Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJackthis report

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJackthis report

Unread postby vasa129 » August 1st, 2008, 1:06 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:54 PM, on 8/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\lxctcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\WINDOWS\System32\lphclv1j0erd3.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [lphclv1j0erd3] C:\WINDOWS\System32\lphclv1j0erd3.exe
O4 - HKLM\..\Run: [04ddc144] rundll32.exe "C:\WINDOWS\System32\otcacxdv.dll",b
O4 - HKLM\..\Run: [BM07eef2d8] Rundll32.exe "C:\WINDOWS\System32\ujotfvov.dll",s
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/oneclickfix/tgctlsr.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.phgenit.com/plugin/awarewebp ... wswaxf.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://playgames.comcast.net/online2/pi ... 0.0.32.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://playgames.comcast.net/online2/go ... dfever.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: lxct_device - - C:\WINDOWS\System32\lxctcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6278 bytes
vasa129
Regular Member
 
Posts: 22
Joined: March 23rd, 2008, 9:57 am
Advertisement
Register to Remove

Re: HiJackthis report

Unread postby Shaba » August 2nd, 2008, 4:53 am

Hi vasa129

Rename HijackThis.exe to vasa129.exe and post back a fresh HijackThis log, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJackthis report

Unread postby vasa129 » August 2nd, 2008, 7:18 am

how do I rename hijackthis?
vasa129
Regular Member
 
Posts: 22
Joined: March 23rd, 2008, 9:57 am

Re: HiJackthis report

Unread postby Shaba » August 2nd, 2008, 7:36 am

Rename HijackThis.exe to vasa129.exe by doing the following;

  • Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to vasa129.exe
  • When you've renamed HijackThis, open HijackThis again.
  • Take a fresh HijackThis log (click Do a system scan and save a log file)
  • Post the fresh HijackThis log here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJackthis report

Unread postby vasa129 » August 2nd, 2008, 6:37 pm

ok, here is the new log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:32 PM, on 8/2/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lxctcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\SYSTEM32\spider.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\vasa129.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {33a8000d-d8c4-49e0-bc1f-8cba1c6c978a} - C:\WINDOWS\System32\iifgEwxX.dll
O2 - BHO: {34bc7b02-5511-8149-f124-58af63a226e3} - {3e622a36-fa85-421f-9418-115520b7cb43} - C:\WINDOWS\System32\njdqto.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [04ddc144] rundll32.exe "C:\WINDOWS\System32\bwmmvcmi.dll",b
O4 - HKLM\..\Run: [BM07eef2d8] Rundll32.exe "C:\WINDOWS\System32\pfnbpjcu.dll",s
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/oneclickfix/tgctlsr.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.phgenit.com/plugin/awarewebp ... wswaxf.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://playgames.comcast.net/online2/pi ... 0.0.32.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://playgames.comcast.net/online2/go ... dfever.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: lxct_device - - C:\WINDOWS\System32\lxctcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6827 bytes
vasa129
Regular Member
 
