[quote="gringo_pr"]HELLO jemma_79
you did not get the file scanned so please try one more time
[color=blue][b][u]upload files to jotti[/u][/b][/color]
You seem to have a file I could not find any info on.
I need you to upload it to jotti so we can find out if it is bad.
Please upload a file for scanning:
Open
http://virusscan.jotti.org/Copy/paste this file and path into the white box at the top:
[quote]C:\Program Files\log malware.txt[/quote]
Press [b]Submit[/b] - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
please do this for each line one at a time
Note: If Jotti is busy, you can use [url=http://www.virustotal.com/]VirusTotal[/url] instead.
Copy the following line into the white textbox:
[quote]C:\Program Files\log malware.txt[/quote]
Click Send.
Please post the results of this scan to this thread.
I would like to see these logs posted in your next reply
C:\ComboFix2.txt
C:\ComboFix3.txt
C:\ComboFix4.txt
C:\ComboFix5.txt
[list]
[*]double click my computer on your desktop (if it is not on your desktop you need to click on start and it will be on the right hand side click on it)
[*]under Hard disk drives look for Local disk C: double click it
[*]search for each of the files above and submit them to me[/list]
I have seen some of these but there are a couple you have not posted and I need to see them
there is some other things I want to see so run this script below
[color=blue][b][u]:Run CFScript:[/u][/b][/color]
Open [b]Notepad[/b] and copy/paste the text in the box into the window:
[code]
DirLook::
C:\Program Files\Common Files\xing shared
C:\Program Files\SilverCreekCommonFiles
[/code]
[b]Save[/b] it to your [b]desktop[/b] as [b]CFScript.txt[/b]
Refering to the picture above, drag CFScript.txt into ComboFix.exe
[img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
This will let [b]ComboFix[/b] run again.
[b]Restart[/b] if you have to.
Save the [b]produced logfile[/b] to your desktop.
[b]Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall[/b]
gringo[/quote]
Service load:
0% 100%
File: log_malware.txt
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 7b52bf3948f01ea9ff36d93507b611f3
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 11 Jan 2008 19:59:36 (GMT)
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
hi above are the results of the jotti scan for file C:Program files\logmalware.txt
if it helps any this log is a adaware 2007 scan log the results of this are:
Scan Results
Ad-Aware 2007 Free Edition
Log File Created on:2007-11-0718:53:25
Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name:HOME2
Name of user performing scan:SYSTEM
Name of user ordering scan:user
Scan completed successfully
System Information
File Version Information
Ad-Aware 2007 Settings
Extended Ad-Aware 2007 Settings
Database Information
Scan Statistics
Scan Detailed Statistics
Infections Found
Listing of running processes
System Information
Number of processors:1
Processor type:AMD Sempron(tm) Processor 3000+
Memory Available:46%
Total Physical Memory:1005830144 Bytes
Available Physical Memory:457928704 Bytes
Total Page File Size:2427854848 Bytes
Available On Page File:1922347008 Bytes
Total Virtual Memory:2147352576 Bytes
Available Virtual Memory:1930981376 Bytes
OS:Microsoft Windows XP 5.1 (Build 2600)
[to top]
File Verion Information
File Version
CEAPI.dll 7, 0, 2, 3
aawservice.exe 7, 0, 2, 3
Ad-Aware2007.exe 7.0.2.3
[to top]
Ad-Aware 2007 Settings
Skipping files larger than:1048576 Bytes
Ignoring infections with lower TAI than:3
Safe Mode:False
[to top]
Extended Ad-Aware 2007 Settings
Unload malicious processes and modules
Unload Modules
Let Windows remove files at Start-Up
Deactivate Ad-Watch
Re-analyze Scan Result
Update Definitions on startup
Delete Restored Items
Write Protect System Files
Create Log file
Include basic settings
Include advanced settings
Include user and computer name
Environment information
Running processes
Running processes and modules
Include info about ignored objects in log file
Consider definitions File Outdated after x days
Proxy URL
Proxy Port
[to top]
Database Info
Version number:23
Build Number:0
Build Date and Time:2007/09/2408:39:16
[to top]
Scan Statistics
Method:Full
Items Scanned:225215
Infections Detected:8
Infections Removed:0
Infections Quarantined:0
Infections Ignored:0
[to top]
Scan Detailed Statistics
Type Critical Total
Process Scan 0 0
Registry Scan 3 3
Registry PE Scan 0 0
Hosts Scan 0 0
File Scan 1 1
Folder Scan 1 1
LSP Scan 0 0
ADS Scan 0 0
Cookie Scan 0 0
File Hash Scan 3 3
[to top]
Infections Found
Family Id Name Category TAI
1022 Win32.TrojanDownloader.NewMedia Malware 10
[41170] File: C:\WINDOWS\privacy_danger\images\capt.gif
[41169] File: C:\WINDOWS\privacy_danger\images\danger.jpg
[41172] File: C:\WINDOWS\privacy_danger\images\down.gif
[300021596] Root: HKU Path: S-1-5-21-57989841-1343024091-725345543-1004\software\microsoft\internet explorer\desktop\components\0 Value: FriendlyName Data: Privacy Protection
[300027871] Root: HKU Path: S-1-5-21-57989841-1343024091-725345543-1004\Software\Microsoft\Internet Explorer\Desktop\Components\0
[300028901] Root: HKU Path: S-1-5-21-57989841-1343024091-725345543-1004\Software\Microsoft\Internet Explorer\Main Value: Start Page Data:
http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2[700005482] File: C:\WINDOWS\dat.txt
[400001866] Folder: C:\WINDOWS\privacy_danger
Quarantined Objects
Family Id Name Category TAI
Removed Objects
Family Id Name Category TAI
[to top]
Listing of Running Processes
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\authz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nddeapi.dll
c:\windows\system32\profmap.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\regapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msgina.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\wlnotify.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cscui.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\scesrv.dll
c:\windows\system32\authz.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acadproc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winmm.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\eventlog.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lsasrv.dll
c:\windows\system32\mpr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samsrv.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\xlibgfl254.dll
c:\windows\system32\ipsecsvc.dll
c:\windows\system32\authz.dll
c:\windows\system32\oakley.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dssenh.dll
c:\windows\system32\pstorsvc.dll
c:\windows\system32\psbase.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\icaapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\mstlsapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\windows\system32\regapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshisn.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wzcsvc.dll
c:\windows\system32\wmi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\esent.dll
c:\windows\system32\atl.dll
c:\windows\system32\irmon.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshirda.dll
c:\windows\system32\rastls.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\schannel.dll
c:\windows\system32\winscard.dll
c:\windows\system32\raschap.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\wzcsapi.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\msidle.dll
c:\windows\system32\audiosrv.dll
c:\windows\system32\wkssvc.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\mpr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\certcli.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\es.dll
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\hidserv.dll
c:\windows\system32\hid.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\ipxsap.dll
c:\windows\system32\rtm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\adptif.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\sens.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\sxs.dll
c:\windows\system32\trkwks.dll
c:\windows\system32\w32time.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\wuauserv.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cabinet.dll
c:\windows\system32\mspatcha.dll
c:\windows\system32\browser.dll
c:\windows\system32\ipnathlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\6to4svc.dll
c:\windows\system32\wscsvc.dll
c:\windows\system32\msi.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\colbact.dll
c:\windows\system32\mtxclu.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\resutils.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rasmans.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\rasdlg.dll
c:\windows\system32\upnp.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\rastapi.dll
c:\windows\system32\unimdm.tsp
c:\windows\system32\uniplat.dll
c:\windows\system32\unimdmat.dll
c:\windows\system32\modemui.dll
c:\windows\system32\kmddsp.tsp
c:\windows\system32\ndptsp.tsp
c:\windows\system32\ipconf.tsp
c:\windows\system32\h323.tsp
c:\windows\system32\hidphone.tsp
c:\windows\system32\rasppp.dll
c:\windows\system32\ntlsapi.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\ipxwan.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\dssenh.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\advpack.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\catsrv.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\xmlprovi.dll
c:\windows\system32\wups2.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\dnsrslvr.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
C:\WINDOWS\SYSTEM32\EKVAKUH-EASAC.EXE
c:\windows\system32\ekvakuh-easac.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winmm.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshtcpip.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\lmhsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\webclnt.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ssdpsrv.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wship6.dll
C:\WINDOWS\SYSTEM32\EKVAKUH-EASAC.EXE
c:\windows\system32\ekvakuh-easac.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\spoolss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\localspl.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\netapi32.dll
c:\windows\system32\cnbjmon.dll
c:\windows\system32\e_flmahe.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\mdimon.dll
c:\windows\system32\msi.dll
c:\windows\system32\pjlmon.dll
c:\windows\system32\tcpmon.dll
c:\windows\system32\usbmon.dll
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\win32spl.dll
c:\windows\system32\netrap.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\inetpp.dll
C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\browseui.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\themeui.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\atl.dll
