|
|
|
New Member
Group: Forum Members
Last Login: 4/23/2008 9:57 PM
Posts: 16,
Visits: 27
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23, on 2008-11-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRPSO~1\MOTORO~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 9951 bytes
Genius.....and i mean this!!
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,427,
Visits: 54,734
|
|
Welcome
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u10'.
3. Click the "Download" button to the right.
4. Select the Platform and Language for your download,then check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language - jre-6u10-windows-i586-p.exe' [15.52 MB] and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
Verify your installation of Sun Java:
http://www.java.com/en/download/help/testvm.xml
Download and scan with CCleaner.
1. Starting with v1.27.260, CCleaner started installing the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the 'No Toolbar' 'Slim' version instead of the 'Standard Build'.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
* Clean all entries in the "Internet Explorer" section except Cookies.
* Clean all the entries in the "Windows Explorer" section.
* Clean all entries in the "System" section.
* Clean all entries in the "Advanced" section.
* Clean any others that you choose.
In the Applications Tab:
* Clean all except cookies in the Firefox/Mozilla section if you use it.
* Clean all in the Opera section if you use it.
* Clean Sun Java in the Internet Section.
* Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Exit CCleaner.
If you have previously downloaded ComboFix,please delete that version now.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
"%userprofile%\desktop\combofix.exe" /killall
Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and download Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
Also post a new Hijackthis log please.
_______________________________________________________________
ASAP & UNITE member since 2006
|
|
|
|
|
New Member
Group: Forum Members
Last Login: 4/23/2008 9:57 PM
Posts: 16,
Visits: 27
|
|
ComboFix 08-11-18.A2 - GENIUS 2008-11-19 23:05:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.259 [GMT -5:00]
Running from: c:\documents and settings\GENIUS\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
[COLOR=RED]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\downld
.
((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.
2008-11-18 14:34 . 2008-11-18 14:56 d-------- C:\tha 1
2008-11-17 14:50 . 2008-11-17 15:48 d-------- C:\futuristic
2008-11-17 09:58 . 2008-11-17 16:52 d-------- C:\gettin up
2008-11-16 18:53 . 2008-11-16 18:53 d-------- c:\documents and settings\GENIUS\Application Data\Waves Preferences
2008-11-16 11:17 . 2008-11-16 11:29 d-------- C:\can I files
2008-11-16 10:04 . 2008-11-16 10:04 d-------- c:\documents and settings\GENIUS\Application Data\Juce VST Host
2008-11-15 17:58 . 2008-11-17 06:52 d-------- C:\can i
2008-11-15 04:44 . 2008-11-15 16:05 d-------- C:\new j
2008-11-13 19:14 . 2008-11-13 19:14 d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-11 19:12 . 2008-11-12 01:32 d-------- C:\caught up in the moment
2008-11-09 07:02 . 2008-11-09 07:28 d-------- C:\that's right
2008-11-06 22:21 . 2008-11-06 22:43 d-------- C:\change
2008-11-02 20:34 . 2008-11-03 14:39 d-------- C:\cant wait
2008-10-21 06:27 . 2008-10-21 09:23 d-------- C:\lost my love
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 02:50 --------- d-----w c:\documents and settings\GENIUS\Application Data\skypePM
2008-11-20 01:27 --------- d-----w c:\documents and settings\GENIUS\Application Data\Skype
2008-11-19 21:33 --------- d-----w c:\program files\Spectrasonics
2008-11-19 21:32 --------- d-----w c:\program files\VstPlugins
2008-11-19 16:22 --------- d-----w c:\program files\Steinberg
2008-11-19 13:13 --------- d-----w c:\program files\Java
2008-11-19 13:11 --------- d-----w c:\program files\Philips Upgrade Tool
2008-11-19 13:09 --------- d-----w c:\program files\eMule
2008-11-19 13:09 --------- d-----w c:\program files\Arturia
2008-11-18 23:54 --------- d-----w c:\program files\Common Files\Adobe
2008-11-17 00:20 --------- d-----w c:\program files\Image-Line
2008-11-16 15:04 --------- d-----w c:\program files\Waves
2008-11-03 03:19 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-10-14 04:40 --------- d-----w c:\documents and settings\GENIUS\Application Data\Digidesign
2008-09-22 22:28 --------- d-----w c:\program files\Sony
2008-09-22 22:27 --------- d-----w c:\program files\Sony Setup
2008-09-21 20:23 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-09-21 17:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-03-21 03:21 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-07-16 05:04 92,064 -c--a-w c:\documents and settings\GENIUS\mqdmmdm.sys
2007-07-16 05:04 9,232 -c--a-w c:\documents and settings\GENIUS\mqdmmdfl.sys
2007-07-16 05:04 79,328 -c--a-w c:\documents and settings\GENIUS\mqdmserd.sys
2007-07-16 05:04 66,656 -c--a-w c:\documents and settings\GENIUS\mqdmbus.sys
2007-07-16 05:04 6,208 -c--a-w c:\documents and settings\GENIUS\mqdmcmnt.sys
2007-07-16 05:04 5,936 -c--a-w c:\documents and settings\GENIUS\mqdmwhnt.sys
2007-07-16 05:04 4,048 -c--a-w c:\documents and settings\GENIUS\mqdmcr.sys
2007-07-16 05:04 25,600 -c--a-w c:\documents and settings\GENIUS\usbsermptxp.sys
2007-07-16 05:04 22,768 -c--a-w c:\documents and settings\GENIUS\usbsermpt.sys
2007-06-14 05:12 0 -c-ha-w c:\program files\Common Files\MSN
.