Posts: 22
Joined: March 23rd, 2008, 9:57 am

Re: HiJackthis report

Unread postby Shaba » August 3rd, 2008, 3:52 am

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJackthis report

Unread postby vasa129 » August 3rd, 2008, 9:38 am

ok, here is the combofix report

ComboFix 08-08-02.01 - Owner 2008-08-03 8:14:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.65 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\BTSRX7F6\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\BTSRX7F6\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Owner\Application Data\rhcgv1j0erd3
C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\rhcgv1j0erd3
C:\Program Files\stc
C:\Program Files\stc\csv5p070.exe
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\zango
C:\Program Files\zango\zango.exe
C:\WINDOWS\123messenger.per
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\BM07eef2d8.txt
C:\WINDOWS\BM07eef2d8.xml
C:\WINDOWS\browserad.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\didduid.ini
C:\WINDOWS\FLEOK
C:\WINDOWS\FLEOK\180ax.exe
C:\WINDOWS\Installer\id53.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\ntnut.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\SYSTEM32\fkycqllm.ini
C:\WINDOWS\SYSTEM32\imcvmmwb.ini
C:\WINDOWS\system32\jycydirh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\ntnut32.exe
C:\WINDOWS\system32\phclv1j0erd3.bmp
C:\WINDOWS\system32\rwecwhng.ini
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\vdxcacto.ini
C:\WINDOWS\SYSTEM32\wqqduaog.ini
C:\WINDOWS\SYSTEM32\XxwEgfii.ini
C:\WINDOWS\SYSTEM32\XxwEgfii.ini2
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\winsb.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-02 19:31 . 2008-08-02 19:31 83,456 --a------ C:\WINDOWS\SYSTEM32\hridycyj.dll
2008-08-02 19:28 . 2008-08-02 19:28 114,176 --a------ C:\WINDOWS\SYSTEM32\xfphyl.dll
2008-08-02 19:28 . 2008-08-02 19:28 114,176 --a------ C:\WINDOWS\SYSTEM32\ogsyepmu.dll
2008-08-02 19:25 . 2008-08-02 19:26 91,648 --a------ C:\WINDOWS\SYSTEM32\gbhfkhqv.dll
2008-08-01 19:26 . 2008-08-01 19:26 114,176 --a------ C:\WINDOWS\SYSTEM32\njdqto.dll
2008-08-01 19:26 . 2008-08-01 19:26 114,176 --a------ C:\WINDOWS\SYSTEM32\kvxkngfk.dll
2008-08-01 19:25 . 2008-08-01 19:25 91,648 --a------ C:\WINDOWS\SYSTEM32\pfnbpjcu.dll
2008-08-01 07:57 . 2008-08-03 08:31 109,150 --a------ C:\WINDOWS\SYSTEM32\drivers\bf195277.sys
2008-07-31 19:25 . 2008-07-31 19:25 105,472 --a------ C:\WINDOWS\SYSTEM32\jwyijg.dll
2008-07-31 19:25 . 2008-07-31 19:25 105,472 --a------ C:\WINDOWS\SYSTEM32\clmhavdf.dll
2008-07-31 19:25 . 2008-07-31 19:25 91,648 --a------ C:\WINDOWS\SYSTEM32\ujotfvov.dll
2008-07-30 19:21 . 2008-07-30 19:21 83,456 --a------ C:\WINDOWS\SYSTEM32\gnhwcewr.dll
2008-07-30 18:40 . 2008-07-30 18:40 83,456 --a------ C:\WINDOWS\SYSTEM32\ayyfjwoe.dll
2008-07-30 18:40 . 2008-07-30 18:40 294 ---hs---- C:\WINDOWS\SYSTEM32\eowjfyya.ini
2008-07-30 18:39 . 2008-07-30 18:39 1,488,026 ---hs---- C:\WINDOWS\SYSTEM32\wqqduaog.tmp
2008-07-30 18:26 . 2008-07-30 18:26 105,472 --a------ C:\WINDOWS\SYSTEM32\rrlnegho.dll
2008-07-30 18:26 . 2008-07-30 18:26 105,472 --a------ C:\WINDOWS\SYSTEM32\nuupik.dll
2008-07-30 18:24 . 2008-07-30 18:24 91,648 --a------ C:\WINDOWS\SYSTEM32\lwqidsul.dll
2008-07-29 12:23 . 2008-07-29 12:23 105,472 --a------ C:\WINDOWS\SYSTEM32\yfsffjjh.dll
2008-07-29 12:23 . 2008-07-29 12:23 105,472 --a------ C:\WINDOWS\SYSTEM32\qqmykx.dll
2008-07-29 12:20 . 2008-07-29 12:20 314,880 --a------ C:\WINDOWS\SYSTEM32\iifgEwxX.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 12:31 --------- d-----w C:\Program Files\Lx_cats
2008-07-31 00:09 318 ----a-w C:\delete.bat
2008-06-22 23:27 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-06-22 23:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 13:01 --------- d-----w C:\Program Files\McAfee
2008-06-18 11:21 --------- d-----w C:\Program Files\Common Files\McAfee
2008-03-22 22:20 64,512 ----a-w C:\Documents and Settings\All Users\Application Data\jmjczmzg.dll
2001-07-22 02:45 94,784 --sh--w C:\WINDOWS\twain.dll
2001-08-18 05:36 46,592 --sh--w C:\WINDOWS\twain_32.dll
2001-08-18 05:36 995,383 --sh--w C:\WINDOWS\SYSTEM32\mfc42.dll
2001-08-18 05:36 50,688 --sh--w C:\WINDOWS\SYSTEM32\msvcirt.dll
2002-08-29 10:41 401,462 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2002-08-29 10:41 323,072 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll
2001-08-18 05:36 9,728 --sh--w C:\WINDOWS\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-29_16.52.26.61 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-11-17 17:41:24 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB873339\SP2GDR\hypertrm.dll
+ 2004-11-17 17:31:32 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll
+ 2004-10-14 15:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll
+ 2004-10-14 15:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
+ 2004-10-14 15:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll
+ 2004-10-14 15:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
+ 2004-10-28 01:21:01 721,920 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\lsasrv.dll
+ 2004-10-28 01:14:18 448,128 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\mrxsmb.sys
+ 2004-10-28 01:13:58 174,592 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\rdbss.sys
+ 2004-10-28 01:28:18 721,920 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll
+ 2004-10-28 01:15:16 448,128 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
+ 2004-10-28 01:14:56 174,592 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys
+ 2004-10-14 16:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB885835\spmsg.dll
+ 2004-10-14 16:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe
+ 2004-10-14 16:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\spcustom.dll
+ 2004-10-14 16:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
+ 2004-10-14 16:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB885836\spmsg.dll
+ 2004-10-14 16:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe
+ 2004-10-14 16:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\spcustom.dll
+ 2004-10-14 16:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
+ 2004-12-07 19:32:34 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB888302\SP2GDR\srvsvc.dll
+ 2004-12-07 19:29:19 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll
+ 2004-11-30 19:46:38 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spmsg.dll
+ 2004-12-01 01:22:42 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe
+ 2004-12-01 01:22:40 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\spcustom.dll
+ 2004-11-30 19:46:40 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
+ 2005-04-22 05:06:42 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2GDR\agentdpv.dll
+ 2005-05-17 00:25:35 15,360 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2GDR\xpsp3res.dll
+ 2005-04-22 05:18:52 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\agentdpv.dll
+ 2005-05-17 00:26:30 17,920 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\xpsp3res.dll
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll
+ 2005-03-02 18:09:29 56,832 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\authz.dll
+ 2005-03-02 00:57:44 2,135,552 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrnlmp.exe
+ 2005-03-02 00:34:40 2,056,832 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
+ 2005-03-02 00:34:42 2,015,232 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrpamp.exe
+ 2005-03-02 00:59:53 2,179,328 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
+ 2005-03-02 18:09:30 577,024 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
+ 2005-03-02 01:06:57 1,836,288 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\win32k.sys
+ 2005-03-02 18:09:30 291,328 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\winsrv.dll
+ 2005-03-02 18:19:56 62,464 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll
+ 2005-03-02 01:02:13 2,135,552 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe
+ 2005-03-02 00:36:40 2,056,832 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
+ 2005-03-02 00:36:41 2,015,232 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe
+ 2005-03-02 01:04:22 2,179,456 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
+ 2005-03-02 18:19:56 577,024 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
+ 2005-03-02 01:11:25 1,836,160 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys
+ 2005-03-02 18:19:56 291,328 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll
+ 2005-02-25 00:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
+ 2005-02-25 00:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
+ 2005-02-25 00:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
+ 2005-02-25 00:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
+ 2005-02-25 00:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
+ 2004-11-30 19:46:38 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spmsg.dll
+ 2004-12-01 01:22:42 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe
+ 2004-12-01 01:22:40 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\spcustom.dll
+ 2004-11-30 19:46:40 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
+ 2005-07-08 16:27:56 249,344 ----a-w C:\WINDOWS\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
+ 2005-07-08 16:28:58 249,344 ----a-w C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe
+ 2005-07-08 00:27:08 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2GDR\hh.exe
+ 2005-05-27 02:04:27 41,472 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2GDR\hhsetup.dll
+ 2005-05-27 02:04:27 155,136 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2GDR\itircl.dll
+ 2005-05-27 02:04:27 137,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2GDR\itss.dll
+ 2005-05-26 23:26:50 10,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe
+ 2005-05-27 02:08:59 41,472 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll
+ 2005-05-27 02:08:59 155,136 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll
+ 2005-05-27 02:08:59 137,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
+ 2005-06-11 00:17:13 57,856 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
+ 2005-06-29 21:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
+ 2005-10-06 03:09:36 280,064 ----a-w C:\WINDOWS\$hf_mig$\KB896424\SP2GDR\gdi32.dll
+ 2005-10-06 00:05:59 1,839,488 ----a-w C:\WINDOWS\$hf_mig$\KB896424\SP2GDR\win32k.sys
+ 2005-10-06 03:18:28 280,064 ----a-w C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\gdi32.dll
+ 2005-10-06 00:10:04 1,839,360 ----a-w C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896424\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896424\spuninst.exe
+ 2005-10-05 21:39:46 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896424\update\arpidfix.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896424\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896424\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896424\update\updspapi.dll
+ 2005-05-10 23:45:48 75,776 ----a-w C:\WINDOWS\$hf_mig$\KB896428\SP2GDR\telnet.exe
+ 2005-05-10 23:51:10 75,776 ----a-w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll
+ 2005-02-25 03:35:05 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB898461\spmsg.dll
+ 2005-02-25 03:35:05 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
+ 2005-02-25 03:35:05 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB898461\spupdsvc.exe
+ 2005-02-25 03:35:05 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\spcustom.dll
+ 2005-02-25 03:35:05 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
+ 2005-02-25 03:35:06 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\updspapi.dll
+ 2005-06-15 17:49:30 295,936 ----a-w C:\WINDOWS\$hf_mig$\KB899587\SP2GDR\kerberos.dll
+ 2005-06-15 17:42:35 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe
+ 2005-06-29 21:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll
+ 2005-06-10 04:09:46 139,528 ----a-w C:\WINDOWS\$hf_mig$\KB899591\SP2GDR\rdpwd.sys
+ 2005-06-10 04:06:01 139,528 ----a-w C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
+ 2005-06-29 21:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
+ 2005-09-01 01:41:53 19,968 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
+ 2005-09-23 03:05:29 8,450,560 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2GDR\shell32.dll
+ 2005-09-02 23:52:06 473,600 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2GDR\shlwapi.dll
+ 2005-09-01 01:41:54 291,840 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2GDR\winsrv.dll
+ 2005-09-01 01:44:04 19,968 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
+ 2005-09-23 03:18:20 8,452,608 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll
+ 2005-09-02 23:53:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll
+ 2005-09-01 01:44:05 291,840 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll
+ 2005-09-27 00:29:45 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\xpsp3res.dll
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe
+ 2005-09-26 22:36:24 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll
+ 2005-09-10 01:53:41 2,067,968 ----a-w C:\WINDOWS\$hf_mig$\KB901017\SP2GDR\cdosys.dll
+ 2005-09-10 01:48:47 2,068,480 ----a-w C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe
+ 2005-09-09 21:26:26 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll
+ 2005-06-29 01:46:00 254,976 ----a-w C:\WINDOWS\$hf_mig$\KB901214\SP2GDR\icm32.dll
+ 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB901214\SP2GDR\mscms.dll
+ 2005-06-29 01:49:55 254,976 ----a-w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\icm32.dll
+ 2005-06-29 01:49:55 73,728 ----a-w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\mscms.dll
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll
+ 2005-07-26 04:39:42 225,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\catsrv.dll
+ 2005-07-26 04:39:43 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\catsrvut.dll
+ 2005-07-26 04:39:43 110,080 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\clbcatex.dll
+ 2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\clbcatq.dll
+ 2005-07-26 04:39:43 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\colbact.dll
+ 2005-07-26 04:39:44 195,072 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\comadmin.dll
+ 2005-07-26 04:39:44 97,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\comrepl.dll
+ 2005-07-26 04:39:44 1,267,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\comsvcs.dll
+ 2005-07-26 04:39:45 540,160 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\comuid.dll
+ 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\es.dll
+ 2005-07-25 23:46:57 7,680 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\migregdb.exe
+ 2005-07-26 04:39:46 425,472 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\msdtcprx.dll
