+ 2004-08-10 04:00:00 169,984 ------w c:\windows\ServicePackFiles\i386\sccbase.dll
+ 2008-04-14 00:12:05 171,008 ------w c:\windows\ServicePackFiles\i386\sccsccp.dll
+ 2008-04-14 00:12:05 181,248 ------w c:\windows\ServicePackFiles\i386\scecli.dll
+ 2008-04-14 00:12:05 314,880 ------w c:\windows\ServicePackFiles\i386\scesrv.dll
+ 2008-04-14 00:12:05 144,384 ------w c:\windows\ServicePackFiles\i386\schannel.dll
+ 2008-04-14 00:12:05 192,512 ------w c:\windows\ServicePackFiles\i386\schedsvc.dll
+ 2008-04-14 00:12:05 20,480 ------w c:\windows\ServicePackFiles\i386\sclgntfy.dll
+ 2008-04-14 00:12:34 36,352 ------w c:\windows\ServicePackFiles\i386\scrcons.exe
+ 2007-01-02 23:29:12 73,728 ------w c:\windows\ServicePackFiles\i386\mscorie.dll
+ 2004-07-20 00:54:08 303,104 ------w c:\windows\ServicePackFiles\i386\mscorjit.dll
+ 2007-01-02 23:29:12 86,016 ------w c:\windows\ServicePackFiles\i386\mscorld.dll
+ 2007-01-02 23:21:20 1,998,848 ------w c:\windows\ServicePackFiles\i386\mscorlib.dll
+ 2004-08-04 04:12:08 94,208 ------w c:\windows\ServicePackFiles\i386\mscorpe.dll
+ 2004-08-04 04:12:08 143,360 ------w c:\windows\ServicePackFiles\i386\mscorrc.chs.dll
+ 2004-08-04 04:12:08 143,360 ------w c:\windows\ServicePackFiles\i386\mscorrc.cht.dll
+ 2004-08-04 04:12:08 143,360 ------w c:\windows\ServicePackFiles\i386\mscorrc.dll
+ 2004-08-04 04:12:10 172,032 ------w c:\windows\ServicePackFiles\i386\mscorrc.es.dll
+ 2004-08-04 04:12:10 172,032 ------w c:\windows\ServicePackFiles\i386\mscorrc.fr.dll
+ 2004-08-04 04:12:10 167,936 ------w c:\windows\ServicePackFiles\i386\mscorrc.ger.dll
+ 2004-08-04 04:12:10 167,936 ------w c:\windows\ServicePackFiles\i386\mscorrc.it.dll
+ 2004-08-04 04:12:10 143,360 ------w c:\windows\ServicePackFiles\i386\mscorrc.ja.dll
+ 2004-08-04 04:12:10 143,360 ------w c:\windows\ServicePackFiles\i386\mscorrc.kor.dll
+ 2004-08-04 04:12:10 46,592 ------w c:\windows\ServicePackFiles\i386\mscorsec.dll
+ 2004-08-04 04:12:10 69,632 ------w c:\windows\ServicePackFiles\i386\mscorsn.dll
+ 2007-12-17 11:58:53 2,273,280 ------w c:\windows\ServicePackFiles\i386\mscorsvr.dll
+ 2004-08-04 04:12:14 8,704 ------w c:\windows\ServicePackFiles\i386\mscortim.dll
+ 2007-12-17 11:59:26 2,281,472 ------w c:\windows\ServicePackFiles\i386\mscorwks.dll
+ 2008-04-13 17:26:07 12,288 ------w c:\windows\ServicePackFiles\i386\mscpx32r.dll
+ 2008-04-14 00:11:58 36,864 ------w c:\windows\ServicePackFiles\i386\mscpxl32.dll
+ 2008-04-14 00:11:58 297,984 ------w c:\windows\ServicePackFiles\i386\msctf.dll
+ 2008-04-14 00:11:58 68,608 ------w c:\windows\ServicePackFiles\i386\msctfp.dll
+ 2008-04-14 00:11:58 4,096 ------w c:\windows\ServicePackFiles\i386\msdadc.dll
+ 2008-04-14 00:11:58 118,784 ------w c:\windows\ServicePackFiles\i386\msdadiag.dll
+ 2008-04-14 00:11:58 4,096 ------w c:\windows\ServicePackFiles\i386\msdaenum.dll
+ 2008-04-14 00:11:58 4,096 ------w c:\windows\ServicePackFiles\i386\msdaer.dll
+ 2008-04-14 00:11:58 532,480 ------w c:\windows\ServicePackFiles\i386\msdaipp.dll
+ 2008-04-14 00:11:58 233,472 ------w c:\windows\ServicePackFiles\i386\msdaora.dll
+ 2008-04-13 17:24:14 16,384 ------w c:\windows\ServicePackFiles\i386\msdaorar.dll
+ 2008-04-14 00:11:58 77,824 ------w c:\windows\ServicePackFiles\i386\msdaosp.dll
+ 2008-04-13 17:25:58 16,384 ------w c:\windows\ServicePackFiles\i386\msdaprsr.dll
+ 2008-04-14 00:11:58 200,704 ------w c:\windows\ServicePackFiles\i386\msdaprst.dll
+ 2008-04-14 00:11:59 204,800 ------w c:\windows\ServicePackFiles\i386\msdaps.dll
+ 2008-04-14 00:11:59 118,784 ------w c:\windows\ServicePackFiles\i386\msdarem.dll
+ 2008-04-13 17:25:58 16,384 ------w c:\windows\ServicePackFiles\i386\msdaremr.dll
+ 2008-04-14 00:11:59 151,552 ------w c:\windows\ServicePackFiles\i386\msdart.dll
+ 2008-04-14 00:11:59 4,096 ------w c:\windows\ServicePackFiles\i386\msdasc.dll
+ 2008-04-14 00:11:59 315,392 ------w c:\windows\ServicePackFiles\i386\msdasql.dll
+ 2008-04-13 17:26:07 16,384 ------w c:\windows\ServicePackFiles\i386\msdasqlr.dll
+ 2008-04-14 00:11:59 94,208 ------w c:\windows\ServicePackFiles\i386\msdatl3.dll
+ 2008-04-14 00:11:59 20,480 ------w c:\windows\ServicePackFiles\i386\msdatt.dll
+ 2008-04-14 00:11:59 4,096 ------w c:\windows\ServicePackFiles\i386\msdaurl.dll
+ 2008-04-14 00:11:59 36,864 ------w c:\windows\ServicePackFiles\i386\msdfmap.dll
+ 2008-04-14 00:11:59 14,336 ------w c:\windows\ServicePackFiles\i386\msdmo.dll
+ 2008-04-14 00:12:27 6,144 ------w c:\windows\ServicePackFiles\i386\msdtc.exe
+ 2008-04-14 00:11:59 58,880 ------w c:\windows\ServicePackFiles\i386\msdtclog.dll
+ 2008-04-14 00:11:59 427,008 ------w c:\windows\ServicePackFiles\i386\msdtcprx.dll
+ 2008-04-14 00:11:59 90,112 ------w c:\windows\ServicePackFiles\i386\msdtcstp.dll
+ 2008-04-14 00:11:59 956,928 ------w c:\windows\ServicePackFiles\i386\msdtctm.dll
+ 2008-04-14 00:11:59 161,792 ------w c:\windows\ServicePackFiles\i386\msdtcuiu.dll
+ 2008-04-13 18:46:09 51,200 ------w c:\windows\ServicePackFiles\i386\msdv.sys
+ 2008-03-25 04:50:28 518,944 ------w c:\windows\ServicePackFiles\i386\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w c:\windows\ServicePackFiles\i386\msexcl40.dll
+ 2008-04-13 18:32:39 19,072 ------w c:\windows\ServicePackFiles\i386\msfs.sys
+ 2008-04-14 00:11:59 539,136 ------w c:\windows\ServicePackFiles\i386\msftedit.dll
+ 2008-04-14 00:11:59 997,376 ------w c:\windows\ServicePackFiles\i386\msgina.dll
+ 2008-04-13 18:56:32 35,072 ------w c:\windows\ServicePackFiles\i386\msgpc.sys