------- Sigcheck -------
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 06:38 340480 b8158e2a6112c0a5ca67bc158fc70218 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2002-08-28 20:58 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtUninstallKB917953_0$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys
2008-02-27 16:47 360064 3f89432724dc5d72689e16f3354bccfc c:\windows\system32\dllcache\tcpip.sys
2008-02-27 16:47 360064 3f89432724dc5d72689e16f3354bccfc c:\windows\system32\drivers\tcpip.sys
2007-06-13 05:23 975360 9784e0719124e4a23989aef9e7ca02d6 c:\windows\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-28 22:41 1004032 a82b28bfc2e4455fe43022a498c0ef0a c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 c:\windows\$NtUninstallKB938828$\explorer.exe
2007-06-13 05:23 975360 9784e0719124e4a23989aef9e7ca02d6 c:\windows\ServicePackFiles\i386\explorer.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 c:\windows\system32\dllcache\explorer.exe
2002-08-28 22:41 139776 a3763ce319d9eb3ec2ac04901f293b9d c:\windows\$NtServicePackUninstall$\wuauclt.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 c:\windows\ServicePackFiles\i386\wuauclt.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 c:\windows\system32\wuauclt.exe
2007-07-30 19:19 53080 f3e9065eb617a7e3a832a7976bfa021b c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-21_ 0.44.04.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 -c--a-w c:\windows\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w c:\windows\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w c:\windows\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w c:\windows\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w c:\windows\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w c:\windows\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w c:\windows\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-23 03:35:35 124,928 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll
+ 2008-04-23 03:35:35 347,136 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll
+ 2008-04-23 03:35:35 214,528 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll
+ 2008-04-23 03:35:35 132,608 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll
+ 2008-04-23 03:35:35 63,488 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll
+ 2008-04-22 08:02:19 70,656 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe
+ 2008-04-23 03:35:35 153,088 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll
+ 2008-04-23 03:35:35 230,400 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll
+ 2008-04-20 05:07:38 161,792 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat
+ 2008-04-23 03:35:35 383,488 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll
+ 2008-04-23 03:35:35 388,608 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll
+ 2008-04-23 03:35:36 6,068,224 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll
+ 2008-04-23 03:35:36 44,544 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll
+ 2008-04-23 03:35:36 267,776 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll
+ 2008-04-22 08:02:19 13,824 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe
+ 2008-04-22 08:02:46 625,664 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
+ 2008-04-23 03:35:36 27,648 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll
+ 2008-04-23 03:35:36 459,264 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll
+ 2008-04-23 03:35:36 52,224 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll
+ 2008-04-23 03:35:36 3,593,728 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
+ 2008-04-23 03:35:36 478,208 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll
+ 2008-04-23 03:35:36 193,024 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll
+ 2008-04-23 03:35:36 671,232 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll
+ 2008-04-23 03:35:36 102,912 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll
+ 2008-04-23 03:35:36 44,544 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll
+ 2008-04-23 03:35:36 105,984 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\url.dll
+ 2008-04-23 03:35:36 1,162,752 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll
+ 2008-04-23 03:35:36 233,472 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll
+ 2008-04-23 03:35:36 827,392 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB950759-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 -c--a-w c:\windows\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22 231,288 -c--a-w c:\windows\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22 26,488 -c--a-w c:\windows\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 -c--a-w c:\windows\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22 382,840 -c--a-w c:\windows\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 -c--a-w c:\windows\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 -c--a-w c:\windows\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 -c--a-w c:\windows\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22 17,272 -c--a-w c:\windows\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22 231,288 -c--a-w c:\windows\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22 26,488 -c--a-w c:\windows\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 -c--a-w c:\windows\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22 382,840 -c--a-w c:\windows\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-04-14 11:00:16 272,128 -c--a-w c:\windows\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 12:30:49 272,128 -c--a-w c:\windows\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 12:36:35 272,128 -c--a-w c:\windows\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 -c--a-w c:\windows\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:18:51 231,288 -c--a-w c:\windows\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:18:51 26,488 -c--a-w c:\windows\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 -c--a-w c:\windows\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:18:51 382,840 -c--a-w c:\windows\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 -c--a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 -c--a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 -c--a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 -c--a-w c:\windows\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 -c--a-w c:\windows\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 -c--a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 -c--a-w c:\windows\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 -c--a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll
+ 2004-08-04 07:56:42 294,400 -c----w c:\windows\$NtUninstallKB932823-v3$\msctf.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB932823-v3$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB932823-v3$\spuninst\updspapi.dll
+ 2004-08-04 07:56:42 561,179 -c----w c:\windows\$NtUninstallKB950749$\dao360.dll
+ 2004-08-04 07:56:43 512,029 -c----w c:\windows\$NtUninstallKB950749$\msexch40.dll