c:\windows\system32\msi.dll
c:\windows\system32\netshell.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\credui.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\wzcdlg.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wzcsapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\winsta.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\upnpui.dll
c:\windows\system32\upnp.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\mydocs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\kbdctrl.dll
c:\windows\neobus.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\midimap.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\netui0.dll
c:\windows\system32\netui1.dll
c:\windows\system32\netrap.dll
c:\windows\system32\samlib.dll
c:\windows\system32\drprov.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\amhooker.dll
c:\windows\system32\mshtmled.dll
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\jscript.dll
c:\windows\system32\vbscript.dll
c:\windows\system32\mfc42.dll
c:\program files\epson\creativity suite\easy photo print\eppshell.dll
c:\windows\system32\syncui.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\browselc.dll
c:\windows\system32\winspool.drv
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
c:\windows\system32\duser.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\quartz.dll
c:\windows\system32\wmpasf.dll
c:\windows\system32\dxmasf.dll
c:\windows\system32\drmclien.dll
c:\windows\system32\mpg2splt.ax
c:\program files\common files\ahead\dsfilter\nevideo.ax
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\common files\ahead\lib\advrcntr.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\rmoc3260.dll
c:\windows\system32\pncrt.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\mscms.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\msgina.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\msrating.dll
C:\WINDOWS\RTHDCPL.EXE
c:\windows\rthdcpl.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\hhctrl.ocx
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dsound.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\ksuser.dll
C:\PROGRAM FILES\WIRELESS LAN UTILITY\TIWLANCU.EXE
c:\program files\wireless lan utility\tiwlancu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\setupapi.dll
c:\program files\wireless lan utility\odsupp_m.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\program files\wireless lan utility\msvcp60.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\secur32.dll
C:\PROGRAM FILES\ADOBE\PHOTOSHOP ALBUM STARTER EDITION\3.0\APPS\APDPROXY.EXE
c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\adobe\photoshop album starter edition\3.0\apps\apdboot.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\adobe\photoshop album starter edition\3.0\apps\msvcp71.dll
c:\program files\adobe\photoshop album starter edition\3.0\apps\msvcr71.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dsound.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\sti.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIAHE.EXE
c:\windows\system32\spool\drivers\w32x86\3\e_fatiahe.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ole32.dll
C:\PROGRA~1\A4TECH\KEYBOARD\IKEYMAIN.EXE
c:\progra~1\a4tech\keyboard\ikeymain.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ole32.dll
c:\progra~1\a4tech\keyboard\ikeyhook.dll
c:\progra~1\a4tech\keyboard\ikeyhid.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
c:\program files\a4tech\mouse\amoumain.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ole32.dll
c:\windows\system32\amhooker.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\program files\a4tech\mouse\amoures.dll
C:\WINDOWS\VSNPSTD.EXE
c:\windows\vsnpstd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ole32.dll
c:\windows\system32\msctf.dll
C:\PROGRAM FILES\JAVA\JRE1.6.0_02\BIN\JUSCHED.EXE
c:\program files\java\jre1.6.0_02\bin\jusched.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
c:\program files\common files\real\update_ob\realsched.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
C:\WINDOWS\SYSTEM32\CTFMON.EXE
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msutb.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\msctfime.ime
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\urlmon.dll
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\wiaservc.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\sti.dll
C:\PROGRAM FILES\WIRELESS LAN UTILITY\TIWLNSVC.EXE
c:\program files\wireless lan utility\tiwlnsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
C:\WINDOWS\SYSTEM32\ALG.EXE
c:\windows\system32\alg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\w3ssl.dll
c:\windows\system32\strmfilt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\bonrep.dll
c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
c:\program files\java\jre1.6.0_02\bin\ssv.dll
c:\program files\java\jre1.6.0_02\bin\msvcr71.dll
c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
c:\windows\system32\rsaenh.dll
c:\windows\ipwypktx.dll
c:\program files\common files\microsoft shared\windows live\msidcrl40.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\program files\epson\epson web-to-page\epson web-to-page.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\msi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winmm.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ieapfltr.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\mshtmled.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\windows\system32\amhooker.dll
c:\windows\system32\rmoc3260.dll
c:\windows\system32\pncrt.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLLOGINPROXY.EXE
c:\program files\common files\microsoft shared\windows live\wlloginproxy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\program files\common files\microsoft shared\windows live\msidcrl40.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\msi.dll
c:\windows\system32\sxs.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\lavasoft\ad-aware 2007\ceapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\program files\lavasoft\ad-aware 2007\update.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\secur32.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE
c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\inetmib1.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\system32\winmm.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\amhooker.dll
c:\windows\system32\browseui.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\linkinfo.dll
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
c:\program files\windows live\messenger\msnmsgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
c:\program files\windows live\messenger\msncore.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msacm32.dll
c:\program files\windows live\messenger\msidcrl40.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\program files\windows live\messenger\contactsux.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\msctf.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\inetcomm.dll
c:\windows\system32\msoert2.dll
c:\windows\system32\inetres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\mlang.dll
c:\program files\windows live\messenger\msgslang.8.5.1288.0816.dll
c:\program files\windows live\messenger\msgsres.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\es.dll
c:\program files\windows live\messenger\lcapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dsound.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\msdmo.dll
c:\program files\windows live\messenger\lcres.dll
c:\program files\windows live\messenger\rtmpltfm.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\midimap.dll
c:\windows\system32\quartz.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\d3dim700.dll
c:\windows\system32\dpnhupnp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\schannel.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\sxs.dll
c:\program files\windows live\messenger\msgswcam.dll
c:\windows\system32\sirenacm.dll
c:\windows\system32\riched20.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\msi.dll
c:\windows\system32\amhooker.dll
c:\program files\windows live\messenger\lmcdata.dll
c:\windows\system32\wship6.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\windows\system32\samlib.dll
c:\windows\system32\dssenh.dll
c:\windows\system32\ieframe.dll
c:\program files\windows live\messenger\dfsr.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
c:\windows\system32\esent.dll
c:\program files\windows live\messenger\abssm.dll
c:\program files\windows live\messenger\custsat.dll
c:\program files\windows live\messenger\usnsvcps.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\jscript.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v1.1.4322\mscorie.dll
c:\windows\microsoft.net\framework\v1.1.4322\msvcr71.dll
c:\windows\microsoft.net\framework\v1.1.4322\mscorld.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\wmadmod.dll
c:\windows\system32\devenum.dll
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\USNSVC.EXE
c:\program files\windows live\messenger\usnsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\version.dll
c:\program files\windows live\messenger\usnsvcps.dll
c:\windows\system32\rsaenh.dll
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\setupapi.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\msi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\bonrep.dll
c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
c:\program files\java\jre1.6.0_02\bin\ssv.dll
c:\program files\java\jre1.6.0_02\bin\msvcr71.dll
c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
c:\windows\system32\rsaenh.dll
c:\windows\ipwypktx.dll
c:\program files\common files\microsoft shared\windows live\msidcrl40.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\program files\epson\epson web-to-page\epson web-to-page.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\amhooker.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winmm.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\atl.dll
c:\windows\system32\samlib.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ieapfltr.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\jscript.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\vbscript.dll
c:\windows\system32\macromed\flash\flash9d.ocx
c:\windows\system32\comdlg32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\schannel.dll
ComboFix 08-01-03.4 - user 2008-01-03 2:37:55.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.590 [GMT 0:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\Application Data\ultra
C:\Documents and Settings\user\Application Data\ultra\uninstall.bat
C:\WINDOWS\inf\ultra.inf
.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.