+ 2008-04-14 00:11:59 3,166,208 ------w c:\windows\ServicePackFiles\i386\msgr3en.dll
+ 2008-04-14 00:11:59 15,360 ------w c:\windows\ServicePackFiles\i386\msgrocm.dll
+ 2008-04-14 00:11:59 82,944 ------w c:\windows\ServicePackFiles\i386\msgsc.dll
+ 2008-04-13 17:30:28 180,224 ------w c:\windows\ServicePackFiles\i386\msgslang.dll
+ 2008-04-14 00:11:59 33,792 ------w c:\windows\ServicePackFiles\i386\msgsvc.dll
+ 2008-04-14 00:12:45 188,416 ------w c:\windows\ServicePackFiles\i386\msh261.drv
+ 2008-04-14 00:12:45 294,912 ------w c:\windows\ServicePackFiles\i386\msh263.drv
+ 2008-04-14 00:12:27 29,184 ------w c:\windows\ServicePackFiles\i386\mshta.exe
+ 2008-04-14 00:11:59 3,066,880 ------w c:\windows\ServicePackFiles\i386\mshtml.dll
+ 2008-04-14 00:11:59 449,024 ------w c:\windows\ServicePackFiles\i386\mshtmled.dll
+ 2008-04-13 16:26:26 56,832 ------w c:\windows\ServicePackFiles\i386\mshtmler.dll
+ 2008-04-14 00:11:59 2,843,136 ------w c:\windows\ServicePackFiles\i386\msi.dll
+ 2008-04-14 00:11:59 51,712 ------w c:\windows\ServicePackFiles\i386\msident.dll
+ 2008-04-14 00:11:59 6,656 ------w c:\windows\ServicePackFiles\i386\msidle.dll
+ 2008-04-14 00:11:59 248,832 ------w c:\windows\ServicePackFiles\i386\msieftp.dll
+ 2008-04-14 00:12:28 78,848 ------w c:\windows\ServicePackFiles\i386\msiexec.exe
+ 2008-04-14 00:11:59 271,360 ------w c:\windows\ServicePackFiles\i386\msihnd.dll
+ 2008-04-14 00:11:59 4,608 ------w c:\windows\ServicePackFiles\i386\msimg32.dll
+ 2008-04-14 00:12:28 60,416 ------w c:\windows\ServicePackFiles\i386\msimn.exe
+ 2008-04-13 15:39:43 884,736 ------w c:\windows\ServicePackFiles\i386\msimsg.dll
+ 2008-04-14 00:11:59 159,232 ------w c:\windows\ServicePackFiles\i386\msimtf.dll
+ 2008-04-14 00:11:59 376,832 ------w c:\windows\ServicePackFiles\i386\msinfo.dll
+ 2008-04-13 18:54:28 22,016 ------w c:\windows\ServicePackFiles\i386\msircomm.sys
+ 2008-04-14 00:12:28 40,960 ------w c:\windows\ServicePackFiles\i386\msiregmv.exe
+ 2008-04-14 00:11:59 15,360 ------w c:\windows\ServicePackFiles\i386\msisip.dll
+ 2008-03-25 04:50:34 1,516,568 ------w c:\windows\ServicePackFiles\i386\msjet40.dll
+ 2008-03-25 04:50:40 355,112 ------w c:\windows\ServicePackFiles\i386\msjetol1.dll
+ 2008-04-14 00:12:00 151,583 ------w c:\windows\ServicePackFiles\i386\msjint40.dll
+ 2008-04-14 00:12:00 102,400 ------w c:\windows\ServicePackFiles\i386\msjro.dll
+ 2008-03-25 04:50:42 60,192 ------w c:\windows\ServicePackFiles\i386\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w c:\windows\ServicePackFiles\i386\msjtes40.dll
+ 2008-04-13 18:39:52 7,552 ------w c:\windows\ServicePackFiles\i386\mskssrv.sys
+ 2008-04-14 00:12:00 25,088 ------w c:\windows\ServicePackFiles\i386\mslbui.dll
+ 2008-03-25 04:50:44 219,936 ------w c:\windows\ServicePackFiles\i386\msltus40.dll
+ 2008-04-14 00:12:00 39,936 ------w c:\windows\ServicePackFiles\i386\mslwvtts.dll
+ 2008-04-14 00:12:00 170,496 ------w c:\windows\ServicePackFiles\i386\msmqocm.dll
+ 2008-04-14 00:12:28 1,695,232 ------w c:\windows\ServicePackFiles\i386\msmsgs.exe
+ 2004-08-10 04:00:00 11,053,008 ------w c:\windows\ServicePackFiles\i386\msncli.exe
+ 2008-04-14 00:12:00 290,816 ------w c:\windows\ServicePackFiles\i386\msnsspc.dll
+ 2004-08-10 04:00:00 1,327,320 ------w c:\windows\ServicePackFiles\i386\msnsusii.exe
+ 2008-04-14 00:12:00 122,368 ------w c:\windows\ServicePackFiles\i386\msobcomm.dll
+ 2008-04-14 00:12:00 16,384 ------w c:\windows\ServicePackFiles\i386\msobdl.dll
+ 2008-04-14 00:12:00 565,248 ------w c:\windows\ServicePackFiles\i386\msobmain.dll
+ 2008-04-14 00:12:00 30,720 ------w c:\windows\ServicePackFiles\i386\msobshel.dll
+ 2008-04-14 00:12:00 19,456 ------w c:\windows\ServicePackFiles\i386\msobweb.dll
+ 2008-04-14 00:12:00 1,314,816 ------w c:\windows\ServicePackFiles\i386\msoe.dll
+ 2008-04-14 00:12:00 252,928 ------w c:\windows\ServicePackFiles\i386\msoeacct.dll
+ 2008-04-13 16:23:54 2,479,616 ------w c:\windows\ServicePackFiles\i386\msoeres.dll
+ 2008-04-14 00:12:00 105,984 ------w c:\windows\ServicePackFiles\i386\msoert2.dll
+ 2008-04-14 00:12:28 29,184 ------w c:\windows\ServicePackFiles\i386\msoobe.exe
+ 2008-04-13 17:24:14 20,480 ------w c:\windows\ServicePackFiles\i386\msorc32r.dll
+ 2008-04-14 00:12:00 143,360 ------w c:\windows\ServicePackFiles\i386\msorcl32.dll
+ 2008-04-14 00:12:28 343,040 ------w c:\windows\ServicePackFiles\i386\mspaint.exe
+ 2008-04-14 00:12:00 29,696 ------w c:\windows\ServicePackFiles\i386\mspatcha.dll
+ 2008-03-25 04:50:45 355,104 ------w c:\windows\ServicePackFiles\i386\mspbde40.dll
+ 2008-04-13 18:39:50 5,376 ------w c:\windows\ServicePackFiles\i386\mspclock.sys
+ 2008-04-13 18:39:51 4,992 ------w c:\windows\ServicePackFiles\i386\mspqm.sys
+ 2008-04-13 16:23:31 48,128 ------w c:\windows\ServicePackFiles\i386\msprivs.dll
+ 2008-04-14 00:12:00 146,432 ------w c:\windows\ServicePackFiles\i386\msrating.dll
+ 2008-03-25 04:50:47 432,928 ------w c:\windows\ServicePackFiles\i386\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 ------w c:\windows\ServicePackFiles\i386\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w c:\windows\ServicePackFiles\i386\msrepl40.dll
+ 2008-04-14 00:12:00 11,264 ------w c:\windows\ServicePackFiles\i386\msrle32.dll
+ 2008-04-14 00:12:00 134,656 ------w c:\windows\ServicePackFiles\i386\mssap.dll
+ 2008-04-14 00:12:00 155,136 ------w c:\windows\ServicePackFiles\i386\mssha.dll
+ 2008-04-13 18:14:58 76,800 ------w c:\windows\ServicePackFiles\i386\msshamsg.dll
+ 2008-04-13 18:36:46 15,488 ------w c:\windows\ServicePackFiles\i386\mssmbios.sys