+ 2004-08-04 07:56:43 319,517 -c----w c:\windows\$NtUninstallKB950749$\msexcl40.dll
+ 2004-08-04 07:56:43 1,507,356 -c----w c:\windows\$NtUninstallKB950749$\msjet40.dll
+ 2004-07-17 18:34:46 358,976 -c----w c:\windows\$NtUninstallKB950749$\msjetol1.dll
+ 2004-07-17 18:34:46 358,976 -c----w c:\windows\$NtUninstallKB950749$\msjetoledb40.dll
+ 2004-08-04 07:56:43 151,583 -c----w c:\windows\$NtUninstallKB950749$\msjint40.dll
+ 2004-08-04 07:56:43 53,279 -c----w c:\windows\$NtUninstallKB950749$\msjter40.dll
+ 2004-08-04 07:56:43 241,693 -c----w c:\windows\$NtUninstallKB950749$\msjtes40.dll
+ 2004-08-04 07:56:43 213,023 -c----w c:\windows\$NtUninstallKB950749$\msltus40.dll
+ 2004-08-04 07:56:43 348,189 -c----w c:\windows\$NtUninstallKB950749$\mspbde40.dll
+ 2004-08-04 07:56:43 421,919 -c----w c:\windows\$NtUninstallKB950749$\msrd2x40.dll
+ 2004-08-04 07:56:43 315,423 -c----w c:\windows\$NtUninstallKB950749$\msrd3x40.dll
+ 2004-08-04 07:56:43 552,989 -c----w c:\windows\$NtUninstallKB950749$\msrepl40.dll
+ 2004-08-04 07:56:43 258,077 -c----w c:\windows\$NtUninstallKB950749$\mstext40.dll
+ 2004-08-04 07:56:44 831,519 -c----w c:\windows\$NtUninstallKB950749$\mswdat10.dll
+ 2004-08-04 07:56:44 614,429 -c----w c:\windows\$NtUninstallKB950749$\mswstr10.dll
+ 2004-08-04 07:56:44 348,189 -c----w c:\windows\$NtUninstallKB950749$\msxbde40.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\$NtUninstallKB950749$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\$NtUninstallKB950749$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950760$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950760$\spuninst\updspapi.dll
+ 2006-07-13 08:48:58 202,240 -c----w c:\windows\$NtUninstallKB950762$\rmcast.sys
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB950762$\spuninst\updspapi.dll
+ 2004-08-04 06:10:37 274,304 -c----w c:\windows\$NtUninstallKB951376$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951376$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB951376$\spuninst\updspapi.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w c:\windows\$NtUninstallKB951698$\quartz.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB951698$\spuninst\updspapi.dll
+ 2008-04-14 11:01:02 272,128 -c----w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w c:\windows\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w c:\windows\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w c:\windows\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w c:\windows\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w c:\windows\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w c:\windows\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w c:\windows\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w c:\windows\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w c:\windows\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w c:\windows\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w c:\windows\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w c:\windows\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w c:\windows\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w c:\windows\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w c:\windows\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w c:\windows\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w c:\windows\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w c:\windows\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w c:\windows\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 23:36:30 3,591,680 -c----w c:\windows\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w c:\windows\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w c:\windows\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w c:\windows\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w c:\windows\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w c:\windows\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w c:\windows\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w c:\windows\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w c:\windows\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w c:\windows\ie7updates\KB950759-IE7\wininet.dll
+ 2008-09-21 20:23:19 65,536 -c--a-r c:\windows\Installer\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\ARPPRODUCTICON.exe
+ 2008-09-21 20:23:20 65,536 -c--a-r c:\windows\Installer\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\AuditionCommonShortc_01CEC7E570FD4D068FADBF21DF0CC6DC.exe
+ 2008-09-21 20:23:20 65,536 -c--a-r c:\windows\Installer\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\NewShortcut1_E3A4979EE8C048379F3D271B50BA9E7C_1.exe
+ 2008-09-21 20:23:20 65,536 -c--a-r c:\windows\Installer\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\NewShortcut2_E3A4979EE8C048379F3D271B50BA9E7C_1.exe
+ 2008-09-21 20:23:20 65,536 -c--a-r c:\windows\Installer\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\NewShortcut3_E3A4979EE8C048379F3D271B50BA9E7C.exe
+ 2008-04-23 04:28:12 18,944 -c--a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-04-23 04:28:12 65,024 -c--a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2000-08-31 13:00:00 28,160 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 13:00:00 28,672 -c--a-w c:\windows\Nircmd.exe
- 2008-03-01 13:06:20 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w c:\windows\system32\advpack.dll
- 2004-08-04 07:56:47 100,864 ----a-w c:\windows\system32\ahui.exe
+ 2004-08-04 07:56:47 98,304 ----a-w c:\windows\system32\ahui.exe
- 2001-08-23 21:00:00 117,760 ----a-w c:\windows\system32\calc.exe
+ 2007-07-27 12:00:00 114,688 ----a-w c:\windows\system32\calc.exe
- 2004-08-04 07:56:41 448,512 ----a-w c:\windows\system32\cmdial32.dll
+ 2004-08-04 07:56:41 343,040 ----a-w c:\windows\system32\cmdial32.dll
- 2001-08-23 21:00:00 69,632 ----a-w c:\windows\system32\console.dll
+ 2007-07-27 12:00:00 66,560 ----a-w c:\windows\system32\console.dll
+ 2004-08-04 07:56:47 183,808 -c--a-w c:\windows\system32\dllcache\accwiz.exe
+ 2004-08-04 07:56:41 114,688 -c--a-w c:\windows\system32\dllcache\aclui.dll
+ 2004-08-04 06:07:38 187,776 -c--a-w c:\windows\system32\dllcache\acpi.sys
+ 2004-08-04 07:56:41 4,255 -c--a-w c:\windows\system32\dllcache\adv01nt5.dll
+ 2004-08-04 07:56:41 3,967 -c--a-w c:\windows\system32\dllcache\adv02nt5.dll
+ 2004-08-04 07:56:41 3,615 -c--a-w c:\windows\system32\dllcache\adv05nt5.dll
+ 2004-08-04 07:56:41 3,647 -c--a-w c:\windows\system32\dllcache\adv07nt5.dll
+ 2004-08-04 07:56:41 3,135 -c--a-w c:\windows\system32\dllcache\adv08nt5.dll
+ 2004-08-04 07:56:41 3,711 -c--a-w c:\windows\system32\dllcache\adv09nt5.dll
+ 2004-08-04 07:56:41 3,775 -c--a-w c:\windows\system32\dllcache\adv11nt5.dll
- 2008-03-01 13:06:20 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 07:56:41 24,064 -c--a-w c:\windows\system32\dllcache\agentpsh.dll
+ 2004-08-04 07:56:41 17,408 -c--a-w c:\windows\system32\dllcache\alrsvc.dll
+ 2004-08-04 07:56:41 167,936 -c--a-w c:\windows\system32\dllcache\appmgmts.dll