2008-01-03 02:32 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-03 02:32 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-03 02:32 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-03 02:32 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-03 02:32 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-03 02:32 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-31 21:26 . 2007-12-31 21:26 <DIR> d-------- C:\Program Files\Java
2007-12-31 21:26 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-26 10:52 . 2008-01-03 02:41 2,060,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-26 10:52 . 2008-01-03 02:10 24,620 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-26 10:44 . 2007-12-26 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-24 09:44 . 2007-12-24 09:44 <DIR> d-------- C:\Program Files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 02:33 3,816 ----a-w C:\WINDOWS\system32\tmp.reg
2007-12-24 10:22 9,605 ----a-w C:\Program Files\hijackthis.log
2007-12-20 14:24 --------- d-----w C:\Program Files\Google
2007-12-12 01:23 --------- d-----w C:\Program Files\Windows Live
2007-11-21 21:10 --------- d-----w C:\Program Files\Driving Test Success Plus
2007-11-21 12:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-21 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-15 14:51 --------- d-----w C:\Documents and Settings\user\Application Data\PlayFirst
2007-11-14 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 16:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 20:10 --------- d-----w C:\Program Files\SmitfraudFix
2007-11-09 13:46 401,720 ----a-w C:\Program Files\hijack.exe
2007-11-08 02:36 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-08 02:36 --------- d-----w C:\Program Files\Trend Micro
2007-11-08 02:36 --------- d-----w C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-08 02:36 --------- d-----w C:\Program Files\Common Files\xing shared
2007-11-08 02:36 --------- d-----w C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-08 02:35 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-08 02:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 23:13 --------- d-----w C:\Program Files\MSN Messenger
2007-11-07 19:55 67,777 ----a-w C:\Program Files\log malware.txt
2007-11-07 16:23 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-07-17 01:51 123,461 ----a-w C:\Program Files\Common Files\Hewlett-Packard.zip
2007-07-05 00:27 1,708,148 ----a-w C:\Documents and Settings\All Users\Documents.zip
2007-06-06 02:21 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-05-08 11:08 31,248 ----a-w C:\Program Files\tmpreflt.sys
2007-05-08 11:08 252,128 ----a-w C:\Program Files\Tmfilter.sys
2007-05-08 11:08 197,648 ----a-w C:\Program Files\tmxpflt.sys
2007-05-08 11:08 1,051,456 ----a-w C:\Program Files\VsapiNT.sys
2007-03-23 12:57 132 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
2004-06-22 08:04 94,438 ------w C:\Program Files\hposcu08.inf
2004-06-22 08:04 9,777 ------w C:\Program Files\hpzipr13.inf
2004-06-22 08:04 9,773 ------w C:\Program Files\hpousc08.inf
2004-06-22 08:04 70,656 ------w C:\Program Files\msvcirt.dll
2004-06-22 08:04 7,579 ------w C:\Program Files\hpound08.inf
2004-06-22 08:04 66,431 ------w C:\Program Files\hpoprl04.dat
2004-06-22 08:04 65,420 ------w C:\Program Files\hpoprl05.dat
2004-06-22 08:04 65 ------w C:\Program Files\dxprl.dat
2004-06-22 08:04 6,704 ------w C:\Program Files\hpounp08.inf
2004-06-22 08:04 53,670 ------w C:\Program Files\hposcu08.cat
2004-06-22 08:04 52,349 ------w C:\Program Files\hpzius13.cat
2004-06-22 08:04 52,349 ------w C:\Program Files\HPZius12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzist13.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzist12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzipr13.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\HPZipr12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzid413.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\HPZid412.cat
2004-06-22 08:04 51,026 ------w C:\Program Files\HPOunp08.cat
2004-06-22 08:04 50,615 ------w C:\Program Files\hpzid412.inf
2004-06-22 08:04 5,538 ------w C:\Program Files\hpzist12.inf
2004-06-22 08:04 49,212 ------w C:\Program Files\hpzjvp01.dll
2004-06-22 08:04 458,752 ------w C:\Program Files\tls704d.dll
2004-06-22 08:04 447,400 ------w C:\Program Files\hpoprn08.cat
2004-06-22 08:04 442,425 ------w C:\Program Files\hpzjpp01.dll
2004-06-22 08:04 4,779 ------w C:\Program Files\hpoglu08.inf
2004-06-22 08:04 4,768 ------w C:\Program Files\hpoprl01.dat
2004-06-22 08:04 4,144 ------w C:\Program Files\hpousb08.inf
2004-06-22 08:04 4,132 ------w C:\Program Files\hpzist13.inf
2004-06-22 08:04 4,014 ------w C:\Program Files\hpoprl08.dat
2004-06-22 08:04 399 ------w C:\Program Files\hpzprl01.dat
2004-06-22 08:04 314 ------w C:\Program Files\hpqprl01.dat
2004-06-22 08:04 3,448 ------w C:\Program Files\hpohub08.inf
2004-06-22 08:04 297 ------w C:\Program Files\Readme.html
2004-06-22 08:04 290,873 ------w C:\Program Files\hpzjut01.dll
2004-06-22 08:04 28,722 ------w C:\Program Files\hpzjlog.dll
2004-06-22 08:04 270,336 ------w C:\Program Files\hpzglu10.exe
2004-06-22 08:04 270,336 ------w C:\Program Files\hpzc3212.dll
2004-06-22 08:04 26,768 ------w C:\Program Files\usbhub.sys
2004-06-22 08:04 254,005 ------w C:\Program Files\msvcrt.dll
2004-06-22 08:04 22,636 ------w C:\Program Files\hpzid413.inf
2004-06-22 08:04 22,608 ------w C:\Program Files\usbprint.sys
2004-06-22 08:04 205 ------w C:\Program Files\hpzprl02.dat
2004-06-22 08:04 200,704 ------w C:\Program Files\hpzpnp10.dll
2004-06-22 08:04 20,168 ------w C:\Program Files\hpzius12.inf
2004-06-22 08:04 2,542 ------w C:\Program Files\hpoprl02.dat
2004-06-22 08:04 19,578 ------w C:\Program Files\hpoprl03.dat
2004-06-22 08:04 176,128 ------w C:\Program Files\hpzscr10.dll
2004-06-22 08:04 17,176 ------w C:\Program Files\hpomdl04.dat
2004-06-22 08:04 16,416 ------w C:\Program Files\HPZUCI12.DLL
2004-06-22 08:04 14,845 ------w C:\Program Files\hpoapd01.dat
2004-06-22 08:04 14,815 ------w C:\Program Files\hpzius13.inf
2004-06-22 08:04 137,124 ------w C:\Program Files\hpoprn08.inf
2004-06-22 08:04 12,922 ------w C:\Program Files\hpzipr12.inf
2004-06-22 08:04 12,288 ------w C:\Program Files\usbmon.dll
2004-06-22 08:04 1,980 ------w C:\Program Files\hpoprl07.dat
2004-06-22 08:04 1,479 ------w C:\Program Files\license.txt
2004-06-22 08:04 1,391 ------w C:\Program Files\readme.txt
2004-06-22 08:04 1,073,152 ------w C:\Program Files\Setup.exe
2004-03-17 17:13 1,028,368 ----a-w C:\Program Files\vbrun60sp6.exe
2007-05-28 20:41 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052120070528\index.dat
2007-05-28 20:41 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052820070529\index.dat
2007-05-29 20:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052920070530\index.dat
2007-05-30 19:12 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007053020070531\index.dat
2007-05-31 19:38 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007053120070601\index.dat
2007-06-02 18:05 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007060220070603\index.dat
.
((((((((((((((((((((((((((((( snapshot@2007-11-19_ 4.42.33.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-14 17:05:20 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2007-12-01 01:41:30 8,192 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-03-14 17:05:18 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2007-12-01 01:41:32 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-03-14 17:05:15 716,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2007-12-01 01:41:41 720,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-03-14 17:05:15 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2007-12-01 01:41:33 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-03-14 17:05:20 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2007-12-01 01:41:39 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2007-03-14 17:05:21 299,008 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2007-12-01 01:41:36 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-03-14 17:05:19 1,290,240 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2007-12-01 01:41:39 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2007-03-14 17:05:19 1,699,840 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2007-12-01 01:41:31 1,703,936 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-03-14 17:05:19 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2007-12-01 01:41:41 90,112 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-03-14 17:05:19 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2007-12-01 01:41:36 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-03-14 17:05:19 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2007-12-01 01:41:34 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-03-14 17:05:19 64,000 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2007-12-01 01:41:34 66,560 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2007-03-14 17:05:19 368,640 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2007-12-01 01:41:38 372,736 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-03-14 17:05:19 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2007-12-01 01:41:42 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-03-14 17:05:19 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2007-12-01 01:41:37 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-03-14 17:05:19 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2007-12-01 01:41:34 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-03-14 17:05:19 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2007-12-01 01:41:35 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-03-14 17:05:19 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2007-12-01 01:41:40 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-03-14 17:05:20 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2007-12-01 01:41:30 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-03-14 17:05:20 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2007-12-01 01:41:33 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-03-14 17:05:20 569,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2007-12-01 01:41:32 573,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-03-14 17:05:19 1,245,184 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-12-02 01:41:55 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-03-14 17:05:20 2,039,808 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2007-12-01 01:41:35 2,052,096 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-03-14 17:05:20 1,335,296 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2007-12-01 01:41:38 1,339,392 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2007-03-14 17:05:19 1,216,512 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2007-12-02 01:41:56 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2007-12-02 01:42:14 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6c209483\CustomMarshalers.dll
+ 2007-12-02 16:54:55 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_f7a7aba3\CustomMarshalers.dll
+ 2007-12-02 16:54:44 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_16ca7b18\mscorlib.dll
+ 2007-12-02 16:55:22 8,908,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_99a39f3d\mscorlib.dll
+ 2007-12-02 16:54:29 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_5708714f\System.Design.dll
+ 2007-12-02 16:55:13 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_5c7f198d\System.Design.dll
+ 2007-12-02 16:54:56 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c2d6acd3\System.Drawing.Design.dll
+ 2007-12-02 16:53:48 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_d1db38dd\System.Drawing.Design.dll
+ 2007-12-02 16:55:16 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_89ff1021\System.Drawing.dll
+ 2007-12-02 16:54:40 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b927e05c\System.Drawing.dll
+ 2007-12-02 16:55:02 7,884,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_65edacf6\System.Windows.Forms.dll
+ 2007-12-02 16:54:06 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_ea3eb20a\System.Windows.Forms.dll
+ 2007-12-02 16:54:15 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3f39ad99\System.Xml.dll
+ 2007-12-02 16:55:09 5,513,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_6779a1f5\System.Xml.dll
+ 2007-12-02 01:42:07 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_48c82c80\System.dll
+ 2007-12-02 16:54:54 4,788,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f7edce58\System.dll
+ 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-17 10:21:21 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-20 10:04:41 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
- 2007-11-16 07:28:11 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-12-13 03:04:38 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-11-16 07:28:11 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-13 03:04:38 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-11-16 07:28:11 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-12-13 03:04:38 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-11-16 07:28:11 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-13 03:04:38 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-11-16 07:28:11 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-13 03:04:38 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-11-16 07:28:11 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-13 03:04:38 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-11-16 07:28:12 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-12-13 03:04:38 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-11-16 07:28:12 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-13 03:04:38 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-11-16 07:28:11 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-12-13 03:04:38 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-11-16 07:28:11 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-12-13 03:04:38 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-11-16 07:28:12 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-12-13 03:04:38 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-11-16 07:28:11 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-12-13 03:04:38 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-11-16 07:28:11 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-13 03:04:38 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2003-02-20 19:19:32 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-13 21:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-20 19:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 01:49:18 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-20 19:19:38 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 01:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-20 19:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 21:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 19:09:08 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-13 20:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 10:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 11:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 10:21:00 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 11:23:44 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-20 19:06:20 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-15 00:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 14:30:14 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 07:24:38 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 14:31:00 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 07:24:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 14:31:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-20 19:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 00:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 07:26:36 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 14:28:58 720,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 07:26:38 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 14:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 07:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 14:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 07:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 14:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-20 19:09:12 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 00:32:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-20 19:09:12 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 00:32:46 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-20 19:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 20:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2003-02-20 19:06:32 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 20:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-20 19:09:16 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 20:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 07:26:34 2,088,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-13 20:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 19:09:18 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-15 00:33:22 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-20 19:09:18 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-15 00:33:24 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-20 19:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 20:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-20 19:07:34 2,494,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 20:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-20 19:08:32 2,482,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 20:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-01-15 16:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-20 19:09:30 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-15 00:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 07:26:46 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 14:28:48 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 01:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3664\_aspnet_isapi.dll