+ 2008-04-14 00:12:00 274,432 ------w c:\windows\ServicePackFiles\i386\mst120.dll
+ 2008-04-14 00:12:00 57,344 ------w c:\windows\ServicePackFiles\i386\mst123.dll
+ 2008-04-13 18:46:08 49,024 ------w c:\windows\ServicePackFiles\i386\mstape.sys
+ 2008-04-14 00:12:00 274,944 ------w c:\windows\ServicePackFiles\i386\mstask.dll
+ 2008-04-13 18:39:50 5,504 ------w c:\windows\ServicePackFiles\i386\mstee.sys
+ 2008-03-25 04:50:55 264,992 ------w c:\windows\ServicePackFiles\i386\mstext40.dll
+ 2008-04-14 00:12:00 532,480 ------w c:\windows\ServicePackFiles\i386\mstime.dll
+ 2008-04-14 00:12:29 12,288 ------w c:\windows\ServicePackFiles\i386\mstinit.exe
+ 2008-04-14 00:12:00 116,224 ------w c:\windows\ServicePackFiles\i386\mstlsapi.dll
+ 2008-04-14 00:12:00 195,072 ------w c:\windows\ServicePackFiles\i386\msutb.dll
+ 2008-04-14 00:12:00 132,608 ------w c:\windows\ServicePackFiles\i386\msv1_0.dll
+ 2008-04-14 00:12:00 1,384,479 ------w c:\windows\ServicePackFiles\i386\msvbvm60.dll
+ 2008-04-14 00:12:01 57,344 ------w c:\windows\ServicePackFiles\i386\msvcirt.dll
+ 2008-04-14 00:12:01 413,696 ------w c:\windows\ServicePackFiles\i386\msvcp60.dll
+ 2008-04-14 00:12:01 343,040 ------w c:\windows\ServicePackFiles\i386\msvcrt.dll
+ 2008-04-13 18:30:46 61,440 ------w c:\windows\ServicePackFiles\i386\msvcrt40.dll
+ 2008-04-14 00:12:01 121,344 ------w c:\windows\ServicePackFiles\i386\msvfw32.dll
+ 2008-04-14 00:12:01 1,428,992 ------w c:\windows\ServicePackFiles\i386\msvidctl.dll
+ 2008-04-14 00:12:01 72,704 ------w c:\windows\ServicePackFiles\i386\msw3prt.dll
+ 2008-03-25 04:50:57 838,432 ------w c:\windows\ServicePackFiles\i386\mswdat10.dll
+ 2008-04-14 00:12:01 203,776 ------w c:\windows\ServicePackFiles\i386\mswebdvd.dll
+ 2008-04-14 00:12:01 245,248 ------w c:\windows\ServicePackFiles\i386\mswsock.dll
+ 2008-03-25 04:50:58 621,344 ------w c:\windows\ServicePackFiles\i386\mswstr10.dll
+ 2008-04-14 00:12:01 24,576 ------w c:\windows\ServicePackFiles\i386\msxactps.dll
+ 2008-03-25 04:50:58 355,104 ------w c:\windows\ServicePackFiles\i386\msxbde40.dll
+ 2008-04-14 00:12:01 506,368 ------w c:\windows\ServicePackFiles\i386\msxml.dll
+ 2008-04-14 00:12:01 701,440 ------w c:\windows\ServicePackFiles\i386\msxml2.dll
+ 2008-04-14 00:12:01 1,104,896 ------w c:\windows\ServicePackFiles\i386\msxml3.dll
+ 2008-04-14 00:12:01 16,896 ------w c:\windows\ServicePackFiles\i386\msyuv.dll
+ 2004-08-04 05:41:40 126,686 ------w c:\windows\ServicePackFiles\i386\mtlmnt5.sys
+ 2004-08-04 05:41:38 1,309,184 ------w c:\windows\ServicePackFiles\i386\mtlstrm.sys
+ 2008-04-14 00:12:29 119,808 ------w c:\windows\ServicePackFiles\i386\mtstocom.exe
+ 2008-04-14 00:12:01 66,560 ------w c:\windows\ServicePackFiles\i386\mtxclu.dll
+ 2008-04-14 00:12:01 30,720 ------w c:\windows\ServicePackFiles\i386\mtxdm.dll
+ 2008-04-14 00:12:01 4,096 ------w c:\windows\ServicePackFiles\i386\mtxex.dll
+ 2008-04-14 00:12:01 34,304 ------w c:\windows\ServicePackFiles\i386\mtxlegih.dll
+ 2008-04-14 00:12:01 91,648 ------w c:\windows\ServicePackFiles\i386\mtxoci.dll
+ 2008-04-14 00:12:01 1,737,856 ------w c:\windows\ServicePackFiles\i386\mtxparhd.dll
+ 2004-08-04 05:29:38 452,736 ------w c:\windows\ServicePackFiles\i386\mtxparhm.sys
+ 2008-04-14 00:12:29 90,624 ------w c:\windows\ServicePackFiles\i386\muisetup.exe
+ 2008-04-13 19:17:05 105,344 ------w c:\windows\ServicePackFiles\i386\mup.sys
+ 2008-04-13 18:43:55 12,672 ------w c:\windows\ServicePackFiles\i386\mutohpen.sys
+ 2008-04-14 00:12:01 90,624 ------w c:\windows\ServicePackFiles\i386\mydocs.dll
+ 2008-04-13 18:46:25 85,248 ------w c:\windows\ServicePackFiles\i386\nabtsfec.sys
+ 2008-04-14 00:12:01 221,184 ------w c:\windows\ServicePackFiles\i386\nac.dll
+ 2008-04-14 00:12:01 30,208 ------w c:\windows\ServicePackFiles\i386\napipsec.dll
+ 2008-04-14 00:12:01 193,024 ------w c:\windows\ServicePackFiles\i386\napmontr.dll
+ 2008-04-14 00:12:29 176,640 ------w c:\windows\ServicePackFiles\i386\napstat.exe
+ 2008-04-14 00:12:29 53,760 ------w c:\windows\ServicePackFiles\i386\narrator.exe
+ 2008-04-14 00:12:01 36,352 ------w c:\windows\ServicePackFiles\i386\ncobjapi.dll
+ 2008-04-14 00:12:01 47,104 ------w c:\windows\ServicePackFiles\i386\ncprov.dll
+ 2008-04-14 00:12:01 9,728 ------w c:\windows\ServicePackFiles\i386\ncpsres.dll
+ 2008-04-14 00:12:01 17,920 ------w c:\windows\ServicePackFiles\i386\nddeapi.dll
+ 2008-04-14 00:12:29 4,096 ------w c:\windows\ServicePackFiles\i386\nddeapir.exe
+ 2008-04-14 00:12:01 18,944 ------w c:\windows\ServicePackFiles\i386\nddenb32.dll
+ 2008-04-13 19:20:37 182,656 ------w c:\windows\ServicePackFiles\i386\ndis.sys
+ 2008-04-13 18:46:22 10,880 ------w c:\windows\ServicePackFiles\i386\ndisip.sys
+ 2008-04-14 00:12:01 57,344 ------w c:\windows\ServicePackFiles\i386\ndisnpp.dll
+ 2008-04-13 18:57:27 10,112 ------w c:\windows\ServicePackFiles\i386\ndistapi.sys
+ 2008-04-13 18:55:58 14,592 ------w c:\windows\ServicePackFiles\i386\ndisuio.sys
+ 2008-04-13 19:20:42 91,520 ------w c:\windows\ServicePackFiles\i386\ndiswan.sys
+ 2008-04-13 18:57:29 40,576 ------w c:\windows\ServicePackFiles\i386\ndproxy.sys
+ 2008-04-14 00:12:29 42,496 ------w c:\windows\ServicePackFiles\i386\net.exe
+ 2008-04-14 00:12:29 124,928 ------w c:\windows\ServicePackFiles\i386\net1.exe
+ 2008-04-14 00:12:01 337,408 ------w c:\windows\ServicePackFiles\i386\netapi32.dll
+ 2008-04-13 18:56:02 34,688 ------w c:\windows\ServicePackFiles\i386\netbios.sys
+ 2008-04-13 19:21:00 162,816 ------w c:\windows\ServicePackFiles\i386\netbt.sys