+ 2004-08-04 07:56:41 295,936 -c--a-w c:\windows\system32\dllcache\appmgr.dll
+ 2004-08-04 07:56:41 65,024 -c--a-w c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 07:56:41 21,183 -c--a-w c:\windows\system32\dllcache\atv01nt5.dll
+ 2004-08-04 07:56:41 11,359 -c--a-w c:\windows\system32\dllcache\atv02nt5.dll
+ 2004-08-04 07:56:41 25,471 -c--a-w c:\windows\system32\dllcache\atv04nt5.dll
+ 2004-08-04 07:56:41 14,143 -c--a-w c:\windows\system32\dllcache\atv06nt5.dll
+ 2004-08-04 07:56:41 17,279 -c--a-w c:\windows\system32\dllcache\atv10nt5.dll
+ 2004-08-04 07:56:41 8,704 -c--a-w c:\windows\system32\dllcache\batt.dll
+ 2004-08-04 07:56:41 20,992 -c--a-w c:\windows\system32\dllcache\bthci.dll
+ 2008-04-14 11:01:02 272,128 -c----w c:\windows\system32\dllcache\bthport.sys
- 2001-08-23 21:00:00 117,760 -c--a-w c:\windows\system32\dllcache\calc.exe
+ 2007-07-27 12:00:00 114,688 -c--a-w c:\windows\system32\dllcache\calc.exe
+ 2005-07-26 04:39:42 225,792 -c--a-w c:\windows\system32\dllcache\catsrv.dll
+ 2005-07-26 04:39:43 625,152 -c--a-w c:\windows\system32\dllcache\catsrvut.dll
+ 2004-08-04 07:56:41 15,423 -c--a-w c:\windows\system32\dllcache\ch7xxnt5.dll
+ 2004-08-04 07:56:47 5,632 -c--a-w c:\windows\system32\dllcache\cisvc.exe
+ 2004-08-04 07:56:47 33,280 -c--a-w c:\windows\system32\dllcache\clipsrv.exe
+ 2004-08-04 07:56:41 252,928 -c--a-w c:\windows\system32\dllcache\compatui.dll
+ 2004-08-04 07:56:48 1,032,192 -c--a-w c:\windows\system32\dllcache\conf.exe
- 2001-08-23 21:00:00 69,632 -c--a-w c:\windows\system32\dllcache\console.dll
+ 2007-07-27 12:00:00 66,560 -c--a-w c:\windows\system32\dllcache\console.dll
- 2004-08-04 07:56:42 561,179 -c--a-w c:\windows\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w c:\windows\system32\dllcache\dao360.dll
+ 2004-08-04 07:56:42 27,136 -c--a-w c:\windows\system32\dllcache\ddrawex.dll
+ 2004-08-04 07:56:42 111,104 -c--a-w c:\windows\system32\dllcache\dgnet.dll
+ 2004-08-04 07:56:48 224,768 -c--a-w c:\windows\system32\dllcache\dmadmin.exe
+ 2004-08-04 07:56:42 60,928 -c--a-w c:\windows\system32\dllcache\dpnhupnp.dll
+ 2004-08-04 07:56:42 239,104 -c--a-w c:\windows\system32\dllcache\dsquery.dll
+ 2004-08-04 07:56:42 51,200 -c--a-w c:\windows\system32\dllcache\dssec.dll
+ 2004-08-04 07:56:42 113,152 -c--a-w c:\windows\system32\dllcache\dsuiext.dll
- 2008-03-01 13:06:21 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 07:56:42 183,296 -c--a-w c:\windows\system32\dllcache\els.dll
- 2008-03-01 13:06:21 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 07:56:42 73,728 -c--a-w c:\windows\system32\dllcache\fdeploy.dll
+ 2004-08-04 07:56:42 21,504 -c--a-w c:\windows\system32\dllcache\feclient.dll
+ 2004-08-04 07:56:42 337,920 -c--a-w c:\windows\system32\dllcache\filemgmt.dll
+ 2004-08-04 07:56:42 32,828 -c--a-w c:\windows\system32\dllcache\fp40ext.dll
+ 2004-08-04 07:56:42 60,416 -c--a-w c:\windows\system32\dllcache\fwcfg.dll
+ 2004-08-04 07:56:42 132,608 -c--a-w c:\windows\system32\dllcache\fxsocm.dll
+ 2004-08-04 07:56:49 39,424 -c--a-w c:\windows\system32\dllcache\grpconv.exe
+ 2004-08-04 07:56:42 330,752 -c--a-w c:\windows\system32\dllcache\hnetwiz.dll
+ 2004-08-04 07:56:42 24,576 -c--a-w c:\windows\system32\dllcache\httpapi.dll
- 2008-03-01 13:06:21 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2004-08-04 07:56:07 3,584 -c--a-w c:\windows\system32\dllcache\icmp.dll
+ 2004-08-04 07:56:50 214,528 -c--a-w c:\windows\system32\dllcache\icwconn1.exe
+ 2004-08-04 07:56:50 86,016 -c--a-w c:\windows\system32\dllcache\icwconn2.exe
+ 2004-08-04 07:56:50 24,576 -c--a-w c:\windows\system32\dllcache\icwrmind.exe
- 2008-02-29 08:55:23 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-03-01 13:06:22 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-02-29 08:55:46 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 07:56:42 135,680 -c--a-w c:\windows\system32\dllcache\ifmon.dll
+ 2004-08-04 07:56:42 505,344 -c--a-w c:\windows\system32\dllcache\iis.dll
+ 2004-08-04 05:31:48 59,392 -c--a-w c:\windows\system32\dllcache\imscinst.exe
+ 2004-08-04 07:56:42 274,432 -c--a-w c:\windows\system32\dllcache\inetcfg.dll
- 2001-08-23 21:00:00 280,576 -c--a-w c:\windows\system32\dllcache\inetcplc.dll
+ 2007-07-27 12:00:00 110,592 -c--a-w c:\windows\system32\dllcache\inetcplc.dll
+ 2004-08-04 07:56:50 20,480 -c--a-w c:\windows\system32\dllcache\inetwiz.exe
+ 2004-08-04 07:56:50 55,808 -c--a-w c:\windows\system32\dllcache\ipconfig.exe
+ 2004-08-04 07:56:42 330,752 -c--a-w c:\windows\system32\dllcache\ippromon.dll
+ 2004-08-04 07:56:50 53,248 -c--a-w c:\windows\system32\dllcache\ipv6.exe
+ 2004-08-04 07:56:42 59,904 -c--a-w c:\windows\system32\dllcache\ipv6mon.dll
+ 2004-08-04 07:56:42 54,272 -c--a-w c:\windows\system32\dllcache\ixsso.dll
- 2008-03-01 13:06:25 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2001-08-17 19:55:56 6,144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
+ 2001-08-17 19:55:56 6,144 -c--a-w c:\windows\system32\dllcache\kbd101c.dll
+ 2001-08-17 19:55:56 5,632 -c--a-w c:\windows\system32\dllcache\kbd103.dll
+ 2001-08-17 19:55:56 6,144 -c--a-w c:\windows\system32\dllcache\kbd106.dll
+ 2001-08-18 03:36:18 8,704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll
+ 2001-08-18 03:36:18 8,192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll
+ 2004-08-04 05:56:44 423,936 -c--a-w c:\windows\system32\dllcache\licdll.dll
+ 2004-08-04 07:56:42 58,880 -c--a-w c:\windows\system32\dllcache\licwmi.dll
+ 2004-08-04 07:56:42 97,280 -c--a-w c:\windows\system32\dllcache\loadperf.dll
+ 2004-08-04 07:56:50 75,264 -c--a-w c:\windows\system32\dllcache\locator.exe
+ 2004-08-04 07:56:50 72,704 -c--a-w c:\windows\system32\dllcache\magnify.exe
+ 2004-08-04 07:56:42 118,272 -c--a-w c:\windows\system32\dllcache\mdminst.dll
+ 2004-08-04 07:56:42 16,896 -c--a-w c:\windows\system32\dllcache\medctroc.dll
+ 2004-08-04 07:56:42 22,528 -c--a-w c:\windows\system32\dllcache\mfcsubs.dll
+ 2004-08-04 07:56:51 32,768 -c--a-w c:\windows\system32\dllcache\mnmsrvc.exe
+ 2004-08-04 07:56:51 143,360 -c--a-w c:\windows\system32\dllcache\mobsync.exe
+ 2004-08-04 07:56:42 123,904 -c--a-w c:\windows\system32\dllcache\mofd.dll
+ 2004-08-04 07:56:52 4,639 -c--a-w c:\windows\system32\dllcache\mplayer2.exe
+ 2008-02-26 11:59:50 294,912 -c----w c:\windows\system32\dllcache\msctf.dll
+ 2004-08-04 07:56:43 151,552 -c--a-w c:\windows\system32\dllcache\msdart.dll
+ 2004-08-04 07:56:53 6,144 -c--a-w c:\windows\system32\dllcache\msdtc.exe
+ 2006-03-01 19:42:42 161,280 -c--a-w c:\windows\system32\dllcache\msdtcuiu.dll
- 2004-08-04 07:56:43 512,029 -c--a-w c:\windows\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w c:\windows\system32\dllcache\msexch40.dll
- 2004-08-04 07:56:43 319,517 -c--a-w c:\windows\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w c:\windows\system32\dllcache\msexcl40.dll
- 2008-03-01 13:06:26 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 07:56:43 15,360 -c--a-w c:\windows\system32\dllcache\msgrocm.dll
+ 2004-08-04 07:56:43 33,792 -c--a-w c:\windows\system32\dllcache\msgsvc.dll