+ 2005-07-26 04:39:47 945,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\msdtctm.dll
+ 2005-07-26 04:39:47 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\msdtcuiu.dll
+ 2005-07-26 04:39:47 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\mtxclu.dll
+ 2005-07-26 04:39:47 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\mtxoci.dll
+ 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\ole32.dll
+ 2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\olecli32.dll
+ 2005-07-26 04:39:49 37,888 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\olecnv32.dll
+ 2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\rpcss.dll
+ 2005-07-26 04:39:49 101,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\txflog.dll
+ 2005-07-26 04:39:49 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2GDR\xolehlp.dll
+ 2005-07-26 04:20:23 225,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll
+ 2005-07-26 04:20:23 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll
+ 2005-07-26 04:20:23 110,080 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
+ 2005-07-26 04:20:24 498,688 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
+ 2005-07-26 04:20:24 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll
+ 2005-07-26 04:20:24 195,072 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll
+ 2005-07-26 04:20:25 97,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll
+ 2005-07-26 04:20:27 1,267,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll
+ 2005-07-26 04:20:28 540,160 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll
+ 2005-07-26 04:20:28 243,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
+ 2005-07-25 23:42:35 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe
+ 2005-07-26 04:20:29 425,472 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll
+ 2005-07-26 04:20:31 945,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll
+ 2005-07-26 04:20:31 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll
+ 2005-07-26 04:20:39 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll
+ 2005-07-26 04:20:40 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll
+ 2005-07-26 04:20:40 1,285,632 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll
+ 2005-07-26 04:20:40 74,752 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll
+ 2005-07-26 04:20:40 37,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll
+ 2005-07-26 04:20:40 398,336 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
+ 2005-07-26 04:20:40 101,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll
+ 2005-07-26 04:20:40 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe
+ 2005-07-26 00:21:18 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll
+ 2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\$hf_mig$\KB905414\SP2GDR\netman.dll
+ 2005-08-22 18:24:55 197,632 ----a-w C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
+ 2005-02-25 03:35:05 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB905414\spmsg.dll
+ 2005-02-25 03:35:05 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe
+ 2005-08-19 23:50:31 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe
+ 2005-02-25 03:35:05 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\spcustom.dll
+ 2005-02-25 03:35:05 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
+ 2005-02-25 03:35:06 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\updspapi.dll
+ 2005-08-23 03:35:42 123,392 ----a-w C:\WINDOWS\$hf_mig$\KB905749\SP2GDR\umpnpmgr.dll
+ 2005-08-23 03:39:54 123,392 ----a-w C:\WINDOWS\$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll
+ 2005-02-25 01:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll
+ 2005-02-25 01:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe
+ 2005-08-22 23:01:30 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe
+ 2005-02-25 01:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll
+ 2005-02-25 01:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
+ 2005-02-25 01:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll
+ 2005-10-17 21:14:45 80,896 ----a-w C:\WINDOWS\$hf_mig$\KB908519\SP2GDR\fontsub.dll
+ 2005-10-17 21:14:46 118,272 ----a-w C:\WINDOWS\$hf_mig$\KB908519\SP2GDR\t2embed.dll
+ 2005-10-17 21:21:19 80,896 ----a-w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\fontsub.dll
+ 2005-10-17 21:21:19 117,760 ----a-w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\t2embed.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB908519\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\updspapi.dll
+ 2006-03-17 04:03:54 8,452,096 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2GDR\shell32.dll
+ 2006-03-17 00:38:01 28,672 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2GDR\verclsid.exe
+ 2006-03-17 04:46:31 8,454,656 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll
+ 2006-03-17 01:05:35 28,672 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe
+ 2006-03-22 01:29:43 23,040 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll
+ 2005-10-20 22:20:03 1,082,368 ----a-w C:\WINDOWS\$hf_mig$\KB910437\SP2GDR\esent.dll
+ 2005-10-20 22:26:39 1,082,368 ----a-w C:\WINDOWS\$hf_mig$\KB910437\SP2QFE\esent.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB910437\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB910437\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB910437\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB910437\update\updspapi.dll
+ 2006-06-22 10:47:18 181,248 ----a-w C:\WINDOWS\$hf_mig$\KB911280\SP2GDR\rasmans.dll
+ 2006-06-22 10:36:52 180,736 ----a-w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
+ 2006-03-23 05:44:21 143,360 ----a-w C:\WINDOWS\$hf_mig$\KB911562\SP2GDR\msadco.dll
+ 2006-03-23 05:53:08 143,360 ----a-w C:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911562\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll
+ 2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\$hf_mig$\KB911927\SP2GDR\webclnt.dll
+ 2006-01-04 04:18:34 68,096 ----a-w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll
+ 2005-12-29 02:54:35 280,064 ----a-w C:\WINDOWS\$hf_mig$\KB912919\SP2GDR\gdi32.dll
+ 2005-12-29 03:04:05 280,064 ----a-w C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\gdi32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB912919\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB912919\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB912919\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB912919\update\updspapi.dll
+ 2006-03-01 19:42:42 426,496 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\msdtcprx.dll
+ 2006-03-01 19:42:42 956,416 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\msdtctm.dll
+ 2006-03-01 19:42:42 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\msdtcuiu.dll
+ 2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\mtxclu.dll
+ 2006-03-01 19:42:42 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\mtxoci.dll
+ 2006-03-01 19:42:42 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2GDR\xolehlp.dll
+ 2006-03-01 19:34:20 426,496 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll
+ 2006-03-01 19:34:20 956,416 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll
+ 2006-03-01 19:34:20 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll
+ 2006-03-01 19:34:20 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll
+ 2006-03-01 19:34:20 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll
+ 2006-03-01 19:34:20 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\xolehlp.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB913580\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\updspapi.dll
+ 2006-05-19 12:59:41 111,616 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2GDR\dhcpcsvc.dll
+ 2006-05-19 12:59:41 148,480 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2GDR\dnsapi.dll
+ 2006-05-19 12:59:41 94,720 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2GDR\iphlpapi.dll
+ 2006-05-19 13:46:40 112,128 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll
+ 2006-05-19 13:46:40 147,456 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dnsapi.dll
+ 2006-05-19 13:46:40 94,720 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\iphlpapi.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB914388\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\updspapi.dll
+ 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\$hf_mig$\KB914389\SP2GDR\mrxsmb.sys
+ 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\$hf_mig$\KB914389\SP2GDR\rdbss.sys
+ 2006-05-05 10:16:39 454,400 ----a-w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
+ 2006-05-05 10:22:52 174,592 ----a-w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB914389\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\updspapi.dll
+ 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB917344\SP2GDR\jscript.dll
+ 2006-05-18 05:37:43 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB917344\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\updspapi.dll
+ 2006-07-05 10:55:01 984,064 ----a-w C:\WINDOWS\$hf_mig$\KB917422\SP2GDR\kernel32.dll
+ 2006-07-05 10:57:10 985,088 ----a-w C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB917422\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB917422\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB917422\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917422\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB917422\update\updspapi.dll
+ 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
+ 2006-04-20 12:18:35 360,576 ----a-w C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB917953\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\updspapi.dll
+ 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\$hf_mig$\KB919007\SP2GDR\rmcast.sys
+ 2006-07-13 11:43:08 202,496 ----a-w C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB919007\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\updspapi.dll
+ 2006-07-21 08:24:43 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB920670\SP2GDR\hlink.dll
+ 2006-07-21 08:26:49 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll
+ 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\$hf_mig$\KB920683\SP2GDR\dnsapi.dll
+ 2006-06-26 17:37:10 8,192 ----a-w C:\WINDOWS\$hf_mig$\KB920683\SP2GDR\rasadhlp.dll
+ 2006-06-26 17:45:19 147,456 ----a-w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\dnsapi.dll
+ 2006-06-26 17:45:19 7,680 ----a-w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920683\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\updspapi.dll
+ 2006-06-22 05:06:29 69,120 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2GDR\ciodm.dll
+ 2006-06-22 05:06:30 1,435,648 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2GDR\query.dll
+ 2006-06-22 05:22:04 69,120 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll
+ 2006-06-22 05:22:05 1,435,648 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll
+ 2006-07-13 13:33:27 8,453,632 ----a-w C:\WINDOWS\$hf_mig$\KB921398\SP2GDR\shell32.dll
+ 2006-07-13 14:03:23 8,457,728 ----a-w C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\shell32.dll
+ 2006-07-13 11:22:27 150,016 ----a-w C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB921398\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB921398\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB921398\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921398\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB921398\update\updspapi.dll
+ 2006-07-14 15:31:39 332,288 ----a-w C:\WINDOWS\$hf_mig$\KB921883\SP2GDR\netapi32.dll
+ 2006-07-14 15:41:56 336,896 ----a-w C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\netapi32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB921883\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB921883\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\updspapi.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB922616\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB922616\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB922616\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922616\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB922616\update\updspapi.dll
+ 2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2GDR\6to4svc.dll
+ 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2GDR\tcpip6.sys
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\6to4svc.dll
+ 2006-08-16 10:13:39 225,664 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\tcpip6.sys
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB922819\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\updspapi.dll
+ 2006-08-25 15:45:58 617,472 ----a-w C:\WINDOWS\$hf_mig$\KB923191\SP2QFE\comctl32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB923191\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB923191\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923191\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923191\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB923191\update\updspapi.dll
+ 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\$hf_mig$\KB923414\SP2GDR\srv.sys
+ 2006-08-14 12:00:42 332,928 ----a-w C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\updspapi.dll
+ 2006-09-13 05:01:56 1,084,416 ----a-w C:\WINDOWS\$hf_mig$\KB924191\SP2GDR\msxml3.dll
+ 2006-09-13 05:07:01 1,084,416 ----a-w C:\WINDOWS\$hf_mig$\KB924191\SP2QFE\msxml3.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB924191\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB924191\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924191\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924191\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB924191\update\updspapi.dll
+ 2006-09-04 06:08:01 1,494,016 ----a-w C:\WINDOWS\$hf_mig$\KB924496\SP2GDR\shdocvw.dll
+ 2006-09-04 06:12:56 1,497,088 ----a-w C:\WINDOWS\$hf_mig$\KB924496\SP2QFE\shdocvw.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB924496\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB924496\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\updspapi.dll
+ 2002-08-29 10:41:04 2,086,400 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msi.dll
+ 2002-08-29 10:41:26 64,512 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
+ 2002-08-29 10:41:04 305,664 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msihnd.dll
+ 2001-08-18 05:35:06 847,872 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msimsg.dll
+ 2001-08-18 05:36:24 39,936 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msisip.dll
+ 2005-05-04 19:45:26 209,632 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
+ 2005-05-04 19:45:28 371,936 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
+ 2001-08-17 22:01:16 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2001-09-05 08:46:02 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\glb7btbp.dat
+ 2001-09-05 08:46:02 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\k9397575.dat
+ 2001-09-05 08:46:02 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\seizpbxn.dat