+ 2008-04-14 00:12:01 622,592 ------w c:\windows\ServicePackFiles\i386\netcfgx.dll
+ 2008-04-14 00:12:29 111,104 ------w c:\windows\ServicePackFiles\i386\netdde.exe
+ 2004-08-10 04:00:00 126,976 ------w c:\windows\ServicePackFiles\i386\netfxocm.dll
+ 2007-12-17 11:59:53 82,976 ------w c:\windows\ServicePackFiles\i386\netfxupdate.exe
+ 2008-04-14 00:12:01 139,264 ------w c:\windows\ServicePackFiles\i386\netid.dll
+ 2008-04-14 00:12:01 407,040 ------w c:\windows\ServicePackFiles\i386\netlogon.dll
+ 2008-04-14 00:12:01 198,144 ------w c:\windows\ServicePackFiles\i386\netman.dll
+ 2008-04-14 00:12:01 77,312 ------w c:\windows\ServicePackFiles\i386\netoc.dll
+ 2008-04-14 00:12:01 875,008 ------w c:\windows\ServicePackFiles\i386\netplwiz.dll
+ 2008-04-14 00:12:01 11,776 ------w c:\windows\ServicePackFiles\i386\netrap.dll
+ 2008-04-14 00:16:51 329,728 ------w c:\windows\ServicePackFiles\i386\netsetup.exe
+ 2008-04-14 00:12:29 86,016 ------w c:\windows\ServicePackFiles\i386\netsh.exe
+ 2008-04-14 00:12:02 1,703,936 ------w c:\windows\ServicePackFiles\i386\netshell.dll
+ 2008-04-14 00:12:29 36,864 ------w c:\windows\ServicePackFiles\i386\netstat.exe
+ 2008-04-14 00:12:02 80,896 ------w c:\windows\ServicePackFiles\i386\netui0.dll
+ 2008-04-14 00:12:02 245,760 ------w c:\windows\ServicePackFiles\i386\netui1.dll
+ 2004-08-04 05:31:42 132,695 ------w c:\windows\ServicePackFiles\i386\netwlan5.sys
+ 2008-04-14 00:12:02 247,808 ------w c:\windows\ServicePackFiles\i386\newdev.dll
+ 2004-08-04 04:12:20 147,456 ------w c:\windows\ServicePackFiles\i386\ngen.exe
+ 2008-04-13 18:51:25 61,824 ------w c:\windows\ServicePackFiles\i386\nic1394.sys
+ 2008-04-14 00:12:02 98,304 ------w c:\windows\ServicePackFiles\i386\nlhtml.dll
+ 2008-04-14 00:12:02 229,376 ------w c:\windows\ServicePackFiles\i386\nmas.dll
+ 2008-04-14 00:12:02 28,672 ------w c:\windows\ServicePackFiles\i386\nmasnt.dll
+ 2008-04-14 00:12:02 81,920 ------w c:\windows\ServicePackFiles\i386\nmchat.dll
+ 2008-04-14 00:12:02 77,824 ------w c:\windows\ServicePackFiles\i386\nmcom.dll
+ 2008-04-14 00:12:02 151,552 ------w c:\windows\ServicePackFiles\i386\nmft.dll
+ 2008-04-14 00:12:02 28,672 ------w c:\windows\ServicePackFiles\i386\nmmkcert.dll
+ 2008-04-13 18:53:09 40,320 ------w c:\windows\ServicePackFiles\i386\nmnt.sys
+ 2008-04-14 00:12:02 172,032 ------w c:\windows\ServicePackFiles\i386\nmoldwb.dll
+ 2008-04-14 00:12:02 188,416 ------w c:\windows\ServicePackFiles\i386\nmwb.dll
+ 2008-04-14 00:12:29 69,120 ------w c:\windows\ServicePackFiles\i386\notepad.exe
+ 2008-04-13 18:32:39 30,848 ------w c:\windows\ServicePackFiles\i386\npfs.sys
+ 2008-04-14 00:12:29 15,360 ------w c:\windows\ServicePackFiles\i386\nppagent.exe
+ 2008-04-14 00:12:02 54,784 ------w c:\windows\ServicePackFiles\i386\npptools.dll
+ 2008-04-13 18:54:36 28,672 ------w c:\windows\ServicePackFiles\i386\nscirda.sys
+ 2008-04-14 00:12:02 44,544 ------w c:\windows\ServicePackFiles\i386\nsepm.dll
+ 2008-04-14 00:12:29 76,800 ------w c:\windows\ServicePackFiles\i386\nslookup.exe
+ 2008-04-14 00:12:30 1,200,640 ------w c:\windows\ServicePackFiles\i386\ntbackup.exe
+ 2004-08-09 21:00:00 47,564 ------w c:\windows\ServicePackFiles\i386\ntdetect.com
+ 2008-04-14 00:11:24 706,048 ------w c:\windows\ServicePackFiles\i386\ntdll.dll
+ 2008-04-14 00:12:02 67,072 ------w c:\windows\ServicePackFiles\i386\ntdsapi.dll
+ 2008-04-14 00:12:02 212,992 ------w c:\windows\ServicePackFiles\i386\ntevt.dll
+ 2008-04-13 19:15:53 574,976 ------w c:\windows\ServicePackFiles\i386\ntfs.sys
+ 2004-08-10 04:00:00 33,840 ------w c:\windows\ServicePackFiles\i386\ntio.sys
+ 2004-08-10 04:00:00 34,560 ------w c:\windows\ServicePackFiles\i386\ntio404.sys
+ 2004-08-10 04:00:00 35,648 ------w c:\windows\ServicePackFiles\i386\ntio411.sys
+ 2004-08-10 04:00:00 35,424 ------w c:\windows\ServicePackFiles\i386\ntio412.sys
+ 2004-08-10 04:00:00 34,560 ------w c:\windows\ServicePackFiles\i386\ntio804.sys
+ 2008-04-13 19:24:37 2,145,280 ------w c:\windows\ServicePackFiles\i386\ntkrnlmp.exe
+ 2008-04-13 18:31:21 2,065,792 ------w c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
+ 2008-04-13 18:31:21 2,023,936 ------w c:\windows\ServicePackFiles\i386\ntkrpamp.exe
+ 2008-04-14 00:12:02 44,032 ------w c:\windows\ServicePackFiles\i386\ntlanman.dll
+ 2008-04-14 00:12:02 8,192 ------w c:\windows\ServicePackFiles\i386\ntlsapi.dll
+ 2008-04-14 00:12:02 118,784 ------w c:\windows\ServicePackFiles\i386\ntmarta.dll
+ 2008-04-14 00:12:02 40,960 ------w c:\windows\ServicePackFiles\i386\ntmsapi.dll
+ 2008-04-14 00:12:02 179,200 ------w c:\windows\ServicePackFiles\i386\ntmsdba.dll
+ 2008-04-14 00:12:02 488,448 ------w c:\windows\ServicePackFiles\i386\ntmsmgr.dll
+ 2008-04-14 00:12:02 435,200 ------w c:\windows\ServicePackFiles\i386\ntmssvc.dll
+ 2004-08-04 05:41:40 180,360 ------w c:\windows\ServicePackFiles\i386\ntmtlfax.sys
+ 2008-04-14 00:12:02 62,976 ------w c:\windows\ServicePackFiles\i386\ntoc.dll
+ 2008-04-13 19:27:53 2,188,928 ------w c:\windows\ServicePackFiles\i386\ntoskrnl.exe
+ 2008-04-14 00:12:02 91,136 ------w c:\windows\ServicePackFiles\i386\ntprint.dll
+ 2008-04-14 00:12:02 143,360 ------w c:\windows\ServicePackFiles\i386\ntshrui.dll
+ 2008-04-14 00:12:30 420,864 ------w c:\windows\ServicePackFiles\i386\ntvdm.exe
+ 2008-04-14 00:12:02 15,360 ------w c:\windows\ServicePackFiles\i386\ntvdmd.dll
+ 2008-04-14 00:12:02 4,274,816 ------w c:\windows\ServicePackFiles\i386\nv4_disp.dll