- 2008-03-01 23:36:30 3,591,680 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-04-24 03:16:30 3,591,680 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-03-01 13:06:28 478,208 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 07:56:43 51,712 -c--a-w c:\windows\system32\dllcache\msident.dll
+ 2004-08-04 07:56:43 248,832 -c--a-w c:\windows\system32\dllcache\msieftp.dll
+ 2004-08-04 07:56:43 376,320 -c--a-w c:\windows\system32\dllcache\msinfo.dll
- 2004-08-04 07:56:43 1,507,356 -c--a-w c:\windows\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w c:\windows\system32\dllcache\msjet40.dll
- 2004-07-17 18:34:46 358,976 -c--a-w c:\windows\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w c:\windows\system32\dllcache\msjetol1.dll
- 2004-08-04 07:56:43 151,583 -c--a-w c:\windows\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w c:\windows\system32\dllcache\msjint40.dll
- 2004-08-04 07:56:43 53,279 -c--a-w c:\windows\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w c:\windows\system32\dllcache\msjter40.dll
- 2004-08-04 07:56:43 241,693 -c--a-w c:\windows\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w c:\windows\system32\dllcache\msjtes40.dll
- 2004-08-04 07:56:43 213,023 -c--a-w c:\windows\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w c:\windows\system32\dllcache\msltus40.dll
+ 2004-08-04 07:56:43 169,984 -c--a-w c:\windows\system32\dllcache\msmqocm.dll
+ 2004-08-04 07:56:43 252,928 -c--a-w c:\windows\system32\dllcache\msoeacct.dll
+ 2004-08-04 07:56:18 2,479,616 -c--a-w c:\windows\system32\dllcache\msoeres.dll
- 2004-08-04 07:56:43 348,189 -c--a-w c:\windows\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w c:\windows\system32\dllcache\mspbde40.dll
- 2008-03-01 13:06:28 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 07:56:43 421,919 -c--a-w c:\windows\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w c:\windows\system32\dllcache\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 -c--a-w c:\windows\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w c:\windows\system32\dllcache\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 -c--a-w c:\windows\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w c:\windows\system32\dllcache\msrepl40.dll
- 2004-08-04 07:56:43 258,077 -c--a-w c:\windows\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w c:\windows\system32\dllcache\mstext40.dll
- 2008-03-01 13:06:29 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 05:59:40 407,552 -c--a-w c:\windows\system32\dllcache\mstsc.exe
+ 2004-08-04 07:56:43 1,428,480 -c--a-w c:\windows\system32\dllcache\msvidctl.dll
- 2004-08-04 07:56:44 831,519 -c--a-w c:\windows\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w c:\windows\system32\dllcache\mswdat10.dll
- 2004-08-04 07:56:44 614,429 -c--a-w c:\windows\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w c:\windows\system32\dllcache\mswstr10.dll
- 2004-08-04 07:56:44 348,189 -c--a-w c:\windows\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w c:\windows\system32\dllcache\msxbde40.dll
+ 2004-08-04 07:56:44 701,440 -c--a-w c:\windows\system32\dllcache\msxml2.dll
+ 2004-08-04 07:56:54 42,496 -c--a-w c:\windows\system32\dllcache\net.exe
+ 2004-08-04 07:56:54 111,104 -c--a-w c:\windows\system32\dllcache\netdde.exe
+ 2004-08-04 07:56:44 77,312 -c--a-w c:\windows\system32\dllcache\netoc.dll
+ 2004-08-04 07:56:44 875,008 -c--a-w c:\windows\system32\dllcache\netplwiz.dll
+ 2004-08-04 07:56:54 86,016 -c--a-w c:\windows\system32\dllcache\netsh.exe
+ 2004-08-04 07:56:54 36,864 -c--a-w c:\windows\system32\dllcache\netstat.exe
+ 2004-08-04 07:56:44 103,936 -c--a-w c:\windows\system32\dllcache\nlhtml.dll
+ 2004-08-04 07:56:44 188,416 -c--a-w c:\windows\system32\dllcache\nmwb.dll
+ 2004-08-04 07:56:54 1,200,128 -c--a-w c:\windows\system32\dllcache\ntbackup.exe
+ 2004-08-04 07:56:44 212,992 -c--a-w c:\windows\system32\dllcache\ntevt.dll
+ 2004-08-04 05:45:14 34,560 -c--a-w c:\windows\system32\dllcache\ntio404.sys
+ 2004-08-04 05:45:10 35,648 -c--a-w c:\windows\system32\dllcache\ntio411.sys
+ 2004-08-04 07:56:44 40,960 -c--a-w c:\windows\system32\dllcache\ntmsapi.dll
+ 2004-08-04 07:56:44 435,200 -c--a-w c:\windows\system32\dllcache\ntmssvc.dll
+ 2004-08-04 07:56:44 62,976 -c--a-w c:\windows\system32\dllcache\ntoc.dll
+ 2004-08-04 07:56:44 91,136 -c--a-w c:\windows\system32\dllcache\ntprint.dll
- 2008-03-01 13:06:29 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 07:56:44 15,872 -c--a-w c:\windows\system32\dllcache\ocgen.dll
+ 2004-08-04 07:56:44 17,408 -c--a-w c:\windows\system32\dllcache\ocmsn.dll
+ 2004-08-04 07:56:54 32,768 -c--a-w c:\windows\system32\dllcache\odbcad32.exe
+ 2004-08-04 07:56:44 104,448 -c--a-w c:\windows\system32\dllcache\oeimport.dll
+ 2004-08-04 07:56:44 120,832 -c--a-w c:\windows\system32\dllcache\offfilt.dll
+ 2004-08-04 07:56:44 487,424 -c--a-w c:\windows\system32\dllcache\oledb32.dll
+ 2004-08-04 07:56:44 65,536 -c--a-w c:\windows\system32\dllcache\oledb32r.dll
+ 2004-08-04 07:56:55 215,552 -c--a-w c:\windows\system32\dllcache\osk.exe
+ 2004-08-04 07:56:44 116,224 -c--a-w c:\windows\system32\dllcache\p2p.dll
+ 2004-08-04 07:56:44 86,016 -c--a-w c:\windows\system32\dllcache\p2pgasvc.dll
+ 2004-08-04 07:56:44 88,064 -c--a-w c:\windows\system32\dllcache\p2pnetsh.dll
+ 2004-08-04 07:56:44 526,848 -c--a-w c:\windows\system32\dllcache\p2psvc.dll
+ 2004-08-04 07:56:44 62,976 -c--a-w c:\windows\system32\dllcache\pautoenr.dll
+ 2004-08-04 07:56:44 102,400 -c--a-w c:\windows\system32\dllcache\pchshell.dll
+ 2004-08-04 07:56:44 39,936 -c--a-w c:\windows\system32\dllcache\perfctrs.dll
+ 2004-08-04 07:56:44 26,624 -c--a-w c:\windows\system32\dllcache\perfdisk.dll
+ 2004-08-04 07:56:55 15,872 -c--a-w c:\windows\system32\dllcache\perfmon.exe
+ 2004-08-04 07:56:44 34,816 -c--a-w c:\windows\system32\dllcache\perfproc.dll
+ 2004-08-04 07:56:44 176,128 -c--a-w c:\windows\system32\dllcache\photowiz.dll
+ 2004-08-04 07:56:55 281,088 -c--a-w c:\windows\system32\dllcache\pinball.exe
+ 2004-08-04 05:31:48 70,144 -c--a-w c:\windows\system32\dllcache\pintlphr.exe
+ 2004-08-04 05:31:49 67,584 -c--a-w c:\windows\system32\dllcache\pmigrate.dll
- 2008-03-01 13:06:29 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 07:56:55 109,568 -c--a-w c:\windows\system32\dllcache\progman.exe
+ 2004-08-04 07:56:44 237,056 -c--a-w c:\windows\system32\dllcache\provthrd.dll
+ 2004-08-04 07:56:44 43,520 -c--a-w c:\windows\system32\dllcache\pstorec.dll
+ 2004-08-04 07:56:44 192,512 -c--a-w c:\windows\system32\dllcache\qcap.dll
+ 2004-08-04 07:56:44 18,944 -c--a-w c:\windows\system32\dllcache\qmgrprxy.dll
- 2007-10-29 22:43:03 1,287,680 -c----w c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w c:\windows\system32\dllcache\quartz.dll
+ 2004-08-04 07:56:44 43,520 -c--a-w c:\windows\system32\dllcache\racpldlg.dll
+ 2004-08-04 07:56:44 89,088 -c--a-w c:\windows\system32\dllcache\rasauto.dll
+ 2004-08-04 07:56:44 102,400 -c--a-w c:\windows\system32\dllcache\rcbdyctl.dll
+ 2004-08-04 07:56:55 35,840 -c--a-w c:\windows\system32\dllcache\rcimlby.exe