+ 2001-09-05 08:46:03 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\uwbx3t7n.dat
+ 2001-09-05 08:46:07 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\v9njndvn.dat
+ 2001-09-05 08:46:09 2,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\vfhvvrb5.dat
+ 2005-10-12 23:16:49 213,216 -c----w C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56 371,424 -c----w C:\WINDOWS\$NtUninstallKB835409$\spuninst\updspapi.dll
+ 2002-11-14 20:50:42 226,816 -c----w C:\WINDOWS\$NtUninstallKB835409$\srrstr.dll
+ 2001-08-18 05:36:16 489,984 -c----w C:\WINDOWS\$NtUninstallKB873339$\hypertrm.dll
+ 2004-10-14 15:36:18 169,984 -c----w C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
+ 2004-10-28 01:29:54 92,160 -c----w C:\WINDOWS\$NtUninstallKB885835$\cscdll.dll
+ 2004-03-30 01:48:36 667,648 -c----w C:\WINDOWS\$NtUninstallKB885835$\lsasrv.dll
+ 2002-08-29 10:41:12 116,224 -c----w C:\WINDOWS\$NtUninstallKB885835$\shsvcs.dll
+ 2004-10-14 16:36:18 169,984 -c----w C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
+ 2004-10-14 16:36:18 169,984 -c----w C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
+ 2002-08-29 10:41:28 200,704 -c----w C:\WINDOWS\$NtUninstallKB885836$\wordpad.exe
+ 2004-12-01 01:22:42 169,984 -c----w C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
+ 2001-08-18 05:36:32 87,040 -c----w C:\WINDOWS\$NtUninstallKB888302$\srvsvc.dll
+ 2001-08-18 05:36:10 50,688 -c----w C:\WINDOWS\$NtUninstallKB890046$\agentdpv.dll
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB890046$\spuninst\updspapi.dll
+ 2001-08-18 05:36:10 51,200 -c----w C:\WINDOWS\$NtUninstallKB890859$\authz.dll
+ 2002-08-29 08:04:56 1,947,904 -c----w C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
+ 2002-08-29 09:03:30 2,042,240 -c----w C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
+ 2005-02-25 00:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe
+ 2005-02-25 00:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB890859$\spuninst\updspapi.dll
+ 2002-08-29 10:41:18 560,128 -c----w C:\WINDOWS\$NtUninstallKB890859$\user32.dll
+ 2002-08-29 09:14:20 1,813,632 -c----w C:\WINDOWS\$NtUninstallKB890859$\win32k.sys
+ 2004-12-01 01:22:42 169,984 -c----w C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB893756$\spuninst\updspapi.dll
+ 2002-08-29 10:41:18 233,984 -c----w C:\WINDOWS\$NtUninstallKB893756$\tapisrv.dll
+ 2002-12-17 22:43:00 10,752 -c----w C:\WINDOWS\$NtUninstallKB896358$\hh.exe
+ 2003-01-10 19:43:46 37,888 -c----w C:\WINDOWS\$NtUninstallKB896358$\hhsetup.dll
+ 2003-01-10 19:43:48 143,872 -c----w C:\WINDOWS\$NtUninstallKB896358$\itircl.dll
+ 2003-01-10 19:43:48 122,368 -c----w C:\WINDOWS\$NtUninstallKB896358$\itss.dll
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB896358$\spuninst\updspapi.dll
+ 2001-08-18 05:36:58 51,200 -c----w C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB896423$\spuninst\updspapi.dll
+ 2002-08-29 10:41:18 99,328 -c----w C:\WINDOWS\$NtUninstallKB896423$\win32spl.dll
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB896424$\spuninst\updspapi.dll
+ 2005-03-02 01:34:32 1,797,120 -c----w C:\WINDOWS\$NtUninstallKB896424$\win32k.sys
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB896428$\spuninst\updspapi.dll
+ 2002-08-29 10:41:28 71,168 -c----w C:\WINDOWS\$NtUninstallKB896428$\telnet.exe
+ 2001-07-16 22:57:00 1,069,056 -c----w C:\WINDOWS\$NtUninstallKB898458$\orun32.exe
+ 2005-02-24 18:23:26 209,632 -c----w C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe
+ 2005-02-24 18:24:48 371,936 -c----w C:\WINDOWS\$NtUninstallKB898458$\spuninst\updspapi.dll
+ 2005-02-25 03:35:05 209,632 -c----w C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe
+ 2005-02-25 03:35:06 371,936 -c----w C:\WINDOWS\$NtUninstallKB898461$\spuninst\updspapi.dll
+ 2002-08-29 10:41:00 272,896 -c----w C:\WINDOWS\$NtUninstallKB899587$\kerberos.dll
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB899587$\spuninst\updspapi.dll
+ 2002-08-29 10:46:44 115,976 -c----w C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB899591$\spuninst\updspapi.dll
+ 2002-08-29 10:40:54 82,432 -c----w C:\WINDOWS\$NtUninstallKB900725$\fldrclnr.dll
+ 2001-08-18 05:36:18 15,360 -c----w C:\WINDOWS\$NtUninstallKB900725$\linkinfo.dll
+ 2002-08-29 10:41:12 8,336,384 -c----w C:\WINDOWS\$NtUninstallKB900725$\shell32.dll
+ 2002-08-29 10:41:12 401,920 -c----w C:\WINDOWS\$NtUninstallKB900725$\shlwapi.dll
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB900725$\spuninst\updspapi.dll
+ 2002-08-29 10:41:18 674,816 -c----w C:\WINDOWS\$NtUninstallKB900725$\sxs.dll
+ 2002-08-29 10:41:18 276,480 -c----w C:\WINDOWS\$NtUninstallKB900725$\winsrv.dll
+ 2004-03-10 17:59:50 593,408 -c----w C:\WINDOWS\$NtUninstallKB900725$\xpsp2res.dll
+ 2001-08-18 05:36:10 2,028,032 -c----w C:\WINDOWS\$NtUninstallKB901017$\cdosys.dll
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB901017$\spuninst\updspapi.dll
+ 2002-08-29 10:40:56 236,032 -c----w C:\WINDOWS\$NtUninstallKB901214$\icm32.dll
+ 2002-08-29 10:41:02 68,096 -c----w C:\WINDOWS\$NtUninstallKB901214$\mscms.dll
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB901214$\spuninst\updspapi.dll
+ 2004-03-06 02:16:10 225,280 -c----w C:\WINDOWS\$NtUninstallKB902400$\catsrv.dll
+ 2004-03-06 02:16:10 594,944 -c----w C:\WINDOWS\$NtUninstallKB902400$\catsrvut.dll
+ 2004-03-06 02:16:10 110,080 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll
+ 2004-03-06 02:16:11 499,712 -c----w C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll
+ 2004-03-06 02:16:10 64,512 -c----w C:\WINDOWS\$NtUninstallKB902400$\colbact.dll
+ 2004-03-06 02:16:10 187,904 -c----w C:\WINDOWS\$NtUninstallKB902400$\comadmin.dll
+ 2001-08-18 05:36:10 82,432 -c----w C:\WINDOWS\$NtUninstallKB902400$\comrepl.dll
+ 2004-03-06 02:16:11 1,194,496 -c----w C:\WINDOWS\$NtUninstallKB902400$\comsvcs.dll
+ 2004-03-06 02:16:10 499,200 -c----w C:\WINDOWS\$NtUninstallKB902400$\comuid.dll
+ 2004-03-06 02:16:11 226,816 -c----w C:\WINDOWS\$NtUninstallKB902400$\es.dll
+ 2004-02-17 18:50:10 6,656 -c----w C:\WINDOWS\$NtUninstallKB902400$\migregdb.exe
+ 2004-03-06 02:16:11 1,183,744 -c----w C:\WINDOWS\$NtUninstallKB902400$\ole32.dll
+ 2001-08-18 05:36:28 68,608 -c----w C:\WINDOWS\$NtUninstallKB902400$\olecli32.dll
+ 2001-08-18 05:36:28 34,304 -c----w C:\WINDOWS\$NtUninstallKB902400$\olecnv32.dll
+ 2004-03-06 02:16:11 263,680 -c----w C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB902400$\spuninst\updspapi.dll
+ 2004-03-06 02:16:10 97,280 -c----w C:\WINDOWS\$NtUninstallKB902400$\txflog.dll
+ 2003-05-30 14:00:02 1,962,496 -c----w C:\WINDOWS\$NtUninstallKB904706$\quartz.dll
+ 2005-02-24 18:23:26 209,632 -c----w C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe
+ 2005-02-24 18:24:48 371,936 -c----w C:\WINDOWS\$NtUninstallKB904706$\spuninst\updspapi.dll
+ 2002-08-29 10:41:08 154,112 -c----w C:\WINDOWS\$NtUninstallKB905414$\netman.dll
+ 2005-02-25 03:35:05 209,632 -c----w C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe
+ 2005-02-25 03:35:06 371,936 -c----w C:\WINDOWS\$NtUninstallKB905414$\spuninst\updspapi.dll
+ 2002-08-29 10:41:04 229,888 -c----w C:\WINDOWS\$NtUninstallKB905495$\msieftp.dll
+ 2005-02-25 03:35:05 209,632 -c----w C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.exe
+ 2005-02-25 03:35:06 371,936 -c----w C:\WINDOWS\$NtUninstallKB905495$\spuninst\updspapi.dll
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB905749$\spuninst\updspapi.dll
+ 2002-08-29 10:41:18 107,008 -c----w C:\WINDOWS\$NtUninstallKB905749$\umpnpmgr.dll
+ 2001-08-18 05:36:16 79,360 -c----w C:\WINDOWS\$NtUninstallKB908519$\fontsub.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB908519$\spuninst\updspapi.dll
+ 2001-08-18 05:36:32 198,656 -c----w C:\WINDOWS\$NtUninstallKB908519$\t2embed.dll
+ 2005-09-23 03:27:32 8,348,672 -c----w C:\WINDOWS\$NtUninstallKB908531$\shell32.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB908531$\spuninst\updspapi.dll
+ 2005-09-27 00:40:49 594,432 -c----w C:\WINDOWS\$NtUninstallKB908531$\xpsp2res.dll
+ 2001-08-18 05:36:16 1,018,368 -c----w C:\WINDOWS\$NtUninstallKB910437$\esent.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB910437$\spuninst\updspapi.dll
+ 2002-08-29 09:07:22 57,984 -c----w C:\WINDOWS\$NtUninstallKB911280$\ipsec.sys
+ 2001-08-18 05:36:18 332,800 -c----w C:\WINDOWS\$NtUninstallKB911280$\ipsecsnp.dll
+ 2002-08-29 10:40:58 155,648 -c----w C:\WINDOWS\$NtUninstallKB911280$\ipsecsvc.dll
+ 2001-08-18 05:36:18 364,032 -c----w C:\WINDOWS\$NtUninstallKB911280$\ipsmsnap.dll
+ 2002-08-29 10:41:10 328,704 -c----w C:\WINDOWS\$NtUninstallKB911280$\oakley.dll
+ 2001-08-18 05:36:28 87,552 -c----w C:\WINDOWS\$NtUninstallKB911280$\polstore.dll
+ 2002-08-29 10:41:10 158,720 -c----w C:\WINDOWS\$NtUninstallKB911280$\rasmans.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB911280$\spuninst\updspapi.dll
+ 2001-08-18 05:36:34 25,600 -c----w C:\WINDOWS\$NtUninstallKB911280$\winipsec.dll
+ 2002-08-29 10:41:02 131,072 -c----w C:\WINDOWS\$NtUninstallKB911562$\msadco.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB911562$\spuninst\updspapi.dll
+ 2002-08-29 10:41:08 364,544 -c----w C:\WINDOWS\$NtUninstallKB911564$\npdsplay.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB911564$\spuninst\updspapi.dll
+ 2001-08-18 05:36:14 76,288 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\directdb.dll
+ 2002-08-29 10:40:56 587,776 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\inetcomm.dll
+ 2001-08-18 05:34:34 47,616 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\inetres.dll
+ 2001-08-18 05:36:24 44,032 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\msident.dll
+ 2002-08-29 10:41:26 57,344 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\msimn.exe
+ 2002-08-29 10:41:06 1,174,016 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\msoe.dll
+ 2002-08-29 10:41:06 228,864 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\msoeacct.dll
+ 2001-08-18 05:35:10 2,479,104 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\msoeres.dll
+ 2002-08-29 10:41:06 81,408 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\msoert2.dll
+ 2001-08-18 05:36:28 92,672 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\oeimport.dll
+ 2001-08-18 05:36:54 55,808 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\oemig50.exe
+ 2001-08-18 05:36:28 32,256 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\oemiglib.dll
+ 2005-04-19 18:56:40 36,864 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\iecustom.dll
+ 2005-06-28 14:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe
+ 2005-06-28 14:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\updspapi.dll
+ 2001-08-18 05:37:00 43,008 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\wab.exe
+ 2002-08-29 10:41:18 459,776 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\wab32.dll
+ 2001-08-18 05:36:34 30,720 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\wabfind.dll
+ 2001-08-18 05:36:34 76,800 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\wabimp.dll
+ 2001-08-18 05:37:00 27,648 -c----w C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\wabmig.exe
+ 2001-08-17 20:50:26 172,672 -c----w C:\WINDOWS\$NtUninstallKB911927$\mrxdav.sys
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB911927$\spuninst\updspapi.dll
+ 2002-08-29 10:41:18 61,952 -c----w C:\WINDOWS\$NtUninstallKB911927$\webclnt.dll
+ 2004-03-30 01:48:36 257,536 -c----w C:\WINDOWS\$NtUninstallKB912919$\gdi32.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB912919$\spuninst\updspapi.dll
+ 2004-03-06 02:16:10 367,616 -c----w C:\WINDOWS\$NtUninstallKB913580$\msdtcprx.dll
+ 2004-03-06 02:16:11 977,920 -c----w C:\WINDOWS\$NtUninstallKB913580$\msdtctm.dll
+ 2004-03-06 02:16:10 150,528 -c----w C:\WINDOWS\$NtUninstallKB913580$\msdtcuiu.dll
+ 2004-03-06 02:16:10 64,512 -c----w C:\WINDOWS\$NtUninstallKB913580$\mtxclu.dll
+ 2004-03-06 02:16:10 82,432 -c----w C:\WINDOWS\$NtUninstallKB913580$\mtxoci.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB913580$\spuninst\updspapi.dll
+ 2001-08-18 05:36:36 9,728 -c----w C:\WINDOWS\$NtUninstallKB913580$\xolehlp.dll
+ 2002-08-29 10:40:48 59,392 -c----w C:\WINDOWS\$NtUninstallKB914388$\6to4svc.dll
+ 2002-08-29 10:40:50 99,840 -c----w C:\WINDOWS\$NtUninstallKB914388$\dhcpcsvc.dll
+ 2001-08-18 05:36:18 31,232 -c----w C:\WINDOWS\$NtUninstallKB914388$\inetmib1.dll
+ 2002-08-29 10:40:58 82,944 -c----w C:\WINDOWS\$NtUninstallKB914388$\iphlpapi.dll
+ 2002-08-29 10:41:26 60,928 -c----w C:\WINDOWS\$NtUninstallKB914388$\ipv6.exe
+ 2002-08-29 10:40:58 134,144 -c----w C:\WINDOWS\$NtUninstallKB914388$\ipv6mon.dll
+ 2001-08-18 05:36:52 82,944 -c----w C:\WINDOWS\$NtUninstallKB914388$\netsh.exe
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB914388$\spuninst\updspapi.dll
+ 2002-08-29 08:37:54 196,288 -c----w C:\WINDOWS\$NtUninstallKB914388$\tcpip6.sys
+ 2002-08-29 08:35:44 9,856 -c----w C:\WINDOWS\$NtUninstallKB914388$\tunmp.sys
+ 2001-08-18 05:36:36 75,264 -c----w C:\WINDOWS\$NtUninstallKB914388$\ws2_32.dll
+ 2002-08-29 10:41:20 13,312 -c----w C:\WINDOWS\$NtUninstallKB914388$\wship6.dll
+ 2004-06-30 23:59:25 158,720 -c----w C:\WINDOWS\$NtUninstallKB914388$\xpob2res.dll
+ 2001-08-18 05:36:12 89,600 -c----w C:\WINDOWS\$NtUninstallKB914389$\cscdll.dll
+ 2002-11-18 16:27:40 392,576 -c----w C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
+ 2002-08-29 08:58:50 163,328 -c----w C:\WINDOWS\$NtUninstallKB914389$\rdbss.sys
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB914389$\spuninst\updspapi.dll
+ 2003-01-13 19:57:58 589,881 -c----w C:\WINDOWS\$NtUninstallKB917344$\jscript.dll
+ 2005-10-12 23:16:49 213,216 -c----w C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56 371,424 -c----w C:\WINDOWS\$NtUninstallKB917344$\spuninst\updspapi.dll
+ 2002-08-29 10:41:00 930,304 -c----w C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB917422$\spuninst\updspapi.dll
+ 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe
+ 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\updspapi.dll
+ 2002-08-29 10:41:18 1,404,928 -c----w C:\WINDOWS\$NtUninstallKB917734_WMP8$\wmpui.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB917953$\spuninst\updspapi.dll
+ 2002-08-29 08:58:12 332,928 -c----w C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
+ 2001-08-18 05:36:18 144,896 -c----w C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\jgdw400.dll
+ 2001-08-18 05:36:18 42,496 -c----w C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\jgpl400.dll
+ 2005-04-19 19:56:40 36,864 -c----w C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\iecustom.dll
+ 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\spuninst.exe
+ 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\updspapi.dll
+ 2002-08-29 10:40:50 1,021,952 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\browseui.dll
+ 2001-08-18 05:36:10 142,336 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\cdfview.dll