+ 2004-07-15 00:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3664\_CORPerfMonExt.dll
+ 2004-07-15 00:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3664\_fusion.dll
+ 2004-07-15 00:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3664\_mscorjit.dll
+ 2004-07-15 14:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3664\_mscorlib.dll
+ 2003-02-20 19:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3664\_mscorsn.dll
+ 2004-07-15 00:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3664\_mscorsvr.dll
+ 2004-07-15 00:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3664\_mscorwks.dll
+ 2003-02-21 04:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3664\_msvcr71.dll
+ 2004-07-15 00:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3664\_PerfCounter.dll
- 2003-02-20 19:09:34 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-15 00:35:04 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 07:26:38 1,290,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 14:32:00 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 07:25:42 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 14:31:14 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 07:26:42 1,699,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 14:29:02 1,703,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 07:26:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 14:28:54 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 07:26:46 1,216,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-13 21:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 07:26:50 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 14:28:58 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 07:26:50 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 14:28:56 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-20 19:09:36 64,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 00:35:12 66,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 07:26:52 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 14:31:58 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 07:26:54 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 14:31:12 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 07:26:56 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 14:28:58 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 07:26:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 14:31:54 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 07:26:58 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 14:28:52 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 07:27:00 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 14:28:54 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 07:27:02 1,245,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 21:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 07:27:06 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 14:28:58 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 07:24:18 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 14:28:52 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 07:27:06 569,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 14:31:16 573,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 07:27:08 2,039,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 14:32:02 2,052,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 07:27:10 1,335,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 14:29:00 1,339,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 13:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 10:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 11:23:20 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 05:04:18 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 08:15:14 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-20 20:10:40 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 02:11:56 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
- 2007-06-17 00:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 08:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe
- 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-08-20 10:04:34 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-10-10 23:55:51 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-20 10:04:34 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-20 10:04:34 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-10 23:55:51 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2007-10-10 23:55:51 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-08-17 10:20:54 63,488 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-10-10 10:59:40 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04:34 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-10-10 23:55:51 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-20 10:04:35 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-10-10 23:55:51 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-17 07:34:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 05:46:55 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2007-10-10 23:55:52 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-08-20 10:04:35 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-10-10 23:55:52 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2007-10-10 23:55:54 6,065,664 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-20 10:04:38 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-10-10 23:55:55 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2007-10-10 23:55:55 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-08-17 10:21:21 625,152 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-10-10 10:59:52 625,152 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-20 10:04:39 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-10 23:55:56 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2007-10-10 23:55:56 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2007-10-10 23:55:56 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-20 10:04:41 3,584,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 23:42:28 3,590,656 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-20 10:04:41 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-20 10:04:41 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-10 23:55:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-20 10:04:42 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:55:59 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-20 10:04:42 102,400 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-10-10 23:55:59 102,400 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2005-08-30 03:54:26 1,287,168 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2007-08-20 10:04:42 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-10-10 23:55:59 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-20 10:04:42 1,152,000 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-20 10:04:42 232,960 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-10-10 23:56:00 232,960 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-20 10:04:43 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-10 23:56:00 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-10-18 20:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
+ 2007-10-27 17:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-07-19 15:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:55:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2007-10-10 23:55:51 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 10:59:40 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:55:51 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:55:51 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-10-10 23:55:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:55:52 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2007-10-10 23:55:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:55:55 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2007-10-10 23:55:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-07-12 00:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 22:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-07-12 00:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 22:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-07-12 01:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 23:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:55:56 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-11-14 16:04:46 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2003-02-20 19:06:24 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2006-12-22 12:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2003-02-20 18:43:38 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2004-07-14 23:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
- 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:55:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-10-10 23:55:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-20 10:04:41 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 23:42:28 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:55:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:55:59 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-12-22 13:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\[u]0[/u]409\mscorees.dll
- 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:55:59 102,400 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-10-29 15:36:16 64,380 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-01 01:41:23 68,046 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-29 15:36:16 407,796 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-01 01:41:23 416,084 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-07-22 18:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 08:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:55:59 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-11-14 16:04:52 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-11-14 16:05:16 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-11-14 16:04:52 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-11-14 16:04:52 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-11-14 16:04:52 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-11-14 16:04:52 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-11-14 16:04:54 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-11-14 16:04:54 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2007-11-14 16:04:54 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:56:00 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-11-14 16:04:56 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-11-14 16:04:56 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
- 2007-05-03 19:52:42 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-01-03 02:11:29 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-11-14 16:04:44 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-31 00:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 14:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-31 00:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 00:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 00:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 00:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-07-19 15:10:32 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
+ 2007-07-19 15:10:32 186,128 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
+ 2007-05-31 00:03:48 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
+ 2007-07-19 15:10:28 127,768 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
+ 2007-05-31 00:03:50 45,056 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
+ 2006-09-19 23:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-09-11 21:09:16 274,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 18:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-31 00:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 00:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 00:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 00:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-09-11 21:09:16 135,168 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 18:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-11-14 16:04:44 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 12:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2007-11-14 16:04:46 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-11-14 16:04:46 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-11-14 16:04:46 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-11-14 16:05:18 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2007-11-14 16:05:18 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2007-11-14 16:05:18 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-11-14 16:05:18 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-11-14 16:05:20 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-11-14 16:06:34 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-11-14 16:06:36 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-10-18 20:18:38 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-10-18 20:18:38 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-11-14 16:04:48 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-01-11 11:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-10-18 20:18:40 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-10-18 20:18:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-11-14 16:04:50 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-11-14 16:06:36 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-11-14 16:06:36 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-04 20:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-10-11 16:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-11-14 16:05:06 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 17:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-11-14 16:04:52 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-11-14 16:04:52 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-11-14 16:05:06 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-11-14 16:04:52 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2007-11-14 16:04:54 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-11-14 16:04:54 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-01-11 11:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2007-11-14 16:04:56 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-11-14 16:04:56 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-11-14 16:04:58 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-11-14 16:04:58 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 1998-02-06 21:37:32 299,520 ----a-w C:\WINDOWS\uninst.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19 5728112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 09:37 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 08:48 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 05:19 7626752]
"nwiz"="nwiz.exe" [2006-07-12 05:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 05:19 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [2007-03-22 17:54 1150976]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-22 08:05 172032]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 08:21 65536]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-09-07 08:17 200704]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-28 22:08 185632]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-28 08:42 1393928]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 12:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
R3 TNET1130;802.11 WLAN;C:\WINDOWS\system32\DRIVERS\TNET1130.sys [2004-12-01 18:35]
S0 twvxlvwr;twvxlvwr;C:\WINDOWS\system32\drivers\gwytwpdy.sys []
S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2002-03-09 16:42]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a45a072-8e3c-11dc-939c-00120e4979ac}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm
.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 01:47:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-02 07:34:15 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B5DE7115-B5F8-42C9-8237-2669F45FD293}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-03 02:41:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 2:42:34
ComboFix-quarantined-files.txt 2008-01-03 02:42:30
ComboFix2.txt 2007-11-19 04:43:07
ComboFix3.txt 2007-11-18 05:07:40
ComboFix4.txt 2007-11-15 21:17:16
.