+ 2004-08-04 07:56:55 21,504 -c--a-w c:\windows\system32\dllcache\rcp.exe
+ 2004-08-04 07:56:55 62,464 -c--a-w c:\windows\system32\dllcache\rdpclip.exe
+ 2004-08-04 07:56:55 67,072 -c--a-w c:\windows\system32\dllcache\rdshost.exe
+ 2004-08-04 07:56:55 11,776 -c--a-w c:\windows\system32\dllcache\regsvr32.exe
- 2006-07-13 08:48:58 202,240 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys
+ 2004-08-04 07:56:55 380,416 -c--a-w c:\windows\system32\dllcache\rstrui.exe
+ 2004-08-04 07:56:55 14,336 -c--a-w c:\windows\system32\dllcache\runonce.exe
+ 2004-08-04 07:56:44 29,696 -c--a-w c:\windows\system32\dllcache\safrdm.dll
+ 2004-08-04 07:56:44 45,568 -c--a-w c:\windows\system32\dllcache\safrslv.dll
+ 2004-08-04 07:56:55 13,312 -c--a-w c:\windows\system32\dllcache\savedump.exe
+ 2004-08-04 07:56:55 95,744 -c--a-w c:\windows\system32\dllcache\scardsvr.exe
+ 2004-08-04 07:56:44 159,744 -c--a-w c:\windows\system32\dllcache\scrobj.dll
+ 2004-08-04 07:56:44 151,552 -c--a-w c:\windows\system32\dllcache\scrrun.dll
+ 2004-08-04 07:56:44 29,184 -c--a-w c:\windows\system32\dllcache\sdhcinst.dll
+ 2004-08-04 07:56:56 140,800 -c--a-w c:\windows\system32\dllcache\sessmgr.exe
+ 2004-08-04 07:56:56 73,216 -c--a-w c:\windows\system32\dllcache\setup50.exe
+ 2004-08-04 07:56:44 101,376 -c--a-w c:\windows\system32\dllcache\setupqry.dll
+ 2004-08-04 07:56:56 42,496 -c--a-w c:\windows\system32\dllcache\shmgrate.exe
+ 2004-08-04 07:56:45 27,648 -c--a-w c:\windows\system32\dllcache\shscrap.dll
+ 2004-08-04 07:56:45 3,901 -c--a-w c:\windows\system32\dllcache\siint5.dll
+ 2004-08-04 07:56:45 25,088 -c--a-w c:\windows\system32\dllcache\slayerxp.dll
+ 2004-08-04 07:56:56 89,600 -c--a-w c:\windows\system32\dllcache\smlogsvc.exe
+ 2004-08-04 07:56:45 2,134,528 -c--a-w c:\windows\system32\dllcache\smtpsnap.dll
+ 2004-08-04 07:56:57 538,624 -c--a-w c:\windows\system32\dllcache\spider.exe
+ 2001-08-23 21:00:00 69,632 -c--a-w c:\windows\system32\dllcache\spnike.dll
+ 2004-08-04 05:56:58 11,776 -c--a-w c:\windows\system32\dllcache\spnpinst.exe
+ 2001-08-23 21:00:00 70,656 -c--a-w c:\windows\system32\dllcache\sprio600.dll
+ 2004-08-04 07:56:45 136,704 -c--a-w c:\windows\system32\dllcache\sti_ci.dll
+ 2001-08-23 21:00:00 8,192 -c--a-w c:\windows\system32\dllcache\streamci.dll
+ 2004-08-04 07:56:45 75,776 -c--a-w c:\windows\system32\dllcache\strmfilt.dll
+ 2004-08-04 07:56:46 191,488 -c--a-w c:\windows\system32\dllcache\syncui.dll
+ 2004-08-04 07:56:46 33,792 -c--a-w c:\windows\system32\dllcache\tabletoc.dll
+ 2005-05-10 23:45:48 75,776 -c--a-w c:\windows\system32\dllcache\telnet.exe
+ 2004-08-04 05:32:15 44,032 -c--a-w c:\windows\system32\dllcache\tintlphr.exe
+ 2004-08-04 07:56:57 73,216 -c--a-w c:\windows\system32\dllcache\tlntsvr.exe
+ 2004-08-04 05:32:13 10,240 -c--a-w c:\windows\system32\dllcache\tmigrate.dll
+ 2004-08-04 07:56:57 347,136 -c--a-w c:\windows\system32\dllcache\tourstrt.exe
+ 2004-08-04 07:56:57 12,288 -c--a-w c:\windows\system32\dllcache\tracert.exe
+ 2004-08-04 08:01:07 12,168 -c--a-w c:\windows\system32\dllcache\tsddd.dll
+ 2004-08-04 07:56:46 121,856 -c--a-w c:\windows\system32\dllcache\tsoc.dll
+ 2004-08-04 07:56:46 275,456 -c--a-w c:\windows\system32\dllcache\ulib.dll
+ 2004-08-04 06:04:11 76,288 -c--a-w c:\windows\system32\dllcache\uniime.dll
+ 2004-08-04 07:56:57 150,528 -c--a-w c:\windows\system32\dllcache\uploadm.exe
+ 2004-08-04 07:56:57 18,432 -c--a-w c:\windows\system32\dllcache\ups.exe
- 2008-03-01 13:06:29 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 07:56:46 74,240 -c--a-w c:\windows\system32\dllcache\usbui.dll
+ 2004-08-04 07:56:57 50,176 -c--a-w c:\windows\system32\dllcache\utilman.exe
+ 2004-08-04 07:56:46 11,325 -c--a-w c:\windows\system32\dllcache\vchnt5.dll
+ 2004-08-04 07:56:57 289,792 -c--a-w c:\windows\system32\dllcache\vssvc.exe
+ 2004-08-04 07:56:46 15,872 -c--a-w c:\windows\system32\dllcache\w3ssl.dll
+ 2004-08-04 07:56:57 46,080 -c--a-w c:\windows\system32\dllcache\wab.exe
+ 2004-08-04 07:56:34 249,856 -c--a-w c:\windows\system32\dllcache\wab32res.dll
+ 2004-08-04 07:56:46 32,768 -c--a-w c:\windows\system32\dllcache\wabfind.dll
- 2008-03-01 13:06:30 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 07:56:46 75,776 -c--a-w c:\windows\system32\dllcache\wiascr.dll
- 2008-03-01 13:06:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 07:56:57 196,608 -c--a-w c:\windows\system32\dllcache\wmiadap.exe
+ 2004-08-04 07:56:35 6,656 -c--a-w c:\windows\system32\dllcache\wmiapres.dll
+ 2004-08-04 07:56:46 89,088 -c--a-w c:\windows\system32\dllcache\wmiaprpl.dll
+ 2004-08-04 07:56:57 126,464 -c--a-w c:\windows\system32\dllcache\wmiapsrv.exe
+ 2004-08-04 07:56:46 156,672 -c--a-w c:\windows\system32\dllcache\wmipcima.dll
+ 2004-08-04 07:56:46 144,896 -c--a-w c:\windows\system32\dllcache\wmiprov.dll
+ 2004-08-04 07:56:46 167,936 -c--a-w c:\windows\system32\dllcache\wmm2ae.dll
+ 2004-08-04 07:56:46 4,096 -c--a-w c:\windows\system32\dllcache\wmm2eres.dll
+ 2004-08-04 07:56:46 7,680 -c--a-w c:\windows\system32\dllcache\wmm2ext.dll
+ 2004-08-04 07:56:46 402,432 -c--a-w c:\windows\system32\dllcache\wmm2filt.dll
+ 2004-08-04 07:56:46 502,272 -c--a-w c:\windows\system32\dllcache\wmm2fxa.dll
+ 2004-08-04 07:56:46 325,632 -c--a-w c:\windows\system32\dllcache\wmm2fxb.dll
+ 2004-08-04 07:56:46 4,256,768 -c--a-w c:\windows\system32\dllcache\wmm2res.dll
+ 2004-08-04 07:56:46 5,632 -c--a-w c:\windows\system32\dllcache\wmm2res2.dll
+ 2004-08-04 07:56:57 13,824 -c--a-w c:\windows\system32\dllcache\wscntfy.exe
+ 2004-08-04 07:56:57 114,688 -c--a-w c:\windows\system32\dllcache\wscript.exe
+ 2004-08-04 07:56:46 596,992 -c--a-w c:\windows\system32\dllcache\wsecedit.dll
+ 2004-08-04 07:56:46 378,368 -c--a-w c:\windows\system32\dllcache\wzcdlg.dll
+ 2004-08-04 07:56:46 91,648 -c--a-w c:\windows\system32\dllcache\xactsrv.dll
+ 2004-08-04 07:56:46 129,536 -c--a-w c:\windows\system32\dllcache\xmlprov.dll
+ 2004-08-04 07:56:36 187,392 -c--a-w c:\windows\system32\dllcache\xpsp1res.dll
- 2004-08-04 06:10:37 274,304 ------w c:\windows\system32\drivers\bthport.sys
+ 2008-04-14 11:01:02 272,128 ------w c:\windows\system32\drivers\bthport.sys
- 2006-07-13 08:48:58 202,240 ----a-w c:\windows\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2008-03-01 13:06:21 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w c:\windows\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ------w c:\windows\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c----w c:\windows\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c----w c:\windows\system32\extmgr.dll
- 2008-04-10 04:29:02 1,665,104 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-09-22 12:40:56 1,665,216 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-04 20:20:06 115,880 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2008-09-21 20:26:06 115,880 -c--a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
- 2004-08-04 07:56:42 159,744 ----a-w c:\windows\system32\hotplug.dll
+ 2004-08-04 07:56:42 144,896 ----a-w c:\windows\system32\hotplug.dll