+ 2002-08-29 10:40:50 986,112 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\danim.dll
+ 2002-08-29 10:40:52 337,920 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\dxtmsft.dll
+ 2002-08-29 10:40:52 194,560 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\dxtrans.dll
+ 2002-08-29 10:40:56 231,424 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\iepeers.dll
+ 2002-08-29 10:40:58 69,632 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\inseng.dll
+ 2001-08-18 05:36:18 12,288 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\jsproxy.dll
+ 2002-08-29 10:41:04 2,833,920 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\mshtml.dll
+ 2002-08-29 10:41:06 132,096 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\msrating.dll
+ 2002-08-29 10:41:08 496,128 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\mstime.dll
+ 2002-08-29 10:41:10 34,304 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\pngfilt.dll
+ 2002-08-29 10:41:12 1,341,440 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\shdocvw.dll
+ 2005-04-19 19:56:40 36,864 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\iecustom.dll
+ 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe
+ 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\updspapi.dll
+ 2002-08-29 10:41:18 455,680 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\urlmon.dll
+ 2002-08-29 10:41:18 599,040 -c----w C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
+ 2001-08-17 20:52:26 200,064 -c----w C:\WINDOWS\$NtUninstallKB919007$\rmcast.sys
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB919007$\spuninst\updspapi.dll
+ 2001-08-18 05:36:16 77,850 -c----w C:\WINDOWS\$NtUninstallKB920670$\hlink.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB920670$\spuninst\updspapi.dll
+ 2002-08-29 10:40:50 139,264 -c----w C:\WINDOWS\$NtUninstallKB920683$\dnsapi.dll
+ 2001-08-18 05:36:30 6,144 -c----w C:\WINDOWS\$NtUninstallKB920683$\rasadhlp.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB920683$\spuninst\updspapi.dll
+ 2002-08-29 10:40:50 64,512 -c----w C:\WINDOWS\$NtUninstallKB920685$\ciodm.dll
+ 2002-08-29 10:41:10 1,349,120 -c----w C:\WINDOWS\$NtUninstallKB920685$\query.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB920685$\spuninst\updspapi.dll
+ 2006-07-13 13:46:56 8,353,280 -c----w C:\WINDOWS\$NtUninstallKB921398$\shell32.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB921398$\spuninst\updspapi.dll
+ 2004-03-30 01:48:36 306,176 -c----w C:\WINDOWS\$NtUninstallKB921883$\netapi32.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB921883$\spuninst\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB922616$\spuninst\updspapi.dll
+ 2006-05-19 12:15:32 95,232 -c----w C:\WINDOWS\$NtUninstallKB922819$\6to4svc.dll
+ 2006-05-19 12:15:32 95,232 -c----w C:\WINDOWS\$NtUninstallKB922819$\6to4svc.dll.000
+ 2006-05-19 12:15:33 31,232 -c----w C:\WINDOWS\$NtUninstallKB922819$\inetmib1.dll
+ 2006-05-19 12:15:33 83,456 -c----w C:\WINDOWS\$NtUninstallKB922819$\iphlpapi.dll
+ 2006-05-19 12:15:33 83,456 -c----w C:\WINDOWS\$NtUninstallKB922819$\iphlpapi.dll.000
+ 2006-05-19 08:46:02 48,640 -c----w C:\WINDOWS\$NtUninstallKB922819$\ipv6.exe
+ 2006-05-19 08:46:02 48,640 -c----w C:\WINDOWS\$NtUninstallKB922819$\ipv6.exe.000
+ 2006-05-19 12:15:33 54,272 -c----w C:\WINDOWS\$NtUninstallKB922819$\ipv6mon.dll
+ 2006-05-19 12:15:33 54,272 -c----w C:\WINDOWS\$NtUninstallKB922819$\ipv6mon.dll.000
+ 2006-05-19 08:44:56 83,456 -c----w C:\WINDOWS\$NtUninstallKB922819$\netsh.exe
+ 2005-10-12 23:16:49 213,216 -c----w C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56 371,424 -c----w C:\WINDOWS\$NtUninstallKB922819$\spuninst\updspapi.dll
+ 2006-05-19 08:46:02 203,008 -c----w C:\WINDOWS\$NtUninstallKB922819$\tcpip6.sys
+ 2006-05-19 08:44:15 11,776 -c----w C:\WINDOWS\$NtUninstallKB922819$\tunmp.sys
+ 2006-05-19 08:44:15 11,776 -c----w C:\WINDOWS\$NtUninstallKB922819$\tunmp.sys.000
+ 2006-05-19 12:15:33 70,656 -c----w C:\WINDOWS\$NtUninstallKB922819$\ws2_32.dll
+ 2006-05-19 12:15:33 13,312 -c----w C:\WINDOWS\$NtUninstallKB922819$\wship6.dll
+ 2006-05-19 12:15:33 13,312 -c----w C:\WINDOWS\$NtUninstallKB922819$\wship6.dll.000
+ 2006-05-19 08:51:01 159,232 -c----w C:\WINDOWS\$NtUninstallKB922819$\xpob2res.dll
+ 2002-08-29 10:40:50 557,056 -c----w C:\WINDOWS\$NtUninstallKB923191$\comctl32.dll
+ 2006-03-17 05:04:14 8,351,232 -c----w C:\WINDOWS\$NtUninstallKB923191$\shell32.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB923191$\spuninst\updspapi.dll
+ 2006-03-22 01:28:49 594,944 -c----w C:\WINDOWS\$NtUninstallKB923191$\xpsp2res.dll
+ 2005-10-12 23:16:49 213,216 -c----w C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe
+ 2005-10-12 23:16:56 371,424 -c----w C:\WINDOWS\$NtUninstallKB923414$\spuninst\updspapi.dll
+ 2003-03-28 16:54:56 322,048 -c----w C:\WINDOWS\$NtUninstallKB923414$\srv.sys
+ 2002-08-29 10:41:08 1,122,304 -c----w C:\WINDOWS\$NtUninstallKB924191$\msxml3.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB924191$\spuninst\updspapi.dll
+ 2005-06-18 05:16:18 1,017,856 -c----w C:\WINDOWS\$NtUninstallKB924496$\browseui.dll
+ 2006-05-26 20:40:58 1,339,904 -c----w C:\WINDOWS\$NtUninstallKB924496$\shdocvw.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB924496$\spuninst\updspapi.dll
+ 2005-04-19 19:56:40 36,864 -c----w C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\iecustom.dll
+ 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe
+ 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\updspapi.dll
+ 2002-08-29 10:41:18 802,304 -c----w C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\vgx.dll
- 2002-11-18 16:27:40 392,576 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2006-05-05 09:31:04 433,152 ----a-w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2005-03-02 00:36:43 1,900,032 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:36:42 1,955,840 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:36:43 1,928,704 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 01:33:36 2,040,832 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-08-16 09:27:12 11,776 ----a-w C:\WINDOWS\Driver Cache\i386\tunmp.sys
- 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 12:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 12:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
- 2001-07-16 22:57:00 1,069,056 ------w C:\WINDOWS\HELP\SBSI\Training\orun32.exe
+ 2005-05-04 20:33:52 1,077,312 ------w C:\WINDOWS\HELP\SBSI\Training\orun32.exe
- 2002-12-17 22:43:00 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-25 22:44:31 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2001-08-18 12:00:00 2,589 ------w C:\WINDOWS\I386\RUNW32.BAT
+ 2007-02-04 00:08:32 2,862 ----a-r C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\Readme_icon.exe
+ 2007-02-04 00:08:32 2,862 ----a-r C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}\Uninstall_icon.exe
+ 2001-09-05 08:46:02 2,678 ------w C:\WINDOWS\JAVA\Packages\Data\GLB7BTBP.DAT
+ 2001-09-05 08:46:02 2,678 ------w C:\WINDOWS\JAVA\Packages\Data\K9397575.DAT
+ 2001-09-05 08:46:02 2,678 ------w C:\WINDOWS\JAVA\Packages\Data\SEIZPBXN.DAT
+ 2001-09-05 08:46:03 2,678 ------w C:\WINDOWS\JAVA\Packages\Data\UWBX3T7N.DAT
+ 2001-09-05 08:46:07 2,678 ------w C:\WINDOWS\JAVA\Packages\Data\V9NJNDVN.DAT
+ 2001-09-05 08:46:09 2,232 ------w C:\WINDOWS\JAVA\Packages\Data\VFHVVRB5.DAT
- 2001-08-18 05:36:10 50,688 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2005-04-22 05:20:24 51,712 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2002-08-29 10:57:58 1,740 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2002-08-29 08:32:34 2,816 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2007-01-28 22:53:05 1,734 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{09E0D009-5E32-4A5C-A3AA-A37BA9701159}.bin
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 12:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 12:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2001-08-17 20:36:36 2,000 ----a-w C:\WINDOWS\SYSTEM\KEYBOARD.DRV
+ 2001-08-17 20:36:42 2,032 ----a-w C:\WINDOWS\SYSTEM\MOUSE.DRV
+ 2001-08-17 20:36:38 1,744 ----a-w C:\WINDOWS\SYSTEM\SOUND.DRV
+ 2001-08-17 20:36:42 2,176 ----a-w C:\WINDOWS\SYSTEM\VGA.DRV
- 2002-08-29 10:40:48 59,392 ----a-w C:\WINDOWS\SYSTEM32\6to4svc.dll
+ 2006-08-16 12:14:23 95,232 ----a-w C:\WINDOWS\SYSTEM32\6to4svc.dll
- 2001-08-18 05:36:10 51,200 ----a-w C:\WINDOWS\SYSTEM32\authz.dll
+ 2005-03-02 18:20:03 53,760 ----a-w C:\WINDOWS\SYSTEM32\authz.dll
- 2002-08-29 10:40:50 1,021,952 ----a-w C:\WINDOWS\SYSTEM32\browseui.dll
+ 2006-09-04 06:23:53 1,027,072 ----a-w C:\WINDOWS\SYSTEM32\BROWSEUI.DLL
- 2004-03-06 02:16:10 225,280 ----a-w C:\WINDOWS\SYSTEM32\catsrv.dll
+ 2005-07-26 04:30:34 220,672 ----a-w C:\WINDOWS\SYSTEM32\catsrv.dll
- 2004-03-06 02:16:10 594,944 ----a-w C:\WINDOWS\SYSTEM32\catsrvut.dll
+ 2005-07-26 04:30:38 581,632 ----a-w C:\WINDOWS\SYSTEM32\catsrvut.dll
- 2001-08-18 05:36:10 142,336 ----a-w C:\WINDOWS\SYSTEM32\cdfview.dll
+ 2004-12-07 23:43:02 143,360 ----a-w C:\WINDOWS\SYSTEM32\CDFVIEW.DLL
- 2001-08-18 05:36:10 2,028,032 ----a-w C:\WINDOWS\SYSTEM32\cdosys.dll
+ 2005-09-10 02:04:32 2,025,984 ----a-w C:\WINDOWS\SYSTEM32\cdosys.dll
- 2002-08-29 10:40:50 64,512 ----a-w C:\WINDOWS\SYSTEM32\ciodm.dll
+ 2006-06-22 05:19:48 64,512 ----a-w C:\WINDOWS\SYSTEM32\ciodm.dll
- 2004-03-06 02:16:10 110,080 ----a-w C:\WINDOWS\SYSTEM32\clbcatex.dll
+ 2005-07-26 04:30:38 110,080 ----a-w C:\WINDOWS\SYSTEM32\clbcatex.dll
- 2004-03-06 02:16:11 499,712 ----a-w C:\WINDOWS\SYSTEM32\clbcatq.dll
+ 2005-07-26 04:30:41 497,152 ----a-w C:\WINDOWS\SYSTEM32\clbcatq.dll
- 2004-03-06 02:16:10 64,512 ----a-w C:\WINDOWS\SYSTEM32\colbact.dll
+ 2005-07-26 04:30:41 62,464 ----a-w C:\WINDOWS\SYSTEM32\colbact.dll
- 2004-03-06 02:16:10 187,904 ----a-w C:\WINDOWS\SYSTEM32\Com\comadmin.dll
+ 2005-07-26 04:30:42 187,392 ----a-w C:\WINDOWS\SYSTEM32\Com\comadmin.dll
- 2002-08-29 10:40:50 557,056 ----a-w C:\WINDOWS\SYSTEM32\comctl32.dll
+ 2006-08-25 15:53:55 561,664 ----a-w C:\WINDOWS\SYSTEM32\comctl32.dll
- 2001-08-18 05:36:10 82,432 ----a-w C:\WINDOWS\SYSTEM32\comrepl.dll
+ 2005-07-26 04:30:42 89,600 ----a-w C:\WINDOWS\SYSTEM32\comrepl.dll
- 2004-03-06 02:16:11 1,194,496 ----a-w C:\WINDOWS\SYSTEM32\comsvcs.dll
+ 2005-07-26 04:30:49 1,179,136 ----a-w C:\WINDOWS\SYSTEM32\comsvcs.dll
- 2004-03-06 02:16:10 499,200 ----a-w C:\WINDOWS\SYSTEM32\comuid.dll
+ 2005-07-26 04:31:11 499,200 ----a-w C:\WINDOWS\SYSTEM32\comuid.dll
- 2008-03-29 13:21:23 16,384 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat
+ 2008-08-03 12:27:27 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat
- 2008-03-29 13:21:23 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-03 12:27:27 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-29 13:21:23 49,152 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-03 12:27:27 65,536 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2001-08-18 05:36:12 89,600 ----a-w C:\WINDOWS\SYSTEM32\cscdll.dll
+ 2004-10-28 01:29:54 92,160 ----a-w C:\WINDOWS\SYSTEM32\cscdll.dll
- 2002-08-29 10:40:50 986,112 ----a-w C:\WINDOWS\SYSTEM32\danim.dll
+ 2005-10-21 01:08:44 986,112 ----a-w C:\WINDOWS\SYSTEM32\DANIM.DLL
+ 2002-08-29 10:57:58 1,740 ----a-w C:\WINDOWS\SYSTEM32\dcache.bin
- 2002-08-29 10:40:50 99,840 ----a-w C:\WINDOWS\SYSTEM32\dhcpcsvc.dll
+ 2006-05-19 12:15:32 103,936 ----a-w C:\WINDOWS\SYSTEM32\dhcpcsvc.dll
+ 2006-08-16 12:14:23 95,232 ----a-w C:\WINDOWS\SYSTEM32\dllcache\6to4svc.dll
- 2001-08-18 05:36:10 50,688 ----a-w C:\WINDOWS\SYSTEM32\dllcache\agentdpv.dll
+ 2005-04-22 05:20:24 51,712 ----a-w C:\WINDOWS\SYSTEM32\dllcache\agentdpv.dll
- 2001-08-18 05:36:10 51,200 ----a-w C:\WINDOWS\SYSTEM32\dllcache\authz.dll
+ 2005-03-02 18:20:03 53,760 ----a-w C:\WINDOWS\SYSTEM32\dllcache\authz.dll
+ 2006-09-04 06:23:53 1,027,072 ------w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll
- 2004-03-06 02:16:10 225,280 ----a-w C:\WINDOWS\SYSTEM32\dllcache\catsrv.dll
+ 2005-07-26 04:30:34 220,672 ----a-w C:\WINDOWS\SYSTEM32\dllcache\catsrv.dll
- 2004-03-06 02:16:10 594,944 ----a-w C:\WINDOWS\SYSTEM32\dllcache\catsrvut.dll
+ 2005-07-26 04:30:38 581,632 ----a-w C:\WINDOWS\SYSTEM32\dllcache\catsrvut.dll
- 2001-08-18 05:36:10 142,336 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll
+ 2004-12-07 23:43:02 143,360 ----a-w C:\WINDOWS\SYSTEM32\dllcache\CDFVIEW.DLL
- 2001-08-18 05:36:10 2,028,032 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdosys.dll
+ 2005-09-10 02:04:32 2,025,984 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdosys.dll
+ 2006-06-22 05:19:48 64,512 ------w C:\WINDOWS\SYSTEM32\dllcache\ciodm.dll
- 2004-03-06 02:16:10 110,080 ----a-w C:\WINDOWS\SYSTEM32\dllcache\clbcatex.dll
+ 2005-07-26 04:30:38 110,080 ----a-w C:\WINDOWS\SYSTEM32\dllcache\clbcatex.dll
- 2004-03-06 02:16:11 499,712 ----a-w C:\WINDOWS\SYSTEM32\dllcache\clbcatq.dll
+ 2005-07-26 04:30:41 497,152 ----a-w C:\WINDOWS\SYSTEM32\dllcache\clbcatq.dll
- 2004-03-06 02:16:10 64,512 ----a-w C:\WINDOWS\SYSTEM32\dllcache\colbact.dll
+ 2005-07-26 04:30:41 62,464 ----a-w C:\WINDOWS\SYSTEM32\dllcache\colbact.dll
- 2004-03-06 02:16:10 187,904 ----a-w C:\WINDOWS\SYSTEM32\dllcache\comadmin.dll
+ 2005-07-26 04:30:42 187,392 ----a-w C:\WINDOWS\SYSTEM32\dllcache\comadmin.dll
+ 2006-08-25 15:53:55 561,664 ------w C:\WINDOWS\SYSTEM32\dllcache\comctl32.dll
- 2001-08-18 05:36:10 82,432 ----a-w C:\WINDOWS\SYSTEM32\dllcache\comrepl.dll
+ 2005-07-26 04:30:42 89,600 ----a-w C:\WINDOWS\SYSTEM32\dllcache\comrepl.dll
- 2004-03-06 02:16:11 1,194,496 ----a-w C:\WINDOWS\SYSTEM32\dllcache\comsvcs.dll
+ 2005-07-26 04:30:49 1,179,136 ----a-w C:\WINDOWS\SYSTEM32\dllcache\comsvcs.dll
- 2004-03-06 02:16:10 499,200 ----a-w C:\WINDOWS\SYSTEM32\dllcache\comuid.dll
+ 2005-07-26 04:31:11 499,200 ----a-w C:\WINDOWS\SYSTEM32\dllcache\comuid.dll
- 2001-08-18 05:36:12 89,600 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cscdll.dll
+ 2004-10-28 01:29:54 92,160 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cscdll.dll
+ 2006-05-19 12:15:32 103,936 ------w C:\WINDOWS\SYSTEM32\dllcache\dhcpcsvc.dll
- 2001-08-18 05:36:14 76,288 ----a-w C:\WINDOWS\SYSTEM32\dllcache\directdb.dll
+ 2006-02-27 18:31:38 75,776 ----a-w C:\WINDOWS\SYSTEM32\dllcache\DIRECTDB.DLL
+ 2006-06-26 17:47:50 140,288 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
- 2004-03-06 02:16:11 226,816 ----a-w C:\WINDOWS\SYSTEM32\dllcache\es.dll
+ 2005-07-26 04:31:12 227,328 ----a-w C:\WINDOWS\SYSTEM32\dllcache\es.dll
- 2001-08-18 05:36:16 1,018,368 ----a-w C:\WINDOWS\SYSTEM32\dllcache\esent.dll
+ 2005-10-20 22:33:08 991,232 ----a-w C:\WINDOWS\SYSTEM32\dllcache\esent.dll
+ 2004-08-20 22:01:15 82,432 ------w C:\WINDOWS\SYSTEM32\dllcache\fldrclnr.dll
- 2001-08-18 05:36:16 79,360 ----a-w C:\WINDOWS\SYSTEM32\dllcache\fontsub.dll
+ 2005-10-17 21:29:53 77,824 ----a-w C:\WINDOWS\SYSTEM32\dllcache\fontsub.dll
- 2001-08-18 05:36:16 77,850 ----a-w C:\WINDOWS\SYSTEM32\dllcache\hlink.dll