+ 2004-08-04 05:29:56 1,897,408 ------w c:\windows\ServicePackFiles\i386\nv4_mini.sys
+ 2008-04-14 00:12:02 64,000 ------w c:\windows\ServicePackFiles\i386\nwapi32.dll
+ 2008-04-13 18:56:06 88,320 ------w c:\windows\ServicePackFiles\i386\nwlnkipx.sys
+ 2008-04-14 00:12:02 142,336 ------w c:\windows\ServicePackFiles\i386\nwprovau.dll
+ 2008-04-13 18:34:12 163,584 ------w c:\windows\ServicePackFiles\i386\nwrdr.sys
+ 2008-04-14 00:12:02 65,536 ------w c:\windows\ServicePackFiles\i386\nwwks.dll
+ 2008-04-14 00:12:02 270,336 ------w c:\windows\ServicePackFiles\i386\oakley.dll
+ 2008-04-14 00:10:30 229,376 ------w c:\windows\ServicePackFiles\i386\obelog.dll
+ 2008-04-14 00:10:30 966,656 ------w c:\windows\ServicePackFiles\i386\obemetal.dll
+ 2007-04-02 18:44:11 77,824 ------w c:\windows\ServicePackFiles\i386\obemtllc.dll
+ 2008-04-14 00:10:30 86,016 ------w c:\windows\ServicePackFiles\i386\obepopc.dll
+ 2008-04-14 00:12:02 286,208 ------w c:\windows\ServicePackFiles\i386\objsel.dll
+ 2008-04-13 18:40:07 393,728 ------w c:\windows\ServicePackFiles\i386\obrb0401.dll
+ 2008-04-13 18:40:23 212,480 ------w c:\windows\ServicePackFiles\i386\obrb0404.dll
+ 2008-04-13 18:40:24 428,032 ------w c:\windows\ServicePackFiles\i386\obrb0405.dll
+ 2008-04-13 18:40:27 418,816 ------w c:\windows\ServicePackFiles\i386\obrb0406.dll
+ 2008-04-13 18:40:34 403,456 ------w c:\windows\ServicePackFiles\i386\obrb0407.dll
+ 2008-04-13 18:40:30 419,328 ------w c:\windows\ServicePackFiles\i386\obrb0408.dll
+ 2008-04-13 18:40:32 405,504 ------w c:\windows\ServicePackFiles\i386\obrb040b.dll
+ 2008-04-13 18:40:33 410,624 ------w c:\windows\ServicePackFiles\i386\obrb040c.dll
+ 2008-04-13 18:40:32 384,000 ------w c:\windows\ServicePackFiles\i386\obrb040d.dll
+ 2008-04-13 18:40:39 434,176 ------w c:\windows\ServicePackFiles\i386\obrb040e.dll
+ 2008-04-13 18:40:39 413,696 ------w c:\windows\ServicePackFiles\i386\obrb0410.dll
+ 2008-04-13 18:40:44 275,456 ------w c:\windows\ServicePackFiles\i386\obrb0411.dll
+ 2008-04-13 18:40:48 306,688 ------w c:\windows\ServicePackFiles\i386\obrb0412.dll
+ 2008-04-13 18:40:44 401,920 ------w c:\windows\ServicePackFiles\i386\obrb0413.dll
+ 2008-04-13 18:40:44 353,792 ------w c:\windows\ServicePackFiles\i386\obrb0414.dll
+ 2008-04-13 18:40:47 391,680 ------w c:\windows\ServicePackFiles\i386\obrb0415.dll
+ 2008-04-13 18:40:10 409,600 ------w c:\windows\ServicePackFiles\i386\obrb0416.dll
+ 2008-04-13 18:40:50 427,008 ------w c:\windows\ServicePackFiles\i386\obrb0419.dll
+ 2008-04-13 18:40:52 405,504 ------w c:\windows\ServicePackFiles\i386\obrb041b.dll
+ 2008-04-13 18:40:56 363,008 ------w c:\windows\ServicePackFiles\i386\obrb041d.dll
+ 2008-04-13 18:41:00 390,144 ------w c:\windows\ServicePackFiles\i386\obrb041f.dll
+ 2008-04-13 18:40:56 408,576 ------w c:\windows\ServicePackFiles\i386\obrb0424.dll
+ 2008-04-13 18:40:24 270,336 ------w c:\windows\ServicePackFiles\i386\obrb0804.dll
+ 2008-04-13 18:40:48 435,200 ------w c:\windows\ServicePackFiles\i386\obrb0816.dll
+ 2008-04-13 18:40:30 446,464 ------w c:\windows\ServicePackFiles\i386\obrb0c0a.dll
+ 2008-04-14 00:12:02 96,256 ------w c:\windows\ServicePackFiles\i386\occache.dll
+ 2008-04-14 00:12:02 15,360 ------w c:\windows\ServicePackFiles\i386\ocgen.dll
+ 2008-04-14 00:12:02 67,584 ------w c:\windows\ServicePackFiles\i386\ocmanage.dll
+ 2008-04-14 00:12:02 17,408 ------w c:\windows\ServicePackFiles\i386\ocmsn.dll
+ 2004-08-10 04:00:00 26,224 ------w c:\windows\ServicePackFiles\i386\odbc16gt.dll
+ 2008-04-14 00:12:02 249,856 ------w c:\windows\ServicePackFiles\i386\odbc32.dll
+ 2008-04-14 00:12:02 16,384 ------w c:\windows\ServicePackFiles\i386\odbc32gt.dll
+ 2008-04-14 00:12:30 32,768 ------w c:\windows\ServicePackFiles\i386\odbcad32.exe
+ 2008-04-14 00:12:02 24,576 ------w c:\windows\ServicePackFiles\i386\odbcbcp.dll
+ 2008-04-14 00:12:02 135,168 ------w c:\windows\ServicePackFiles\i386\odbcconf.dll
+ 2008-04-14 00:12:30 69,632 ------w c:\windows\ServicePackFiles\i386\odbcconf.exe
+ 2008-04-14 00:12:02 106,496 ------w c:\windows\ServicePackFiles\i386\odbccp32.dll
+ 2008-04-14 00:12:02 65,536 ------w c:\windows\ServicePackFiles\i386\odbccr32.dll
+ 2008-04-14 00:12:02 65,536 ------w c:\windows\ServicePackFiles\i386\odbccu32.dll
+ 2008-04-13 17:26:05 94,208 ------w c:\windows\ServicePackFiles\i386\odbcint.dll
+ 2008-04-14 00:10:31 53,279 ------w c:\windows\ServicePackFiles\i386\odbcji32.dll
+ 2008-04-14 00:12:02 278,559 ------w c:\windows\ServicePackFiles\i386\odbcjt32.dll
+ 2008-04-13 17:26:05 12,288 ------w c:\windows\ServicePackFiles\i386\odbcp32r.dll
+ 2008-04-14 00:12:02 147,456 ------w c:\windows\ServicePackFiles\i386\odbctrac.dll
+ 2008-04-14 00:12:02 20,511 ------w c:\windows\ServicePackFiles\i386\oddbse32.dll
+ 2008-04-14 00:12:02 20,510 ------w c:\windows\ServicePackFiles\i386\odexl32.dll
+ 2008-04-14 00:12:02 20,510 ------w c:\windows\ServicePackFiles\i386\odfox32.dll
+ 2008-04-14 00:12:02 20,510 ------w c:\windows\ServicePackFiles\i386\odpdx32.dll
+ 2008-04-14 00:12:02 20,511 ------w c:\windows\ServicePackFiles\i386\odtext32.dll
+ 2008-04-14 00:12:02 104,448 ------w c:\windows\ServicePackFiles\i386\oeimport.dll
+ 2008-04-14 00:12:30 60,416 ------w c:\windows\ServicePackFiles\i386\oemig50.exe
+ 2008-04-14 00:12:02 35,328 ------w c:\windows\ServicePackFiles\i386\oemiglib.dll
+ 2008-04-14 00:12:02 192,000 ------w c:\windows\ServicePackFiles\i386\offfilt.dll
+ 2008-04-13 18:46:18 61,696 ------w c:\windows\ServicePackFiles\i386\ohci1394.sys
+ 2008-04-14 00:12:02 1,287,168 ------w c:\windows\ServicePackFiles\i386\ole32.dll