- 2008-03-01 13:06:21 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 -c--a-w c:\windows\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c----w c:\windows\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c----w c:\windows\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c----w c:\windows\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c----w c:\windows\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c----w c:\windows\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c----w c:\windows\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c--a-w c:\windows\system32\ieudinit.exe
- 2001-08-23 21:00:00 280,576 ----a-w c:\windows\system32\inetcplc.dll
+ 2007-07-27 12:00:00 110,592 ----a-w c:\windows\system32\inetcplc.dll
- 2008-02-22 06:23:35 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-03-25 06:28:39 135,168 ----a-w c:\windows\system32\java.exe
- 2008-02-22 06:23:39 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-03-25 06:28:43 135,168 ----a-w c:\windows\system32\javaw.exe
- 2008-02-22 07:33:32 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-03-25 07:37:01 139,264 ----a-w c:\windows\system32\javaws.exe
- 2008-03-01 13:06:25 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c----w c:\windows\system32\jsproxy.dll
- 2004-08-04 07:56:42 402,944 ----a-w c:\windows\system32\keymgr.dll
+ 2004-08-04 07:56:42 150,528 ----a-w c:\windows\system32\keymgr.dll
- 2008-04-06 05:56:20 19,836,024 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-03 21:10:26 17,318,336 -c--a-w c:\windows\system32\MRT.exe
- 2004-08-04 07:56:42 294,400 ----a-w c:\windows\system32\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w c:\windows\system32\msctf.dll
- 2004-08-04 07:56:43 512,029 -c--a-w c:\windows\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w c:\windows\system32\msexch40.dll
- 2004-08-04 07:56:43 319,517 -c--a-w c:\windows\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w c:\windows\system32\msexcl40.dll
- 2008-03-01 13:06:26 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 -c--a-w c:\windows\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 -c--a-w c:\windows\system32\msfeedsbs.dll
- 2008-03-01 23:36:30 3,591,680 ----a-w c:\windows\system32\mshtml.dll
+ 2008-04-24 03:16:30 3,591,680 ----a-w c:\windows\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ------w c:\windows\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c----w c:\windows\system32\mshtmled.dll
- 2003-02-28 23:26:26 947,472 ----a-w c:\windows\system32\msjava.dll
+ 2007-02-13 21:22:54 947,472 ----a-w c:\windows\system32\msjava.dll
- 2004-08-04 07:56:43 1,507,356 -c--a-w c:\windows\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w c:\windows\system32\msjet40.dll
- 2004-07-17 18:34:46 358,976 -c--a-w c:\windows\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w c:\windows\system32\msjetoledb40.dll
- 2004-08-04 07:56:43 151,583 -c--a-w c:\windows\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w c:\windows\system32\msjint40.dll
- 2004-08-04 07:56:43 53,279 -c--a-w c:\windows\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w c:\windows\system32\msjter40.dll
- 2004-08-04 07:56:43 241,693 -c--a-w c:\windows\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w c:\windows\system32\msjtes40.dll
- 2004-08-04 07:56:43 213,023 -c--a-w c:\windows\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w c:\windows\system32\msltus40.dll
- 2004-08-04 07:56:43 348,189 -c--a-w c:\windows\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w c:\windows\system32\mspbde40.dll
- 2008-03-01 13:06:28 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c----w c:\windows\system32\msrating.dll
- 2004-08-04 07:56:43 421,919 -c--a-w c:\windows\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w c:\windows\system32\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 -c--a-w c:\windows\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w c:\windows\system32\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 -c--a-w c:\windows\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w c:\windows\system32\msrepl40.dll
- 2004-08-04 07:56:43 258,077 -c--a-w c:\windows\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w c:\windows\system32\mstext40.dll
- 2008-03-01 13:06:29 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c----w c:\windows\system32\mstime.dll
- 2004-08-04 05:59:43 657,408 ----a-w c:\windows\system32\mstscax.dll
+ 2004-08-04 05:59:43 655,360 ----a-w c:\windows\system32\mstscax.dll
- 2004-08-04 07:56:44 831,519 -c--a-w c:\windows\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w c:\windows\system32\mswdat10.dll
- 2004-08-04 07:56:44 614,429 -c--a-w c:\windows\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w c:\windows\system32\mswstr10.dll
- 2004-08-04 07:56:44 348,189 -c--a-w c:\windows\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w c:\windows\system32\msxbde40.dll
- 2008-03-01 13:06:29 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll
- 2007-06-11 23:36:55 233,472 ------w c:\windows\system32\REX Shared Library.dll
+ 2008-09-21 18:17:15 233,472 ----a-w c:\windows\system32\REX Shared Library.dll
- 2006-09-25 22:58:48 14,640 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 -c----w c:\windows\system32\spmsg.dll
- 2008-03-01 13:06:29 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w c:\windows\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w c:\windows\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w c:\windows\system32\wininet.dll
- 2004-08-04 07:56:35 764,416 ----a-w c:\windows\system32\WINNTBBU.DLL
+ 2004-08-04 07:56:35 764,928 ----a-w c:\windows\system32\winntbbu.dll
- 2005-05-26 09:16:30 292,120 ----a-w c:\windows\system32\wuauclt1.exe
+ 2005-05-26 09:16:30 172,312 ----a-w c:\windows\system32\wuauclt1.exe
+ 2006-06-05 20:47:40 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80.dll
+ 2006-06-05 20:47:48 1,080,320 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80u.dll
+ 2006-06-05 20:47:50 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80.dll
+ 2006-06-05 20:47:50 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80u.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-06-07 4670968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-25 154112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-11-01 307200]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-15 185896]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 360448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"VTPreset"="VTPreset.exe" [2004-02-24 c:\windows\system32\VTPreset.exe]
c:\documents and settings\GENIUS\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-12 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= Digi32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a--c--- 2006-04-26 08:29 237568 c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Destiny\\RadioDestiny Broadcaster\\RadioDestiny Broadcaster.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16222:TCP"= 16222:TCP:BitComet 16222 TCP
"16222:UDP"= 16222:UDP:BitComet 16222 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"443:TCP"= 443:TCP:kdc.uas.aol.com