2007-12-13 03:04:41 --- E O F ---
ComboFix 07-11-08.3 - user 2007-11-19 4:39:08.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.550 [GMT 0:00]
Running from: C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\6OVZOWP9\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.
2007-11-15 00:19 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 23:08 <DIR> d-------- C:\Deckard
2007-11-11 20:38 3,702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23 <DIR> d-------- C:\WINDOWS\system\SmitfraudFix
2007-11-11 20:22 1,043,074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10 <DIR> d-------- C:\Program Files\SmitfraudFix
2007-11-11 19:37 <DIR> d-------- C:\SmitfraudFix
2007-11-08 02:36 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-07 22:37 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-11-07 22:37 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-11-07 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48 <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 14:51 --------- d-----w C:\Documents and Settings\user\Application Data\PlayFirst
2007-11-09 13:46 401,720 ----a-w C:\Program Files\hijack.exe
2007-11-08 02:36 --------- d-----w C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36 --------- d-----w C:\Program Files\Google
2007-11-08 02:36 --------- d-----w C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-08 02:35 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-07 23:13 --------- d-----w C:\Program Files\MSN Messenger
2007-11-07 19:55 67,777 ----a-w C:\Program Files\log malware.txt
2007-11-07 16:23 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2007-10-29 10:53 --------- d-----w C:\Program Files\Windows Live
2007-10-29 10:49 --------- d-----w C:\Program Files\Hardwood Spades
2007-10-29 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-28 22:08 --------- d-----w C:\Program Files\Common Files\Real
2007-09-28 08:42 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-28 08:42 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-28 08:42 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-28 08:42 203,024 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-28 08:42 138,512 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-28 08:42 1,126,328 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-17 01:51 123,461 ----a-w C:\Program Files\Common Files\Hewlett-Packard.zip
2007-07-05 00:27 1,708,148 ----a-w C:\Documents and Settings\All Users\Documents.zip
2007-06-06 02:21 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-05-08 11:08 31,248 ----a-w C:\Program Files\tmpreflt.sys
2007-05-08 11:08 252,128 ----a-w C:\Program Files\Tmfilter.sys
2007-05-08 11:08 197,648 ----a-w C:\Program Files\tmxpflt.sys
2007-05-08 11:08 1,051,456 ----a-w C:\Program Files\VsapiNT.sys
2007-03-23 12:57 132 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
2004-06-22 08:04 94,438 ------w C:\Program Files\hposcu08.inf
2004-06-22 08:04 9,777 ------w C:\Program Files\hpzipr13.inf
2004-06-22 08:04 9,773 ------w C:\Program Files\hpousc08.inf
2004-06-22 08:04 70,656 ------w C:\Program Files\msvcirt.dll
2004-06-22 08:04 7,579 ------w C:\Program Files\hpound08.inf
2004-06-22 08:04 66,431 ------w C:\Program Files\hpoprl04.dat
2004-06-22 08:04 65,420 ------w C:\Program Files\hpoprl05.dat
2004-06-22 08:04 65 ------w C:\Program Files\dxprl.dat
2004-06-22 08:04 6,704 ------w C:\Program Files\hpounp08.inf
2004-06-22 08:04 53,670 ------w C:\Program Files\hposcu08.cat
2004-06-22 08:04 52,349 ------w C:\Program Files\hpzius13.cat
2004-06-22 08:04 52,349 ------w C:\Program Files\HPZius12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzist13.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzist12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzipr13.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\HPZipr12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzid413.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\HPZid412.cat
2004-06-22 08:04 51,026 ------w C:\Program Files\HPOunp08.cat
2004-06-22 08:04 50,615 ------w C:\Program Files\hpzid412.inf
2004-06-22 08:04 5,538 ------w C:\Program Files\hpzist12.inf
2004-06-22 08:04 49,212 ------w C:\Program Files\hpzjvp01.dll
2004-06-22 08:04 458,752 ------w C:\Program Files\tls704d.dll
2004-06-22 08:04 447,400 ------w C:\Program Files\hpoprn08.cat
2004-06-22 08:04 442,425 ------w C:\Program Files\hpzjpp01.dll
2004-06-22 08:04 4,779 ------w C:\Program Files\hpoglu08.inf
2004-06-22 08:04 4,768 ------w C:\Program Files\hpoprl01.dat
2004-06-22 08:04 4,144 ------w C:\Program Files\hpousb08.inf
2004-06-22 08:04 4,132 ------w C:\Program Files\hpzist13.inf
2004-06-22 08:04 4,014 ------w C:\Program Files\hpoprl08.dat
2004-06-22 08:04 399 ------w C:\Program Files\hpzprl01.dat
2004-06-22 08:04 314 ------w C:\Program Files\hpqprl01.dat
2004-06-22 08:04 3,448 ------w C:\Program Files\hpohub08.inf
2004-06-22 08:04 297 ------w C:\Program Files\Readme.html
2004-06-22 08:04 290,873 ------w C:\Program Files\hpzjut01.dll
2004-06-22 08:04 28,722 ------w C:\Program Files\hpzjlog.dll
2004-06-22 08:04 270,336 ------w C:\Program Files\hpzglu10.exe
2004-06-22 08:04 270,336 ------w C:\Program Files\hpzc3212.dll
2004-06-22 08:04 26,768 ------w C:\Program Files\usbhub.sys
2004-06-22 08:04 254,005 ------w C:\Program Files\msvcrt.dll
2004-06-22 08:04 22,636 ------w C:\Program Files\hpzid413.inf
2004-06-22 08:04 22,608 ------w C:\Program Files\usbprint.sys
2004-06-22 08:04 205 ------w C:\Program Files\hpzprl02.dat
2004-06-22 08:04 200,704 ------w C:\Program Files\hpzpnp10.dll
2004-06-22 08:04 20,168 ------w C:\Program Files\hpzius12.inf
2004-06-22 08:04 2,542 ------w C:\Program Files\hpoprl02.dat
2004-06-22 08:04 19,578 ------w C:\Program Files\hpoprl03.dat
2004-06-22 08:04 176,128 ------w C:\Program Files\hpzscr10.dll
2004-06-22 08:04 17,176 ------w C:\Program Files\hpomdl04.dat
2004-06-22 08:04 16,416 ------w C:\Program Files\HPZUCI12.DLL
2004-06-22 08:04 14,845 ------w C:\Program Files\hpoapd01.dat
2004-06-22 08:04 14,815 ------w C:\Program Files\hpzius13.inf
2004-06-22 08:04 137,124 ------w C:\Program Files\hpoprn08.inf
2004-06-22 08:04 12,922 ------w C:\Program Files\hpzipr12.inf
2004-06-22 08:04 12,288 ------w C:\Program Files\usbmon.dll
2004-06-22 08:04 1,980 ------w C:\Program Files\hpoprl07.dat
2004-06-22 08:04 1,479 ------w C:\Program Files\license.txt
2004-06-22 08:04 1,391 ------w C:\Program Files\readme.txt
2004-06-22 08:04 1,073,152 ------w C:\Program Files\Setup.exe
2004-03-17 17:13 1,028,368 ----a-w C:\Program Files\vbrun60sp6.exe
2007-05-28 20:41:22 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052120070528\index.dat
2007-05-28 20:41:22 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052820070529\index.dat
2007-05-29 20:49:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052920070530\index.dat
2007-05-30 19:12:14 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007053020070531\index.dat
2007-05-31 19:38:44 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007053120070601\index.dat
2007-06-02 18:05:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007060220070603\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 05:19]
"nwiz"="nwiz.exe" [2006-07-12 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [2007-03-22 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-22 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-09-07 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-28 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-28 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll
R3 TNET1130;802.11 WLAN;C:\WINDOWS\system32\DRIVERS\TNET1130.sys
S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-18 22:47:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-19 04:42:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-19 4:43:04
C:\ComboFix2.txt ... 2007-11-18 05:07
C:\ComboFix3.txt ... 2007-11-15 21:17
.
--- E O F ---
ComboFix 07-11-08.1 - user 2007-11-18 5:03:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.430 [GMT 0:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-18 to 2007-11-18 )))))))))))))))))))))))))))))))
.