+ 2006-07-21 08:30:50 72,704 ----a-w C:\WINDOWS\SYSTEM32\dllcache\hlink.dll
- 2001-08-18 05:36:18 31,232 ----a-w C:\WINDOWS\SYSTEM32\dllcache\inetmib1.dll
+ 2006-08-16 12:14:23 31,232 ----a-w C:\WINDOWS\SYSTEM32\dllcache\inetmib1.dll
- 2001-08-18 05:34:34 47,616 ----a-w C:\WINDOWS\SYSTEM32\dllcache\inetres.dll
+ 2006-02-27 18:31:50 47,616 ----a-w C:\WINDOWS\SYSTEM32\dllcache\INETRES.DLL
+ 2006-08-16 12:14:23 83,456 ----a-w C:\WINDOWS\SYSTEM32\dllcache\iphlpapi.dll
+ 2006-05-13 10:13:31 74,368 ------w C:\WINDOWS\SYSTEM32\dllcache\ipsec.sys
- 2001-08-18 05:36:18 332,800 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ipsecsnp.dll
+ 2006-05-14 09:13:41 334,848 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ipsecsnp.dll
+ 2006-05-14 09:13:41 159,744 ------w C:\WINDOWS\SYSTEM32\dllcache\ipsecsvc.dll
- 2001-08-18 05:36:18 364,032 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ipsmsnap.dll
+ 2006-05-14 09:13:41 364,544 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ipsmsnap.dll
+ 2006-08-16 09:28:55 48,640 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ipv6.exe
+ 2006-08-16 12:14:23 54,272 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ipv6mon.dll
- 2001-08-18 05:36:18 144,896 ----a-w C:\WINDOWS\SYSTEM32\dllcache\jgdw400.dll
+ 2006-05-27 03:19:50 163,840 ----a-w C:\WINDOWS\SYSTEM32\dllcache\JGDW400.DLL
- 2001-08-18 05:36:18 42,496 ----a-w C:\WINDOWS\SYSTEM32\dllcache\jgpl400.dll
+ 2006-04-06 21:15:48 27,648 ----a-w C:\WINDOWS\SYSTEM32\dllcache\JGPL400.DLL
- 2003-01-13 19:57:58 589,881 ----a-w C:\WINDOWS\SYSTEM32\dllcache\jscript.dll
+ 2006-05-18 05:58:56 458,752 ----a-w C:\WINDOWS\SYSTEM32\dllcache\jscript.dll
- 2001-08-18 05:36:18 12,288 ----a-w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll
+ 2006-04-28 15:58:48 12,288 ----a-w C:\WINDOWS\SYSTEM32\dllcache\JSPROXY.DLL
+ 2006-07-05 10:46:36 928,768 ------w C:\WINDOWS\SYSTEM32\dllcache\kernel32.dll
+ 2001-08-17 20:36:36 2,000 ----a-w C:\WINDOWS\SYSTEM32\dllcache\keyboard.drv
- 2001-08-18 05:36:18 15,360 ----a-w C:\WINDOWS\SYSTEM32\dllcache\linkinfo.dll
+ 2005-09-01 01:49:29 16,384 ----a-w C:\WINDOWS\SYSTEM32\dllcache\linkinfo.dll
+ 2001-08-18 05:33:26 2,560 ----a-w C:\WINDOWS\SYSTEM32\dllcache\lz32.dll
- 2004-02-17 18:50:10 6,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\migregdb.exe
+ 2005-07-22 23:03:37 7,680 ----a-w C:\WINDOWS\SYSTEM32\dllcache\migregdb.exe
+ 2001-08-17 20:36:42 2,032 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mouse.drv
- 2001-08-17 20:50:26 172,672 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mrxdav.sys
+ 2005-04-26 01:58:03 173,312 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mrxdav.sys
+ 2006-05-05 09:31:04 433,152 ------w C:\WINDOWS\SYSTEM32\dllcache\mrxsmb.sys
- 2004-03-06 02:16:10 367,616 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msdtcprx.dll
+ 2006-03-01 19:44:39 368,640 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msdtcprx.dll
- 2004-03-06 02:16:11 977,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msdtctm.dll
+ 2006-03-01 19:44:39 974,336 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msdtctm.dll
- 2004-03-06 02:16:10 150,528 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msdtcuiu.dll
+ 2006-03-01 19:44:39 150,528 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msdtcuiu.dll
- 2001-08-18 05:36:24 44,032 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msident.dll
+ 2006-02-27 18:29:32 44,032 ----a-w C:\WINDOWS\SYSTEM32\dllcache\MSIDENT.DLL
- 2001-08-18 05:35:06 847,872 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msimsg.dll
+ 2005-05-04 19:45:36 884,736 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msimsg.dll
- 2001-08-18 05:36:24 39,936 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msisip.dll
+ 2005-05-04 19:45:36 15,360 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msisip.dll
- 2001-08-18 05:35:10 2,479,104 ----a-w C:\WINDOWS\SYSTEM32\dllcache\msoeres.dll
+ 2006-02-27 18:32:08 2,479,616 ----a-w C:\WINDOWS\SYSTEM32\dllcache\MSOERES.DLL
+ 2006-09-13 05:09:16 1,110,528 ------w C:\WINDOWS\SYSTEM32\dllcache\msxml3.dll
- 2004-03-06 02:16:10 64,512 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mtxclu.dll
+ 2006-03-01 19:44:39 64,512 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mtxclu.dll
- 2004-03-06 02:16:10 82,432 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mtxoci.dll
+ 2006-03-01 19:44:39 83,456 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mtxoci.dll
+ 2006-07-14 15:53:28 307,200 ------w C:\WINDOWS\SYSTEM32\dllcache\netapi32.dll
- 2001-08-18 05:36:52 82,944 ----a-w C:\WINDOWS\SYSTEM32\dllcache\netsh.exe
+ 2006-08-16 09:27:50 83,456 ----a-w C:\WINDOWS\SYSTEM32\dllcache\netsh.exe
+ 2001-08-17 20:47:42 2,944 ----a-w C:\WINDOWS\SYSTEM32\dllcache\null.sys
+ 2006-05-14 09:13:41 257,536 ------w C:\WINDOWS\SYSTEM32\dllcache\oakley.dll
- 2001-08-18 05:36:28 92,672 ----a-w C:\WINDOWS\SYSTEM32\dllcache\oeimport.dll
+ 2006-02-27 18:31:58 93,184 ----a-w C:\WINDOWS\SYSTEM32\dllcache\OEIMPORT.DLL
- 2001-08-18 05:36:54 55,808 ----a-w C:\WINDOWS\SYSTEM32\dllcache\oemig50.exe
+ 2006-02-27 18:32:08 55,808 ----a-w C:\WINDOWS\SYSTEM32\dllcache\OEMIG50.EXE
- 2001-08-18 05:36:28 32,256 ----a-w C:\WINDOWS\SYSTEM32\dllcache\oemiglib.dll
+ 2006-02-27 18:32:10 31,744 ----a-w C:\WINDOWS\SYSTEM32\dllcache\OEMIGLIB.DLL
- 2001-08-18 05:36:28 68,608 ----a-w C:\WINDOWS\SYSTEM32\dllcache\olecli32.dll
+ 2005-07-26 04:31:13 68,608 ----a-w C:\WINDOWS\SYSTEM32\dllcache\olecli32.dll
- 2001-08-18 05:36:28 34,304 ----a-w C:\WINDOWS\SYSTEM32\dllcache\olecnv32.dll
+ 2005-07-26 04:31:13 35,328 ----a-w C:\WINDOWS\SYSTEM32\dllcache\olecnv32.dll
- 2001-08-18 05:36:28 87,552 ----a-w C:\WINDOWS\SYSTEM32\dllcache\polstore.dll
+ 2006-05-14 09:13:41 98,304 ----a-w C:\WINDOWS\SYSTEM32\dllcache\polstore.dll
- 2003-05-30 14:00:02 1,962,496 ----a-w C:\WINDOWS\SYSTEM32\dllcache\quartz.dll
+ 2005-08-30 14:14:00 1,227,776 ----a-w C:\WINDOWS\SYSTEM32\dllcache\quartz.dll
+ 2006-06-22 05:19:49 1,350,144 ------w C:\WINDOWS\SYSTEM32\dllcache\query.dll
- 2001-08-18 05:36:30 6,144 ----a-w C:\WINDOWS\SYSTEM32\dllcache\rasadhlp.dll
+ 2006-06-26 17:47:50 6,144 ----a-w C:\WINDOWS\SYSTEM32\dllcache\rasadhlp.dll
+ 2006-06-22 10:59:17 169,984 ------w C:\WINDOWS\SYSTEM32\dllcache\rasmans.dll
+ 2006-05-05 09:40:31 166,656 ------w C:\WINDOWS\SYSTEM32\dllcache\rdbss.sys
- 2001-08-17 20:52:26 200,064 ----a-w C:\WINDOWS\SYSTEM32\dllcache\rmcast.sys
+ 2006-07-13 08:41:42 199,936 ----a-w C:\WINDOWS\SYSTEM32\dllcache\rmcast.sys
+ 2006-09-04 06:23:53 1,351,680 ------w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll
+ 2006-07-13 13:46:56 8,353,280 ------w C:\WINDOWS\SYSTEM32\dllcache\shell32.dll
+ 2001-08-17 20:36:38 1,744 ----a-w C:\WINDOWS\SYSTEM32\dllcache\sound.drv
- 2001-08-18 05:36:58 51,200 ----a-w C:\WINDOWS\SYSTEM32\dllcache\spoolsv.exe
+ 2005-06-10 23:55:46 53,248 ----a-w C:\WINDOWS\SYSTEM32\dllcache\spoolsv.exe
- 2003-03-28 16:54:56 322,048 ----a-w C:\WINDOWS\SYSTEM32\dllcache\srv.sys
+ 2006-08-14 08:59:20 321,536 ----a-w C:\WINDOWS\SYSTEM32\dllcache\srv.sys
- 2001-08-18 05:36:32 87,040 ----a-w C:\WINDOWS\SYSTEM32\dllcache\srvsvc.dll
+ 2004-12-07 19:34:37 79,872 ----a-w C:\WINDOWS\SYSTEM32\dllcache\srvsvc.dll
+ 2004-08-20 22:01:15 700,928 ------w C:\WINDOWS\SYSTEM32\dllcache\sxs.dll
- 2001-08-18 05:36:32 198,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\t2embed.dll
+ 2005-10-17 21:29:54 111,616 ----a-w C:\WINDOWS\SYSTEM32\dllcache\t2embed.dll
+ 2006-04-20 11:38:44 340,480 ------w C:\WINDOWS\SYSTEM32\dllcache\tcpip.sys
+ 2006-08-16 09:28:57 205,120 ----a-w C:\WINDOWS\SYSTEM32\dllcache\tcpip6.sys
+ 2006-08-16 09:27:12 11,776 ----a-w C:\WINDOWS\SYSTEM32\dllcache\tunmp.sys
- 2004-03-06 02:16:10 97,280 ----a-w C:\WINDOWS\SYSTEM32\dllcache\txflog.dll
+ 2005-07-26 04:31:13 97,280 ----a-w C:\WINDOWS\SYSTEM32\dllcache\txflog.dll
+ 2001-08-17 20:36:42 2,176 ----a-w C:\WINDOWS\SYSTEM32\dllcache\vga.drv
- 2001-08-18 05:37:00 43,008 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wab.exe
+ 2006-02-27 18:31:46 42,496 ----a-w C:\WINDOWS\SYSTEM32\dllcache\WAB.EXE
- 2001-08-18 05:36:34 30,720 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wabfind.dll
+ 2006-02-27 18:31:48 30,208 ----a-w C:\WINDOWS\SYSTEM32\dllcache\WABFIND.DLL
- 2001-08-18 05:36:34 76,800 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wabimp.dll
+ 2006-02-27 18:31:44 77,824 ----a-w C:\WINDOWS\SYSTEM32\dllcache\WABIMP.DLL
- 2001-08-18 05:37:00 27,648 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wabmig.exe
+ 2006-02-27 18:31:42 27,648 ----a-w C:\WINDOWS\SYSTEM32\dllcache\WABMIG.EXE
- 2001-08-18 05:36:34 25,600 ----a-w C:\WINDOWS\SYSTEM32\dllcache\winipsec.dll
+ 2006-05-14 09:13:41 29,184 ----a-w C:\WINDOWS\SYSTEM32\dllcache\winipsec.dll
+ 2001-08-17 20:36:48 2,864 ----a-w C:\WINDOWS\SYSTEM32\dllcache\winsock.dll
+ 2001-08-17 20:36:42 2,112 ----a-w C:\WINDOWS\SYSTEM32\dllcache\winspool.exe
+ 2001-08-17 20:36:54 2,736 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wowdeb.exe
- 2001-08-18 05:36:36 75,264 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ws2_32.dll
+ 2006-08-16 12:14:23 70,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ws2_32.dll
+ 2006-08-16 12:14:23 13,312 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wship6.dll
- 2001-08-18 05:36:36 9,728 ----a-w C:\WINDOWS\SYSTEM32\dllcache\xolehlp.dll
+ 2006-03-01 19:44:39 11,776 ----a-w C:\WINDOWS\SYSTEM32\dllcache\xolehlp.dll
- 2002-08-29 10:40:50 139,264 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2006-06-26 17:47:50 140,288 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2002-08-29 08:32:34 2,816 ----a-w C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys
- 2002-08-29 09:07:22 57,984 ----a-w C:\WINDOWS\SYSTEM32\drivers\ipsec.sys
+ 2006-05-13 10:13:31 74,368 ----a-w C:\WINDOWS\SYSTEM32\drivers\ipsec.sys
- 2007-06-25 19:54:44 71,496 ----a-w C:\WINDOWS\SYSTEM32\drivers\mfeavfk.sys
+ 2007-11-22 10:44:08 79,304 ----a-w C:\WINDOWS\SYSTEM32\drivers\mfeavfk.sys
- 2007-06-25 14:57:10 34,184 ----a-w C:\WINDOWS\SYSTEM32\drivers\mfebopk.sys
+ 2007-11-22 10:44:08 35,240 ----a-w C:\WINDOWS\SYSTEM32\drivers\mfebopk.sys
- 2008-02-06 14:51:44 171,400 ----a-w C:\WINDOWS\SYSTEM32\drivers\mfehidk.sys
+ 2007-11-22 10:44:08 201,320 ----a-w C:\WINDOWS\SYSTEM32\drivers\mfehidk.sys
- 2007-06-25 14:57:24 32,008 ----a-w C:\WINDOWS\SYSTEM32\drivers\mferkdk.sys
+ 2007-11-22 10:44:04 33,832 ----a-w C:\WINDOWS\SYSTEM32\drivers\mferkdk.sys
- 2007-06-25 14:57:28 37,480 ----a-w C:\WINDOWS\SYSTEM32\drivers\mfesmfk.sys
+ 2007-12-02 16:51:42 40,488 ----a-w C:\WINDOWS\SYSTEM32\drivers\mfesmfk.sys
- 2007-03-02 18:16:52 109,608 ----a-w C:\WINDOWS\SYSTEM32\drivers\Mpfp.sys
+ 2007-07-13 10:20:24 113,952 ----a-w C:\WINDOWS\SYSTEM32\drivers\Mpfp.sys
- 2001-08-17 20:50:26 172,672 ----a-w C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys
+ 2005-04-26 01:58:03 173,312 ----a-w C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys
- 2002-11-18 16:27:40 392,576 ----a-w C:\WINDOWS\SYSTEM32\drivers\mrxsmb.sys
+ 2006-05-05 09:31:04 433,152 ----a-w C:\WINDOWS\SYSTEM32\drivers\mrxsmb.sys
+ 2001-08-17 20:47:42 2,944 ----a-w C:\WINDOWS\SYSTEM32\drivers\null.sys
- 2002-08-29 08:58:50 163,328 ----a-w C:\WINDOWS\SYSTEM32\drivers\rdbss.sys
+ 2006-05-05 09:40:31 166,656 ----a-w C:\WINDOWS\SYSTEM32\drivers\rdbss.sys
- 2002-08-29 10:46:44 115,976 ----a-w C:\WINDOWS\SYSTEM32\drivers\rdpwd.sys
+ 2005-06-10 04:30:15 116,104 ----a-w C:\WINDOWS\SYSTEM32\drivers\rdpwd.sys
- 2001-08-17 20:52:26 200,064 ----a-w C:\WINDOWS\SYSTEM32\drivers\RMCast.sys
+ 2006-07-13 08:41:42 199,936 ----a-w C:\WINDOWS\SYSTEM32\drivers\rmcast.sys
- 2003-03-28 16:54:56 322,048 ----a-w C:\WINDOWS\SYSTEM32\drivers\srv.sys
+ 2006-08-14 08:59:20 321,536 ----a-w C:\WINDOWS\SYSTEM32\drivers\srv.sys
- 2002-08-29 08:58:12 332,928 ----a-w C:\WINDOWS\SYSTEM32\drivers\tcpip.sys
+ 2006-04-20 11:38:44 340,480 ----a-w C:\WINDOWS\SYSTEM32\drivers\tcpip.sys
- 2002-08-29 08:37:54 196,288 ----a-w C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys
+ 2006-08-16 09:28:57 205,120 ----a-w C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys
- 2002-08-29 08:35:44 9,856 ------w C:\WINDOWS\SYSTEM32\drivers\tunmp.sys
+ 2006-08-16 09:27:12 11,776 ----a-w C:\WINDOWS\SYSTEM32\drivers\tunmp.sys
- 2006-03-03 16:07:02 143,360 ----a-w C:\WINDOWS\SYSTEM32\dunzip32.dll
+ 2006-03-03 12:07:02 143,360 ----a-w C:\WINDOWS\SYSTEM32\dunzip32.dll
- 2002-08-29 10:40:52 337,920 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2006-06-09 19:35:50 351,744 ----a-w C:\WINDOWS\SYSTEM32\DXTMSFT.DLL
- 2002-08-29 10:40:52 194,560 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2006-06-09 19:35:30 192,512 ----a-w C:\WINDOWS\SYSTEM32\DXTRANS.DLL
- 2004-03-06 02:16:11 226,816 ----a-w C:\WINDOWS\SYSTEM32\es.dll
+ 2005-07-26 04:31:12 227,328 ----a-w C:\WINDOWS\SYSTEM32\es.dll
- 2001-08-18 05:36:16 1,018,368 ----a-w C:\WINDOWS\SYSTEM32\esent.dll
+ 2005-10-20 22:33:08 991,232 ----a-w C:\WINDOWS\SYSTEM32\esent.dll
- 2002-08-29 10:40:54 82,432 ----a-w C:\WINDOWS\SYSTEM32\fldrclnr.dll
+ 2004-08-20 22:01:15 82,432 ----a-w C:\WINDOWS\SYSTEM32\fldrclnr.dll
- 2008-03-29 00:54:21 194,568 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-04-03 20:02:51 194,568 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2001-08-18 05:36:16 79,360 ----a-w C:\WINDOWS\SYSTEM32\fontsub.dll
+ 2005-10-17 21:29:53 77,824 ----a-w C:\WINDOWS\SYSTEM32\fontsub.dll
- 2004-03-30 01:48:36 257,536 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
+ 2006-01-02 22:38:03 260,608 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
- 2003-01-10 19:43:46 37,888 ----a-w C:\WINDOWS\SYSTEM32\hhsetup.dll
+ 2005-05-27 01:59:52 38,912 ----a-w C:\WINDOWS\SYSTEM32\hhsetup.dll
- 2001-08-18 05:36:16 77,850 ----a-w C:\WINDOWS\SYSTEM32\hlink.dll
+ 2006-07-21 08:30:50 72,704 ----a-w C:\WINDOWS\SYSTEM32\hlink.dll
- 2001-08-18 05:36:16 489,984 ----a-w C:\WINDOWS\SYSTEM32\hypertrm.dll
+ 2004-11-17 17:57:01 493,056 ----a-w C:\WINDOWS\SYSTEM32\hypertrm.dll
- 2002-08-29 10:40:56 236,032 ----a-w C:\WINDOWS\SYSTEM32\icm32.dll
+ 2005-06-29 01:54:58 237,056 ----a-w C:\WINDOWS\SYSTEM32\icm32.dll
- 2002-08-29 10:40:56 231,424 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
+ 2006-02-24 20:24:42 236,032 ----a-w C:\WINDOWS\SYSTEM32\IEPEERS.DLL
- 2002-08-29 10:40:56 587,776 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
+ 2006-02-27 18:31:54 596,480 ----a-w C:\WINDOWS\SYSTEM32\INETCOMM.DLL
- 2001-08-18 05:36:18 31,232 ----a-w C:\WINDOWS\SYSTEM32\inetmib1.dll
+ 2006-08-16 12:14:23 31,232 ----a-w C:\WINDOWS\SYSTEM32\inetmib1.dll
- 2001-08-18 05:34:34 47,616 ----a-w C:\WINDOWS\SYSTEM32\inetres.dll
+ 2006-02-27 18:31:50 47,616 ----a-w C:\WINDOWS\SYSTEM32\INETRES.DLL
- 2002-08-29 10:40:58 69,632 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
+ 2004-08-26 15:53:48 69,632 ----a-w C:\WINDOWS\SYSTEM32\INSENG.DLL
- 2002-08-29 10:40:58 82,944 ----a-w C:\WINDOWS\SYSTEM32\iphlpapi.dll