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2007-06-11 20480]
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2007-06-10 11264]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2007-06-11 33792]
S3 p2pgasvc;Peer Networking Group Authentication;c:\windows\System32\svchost.exe -k p2psvc [2001-08-23 14336]
S3 p2pimsvc;Peer Networking Identity Manager;c:\windows\System32\svchost.exe -k p2psvc [2001-08-23 14336]
S3 p2psvc;Peer Networking;c:\windows\System32\svchost.exe -k p2psvc [2001-08-23 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;c:\windows\System32\svchost.exe -k p2psvc [2001-08-23 14336]
S3 SndTDriverV32;SndTDriverV32;c:\windows\system32\drivers\SndTDriverV32.sys [2008-03-16 515456]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2007-06-11 16896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Philips Intelligent Agent - c:\program files\Philips Intelligent Agent\Philips Intelligent Agent.exe
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\GENIUS\Application Data\Mozilla\Firefox\Profiles\9yb2dxj5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.com
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 23:14:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\progra~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-11-19 23:28:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-20 04:27:19
ComboFix2.txt 2008-04-21 05:44:54
Pre-Run: 4,905,979,904 bytes free
Post-Run: 5,200,490,496 bytes free
836 --- E O F --- 2008-06-19 01:59:28
Genius.....and i mean this!!
|
|
|
|
|
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 31,427,
Visits: 54,734
|
|
Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press OK [see image below]
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore.
Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.
Restart your pc.
Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.
You're running filesharing programs.
Many of these programs come bundled with unwanted components/malware.
If you wish to find out whether the one you're using does,click Here.
Even if you are using a so called "safe" program,it's only the program that's safe.
You will be sharing files from uncertified sources,and these are often infected.
The bad guys use filesharing programs as a major source to spread their wares.
I strongly suggest you remove/uninstall them ALL and keep away from them altogether.
If you must use P2P/file sharing programs you should read on:
* Don't download files from people you don't trust -- Just like you shouldn't open e-mail attachments from people you don't trust, you should be wary about downloading files from them as well.
* Keep your file-sharing legal -- Downloading copyrighted music, movies and software using these file-sharing programs without the copyright owner's permission could put you in serious legal trouble. Peer-to-peer users should be aware that they may not be anonymous while using these networks. Copyright holders have located peer-to-peer copyright infringers and have sued them. There are a growing number of online music and movie services where you can stream, download or purchase digital files with the copyright owners' permission. Using these services is one way to ensure that you will avoid unwanted lawsuits.
* Watch out for spy-ware -- Some file-sharing programs embed spy-ware programs when you install them on your computer. These programs can run in the background and create unwanted pop-up advertisements and some even monitor your online behavior.
* Use and update your anti-virus software -- Computer experts are starting to see viruses being spread through file-sharing networks. Be careful what you download and always make sure your anti-virus software is running and frequently updated.
* Secure your sensitive computer information -- If you keep sensitive information on your computer like your tax return information and online bank account data, check to make sure that you are not inadvertently making this available to thousands of strangers on the Internet.
* Parents, talk to your kids -- Parents should be aware that file-sharing networks contain inappropriate audio and video clips -- many of a sexually explicit nature.
You should also take the time to read the info in the links below:
P2P file sharing: Anticipate the risks before you download your first file.
Risks of File-Sharing Technology.
P2P Software user Advisories.
You have Service Pack 2 installed so i'm presuming you're using the Windows Firewall.
You may be behind a hardware firewall(Router/NAT),but it would'nt hurt to install a third party software firewall to henhance protection.
A word of warning regarding the Windows Firewall in Service Pack 2,it only filters INCOMING traffic.
That means if malware happens to compromise your PC,it will be able to SEND OUT out your credit card data,and any other personal information.
I suggest you install a more robust third party firewall from below that filters both INCOMING and OUTGOING traffic.
Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/
PC Tools Firewall Plus:
http://www.pctools.com/mirror/fwinstall.exe
Comodo Personal Firewall:
http://www.personalfirewall.comodo.com/
Outpost Firewall Free:
http://www.agnitum.com/products/outpostfree/index.php
You should take the time to read the following:
Understanding and Using Firewalls
http://www.bleepingcomputer.com/tutorials/tutorial60.html
Please download Malwarebytes Anti-Malware:
http://www.besttechie.net/tools/mbam-setup.exe
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
Double Click mbam-setup.exe to install the application.
(If using Windows Vista,be sure to "Run As Administrator").
* Make sure a checkmark is placed/present next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the entire report into your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Please run Kaspersky Online Scanner.
Note:
This free online virus scanner is very powerful and scans your machine very deeply,so it will certainly take some time to complete.
Note:
If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
* Click on the  button,then click the "Accept" button.
* The program will install and then begin downloading the latest definition files.
* After the files have been downloaded,on the left side of the page in the "Scan" section select "My Computer".
* This will start the program and scan your system.
* The scan does not provide an option to clean/disinfect your system,i need to see the scan results.
* The scan will take quite a while, so be patient and let it run until its finished.
* Once the scan is complete, click on "View scan report" or "Scan Report".
* Then click on the "Save Report as" button,save the file to your desktop.
* Copy and paste the entire contents of that file into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.
_______________________________________________________________
ASAP & UNITE member since 2006
|
|
|
|
© 2008 Advanced PC Media LLC, all rights reserved. Tweaks.com is not affiliated with Microsoft.