+ 2008-04-14 00:12:02 551,936 ------w c:\windows\ServicePackFiles\i386\oleaut32.dll
+ 2008-04-14 00:12:02 74,752 ------w c:\windows\ServicePackFiles\i386\olecli32.dll
+ 2008-04-14 00:12:02 37,376 ------w c:\windows\ServicePackFiles\i386\olecnv32.dll
+ 2008-04-14 00:12:02 487,424 ------w c:\windows\ServicePackFiles\i386\oledb32.dll
+ 2008-04-14 00:12:02 65,536 ------w c:\windows\ServicePackFiles\i386\oledb32r.dll
+ 2008-04-14 00:12:02 122,880 ------w c:\windows\ServicePackFiles\i386\oledlg.dll
+ 2008-04-14 00:12:02 107,008 ------w c:\windows\ServicePackFiles\i386\oleprn.dll
+ 2008-04-14 00:12:02 84,992 ------w c:\windows\ServicePackFiles\i386\olepro32.dll
+ 2008-04-14 00:12:02 144,384 ------w c:\windows\ServicePackFiles\i386\onex.dll
+ 2008-04-14 00:12:31 51,200 ------w c:\windows\ServicePackFiles\i386\oobebaln.exe
+ 2008-04-14 00:12:02 713,728 ------w c:\windows\ServicePackFiles\i386\opengl32.dll
+ 2008-04-14 00:12:31 67,584 ------w c:\windows\ServicePackFiles\i386\opnfiles.exe
+ 2008-04-13 18:32:32 166,912 ------w c:\windows\ServicePackFiles\i386\oschoice.exe
+ 2008-04-14 00:12:31 215,552 ------w c:\windows\ServicePackFiles\i386\osk.exe
+ 2008-04-13 18:31:43 230,400 ------w c:\windows\ServicePackFiles\i386\osloader.exe
+ 2008-04-14 00:12:02 67,584 ------w c:\windows\ServicePackFiles\i386\osuninst.dll
+ 2008-04-14 00:12:02 153,600 ------w c:\windows\ServicePackFiles\i386\p2p.dll
+ 2008-04-14 00:12:02 105,472 ------w c:\windows\ServicePackFiles\i386\p2pgasvc.dll
+ 2008-04-14 00:12:02 313,856 ------w c:\windows\ServicePackFiles\i386\p2pgraph.dll
+ 2008-04-14 00:12:02 115,712 ------w c:\windows\ServicePackFiles\i386\p2pnetsh.dll
+ 2008-04-14 00:12:02 554,496 ------w c:\windows\ServicePackFiles\i386\p2psvc.dll
+ 2008-04-13 18:31:31 42,752 ------w c:\windows\ServicePackFiles\i386\p3.sys
+ 2008-04-14 00:12:31 58,368 ------w c:\windows\ServicePackFiles\i386\packager.exe
+ 2008-04-13 18:40:10 80,128 ------w c:\windows\ServicePackFiles\i386\parport.sys
+ 2008-04-13 18:40:49 19,712 ------w c:\windows\ServicePackFiles\i386\partmgr.sys
+ 2008-04-14 00:12:02 67,584 ------w c:\windows\ServicePackFiles\i386\pautoenr.dll
+ 2004-08-04 05:31:24 29,502 ------w c:\windows\ServicePackFiles\i386\pca200e.sys
+ 2008-04-14 00:12:02 102,912 ------w c:\windows\ServicePackFiles\i386\pchshell.dll
+ 2008-04-14 00:12:02 38,400 ------w c:\windows\ServicePackFiles\i386\pchsvc.dll
+ 2008-04-13 18:36:44 68,224 ------w c:\windows\ServicePackFiles\i386\pci.sys
+ 2008-04-13 18:40:29 24,960 ------w c:\windows\ServicePackFiles\i386\pciidex.sys
+ 2007-05-15 08:08:11 288,768 ------w c:\windows\ServicePackFiles\i386\pcl4res.dll
+ 2007-05-15 08:08:13 1,058,816 ------w c:\windows\ServicePackFiles\i386\pcl5eres.dll
+ 2007-05-15 08:08:14 1,057,280 ------w c:\windows\ServicePackFiles\i386\pcl5ures.dll
+ 2007-05-15 08:08:14 207,872 ------w c:\windows\ServicePackFiles\i386\pclxl.dll
+ 2008-04-13 18:36:43 120,192 ------w c:\windows\ServicePackFiles\i386\pcmcia.sys
+ 2004-08-04 05:06:18 169,984 ------w c:\windows\ServicePackFiles\i386\pcx500.sys
+ 2008-04-14 00:12:02 284,160 ------w c:\windows\ServicePackFiles\i386\pdh.dll
+ 2004-08-04 04:12:20 20,480 ------w c:\windows\ServicePackFiles\i386\perfcounter.dll
+ 2008-04-14 00:12:02 39,936 ------w c:\windows\ServicePackFiles\i386\perfctrs.dll
+ 2008-04-14 00:12:02 26,624 ------w c:\windows\ServicePackFiles\i386\perfdisk.dll
+ 2008-04-14 00:12:31 15,872 ------w c:\windows\ServicePackFiles\i386\perfmon.exe
+ 2008-04-14 00:12:02 17,920 ------w c:\windows\ServicePackFiles\i386\perfnet.dll
+ 2008-04-14 00:12:02 25,088 ------w c:\windows\ServicePackFiles\i386\perfos.dll
+ 2008-04-14 00:12:02 34,816 ------w c:\windows\ServicePackFiles\i386\perfproc.dll
+ 2008-04-13 18:44:29 27,904 ------w c:\windows\ServicePackFiles\i386\perm2.sys
+ 2008-04-14 00:10:34 211,584 ------w c:\windows\ServicePackFiles\i386\perm2dll.dll
+ 2008-04-13 18:44:30 28,032 ------w c:\windows\ServicePackFiles\i386\perm3.sys
+ 2008-04-14 00:10:34 259,328 ------w c:\windows\ServicePackFiles\i386\perm3dd.dll
+ 2008-04-14 00:12:02 176,128 ------w c:\windows\ServicePackFiles\i386\photowiz.dll
+ 2008-04-14 00:12:02 35,328 ------w c:\windows\ServicePackFiles\i386\pid.dll
+ 2008-04-14 00:11:09 24,064 ------w c:\windows\ServicePackFiles\i386\pidgen.dll
+ 2008-04-14 00:12:31 281,088 ------w c:\windows\ServicePackFiles\i386\pinball.exe
+ 2008-04-14 00:12:31 17,920 ------w c:\windows\ServicePackFiles\i386\ping.exe
+ 2008-04-14 00:12:02 15,360 ------w c:\windows\ServicePackFiles\i386\pjlmon.dll
+ 2008-04-14 00:12:02 44,544 ------w c:\windows\ServicePackFiles\i386\plotter.dll
+ 2008-04-14 00:12:02 52,736 ------w c:\windows\ServicePackFiles\i386\plotui.dll
+ 2008-04-14 00:12:02 412,160 ------w c:\windows\ServicePackFiles\i386\pmh.dll
+ 2008-04-14 00:12:02 39,424 ------w c:\windows\ServicePackFiles\i386\pngfilt.dll
+ 2008-04-14 00:12:02 58,880 ------w c:\windows\ServicePackFiles\i386\pnrpnsp.dll
+ 2008-04-14 00:12:02 92,672 ------w c:\windows\ServicePackFiles\i386\policman.dll
+ 2008-04-14 00:12:02 105,472 ------w c:\windows\ServicePackFiles\i386\polstore.dll
+ 2008-04-13 19:19:41 146,048 ------w c:\windows\ServicePackFiles\i386\portcls.sys
+ 2008-04-14 00:12:31 49,152 ------w c:\windows\ServicePackFiles\i386\powercfg.exe
+ 2008-04-13 18:40:56 8,832 ------w c:\windows\ServicePackFiles\i386\powerfil.sys
+ 2008-04-14 00:12:03 17,408 ------w c:\windows\ServicePackFiles\i386\powrprof.dll
+ 2008-04-13 18:41:00 17,664 ------w c:\windows\ServicePackFiles\i386\ppa3.sys