+ 2006-08-16 12:14:23 83,456 ----a-w C:\WINDOWS\SYSTEM32\iphlpapi.dll
- 2001-08-18 05:36:18 332,800 ----a-w C:\WINDOWS\SYSTEM32\ipsecsnp.dll
+ 2006-05-14 09:13:41 334,848 ----a-w C:\WINDOWS\SYSTEM32\ipsecsnp.dll
- 2002-08-29 10:40:58 155,648 ----a-w C:\WINDOWS\SYSTEM32\ipsecsvc.dll
+ 2006-05-14 09:13:41 159,744 ----a-w C:\WINDOWS\SYSTEM32\ipsecsvc.dll
- 2001-08-18 05:36:18 364,032 ----a-w C:\WINDOWS\SYSTEM32\ipsmsnap.dll
+ 2006-05-14 09:13:41 364,544 ----a-w C:\WINDOWS\SYSTEM32\ipsmsnap.dll
- 2002-08-29 10:41:26 60,928 ----a-w C:\WINDOWS\SYSTEM32\ipv6.exe
+ 2006-08-16 09:28:55 48,640 ----a-w C:\WINDOWS\SYSTEM32\ipv6.exe
- 2002-08-29 10:40:58 134,144 ----a-w C:\WINDOWS\SYSTEM32\ipv6mon.dll
+ 2006-08-16 12:14:23 54,272 ----a-w C:\WINDOWS\SYSTEM32\ipv6mon.dll
- 2003-01-10 19:43:48 143,872 ----a-w C:\WINDOWS\SYSTEM32\itircl.dll
+ 2005-05-27 01:59:52 143,872 ----a-w C:\WINDOWS\SYSTEM32\itircl.dll
- 2003-01-10 19:43:48 122,368 ----a-w C:\WINDOWS\SYSTEM32\itss.dll
+ 2005-05-27 01:59:52 128,000 ----a-w C:\WINDOWS\SYSTEM32\itss.dll
- 2001-08-18 05:36:18 144,896 ----a-w C:\WINDOWS\SYSTEM32\jgdw400.dll
+ 2006-05-27 03:19:50 163,840 ----a-w C:\WINDOWS\SYSTEM32\JGDW400.DLL
- 2001-08-18 05:36:18 42,496 ----a-w C:\WINDOWS\SYSTEM32\jgpl400.dll
+ 2006-04-06 21:15:48 27,648 ----a-w C:\WINDOWS\SYSTEM32\JGPL400.DLL
- 2003-01-13 19:57:58 589,881 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
+ 2006-05-18 05:58:56 458,752 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
- 2001-08-18 05:36:18 12,288 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2006-04-28 15:58:48 12,288 ----a-w C:\WINDOWS\SYSTEM32\JSPROXY.DLL
- 2002-08-29 10:41:00 272,896 ----a-w C:\WINDOWS\SYSTEM32\kerberos.dll
+ 2005-06-15 17:50:24 285,184 ----a-w C:\WINDOWS\SYSTEM32\kerberos.dll
- 2002-08-29 10:41:00 930,304 ----a-w C:\WINDOWS\SYSTEM32\kernel32.dll
+ 2006-07-05 10:46:36 928,768 ----a-w C:\WINDOWS\SYSTEM32\kernel32.dll
+ 2001-08-17 20:36:36 2,000 ----a-w C:\WINDOWS\SYSTEM32\keyboard.drv
- 2001-08-18 05:36:18 15,360 ----a-w C:\WINDOWS\SYSTEM32\linkinfo.dll
+ 2005-09-01 01:49:29 16,384 ----a-w C:\WINDOWS\SYSTEM32\linkinfo.dll
- 2004-03-30 01:48:36 667,648 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
+ 2004-10-28 01:29:54 681,984 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
+ 2001-08-18 05:33:26 2,560 ----a-w C:\WINDOWS\SYSTEM32\lz32.dll
+ 2000-10-15 09:20:00 170,496 ----a-w C:\WINDOWS\SYSTEM32\Macromed\AUTHORWA\np32asw.dll
+ 1998-05-08 07:35:36 1,367,552 ----a-w C:\WINDOWS\SYSTEM32\Macromed\AUTHORWA\NP32ASW\AW40\runa4w32.exe
+ 1999-09-11 18:24:08 276,480 ----a-r C:\WINDOWS\SYSTEM32\Macromed\AUTHORWA\NP32ASW\AW50\AWIML32.DLL
+ 1999-05-22 04:37:34 280,576 ----a-r C:\WINDOWS\SYSTEM32\Macromed\AUTHORWA\NP32ASW\AW50\msvcrt.dll
+ 2000-10-15 09:20:00 1,476,096 ----a-w C:\WINDOWS\SYSTEM32\Macromed\AUTHORWA\NP32ASW\AW50\runa5w32.exe
+ 1998-08-05 12:48:32 270,336 ----a-r C:\WINDOWS\SYSTEM32\Macromed\AUTHORWA\NP32ASW\AW50\VCT32161.dll
+ 1997-05-14 11:00:00 941,056 ----a-w C:\WINDOWS\SYSTEM32\Macromed\AUTHORWA\NP32ASW\runa3w32.exe
+ 2001-08-17 20:36:42 2,032 ----a-w C:\WINDOWS\SYSTEM32\mouse.drv
- 2002-08-29 10:41:02 68,096 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
+ 2005-06-29 01:54:58 68,608 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
- 2004-03-06 02:16:10 367,616 ----a-w C:\WINDOWS\SYSTEM32\msdtcprx.dll
+ 2006-03-01 19:44:39 368,640 ----a-w C:\WINDOWS\SYSTEM32\msdtcprx.dll
- 2004-03-06 02:16:11 977,920 ----a-w C:\WINDOWS\SYSTEM32\msdtctm.dll
+ 2006-03-01 19:44:39 974,336 ----a-w C:\WINDOWS\SYSTEM32\msdtctm.dll
- 2004-03-06 02:16:10 150,528 ----a-w C:\WINDOWS\SYSTEM32\msdtcuiu.dll
+ 2006-03-01 19:44:39 150,528 ----a-w C:\WINDOWS\SYSTEM32\msdtcuiu.dll
- 2002-08-29 10:41:04 2,833,920 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2006-06-30 15:28:26 2,703,872 ----a-w C:\WINDOWS\SYSTEM32\MSHTML.DLL
- 2002-08-29 10:41:04 2,086,400 ----a-w C:\WINDOWS\SYSTEM32\msi.dll
+ 2005-05-04 19:45:32 2,890,240 ----a-w C:\WINDOWS\SYSTEM32\msi.dll
- 2001-08-18 05:36:24 44,032 ----a-w C:\WINDOWS\SYSTEM32\msident.dll
+ 2006-02-27 18:29:32 44,032 ----a-w C:\WINDOWS\SYSTEM32\MSIDENT.DLL
- 2002-08-29 10:41:04 229,888 ----a-w C:\WINDOWS\SYSTEM32\msieftp.dll
+ 2005-08-05 17:23:27 230,400 ----a-w C:\WINDOWS\SYSTEM32\msieftp.dll
- 2002-08-29 10:41:26 64,512 ----a-w C:\WINDOWS\SYSTEM32\msiexec.exe
+ 2005-05-04 19:45:36 78,848 ----a-w C:\WINDOWS\SYSTEM32\msiexec.exe
- 2002-08-29 10:41:04 305,664 ----a-w C:\WINDOWS\SYSTEM32\msihnd.dll
+ 2005-05-04 19:45:36 271,360 ----a-w C:\WINDOWS\SYSTEM32\msihnd.dll
- 2001-08-18 05:35:06 847,872 ----a-w C:\WINDOWS\SYSTEM32\msimsg.dll
+ 2005-05-04 19:45:36 884,736 ----a-w C:\WINDOWS\SYSTEM32\msimsg.dll
- 2001-08-18 05:36:24 39,936 ----a-w C:\WINDOWS\SYSTEM32\msisip.dll
+ 2005-05-04 19:45:36 15,360 ----a-w C:\WINDOWS\SYSTEM32\msisip.dll
- 2002-08-29 10:41:06 228,864 ----a-w C:\WINDOWS\SYSTEM32\msoeacct.dll
+ 2006-02-27 18:31:40 229,376 ----a-w C:\WINDOWS\SYSTEM32\MSOEACCT.DLL
- 2002-08-29 10:41:06 81,408 ----a-w C:\WINDOWS\SYSTEM32\msoert2.dll
+ 2006-02-27 18:31:36 91,136 ----a-w C:\WINDOWS\SYSTEM32\MSOERT2.DLL
- 2002-08-29 10:41:06 132,096 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2005-02-24 17:54:42 132,096 ----a-w C:\WINDOWS\SYSTEM32\MSRATING.DLL
- 2002-08-29 10:41:08 496,128 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2006-03-03 21:13:30 498,176 ----a-w C:\WINDOWS\SYSTEM32\MSTIME.DLL
- 2002-08-29 10:41:08 1,122,304 ----a-w C:\WINDOWS\SYSTEM32\msxml3.dll
+ 2006-09-13 05:09:16 1,110,528 ----a-w C:\WINDOWS\SYSTEM32\msxml3.dll
- 2004-03-06 02:16:10 64,512 ----a-w C:\WINDOWS\SYSTEM32\mtxclu.dll
+ 2006-03-01 19:44:39 64,512 ----a-w C:\WINDOWS\SYSTEM32\mtxclu.dll
- 2004-03-06 02:16:10 82,432 ----a-w C:\WINDOWS\SYSTEM32\mtxoci.dll
+ 2006-03-01 19:44:39 83,456 ----a-w C:\WINDOWS\SYSTEM32\mtxoci.dll
- 2004-03-30 01:48:36 306,176 ----a-w C:\WINDOWS\SYSTEM32\netapi32.dll
+ 2006-07-14 15:53:28 307,200 ----a-w C:\WINDOWS\SYSTEM32\netapi32.dll
- 2002-08-29 10:41:08 154,112 ----a-w C:\WINDOWS\SYSTEM32\netman.dll
+ 2005-08-22 18:36:34 154,624 ----a-w C:\WINDOWS\SYSTEM32\netman.dll
- 2001-08-18 05:36:52 82,944 ----a-w C:\WINDOWS\SYSTEM32\netsh.exe
+ 2006-08-16 09:27:50 83,456 ----a-w C:\WINDOWS\SYSTEM32\netsh.exe
- 2002-08-29 08:04:56 1,947,904 ------w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
+ 2005-03-02 00:36:42 1,955,840 ------w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
- 2002-08-29 09:03:30 2,042,240 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
+ 2005-03-02 01:33:36 2,040,832 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
- 2002-08-29 10:41:10 328,704 ----a-w C:\WINDOWS\SYSTEM32\oakley.dll
+ 2006-05-14 09:13:41 257,536 ----a-w C:\WINDOWS\SYSTEM32\oakley.dll
- 2004-03-06 02:16:11 1,183,744 ----a-w C:\WINDOWS\SYSTEM32\ole32.dll
+ 2005-07-26 04:31:13 1,190,400 ----a-w C:\WINDOWS\SYSTEM32\ole32.dll
- 2001-08-18 05:36:28 68,608 ----a-w C:\WINDOWS\SYSTEM32\olecli32.dll
+ 2005-07-26 04:31:13 68,608 ----a-w C:\WINDOWS\SYSTEM32\olecli32.dll
- 2001-08-18 05:36:28 34,304 ----a-w C:\WINDOWS\SYSTEM32\olecnv32.dll
+ 2005-07-26 04:31:13 35,328 ----a-w C:\WINDOWS\SYSTEM32\olecnv32.dll
- 2008-03-29 00:57:30 41,508 ----a-w C:\WINDOWS\SYSTEM32\perfc009.dat
+ 2008-05-23 22:22:20 41,508 ----a-w C:\WINDOWS\SYSTEM32\perfc009.dat
- 2008-03-29 00:57:30 315,850 ----a-w C:\WINDOWS\SYSTEM32\perfh009.dat
+ 2008-05-23 22:22:20 315,850 ----a-w C:\WINDOWS\SYSTEM32\perfh009.dat
- 2002-08-29 10:41:10 34,304 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2005-04-27 15:53:06 34,816 ----a-w C:\WINDOWS\SYSTEM32\PNGFILT.DLL
- 2001-08-18 05:36:28 87,552 ----a-w C:\WINDOWS\SYSTEM32\polstore.dll
+ 2006-05-14 09:13:41 98,304 ----a-w C:\WINDOWS\SYSTEM32\polstore.dll
- 2003-05-30 14:00:02 1,962,496 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
+ 2005-08-30 14:14:00 1,227,776 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
- 2002-08-29 10:41:10 1,349,120 ----a-w C:\WINDOWS\SYSTEM32\query.dll
+ 2006-06-22 05:19:49 1,350,144 ----a-w C:\WINDOWS\SYSTEM32\query.dll
- 2001-08-18 05:36:30 6,144 ----a-w C:\WINDOWS\SYSTEM32\rasadhlp.dll
+ 2006-06-26 17:47:50 6,144 ----a-w C:\WINDOWS\SYSTEM32\rasadhlp.dll
- 2002-08-29 10:41:10 158,720 ----a-w C:\WINDOWS\SYSTEM32\rasmans.dll
+ 2006-06-22 10:59:17 169,984 ----a-w C:\WINDOWS\SYSTEM32\rasmans.dll
- 2004-03-06 02:16:11 263,680 ----a-w C:\WINDOWS\SYSTEM32\rpcss.dll
+ 2005-07-26 04:31:13 276,992 ----a-w C:\WINDOWS\SYSTEM32\rpcss.dll
- 2002-08-29 10:41:12 1,341,440 ----a-w C:\WINDOWS\SYSTEM32\shdocvw.dll
+ 2006-09-04 06:23:53 1,351,680 ----a-w C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
- 2002-08-29 10:41:12 8,336,384 ----a-w C:\WINDOWS\SYSTEM32\shell32.dll
+ 2006-07-13 13:46:56 8,353,280 ----a-w C:\WINDOWS\SYSTEM32\shell32.dll
- 2002-08-29 10:41:12 401,920 ----a-w C:\WINDOWS\SYSTEM32\shlwapi.dll
+ 2005-09-01 01:49:30 409,088 ----a-w C:\WINDOWS\SYSTEM32\shlwapi.dll
- 2002-08-29 10:41:12 116,224 ----a-w C:\WINDOWS\SYSTEM32\shsvcs.dll
+ 2004-10-28 01:29:54 116,736 ----a-w C:\WINDOWS\SYSTEM32\shsvcs.dll
+ 2001-08-17 20:36:38 1,744 ----a-w C:\WINDOWS\SYSTEM32\sound.drv
- 2004-06-24 22:08:44 7,168 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2005-10-12 23:12:25 14,048 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2001-08-18 05:36:58 51,200 ----a-w C:\WINDOWS\SYSTEM32\spoolsv.exe
+ 2005-06-10 23:55:46 53,248 ----a-w C:\WINDOWS\SYSTEM32\spoolsv.exe
+ 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\SYSTEM32\spupdsvc.exe
- 2002-11-14 20:50:42 226,816 ----a-w C:\WINDOWS\SYSTEM32\srrstr.dll
+ 2005-10-27 19:06:37 226,816 ----a-w C:\WINDOWS\SYSTEM32\srrstr.dll
- 2001-08-18 05:36:32 87,040 ----a-w C:\WINDOWS\SYSTEM32\srvsvc.dll
+ 2004-12-07 19:34:37 79,872 ----a-w C:\WINDOWS\SYSTEM32\srvsvc.dll
- 2002-08-29 10:41:18 674,816 ----a-w C:\WINDOWS\SYSTEM32\sxs.dll
+ 2004-08-20 22:01:15 700,928 ----a-w C:\WINDOWS\SYSTEM32\sxs.dll
- 2001-08-18 05:36:32 198,656 ----a-w C:\WINDOWS\SYSTEM32\t2embed.dll
+ 2005-10-17 21:29:54 111,616 ----a-w C:\WINDOWS\SYSTEM32\t2embed.dll
- 2002-08-29 10:41:18 233,984 ----a-w C:\WINDOWS\SYSTEM32\tapisrv.dll
+ 2005-07-08 16:09:48 238,592 ----a-w C:\WINDOWS\SYSTEM32\tapisrv.dll
- 2002-08-29 10:41:28 71,168 ------w C:\WINDOWS\SYSTEM32\telnet.exe
+ 2005-05-11 00:09:48 72,192 ------w C:\WINDOWS\SYSTEM32\telnet.exe
- 2004-03-06 02:16:10 97,280 ----a-w C:\WINDOWS\SYSTEM32\txflog.dll
+ 2005-07-26 04:31:13 97,280 ----a-w C:\WINDOWS\SYSTEM32\txflog.dll
- 2002-08-29 10:41:18 107,008 ----a-w C:\WINDOWS\SYSTEM32\umpnpmgr.dll
+ 2005-08-23 03:51:10 111,104 ----a-w C:\WINDOWS\SYSTEM32\umpnpmgr.dll
- 2002-08-29 10:41:18 455,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2006-08-31 01:42:56 461,824 ----a-w C:\WINDOWS\SYSTEM32\URLMON.DLL
- 2002-08-29 10:41:18 560,128 ----a-w C:\WINDOWS\SYSTEM32\user32.dll
+ 2005-03-02 18:20:03 561,152 ----a-w C:\WINDOWS\SYSTEM32\user32.dll
+ 2006-03-17 00:49:30 25,600 ------w C:\WINDOWS\SYSTEM32\verclsid.exe
+ 2001-08-17 20:36:42 2,176 ----a-w C:\WINDOWS\SYSTEM32\vga.drv
- 2002-08-29 10:41:18 61,952 ----a-w C:\WINDOWS\SYSTEM32\webclnt.dll
+ 2006-01-04 03:37:34 64,000 ----a-w C:\WINDOWS\SYSTEM32\webclnt.dll
- 2002-08-29 09:14:20 1,813,632 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
+ 2005-10-04 01:38:18 1,799,552 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
- 2002-08-29 10:41:18 99,328 ----a-w C:\WINDOWS\SYSTEM32\win32spl.dll
+ 2005-06-11 02:41:12 102,400 ----a-w C:\WINDOWS\SYSTEM32\win32spl.dll
- 2002-08-29 10:41:18 599,040 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2006-06-23 16:33:58 575,488 ----a-w C:\WINDOWS\SYSTEM32\WININET.DLL
- 2001-08-18 05:36:34 25,600 ----a-w C:\WINDOWS\SYSTEM32\winipsec.dll
+ 2006-05-14 09:13:41 29,184 ----a-w C:\WINDOWS\SYSTEM32\winipsec.dll
+ 2001-08-17 20:36:48 2,864 ----a-w C:\WINDOWS\SYSTEM32\winsock.dll
+ 2001-08-17 20:36:42 2,112 ----a-w C:\WINDOWS\SYSTEM32\winspool.exe
- 2002-08-29 10:41:18 276,480 ----a-w C:\WINDOWS\SYSTEM32\winsrv.dll
+ 2005-09-01 01:49:31 278,016 ----a-w C:\WINDOWS\SYSTEM32\winsrv.dll
- 2002-08-29 10:41:18 1,404,928 ----a-w C:\WINDOWS\SYSTEM32\wmpui.dll
+ 2006-04-24 21:17:14 1,425,680 ----a-w C:\WINDOWS\SYSTEM32\wmpui.dll
+ 2001-08-17 20:36:54 2,736 ----a-w C:\WINDOWS\SYSTEM32\wowdeb.exe
- 2001-08-18 05:36:36 75,264 ----a-w C:\WINDOWS\SYSTEM32\ws2_32.dll
+ 2006-08-16 12:14:23 70,656 ----a-w C:\WINDOWS\SYSTEM32\ws2_32.dll
- 2002-08-29 10:41:20 13,312 ----a-w C:\WINDOWS\SYSTEM32\wship6.dll
+ 2006-08-16 12:14:23 13,312 ----a-w C:\WINDOWS\SYSTEM32\wship6.dll
- 2001-08-18 05:36:36 9,728 ----a-w C:\WINDOWS\SYSTEM32\xolehlp.dll
+ 2006-03-01 19:44:39 11,776 ----a-w C:\WINDOWS\SYSTEM32\xolehlp.dll
- 2004-06-30 23:59:25 158,720 ------w C:\WINDOWS\SYSTEM32\xpob2res.dll
+ 2006-08-16 09:42:14 159,232 ----a-w C:\WINDOWS\SYSTEM32\xpob2res.dll
- 2004-03-10 17:59:50 593,408 ------w C:\WINDOWS\SYSTEM32\xpsp2res.dll
+ 2006-08-25 09:14:17 595,968 ----a-w C:\WINDOWS\SYSTEM32\xpsp2res.dll
+ 2005-05-17 00:43:39 7,168 ------w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2000-08-31 12:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2005-08-31 23:49:28 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44\comctl32.dll
+ 2006-03-17 05:04:12 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
+ 2006-07-13 13:46:53 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1873_x-ww_7d39bb85\comctl32.dll
+ 2006-08-25 15:53:52 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll
+ 2000-08-31 12:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7edbef6e-42b5-47fa-9ae3-0fbb744398bd}]
2008-08-02 19:28 114176 --a------ C:\WINDOWS\System32\xfphyl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b15cb86e-0363-4771-bd36-083cf414674c}]
2008-07-29 12:20 314880 --a------ C:\WINDOWS\System32\iifgEwxX.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-15 20:25 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 12:04 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 17:56 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-06-15 18:34 212992]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 20:25 143360]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 19:36 90112]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2001-07-03 17:13 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-03 20:35 98304]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 09:36 299008]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-01-11 13:57 291760]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 22:30 294912]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 02:05 98304]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 11:09 106496]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"04ddc144"="C:\WINDOWS\System32\hridycyj.dll" [2008-08-02 19:31 83456]
"BM07eef2d8"="C:\WINDOWS\System32\gbhfkhqv.dll" [2008-08-02 19:26 91648]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoPlay.exe [2001-08-27 16:52:06 36864]