2007-11-15 00:19 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 23:08 <DIR> d-------- C:\Deckard
2007-11-11 20:38 3,702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23 <DIR> d-------- C:\WINDOWS\system\SmitfraudFix
2007-11-11 20:22 1,043,074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10 <DIR> d-------- C:\Program Files\SmitfraudFix
2007-11-11 19:37 <DIR> d-------- C:\SmitfraudFix
2007-11-08 02:36 <DIR> d-------- C:\WINDOWS\system32\runtime
2007-11-08 02:36 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-07 22:37 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-11-07 22:37 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-11-07 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48 <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-18 04:38 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-15 14:51 --------- d-----w C:\Documents and Settings\user\Application Data\PlayFirst
2007-11-09 13:46 401,720 ----a-w C:\Program Files\hijack.exe
2007-11-08 02:36 --------- d-----w C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36 --------- d-----w C:\Program Files\Google
2007-11-08 02:36 --------- d-----w C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-08 02:35 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-07 23:13 --------- d-----w C:\Program Files\MSN Messenger
2007-11-07 19:55 67,777 ----a-w C:\Program Files\log malware.txt
2007-11-07 16:23 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2007-10-29 10:53 --------- d-----w C:\Program Files\Windows Live
2007-10-29 10:49 --------- d-----w C:\Program Files\Hardwood Spades
2007-10-29 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-28 22:08 --------- d-----w C:\Program Files\Common Files\Real
2007-09-28 08:42 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-28 08:42 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-28 08:42 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-28 08:42 203,024 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-28 08:42 138,512 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-28 08:42 1,126,328 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-18 18:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-18 18:52 --------- d-----w C:\Program Files\Trymedia
2007-09-18 18:52 --------- d-----w C:\Program Files\Silver Creek Installer
2007-09-18 18:52 --------- d-----w C:\Program Files\Hardwood Backgammon
2007-09-18 18:52 --------- d-----w C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-18 18:51 --------- d-----w C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:48 --------- d-----w C:\Program Files\KYE
2007-09-18 18:48 --------- d-----w C:\Program Files\Common Files\snpstd
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-17 01:51 123,461 ----a-w C:\Program Files\Common Files\Hewlett-Packard.zip
2007-07-05 00:27 1,708,148 ----a-w C:\Documents and Settings\All Users\Documents.zip
2007-06-06 02:21 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-05-08 11:08 31,248 ----a-w C:\Program Files\tmpreflt.sys
2007-05-08 11:08 252,128 ----a-w C:\Program Files\Tmfilter.sys
2007-05-08 11:08 197,648 ----a-w C:\Program Files\tmxpflt.sys
2007-05-08 11:08 1,051,456 ----a-w C:\Program Files\VsapiNT.sys
2007-03-23 12:57 132 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
2004-06-22 08:04 94,438 ------w C:\Program Files\hposcu08.inf
2004-06-22 08:04 9,777 ------w C:\Program Files\hpzipr13.inf
2004-06-22 08:04 9,773 ------w C:\Program Files\hpousc08.inf
2004-06-22 08:04 70,656 ------w C:\Program Files\msvcirt.dll
2004-06-22 08:04 7,579 ------w C:\Program Files\hpound08.inf
2004-06-22 08:04 66,431 ------w C:\Program Files\hpoprl04.dat
2004-06-22 08:04 65,420 ------w C:\Program Files\hpoprl05.dat
2004-06-22 08:04 65 ------w C:\Program Files\dxprl.dat
2004-06-22 08:04 6,704 ------w C:\Program Files\hpounp08.inf
2004-06-22 08:04 53,670 ------w C:\Program Files\hposcu08.cat
2004-06-22 08:04 52,349 ------w C:\Program Files\hpzius13.cat
2004-06-22 08:04 52,349 ------w C:\Program Files\HPZius12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzist13.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzist12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzipr13.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\HPZipr12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzid413.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\HPZid412.cat
2004-06-22 08:04 51,026 ------w C:\Program Files\HPOunp08.cat
2004-06-22 08:04 50,615 ------w C:\Program Files\hpzid412.inf
2004-06-22 08:04 5,538 ------w C:\Program Files\hpzist12.inf
2004-06-22 08:04 49,212 ------w C:\Program Files\hpzjvp01.dll
2004-06-22 08:04 458,752 ------w C:\Program Files\tls704d.dll
2004-06-22 08:04 447,400 ------w C:\Program Files\hpoprn08.cat
2004-06-22 08:04 442,425 ------w C:\Program Files\hpzjpp01.dll
2004-06-22 08:04 4,779 ------w C:\Program Files\hpoglu08.inf
2004-06-22 08:04 4,768 ------w C:\Program Files\hpoprl01.dat
2004-06-22 08:04 4,144 ------w C:\Program Files\hpousb08.inf
2004-06-22 08:04 4,132 ------w C:\Program Files\hpzist13.inf
2004-06-22 08:04 4,014 ------w C:\Program Files\hpoprl08.dat
2004-06-22 08:04 399 ------w C:\Program Files\hpzprl01.dat
2004-06-22 08:04 314 ------w C:\Program Files\hpqprl01.dat
2004-06-22 08:04 3,448 ------w C:\Program Files\hpohub08.inf
2004-06-22 08:04 297 ------w C:\Program Files\Readme.html
2004-06-22 08:04 290,873 ------w C:\Program Files\hpzjut01.dll
2004-06-22 08:04 28,722 ------w C:\Program Files\hpzjlog.dll
2004-06-22 08:04 270,336 ------w C:\Program Files\hpzglu10.exe
2004-06-22 08:04 270,336 ------w C:\Program Files\hpzc3212.dll
2004-06-22 08:04 26,768 ------w C:\Program Files\usbhub.sys
2004-06-22 08:04 254,005 ------w C:\Program Files\msvcrt.dll
2004-06-22 08:04 22,636 ------w C:\Program Files\hpzid413.inf
2004-06-22 08:04 22,608 ------w C:\Program Files\usbprint.sys
2004-06-22 08:04 205 ------w C:\Program Files\hpzprl02.dat
2004-06-22 08:04 200,704 ------w C:\Program Files\hpzpnp10.dll
2004-06-22 08:04 20,168 ------w C:\Program Files\hpzius12.inf
2004-06-22 08:04 2,542 ------w C:\Program Files\hpoprl02.dat
2004-06-22 08:04 19,578 ------w C:\Program Files\hpoprl03.dat
2004-06-22 08:04 176,128 ------w C:\Program Files\hpzscr10.dll
2004-06-22 08:04 17,176 ------w C:\Program Files\hpomdl04.dat
2004-06-22 08:04 16,416 ------w C:\Program Files\HPZUCI12.DLL
2004-06-22 08:04 14,845 ------w C:\Program Files\hpoapd01.dat
2004-06-22 08:04 14,815 ------w C:\Program Files\hpzius13.inf
2004-06-22 08:04 137,124 ------w C:\Program Files\hpoprn08.inf
2004-06-22 08:04 12,922 ------w C:\Program Files\hpzipr12.inf
2004-06-22 08:04 12,288 ------w C:\Program Files\usbmon.dll
2004-06-22 08:04 1,980 ------w C:\Program Files\hpoprl07.dat
2004-06-22 08:04 1,479 ------w C:\Program Files\license.txt
2004-06-22 08:04 1,391 ------w C:\Program Files\readme.txt
2004-06-22 08:04 1,073,152 ------w C:\Program Files\Setup.exe
2004-03-17 17:13 1,028,368 ----a-w C:\Program Files\vbrun60sp6.exe
2007-05-28 20:41:22 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052120070528\index.dat
2007-05-28 20:41:22 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052820070529\index.dat
2007-05-29 20:49:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052920070530\index.dat
2007-05-30 19:12:14 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007053020070531\index.dat
2007-05-31 19:38:44 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007053120070601\index.dat
2007-06-02 18:05:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007060220070603\index.dat
.
((((((((((((((((((((((((((((( snapshot@2007-11-15_ 2.35.38.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-10 00:58:22 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-11-16 07:28:11 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-10-10 00:58:22 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-11-16 07:28:11 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-10-10 00:58:22 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-11-16 07:28:11 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-10 00:58:22 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-11-16 07:28:11 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-10 00:58:22 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-11-16 07:28:11 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-10 00:58:22 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-11-16 07:28:11 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-10 00:58:22 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-11-16 07:28:12 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-10-10 00:58:22 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-11-16 07:28:12 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-10 00:58:22 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-11-16 07:28:11 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-10 00:58:22 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-11-16 07:28:11 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-10 00:58:22 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-11-16 07:28:12 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-10 00:58:22 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-11-16 07:28:11 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-10-10 00:58:22 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-16 07:28:11 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-11-15 02:34:11 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-18 04:38:11 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-15 02:34:11 131,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-18 04:38:11 131,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-15 02:34:11 819,200 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-18 04:38:11 819,200 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-19 21:52:18 8,453,632 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
- 2007-11-15 02:34:12 24,064 ----a-w C:\WINDOWS\Temp\ouxtikeah.dll
+ 2007-11-18 04:38:11 24,064 ----a-w C:\WINDOWS\Temp\ouxtikeah.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 05:19]
"nwiz"="nwiz.exe" [2006-07-12 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [2007-03-22 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-22 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-09-07 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-28 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-28 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 2006-02-28 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe
R3 TNET1130;802.11 WLAN;C:\WINDOWS\system32\DRIVERS\TNET1130.sys
S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-18 04:47:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-18 05:06:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-18 5:07:37
C:\ComboFix2.txt ... 2007-11-15 21:17
C:\ComboFix3.txt ... 2007-11-15 02:36
.