+ 2008-04-14 00:12:03 560,640 ------w c:\windows\ServicePackFiles\i386\printui.dll
+ 2008-04-13 18:31:30 35,840 ------w c:\windows\ServicePackFiles\i386\processr.sys
+ 2008-04-14 00:12:03 27,648 ------w c:\windows\ServicePackFiles\i386\profmap.dll
+ 2008-04-14 00:12:31 109,568 ------w c:\windows\ServicePackFiles\i386\progman.exe
+ 2008-04-14 00:12:32 50,176 ------w c:\windows\ServicePackFiles\i386\proquota.exe
+ 2008-04-14 00:12:03 237,056 ------w c:\windows\ServicePackFiles\i386\provthrd.dll
+ 2008-04-14 00:12:32 9,216 ------w c:\windows\ServicePackFiles\i386\proxycfg.exe
+ 2008-04-14 00:12:03 728,576 ------w c:\windows\ServicePackFiles\i386\ps5ui.dll
+ 2008-04-14 00:12:03 23,040 ------w c:\windows\ServicePackFiles\i386\psapi.dll
+ 2008-04-14 00:12:03 96,768 ------w c:\windows\ServicePackFiles\i386\psbase.dll
+ 2008-04-13 18:56:38 69,120 ------w c:\windows\ServicePackFiles\i386\psched.sys
+ 2008-04-14 00:12:03 543,232 ------w c:\windows\ServicePackFiles\i386\pscript5.dll
+ 2008-04-14 00:12:03 363,520 ------w c:\windows\ServicePackFiles\i386\psisdecd.dll
+ 2008-04-14 00:12:03 43,520 ------w c:\windows\ServicePackFiles\i386\pstorec.dll
+ 2008-04-14 00:12:03 34,304 ------w c:\windows\ServicePackFiles\i386\pstorsvc.dll
+ 2008-04-14 00:12:03 159,232 ------w c:\windows\ServicePackFiles\i386\ptpusd.dll
+ 2008-04-14 00:12:03 7,680 ------w c:\windows\ServicePackFiles\i386\pwsdata.dll
+ 2008-04-14 00:12:03 150,528 ------w c:\windows\ServicePackFiles\i386\qagent.dll
+ 2008-04-14 00:12:03 291,328 ------w c:\windows\ServicePackFiles\i386\qagentrt.dll
+ 2008-04-14 00:12:03 237,568 ------w c:\windows\ServicePackFiles\i386\qasf.dll
+ 2008-04-14 00:12:03 192,512 ------w c:\windows\ServicePackFiles\i386\qcap.dll
+ 2008-04-14 00:12:03 62,464 ------w c:\windows\ServicePackFiles\i386\qcliprov.dll
+ 2008-04-14 00:12:03 279,040 ------w c:\windows\ServicePackFiles\i386\qdv.dll
+ 2008-04-14 00:12:03 386,048 ------w c:\windows\ServicePackFiles\i386\qdvd.dll
+ 2008-04-14 00:12:03 562,176 ------w c:\windows\ServicePackFiles\i386\qedit.dll
+ 2008-04-13 17:21:32 733,696 ------w c:\windows\ServicePackFiles\i386\qedwipes.dll
+ 2008-04-13 18:40:52 6,016 ------w c:\windows\ServicePackFiles\i386\qic157.sys
+ 2008-04-14 00:12:03 409,088 ------w c:\windows\ServicePackFiles\i386\qmgr.dll
+ 2008-04-14 00:12:03 18,944 ------w c:\windows\ServicePackFiles\i386\qmgrprxy.dll
+ 2008-04-14 00:12:32 19,968 ------w c:\windows\ServicePackFiles\i386\qprocess.exe
+ 2008-04-14 00:12:03 1,288,192 ------w c:\windows\ServicePackFiles\i386\quartz.dll
+ 2008-04-14 00:12:03 1,435,648 ------w c:\windows\ServicePackFiles\i386\query.dll
+ 2008-04-14 00:12:03 76,800 ------w c:\windows\ServicePackFiles\i386\qutil.dll
+ 2008-04-14 00:12:03 43,520 ------w c:\windows\ServicePackFiles\i386\racpldlg.dll
+ 2008-04-13 18:41:23 20,736 ------w c:\windows\ServicePackFiles\i386\ramdisk.sys
+ 2008-04-14 00:12:03 7,680 ------w c:\windows\ServicePackFiles\i386\rasadhlp.dll
+ 2008-04-14 00:12:03 237,056 ------w c:\windows\ServicePackFiles\i386\rasapi32.dll
+ 2008-04-14 00:12:03 88,576 ------w c:\windows\ServicePackFiles\i386\rasauto.dll
+ 2008-04-14 00:12:03 79,872 ------w c:\windows\ServicePackFiles\i386\raschap.dll
+ 2008-04-14 00:12:03 658,432 ------w c:\windows\ServicePackFiles\i386\rasdlg.dll
+ 2008-04-13 19:19:43 51,328 ------w c:\windows\ServicePackFiles\i386\rasl2tp.sys
+ 2008-04-14 00:12:03 61,440 ------w c:\windows\ServicePackFiles\i386\rasman.dll
+ 2008-04-14 00:12:03 186,368 ------w c:\windows\ServicePackFiles\i386\rasmans.dll
+ 2008-04-14 00:12:32 56,832 ------w c:\windows\ServicePackFiles\i386\rasphone.exe
+ 2008-04-14 00:12:03 210,944 ------w c:\windows\ServicePackFiles\i386\rasppp.dll
+ 2008-04-13 18:57:32 41,472 ------w c:\windows\ServicePackFiles\i386\raspppoe.sys
+ 2008-04-13 19:19:48 48,384 ------w c:\windows\ServicePackFiles\i386\raspptp.sys
+ 2008-04-14 00:12:03 61,952 ------w c:\windows\ServicePackFiles\i386\rasqec.dll
+ 2008-04-14 00:12:03 16,384 ------w c:\windows\ServicePackFiles\i386\rassapi.dll
+ 2008-04-14 00:12:03 58,368 ------w c:\windows\ServicePackFiles\i386\rastapi.dll
+ 2008-04-14 00:12:03 150,016 ------w c:\windows\ServicePackFiles\i386\rastls.dll
+ 2008-04-14 00:12:03 102,400 ------w c:\windows\ServicePackFiles\i386\rcbdyctl.dll
+ 2008-04-14 00:12:32 35,840 ------w c:\windows\ServicePackFiles\i386\rcimlby.exe
+ 2008-04-14 00:12:32 21,504 ------w c:\windows\ServicePackFiles\i386\rcp.exe
+ 2008-04-13 19:28:39 175,744 ------w c:\windows\ServicePackFiles\i386\rdbss.sys
+ 2008-04-14 00:12:03 147,968 ------w c:\windows\ServicePackFiles\i386\rdchost.dll
+ 2008-04-14 00:12:32 62,976 ------w c:\windows\ServicePackFiles\i386\rdpclip.exe
+ 2008-04-14 00:13:22 92,424 ------w c:\windows\ServicePackFiles\i386\rdpdd.dll
+ 2008-04-13 18:32:51 196,224 ------w c:\windows\ServicePackFiles\i386\rdpdr.sys
+ 2008-04-14 00:12:04 19,968 ------w c:\windows\ServicePackFiles\i386\rdpsnd.dll
+ 2008-04-14 00:13:22 139,656 ------w c:\windows\ServicePackFiles\i386\rdpwd.sys
+ 2008-04-14 00:13:22 87,176 ------w c:\windows\ServicePackFiles\i386\rdpwsx.dll
+ 2008-04-14 00:12:32 13,824 ------w c:\windows\ServicePackFiles\i386\rdsaddin.exe
+ 2008-04-14 00:12:32 67,072 ------w c:\windows\ServicePackFiles\i386\rdshost.exe
+ 2004-08-04 05:41:40 13,776 ------w c:\windows\ServicePackFiles\i386\recagent.sys
+ 2008-04-13 18:40:27 57,600 ------w c:\windows\ServicePackFiles\i386\redbook.sys
+ 2004-08-10 04:00:00 3,338 ------w c:\windows\ServicePackFiles\i386\redir.exe