--- E O F ---
ComboFix 07-11-08.1 - user 2007-11-15 21:08:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.347 [GMT 0:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFscript.txt
* Created a new restore point
FILE
C:\WINDOWS\bonrep.dll
C:\WINDOWS\ipwypktx.dll
C:\WINDOWS\kbdctrl.dll
C:\WINDOWS\neobus.dll
C:\WINDOWS\qdertu.exe
C:\WINDOWS\system32\ahroxun-edat.exe
C:\WINDOWS\system32\udsacoot.exe
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\Desktop\Error Cleaner.url
C:\Documents and Settings\user\Desktop\Favorites\Error Cleaner.url
C:\Documents and Settings\user\Desktop\Favorites\Privacy Protector.url
C:\Documents and Settings\user\Desktop\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\user\Desktop\Privacy Protector.url
C:\Documents and Settings\user\Desktop\Spyware&Malware Protection.url
C:\WINDOWS\bonrep.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\ipwypktx.dll
C:\WINDOWS\kbdctrl.dll
C:\WINDOWS\neobus.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\qdertu.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\ahroxun-edat.exe . . . . failed to delete
C:\WINDOWS\system32\udsacoot.exe . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.
2007-11-15 00:19 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 23:08 <DIR> d-------- C:\Deckard
2007-11-11 20:38 3,702 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 20:23 <DIR> d-------- C:\WINDOWS\system\SmitfraudFix
2007-11-11 20:22 1,043,074 --a------ C:\WINDOWS\system\SmitfraudFix.exe
2007-11-11 20:10 <DIR> d-------- C:\Program Files\SmitfraudFix
2007-11-11 19:37 <DIR> d-------- C:\SmitfraudFix
2007-11-08 02:36 <DIR> d-------- C:\WINDOWS\system32\runtime
2007-11-08 02:36 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 02:36 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-08 02:36 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-07 22:37 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-11-07 22:37 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-11-07 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-11-07 20:48 <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 21:15 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac.exe
2007-11-15 14:51 --------- d-----w C:\Documents and Settings\user\Application Data\PlayFirst
2007-11-09 13:46 401,720 ----a-w C:\Program Files\hijack.exe
2007-11-08 02:36 --------- d-----w C:\Program Files\SilverCreekCommonFiles
2007-11-08 02:36 --------- d-----w C:\Program Files\Google
2007-11-08 02:36 --------- d-----w C:\Documents and Settings\user\Application Data\AOL
2007-11-08 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-08 02:35 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-07 23:13 --------- d-----w C:\Program Files\MSN Messenger
2007-11-07 19:55 67,777 ----a-w C:\Program Files\log malware.txt
2007-11-07 16:23 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2007-10-29 13:30 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(251).exe
2007-10-29 12:35 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(252).exe
2007-10-29 10:53 --------- d-----w C:\Program Files\Windows Live
2007-10-29 10:49 --------- d-----w C:\Program Files\Hardwood Spades
2007-10-29 10:26 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(253).exe
2007-10-29 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-28 22:08 --------- d-----w C:\Program Files\Common Files\Real
2007-10-23 21:19 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(245).exe
2007-10-23 15:36 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(246).exe
2007-10-23 15:06 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(247).exe
2007-10-23 14:45 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(248).exe
2007-10-23 14:32 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(249).exe
2007-10-22 21:05 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(250).exe
2007-09-28 08:42 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-28 08:42 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-28 08:42 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-28 08:42 203,024 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-28 08:42 138,512 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-28 08:42 1,126,328 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-18 18:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-18 18:52 --------- d-----w C:\Program Files\Trymedia
2007-09-18 18:52 --------- d-----w C:\Program Files\Silver Creek Installer
2007-09-18 18:52 --------- d-----w C:\Program Files\Hardwood Backgammon
2007-09-18 18:52 --------- d-----w C:\Program Files\Common Files\CasinoVegasShared
2007-09-18 18:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-18 18:51 --------- d-----w C:\Program Files\namtai_eyetoy_drivers
2007-09-18 18:48 --------- d-----w C:\Program Files\KYE
2007-09-18 18:48 --------- d-----w C:\Program Files\Common Files\snpstd
2007-09-18 15:43 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(136).exe
2007-09-18 14:52 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(137).exe
2007-09-18 13:05 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(138).exe
2007-09-18 12:00 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(139).exe
2007-09-18 08:31 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(140).exe
2007-09-17 20:37 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(141).exe
2007-09-17 08:06 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(142).exe
2007-09-17 07:47 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(143).exe
2007-09-16 20:09 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(144).exe
2007-09-16 16:57 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(145).exe
2007-09-16 13:25 30,489 ----a-w C:\WINDOWS\system32\ekvakuh-easac(146).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(244).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(243).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(242).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(241).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(240).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(239).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(238).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(237).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(236).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(235).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(234).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(233).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(232).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(231).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(230).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(229).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(228).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(227).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(226).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(225).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(224).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(223).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(222).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(221).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(220).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(219).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(218).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(217).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(216).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(215).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(214).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(213).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(212).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(211).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(210).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(209).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(208).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(207).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(206).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(205).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(204).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(203).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(202).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(201).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(200).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(199).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(198).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(197).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(196).exe
2007-09-16 13:25 30,489 ----a-r C:\WINDOWS\system32\ekvakuh-easac(195).exe
2007-05-28 20:41:22 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052120070528\index.dat
2007-05-28 20:41:22 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052820070529\index.dat
2007-05-29 20:49:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052920070530\index.dat
2007-05-30 19:12:14 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007053020070531\index.dat
2007-05-31 19:38:44 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007053120070601\index.dat
2007-06-02 18:05:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007060220070603\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
- Not a PE file.
---- Directory of C:\WINDOWS\system32\runtime ----
((((((((((((((((((((((((((((( snapshot@2007-11-15_ 2.35.38.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-15 02:34:11 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-15 21:15:10 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-15 02:34:11 131,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-15 21:15:10 131,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-15 02:34:11 819,200 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-15 21:15:10 819,200 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-15 02:34:12 24,064 ----a-w C:\WINDOWS\Temp\ouxtikeah.dll
+ 2007-11-15 21:15:10 24,064 ----a-w C:\WINDOWS\Temp\ouxtikeah.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 08:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 05:19]
"nwiz"="nwiz.exe" [2006-07-12 05:19 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 05:19]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [2007-03-22 17:54]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-22 08:05]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 08:21]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-09-07 08:17]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-28 22:08]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-28 08:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}]
C:\WINDOWS\system32\atpakib-deas.dll 2006-02-28 12:00 5120 C:\WINDOWS\system32\atpakib-deas.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\system32\ahroxun-edat.exe
S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys
S3 TNET1130;802.11 WLAN;C:\WINDOWS\system32\DRIVERS\TNET1130.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{484F4D45-3248-4f4d-4532-484F4D453248}]
C:\WINDOWS\system32\udsacoot.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-15 20:47:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-15 21:15:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-15 21:17:15 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-15 02:36
.
--- E O F ---
ComboFix 08-01-03.4 - user 2008-01-11 20:25:51.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.543 [GMT 0:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.
2008-01-10 04:28 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-10 04:27 . 2008-01-10 04:27 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-09 17:51 . 2008-01-09 17:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-09 17:51 . 2008-01-09 17:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-04 11:19 . 2008-01-05 10:09 1,309 --a------ C:\WINDOWS\mozver.dat
2008-01-03 23:03 . 2008-01-04 03:07 <DIR> d-------- C:\Documents and Settings\user\Application Data\ArcSoft
2008-01-03 21:54 . 2004-08-03 23:10 78,464 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys
2008-01-03 21:54 . 2004-08-03 23:10 78,464 --a--c--- C:\WINDOWS\system32\dllcache\usbvideo.sys
2008-01-03 21:54 . 2004-08-04 00:56 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2008-01-03 21:54 . 2004-08-04 00:56 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-01-03 21:51 . 2008-01-03 21:51 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-01-03 21:51 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-03 21:50 . 2008-01-04 03:04 <DIR> d-------- C:\Program Files\ArcSoft
2008-01-03 02:32 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-03 02:32 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-03 02:32 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-03 02:32 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-03 02:32 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-03 02:32 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-31 21:26 . 2007-12-31 21:26 <DIR> d-------- C:\Program Files\Java
2007-12-31 21:26 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-26 10:52 . 2008-01-11 20:30 4,188,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-26 10:52 . 2008-01-11 18:41 49,652 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-26 10:44 . 2007-12-26 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-24 09:44 . 2007-12-24 09:44 <DIR> d-------- C:\Program Files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 19:44 --------- d-----w C:\Program Files\Windows Live
2008-01-10 04:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-10 02:42 67,777 ----a-w C:\Program Files\log malware.txt
2008-01-10 01:58 162 ---ha-w C:\Program Files\~$g malware.txt
2008-01-04 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 02:33 3,816 ----a-w C:\WINDOWS\system32\tmp.reg
2007-12-24 10:22 9,605 ----a-w C:\Program Files\hijackthis.log
2007-12-20 14:24 --------- d-----w C:\Program Files\Google
2007-11-21 21:10 --------- d-----w C:\Program Files\Driving Test Success Plus
2007-11-21 12:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-15 14:51 --------- d-----w C:\Documents and Settings\user\Application Data\PlayFirst
2007-11-14 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 16:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 20:10 --------- d-----w C:\Program Files\SmitfraudFix
2007-11-09 13:46 401,720 ----a-w C:\Program Files\hijack.exe
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 11:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-07-17 01:51 123,461 ----a-w C:\Program Files\Common Files\Hewlett-Packard.zip
2007-07-05 00:27 1,708,148 ----a-w C:\Documents and Settings\All Users\Documents.zip
2007-06-06 02:21 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-05-08 11:08 31,248 ----a-w C:\Program Files\tmpreflt.sys
2007-05-08 11:08 252,128 ----a-w C:\Program Files\Tmfilter.sys
2007-05-08 11:08 197,648 ----a-w C:\Program Files\tmxpflt.sys
2007-05-08 11:08 1,051,456 ----a-w C:\Program Files\VsapiNT.sys
2007-03-23 12:57 132 ----a-w C:\Documents and Settings\user\Application Data\wklnhst.dat
2004-06-22 08:04 94,438 ------w C:\Program Files\hposcu08.inf
2004-06-22 08:04 9,777 ------w C:\Program Files\hpzipr13.inf
2004-06-22 08:04 9,773 ------w C:\Program Files\hpousc08.inf
2004-06-22 08:04 70,656 ------w C:\Program Files\msvcirt.dll
2004-06-22 08:04 7,579 ------w C:\Program Files\hpound08.inf
2004-06-22 08:04 66,431 ------w C:\Program Files\hpoprl04.dat
2004-06-22 08:04 65,420 ------w C:\Program Files\hpoprl05.dat
2004-06-22 08:04 65 ------w C:\Program Files\dxprl.dat
2004-06-22 08:04 6,704 ------w C:\Program Files\hpounp08.inf
2004-06-22 08:04 53,670 ------w C:\Program Files\hposcu08.cat
2004-06-22 08:04 52,349 ------w C:\Program Files\hpzius13.cat
2004-06-22 08:04 52,349 ------w C:\Program Files\HPZius12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzist13.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzist12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzipr13.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\HPZipr12.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\hpzid413.cat
2004-06-22 08:04 51,467 ------w C:\Program Files\HPZid412.cat
2004-06-22 08:04 51,026 ------w C:\Program Files\HPOunp08.cat
2004-06-22 08:04 50,615 ------w C:\Program Files\hpzid412.inf
2004-06-22 08:04 5,538 ------w C:\Program Files\hpzist12.inf
2004-06-22 08:04 49,212 ------w C:\Program Files\hpzjvp01.dll
2004-06-22 08:04 458,752 ------w C:\Program Files\tls704d.dll
2004-06-22 08:04 447,400 ------w C:\Program Files\hpoprn08.cat
2004-06-22 08:04 442,425 ------w C:\Program Files\hpzjpp01.dll
2004-06-22 08:04 4,779 ------w C:\Program Files\hpoglu08.inf
2004-06-22 08:04 4,768 ------w C:\Program Files\hpoprl01.dat
2004-06-22 08:04 4,144 ------w C:\Program Files\hpousb08.inf
2004-06-22 08:04 4,132 ------w C:\Program Files\hpzist13.inf
2004-06-22 08:04 4,014 ------w C:\Program Files\hpoprl08.dat
2004-06-22 08:04 399 ------w C:\Program Files\hpzprl01.dat
2004-06-22 08:04 314 ------w C:\Program Files\hpqprl01.dat
2004-06-22 08:04 3,448 ------w C:\Program Files\hpohub08.inf
2004-06-22 08:04 297 ------w C:\Program Files\Readme.html
2004-06-22 08:04 290,873 ------w C:\Program Files\hpzjut01.dll
2004-06-22 08:04 28,722 ------w C:\Program Files\hpzjlog.dll
2004-06-22 08:04 270,336 ------w C:\Program Files\hpzglu10.exe
2004-06-22 08:04 270,336 ------w C:\Program Files\hpzc3212.dll
2004-06-22 08:04 26,768 ------w C:\Program Files\usbhub.sys
2004-06-22 08:04 254,005 ------w C:\Program Files\msvcrt.dll
2004-06-22 08:04 22,636 ------w C:\Program Files\hpzid413.inf
2004-06-22 08:04 22,608 ------w C:\Program Files\usbprint.sys
2004-06-22 08:04 205 ------w C:\Program Files\hpzprl02.dat
2004-06-22 08:04 200,704 ------w C:\Program Files\hpzpnp10.dll
2004-06-22 08:04 20,168 ------w C:\Program Files\hpzius12.inf
2004-06-22 08:04 2,542 ------w C:\Program Files\hpoprl02.dat
2004-06-22 08:04 19,578 ------w C:\Program Files\hpoprl03.dat
2004-06-22 08:04 176,128 ------w C:\Program Files\hpzscr10.dll
2004-06-22 08:04 17,176 ------w C:\Program Files\hpomdl04.dat
2004-06-22 08:04 16,416 ------w C:\Program Files\HPZUCI12.DLL
2004-06-22 08:04 14,845 ------w C:\Program Files\hpoapd01.dat
2004-06-22 08:04 14,815 ------w C:\Program Files\hpzius13.inf
2004-06-22 08:04 137,124 ------w C:\Program Files\hpoprn08.inf
2004-06-22 08:04 12,922 ------w C:\Program Files\hpzipr12.inf
2004-06-22 08:04 12,288 ------w C:\Program Files\usbmon.dll
2004-06-22 08:04 1,980 ------w C:\Program Files\hpoprl07.dat
2004-06-22 08:04 1,479 ------w C:\Program Files\license.txt
2004-06-22 08:04 1,391 ------w C:\Program Files\readme.txt
2004-06-22 08:04 1,073,152 ------w C:\Program Files\Setup.exe
2004-03-17 17:13 1,028,368 ----a-w C:\Program Files\vbrun60sp6.exe
2007-05-28 20:41 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052120070528\index.dat
2007-05-28 20:41 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052820070529\index.dat
2007-05-29 20:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007052920070530\index.dat
2007-05-30 19:12 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007053020070531\index.dat
2007-05-31 19:38 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007053120070601\index.dat
2007-06-02 18:05 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007060220070603\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Program Files\Common Files\xing shared ----
2007-10-28 22:09 352256 --a------ C:\Program Files\Common Files\xing shared\mpeg encode\xmencmp3.dll
---- Directory of C:\Program Files\SilverCreekCommonFiles ----
2007-09-02 21:03 360642 --a------ C:\Program Files\SilverCreekCommonFiles\Decks\xmas.hwdck
2007-06-24 08:08 106147 --a------ C:\Program Files\SilverCreekCommonFiles\Decks\Big Head.hwdck
((((((((((((((((((((((((((((( snapshot_2008-01-03_ 2.42.04.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-05 17:18:44 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-01-10 04:26:13 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
- 2007-06-18 17:03:33 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81000000003}\SC_Reader.exe
+ 2008-01-09 22:44:26 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81000000003}\SC_Reader.exe
- 1995-07-31 12:44:46 212,480 ----a-w C:\WINDOWS\PCDLIB32.DLL
+ 1995-08-01 04:44:46 212,480 ----a-w C:\WINDOWS\PCDLIB32.DLL
+ 2007-10-11 14:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-01-03 13:50:20 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2006-10-24 12:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll
- 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-16 16:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-09-25 16:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-16 16:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2003-04-21 13:09:50 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
+ 2005-04-27 16:36:00 245,408 ----a-r C:\WINDOWS\system32\unicows.dll
+ 2006-10-24 12:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll
+ 2006-10-24 12:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll
+ 2006-10-24 12:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll
- 2008-01-03 02:11:29 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-01-11 18:11:32 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 08:48 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 05:19 7626752]
"nwiz"="nwiz.exe" [2006-07-12 05:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 05:19 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"TI WLAN"="C:\Program Files\Wireless LAN Utility\TIWLANCu.exe" [2007-03-22 17:54 1150976]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-22 08:05 172032]
"EPSON Stylus Photo R240 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.exe" [2005-04-25 05:00 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 08:21 65536]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-09-07 08:17 200704]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48 286720]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-28 08:42 1393928]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-28 22:08 185632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 12:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
R3 TNET1130;802.11 WLAN;C:\WINDOWS\system32\DRIVERS\TNET1130.sys [2004-12-01 18:35]
S0 twvxlvwr;twvxlvwr;C:\WINDOWS\system32\drivers\gwytwpdy.sys []
S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2002-03-09 16:42]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a45a072-8e3c-11dc-939c-00120e4979ac}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.htm
.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 19:47:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-11 18:14:56 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B5DE7115-B5F8-42C9-8237-2669F45FD293}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-11 20:30:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\PROGRA~1\ArcSoft\PHOTOI~1\share\pihook.dll
.
Completion time: 2008-01-11 20:32:17
ComboFix-quarantined-files.txt 2008-01-11 20:32:10
ComboFix2.txt 2008-01-10 03:48:34
ComboFix3.txt 2008-01-03 02:42:35
ComboFix4.txt 2007-11-19 04:43:07
ComboFix5.txt 2007-11-18 05:07:40
.
2007-12-13 03:04:41 --- E O F ---