+ 2008-04-14 00:12:32 50,176 ------w c:\windows\ServicePackFiles\i386\reg.exe
+ 2008-04-14 00:12:04 49,664 ------w c:\windows\ServicePackFiles\i386\regapi.dll
+ 2004-07-20 00:54:16 28,672 ------w c:\windows\ServicePackFiles\i386\regasm.exe
+ 2004-07-20 00:54:16 32,768 ------w c:\windows\ServicePackFiles\i386\regcode.dll
+ 2008-04-14 00:12:32 146,432 ------w c:\windows\ServicePackFiles\i386\regedit.exe
+ 2008-04-14 00:12:04 59,904 ------w c:\windows\ServicePackFiles\i386\regsvc.dll
+ 2004-07-20 00:54:16 11,264 ------w c:\windows\ServicePackFiles\i386\regsvcs.exe
+ 2008-04-14 00:12:32 11,776 ------w c:\windows\ServicePackFiles\i386\regsvr32.exe
+ 2008-04-14 00:12:04 397,824 ------w c:\windows\ServicePackFiles\i386\regwizc.dll
+ 2008-04-14 00:12:04 60,416 ------w c:\windows\ServicePackFiles\i386\remotepg.dll
+ 2008-04-14 00:12:04 178,176 ------w c:\windows\ServicePackFiles\i386\repdrvfs.dll
+ 2008-04-14 00:12:04 58,880 ------w c:\windows\ServicePackFiles\i386\resutils.dll
+ 2008-04-14 00:12:33 13,824 ------w c:\windows\ServicePackFiles\i386\rexec.exe
+ 2008-04-13 18:46:32 59,136 ------w c:\windows\ServicePackFiles\i386\rfcomm.sys
+ 2008-04-14 00:12:04 290,304 ------w c:\windows\ServicePackFiles\i386\rhttpaa.dll
+ 2008-04-14 00:12:04 123,392 ------w c:\windows\ServicePackFiles\i386\riafres.dll
+ 2008-04-14 00:12:04 11,776 ------w c:\windows\ServicePackFiles\i386\riafui1.dll
+ 2008-04-14 00:12:04 11,776 ------w c:\windows\ServicePackFiles\i386\riafui2.dll
+ 2008-04-14 00:12:04 433,664 ------w c:\windows\ServicePackFiles\i386\riched20.dll
+ 2008-04-13 18:55:08 202,624 ------w c:\windows\ServicePackFiles\i386\rmcast.sys
+ 2008-04-13 18:56:49 30,592 ------w c:\windows\ServicePackFiles\i386\rndismp.sys
+ 2008-04-13 18:56:49 30,592 ------w c:\windows\ServicePackFiles\i386\rndismpx.sys
+ 2008-04-13 18:40:14 79,104 ------w c:\windows\ServicePackFiles\i386\rocket.sys
+ 2008-04-14 00:12:04 4,096 ------w c:\windows\ServicePackFiles\i386\rpcref.dll
+ 2008-04-14 00:12:04 584,704 ------w c:\windows\ServicePackFiles\i386\rpcrt4.dll
+ 2008-04-14 00:12:04 399,360 ------w c:\windows\ServicePackFiles\i386\rpcss.dll
+ 2008-04-14 00:12:04 61,440 ------w c:\windows\ServicePackFiles\i386\rrcm.dll
+ 2008-04-13 17:37:57 208,384 ------w c:\windows\ServicePackFiles\i386\rsaenh.dll
+ 2008-04-14 00:12:33 14,848 ------w c:\windows\ServicePackFiles\i386\rsh.exe
+ 2008-04-14 00:12:04 39,936 ------w c:\windows\ServicePackFiles\i386\rshx32.dll
+ 2008-04-14 00:12:04 18,944 ------w c:\windows\ServicePackFiles\i386\rsmps.dll
+ 2008-04-14 00:12:33 107,520 ------w c:\windows\ServicePackFiles\i386\rsnotify.exe
+ 2008-04-14 00:12:33 380,416 ------w c:\windows\ServicePackFiles\i386\rstrui.exe
+ 2008-04-14 00:12:04 92,672 ------w c:\windows\ServicePackFiles\i386\rsvpsp.dll
+ 2008-04-14 00:12:33 77,312 ------w c:\windows\ServicePackFiles\i386\rtcshare.exe
+ 2008-04-14 00:12:04 31,744 ------w c:\windows\ServicePackFiles\i386\rtipxmib.dll
+ 2004-08-03 21:31:34 20,992 ------w c:\windows\ServicePackFiles\i386\rtl8139.sys
+ 2008-04-14 00:12:04 44,032 ------w c:\windows\ServicePackFiles\i386\rtutils.dll
+ 2008-04-14 00:12:33 33,280 ------w c:\windows\ServicePackFiles\i386\rundll32.exe
+ 2008-04-14 00:12:33 14,336 ------w c:\windows\ServicePackFiles\i386\runonce.exe
+ 2008-04-14 00:12:04 27,648 ------w c:\windows\ServicePackFiles\i386\rw001ext.dll
+ 2008-04-14 00:12:04 29,184 ------w c:\windows\ServicePackFiles\i386\rw330ext.dll
+ 2008-04-14 00:12:04 27,648 ------w c:\windows\ServicePackFiles\i386\rw430ext.dll
+ 2008-04-14 00:12:04 29,696 ------w c:\windows\ServicePackFiles\i386\rw450ext.dll
+ 2008-04-14 00:12:04 9,728 ------w c:\windows\ServicePackFiles\i386\rwnh.dll
+ 2008-04-14 00:12:04 397,056 ------w c:\windows\ServicePackFiles\i386\s3gnb.dll
+ 2004-08-04 05:29:52 166,912 ------w c:\windows\ServicePackFiles\i386\s3gnbm.sys
+ 2008-04-14 00:12:04 43,520 ------w c:\windows\ServicePackFiles\i386\safrcdlg.dll
+ 2008-04-14 00:12:04 29,696 ------w c:\windows\ServicePackFiles\i386\safrdm.dll
+ 2008-04-14 00:12:04 45,568 ------w c:\windows\ServicePackFiles\i386\safrslv.dll
+ 2008-04-14 00:12:04 64,000 ------w c:\windows\ServicePackFiles\i386\samlib.dll
+ 2008-04-14 00:12:04 415,744 ------w c:\windows\ServicePackFiles\i386\samsrv.dll
+ 2008-04-14 00:12:04 741,376 ------w c:\windows\ServicePackFiles\i386\sapi.dll
+ 2008-04-14 00:12:33 13,312 ------w c:\windows\ServicePackFiles\i386\savedump.exe
+ 2008-04-14 00:12:04 270,848 ------w c:\windows\ServicePackFiles\i386\sbe.dll
+ 2008-04-14 00:12:04 159,232 ------w c:\windows\ServicePackFiles\i386\sbeio.dll
+ 2008-04-13 18:40:48 43,904 ------w c:\windows\ServicePackFiles\i386\sbp2port.sys
+ 2008-04-14 00:12:04 69,632 ------w c:\windows\ServicePackFiles\i386\scarddlg.dll
+ 2008-04-14 00:12:33 95,744 ------w c:\windows\ServicePackFiles\i386\scardsvr.exe
+ 2004-08-10 04:00:00 169,984 ------w c:\windows\ServicePackFiles\i386\sccbase.dll
+ 2008-04-14 00:12:05 171,008 ------w c:\windows\ServicePackFiles\i386\sccsccp.dll
+ 2008-04-14 00:12:05 181,248 ------w c:\windows\ServicePackFiles\i386\scecli.dll
+ 2008-04-14 00:12:05 314,880 ------w c:\windows\ServicePackFiles\i386\scesrv.dll
+ 2008-04-14 00:12:05 144,384 ------w c:\windows\ServicePackFiles\i386\schannel.dll
+ 2008-04-14 00:12:05 192,512 ------w c:\windows\ServicePackFiles\i386\schedsvc.dll
+ 2008-04-14 00:12:05 20,480 ------w c:\windows\ServicePackFiles\i386\sclgntfy.dll
+ 2008-04-14 00:12:34 36,352 ------w c:\windows\ServicePackFiles\i386\scrcons.exe