.
Contents of the 'Scheduled Tasks' folder

2006-12-20 C:\WINDOWS\Tasks\ISP signup reminder 3.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]

2008-06-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2006-12-20 C:\WINDOWS\Tasks\Registration reminder 1.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]

2006-12-20 C:\WINDOWS\Tasks\Registration reminder 2.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]

2006-12-20 C:\WINDOWS\Tasks\Registration reminder 3.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WheelMouse - Amoumain.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k5jp4vxq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.comcast.net/comcast.html


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 08:29:23
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\System32\hridycyj.dll
-> C:\WINDOWS\System32\gbhfkhqv.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\lxctcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-03 8:38:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-03 12:38:11
ComboFix2.txt 2008-03-29 21:53:05

Pre-Run: 25,059,258,368 bytes free
Post-Run: 25,344,634,880 bytes free

1434 --- E O F --- 2008-04-03 01:13:26


and here is the new hijack this report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:34 AM, on 8/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\lxctcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\vasa129.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0ba29c9d-009f-4908-b6b7-6b8632fa5744} - C:\WINDOWS\System32\iifgEwxX.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: {d227841b-0b8b-0fc9-c504-74943e8dcc24} - {42ccd8e3-4947-405c-9cf0-b8b0b148722d} - C:\WINDOWS\System32\eyalul.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [BM07eef2d8] Rundll32.exe "C:\WINDOWS\System32\iwvxkcml.dll",s
O4 - HKLM\..\Run: [04ddc144] rundll32.exe "C:\WINDOWS\System32\iaytnpcb.dll",b
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/oneclickfix/tgctlsr.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.phgenit.com/plugin/awarewebp ... wswaxf.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://playgames.comcast.net/online2/pi ... 0.0.32.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://playgames.comcast.net/online2/go ... dfever.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O20 - AppInit_DLLs: eyalul.dll
O23 - Service: lxct_device - - C:\WINDOWS\System32\lxctcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6757 bytes
vasa129
Regular Member
 
Posts: 22
Joined: March 23rd, 2008, 9:57 am

Re: HiJackthis report

Unread postby Shaba » August 3rd, 2008, 10:39 am

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\WINDOWS\SYSTEM32\hridycyj.dll
C:\WINDOWS\SYSTEM32\xfphyl.dll
C:\WINDOWS\SYSTEM32\ogsyepmu.dll
C:\WINDOWS\SYSTEM32\gbhfkhqv.dll
C:\WINDOWS\SYSTEM32\njdqto.dll
C:\WINDOWS\SYSTEM32\kvxkngfk.dll
C:\WINDOWS\SYSTEM32\pfnbpjcu.dll
C:\WINDOWS\SYSTEM32\drivers\bf195277.sys
C:\WINDOWS\SYSTEM32\jwyijg.dll
C:\WINDOWS\SYSTEM32\clmhavdf.dll
C:\WINDOWS\SYSTEM32\ujotfvov.dll
C:\WINDOWS\SYSTEM32\gnhwcewr.dll
C:\WINDOWS\SYSTEM32\ayyfjwoe.dll
C:\WINDOWS\SYSTEM32\eowjfyya.ini
C:\WINDOWS\SYSTEM32\wqqduaog.tmp
C:\WINDOWS\SYSTEM32\rrlnegho.dll
C:\WINDOWS\SYSTEM32\nuupik.dll
C:\WINDOWS\SYSTEM32\lwqidsul.dll
C:\WINDOWS\SYSTEM32\yfsffjjh.dll
C:\WINDOWS\SYSTEM32\qqmykx.dll
C:\WINDOWS\SYSTEM32\iifgEwxX.dll
C:\WINDOWS\System32\eyalul.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7edbef6e-42b5-47fa-9ae3-0fbb744398bd}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b15cb86e-0363-4771-bd36-083cf414674c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"04ddc144"=-
"BM07eef2d8"=-


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJackthis report

Unread postby vasa129 » August 3rd, 2008, 6:39 pm

ok, I re-ran the combofix, I tried to save the report to my desktop... for some reason I can't find it though. Is there a way I can pull it backup?

Here is the hijack this log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:15 PM, on 8/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\lxctcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\vasa129.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/oneclickfix/tgctlsr.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.phgenit.com/plugin/awarewebp ... wswaxf.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://playgames.comcast.net/online2/pi ... 0.0.32.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://playgames.comcast.net/online2/go ... dfever.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O20 - AppInit_DLLs: eyalul.dll
O23 - Service: lxct_device - - C:\WINDOWS\System32\lxctcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6240 bytes
vasa129
Regular Member
 
Posts: 22
Joined: March 23rd, 2008, 9:57 am

Re: HiJackthis report

Unread postby Shaba » August 4th, 2008, 1:33 am

Report is located in C:\ComboFix.txt; you should be able to find it from that location :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJackthis report

Unread postby vasa129 » August 4th, 2008, 6:13 pm

ok... I found it!!! Thanks! :)

ComboFix 08-08-02.01 - Owner 2008-08-03 17:31:26.3 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\SYSTEM32\ayyfjwoe.dll
C:\WINDOWS\SYSTEM32\clmhavdf.dll
C:\WINDOWS\SYSTEM32\drivers\bf195277.sys
C:\WINDOWS\SYSTEM32\eowjfyya.ini
C:\WINDOWS\System32\eyalul.dll
C:\WINDOWS\SYSTEM32\gbhfkhqv.dll
C:\WINDOWS\SYSTEM32\gnhwcewr.dll
C:\WINDOWS\SYSTEM32\hridycyj.dll
C:\WINDOWS\SYSTEM32\iifgEwxX.dll
C:\WINDOWS\SYSTEM32\jwyijg.dll
C:\WINDOWS\SYSTEM32\kvxkngfk.dll
C:\WINDOWS\SYSTEM32\lwqidsul.dll
C:\WINDOWS\SYSTEM32\njdqto.dll
C:\WINDOWS\SYSTEM32\nuupik.dll
C:\WINDOWS\SYSTEM32\ogsyepmu.dll
C:\WINDOWS\SYSTEM32\pfnbpjcu.dll
C:\WINDOWS\SYSTEM32\qqmykx.dll
C:\WINDOWS\SYSTEM32\rrlnegho.dll
C:\WINDOWS\SYSTEM32\ujotfvov.dll
C:\WINDOWS\SYSTEM32\wqqduaog.tmp
C:\WINDOWS\SYSTEM32\xfphyl.dll
C:\WINDOWS\SYSTEM32\yfsffjjh.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM07eef2d8.txt
C:\WINDOWS\BM07eef2d8.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\ayyfjwoe.dll
C:\WINDOWS\system32\bcpntyai.ini
C:\WINDOWS\SYSTEM32\clmhavdf.dll
C:\WINDOWS\SYSTEM32\drivers\bf195277.sys
C:\WINDOWS\SYSTEM32\eowjfyya.ini
C:\WINDOWS\System32\eyalul.dll
C:\WINDOWS\SYSTEM32\gbhfkhqv.dll
C:\WINDOWS\SYSTEM32\gnhwcewr.dll
C:\WINDOWS\SYSTEM32\iifgEwxX.dll
C:\WINDOWS\SYSTEM32\jwyijg.dll
C:\WINDOWS\system32\jycydirh.ini
C:\WINDOWS\SYSTEM32\kvxkngfk.dll
C:\WINDOWS\SYSTEM32\lwqidsul.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\njdqto.dll
C:\WINDOWS\SYSTEM32\nuupik.dll
C:\WINDOWS\SYSTEM32\ogsyepmu.dll
C:\WINDOWS\SYSTEM32\pfnbpjcu.dll
C:\WINDOWS\SYSTEM32\qqmykx.dll
C:\WINDOWS\SYSTEM32\rrlnegho.dll
C:\WINDOWS\SYSTEM32\ujotfvov.dll
C:\WINDOWS\SYSTEM32\wqqduaog.tmp
C:\WINDOWS\SYSTEM32\xfphyl.dll
C:\WINDOWS\SYSTEM32\XxwEgfii.ini
C:\WINDOWS\SYSTEM32\XxwEgfii.ini2
C:\WINDOWS\SYSTEM32\yfsffjjh.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_bf195277


((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-03 09:52 . 2008-08-03 09:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-03 09:52 . 2008-08-03 09:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-03 08:45 . 2008-08-03 08:45 114,176 --a------ C:\WINDOWS\SYSTEM32\wthnrogl.dll
2008-08-03 08:45 . 2008-08-03 08:45 91,648 --a------ C:\WINDOWS\SYSTEM32\iwvxkcml.dll
2008-08-03 08:45 . 2008-08-03 08:45 83,456 --a------ C:\WINDOWS\SYSTEM32\iaytnpcb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 22:05 --------- d-----w C:\Program Files\Lx_cats
2008-08-03 12:50 --------- d---a-w C:\Program Files\Encarta Online
2008-07-31 00:09 318 ----a-w C:\delete.bat
2008-06-22 23:27 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-06-22 23:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-19 13:01 --------- d-----w C:\Program Files\McAfee
2008-06-18 11:21 --------- d-----w C:\Program Files\Common Files\McAfee
2008-03-22 22:20 64,512 ----a-w C:\Documents and Settings\All Users\Application Data\jmjczmzg.dll
2001-07-22 02:45 94,784 --sh--w C:\WINDOWS\twain.dll
2001-08-18 05:36 46,592 --sh--w C:\WINDOWS\twain_32.dll
2001-08-18 05:36 995,383 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll
2001-08-18 05:36 50,688 --sha-w C:\WINDOWS\SYSTEM32\msvcirt.dll
2002-08-29 10:41 401,462 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2002-08-29 10:41 323,072 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll
2001-08-18 05:36 9,728 --sha-w C:\WINDOWS\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot_2008-08-03_ 8.37.12.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-03 12:27:27 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat
+ 2008-08-03 21:59:57 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat
- 2008-08-03 12:27:27 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-03 21:59:57 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-03 12:27:27 65,536 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-03 21:59:57 65,536 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-15 20:25 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 12:04 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 17:56 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-06-15 18:34 212992]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 20:25 143360]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 19:36 90112]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2001-07-03 17:13 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-03 20:35 98304]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 09:36 299008]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-01-11 13:57 291760]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 22:30 294912]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 02:05 98304]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 11:09 106496]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoPlay.exe [2001-08-27 16:52:06 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eyalul.dll

.
Contents of the 'Scheduled Tasks' folder

2006-12-20 C:\WINDOWS\Tasks\ISP signup reminder 1.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]

2006-12-20 C:\WINDOWS\Tasks\ISP signup reminder 3.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]

2008-06-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2006-12-20 C:\WINDOWS\Tasks\Registration reminder 1.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]

2006-12-20 C:\WINDOWS\Tasks\Registration reminder 2.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]

2006-12-20 C:\WINDOWS\Tasks\Registration reminder 3.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 18:02:38
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\lxctcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-08-03 18:11:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-03 22:11:13
ComboFix2.txt 2008-08-03 12:38:27
ComboFix3.txt 2008-03-29 21:53:05

Pre-Run: 25,774,145,536 bytes free
Post-Run: 25,763,917,824 bytes free

173 --- E O F --- 2008-04-03 01:13:26
vasa129
Regular Member
 
Posts: 22
Joined: March 23rd, 2008, 9:57 am

Re: HiJackthis report

Unread postby Shaba » August 5th, 2008, 1:13 am

Still some bad files left.

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
C:\WINDOWS\SYSTEM32\wthnrogl.dll
C:\WINDOWS\SYSTEM32\iwvxkcml.dll
C:\WINDOWS\SYSTEM32\iaytnpcb.dll
C:\Documents and Settings\All Users\Application Data\jmjczmzg.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJackthis report

Unread postby vasa129 » August 5th, 2008, 8:35 pm

Ok, here is the combofix report

ComboFix 08-08-02.01 - Owner 2008-08-05 20:04:33.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.71 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Application Data\jmjczmzg.dll
C:\WINDOWS\SYSTEM32\iaytnpcb.dll
C:\WINDOWS\SYSTEM32\iwvxkcml.dll
C:\WINDOWS\SYSTEM32\wthnrogl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\jmjczmzg.dll
C:\WINDOWS\SYSTEM32\iaytnpcb.dll
C:\WINDOWS\SYSTEM32\iwvxkcml.dll
C:\WINDOWS\SYSTEM32\wthnrogl.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.

2008-08-05 19:59 . 2008-08-05 19:59 <DIR> d-------- C:\WINDOWS\LastGood

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 23:58 --------- d-----w C:\Program Files\McAfee
2008-08-05 23:46 --------- d-----w C:\Program Files\Lx_cats
2008-08-03 12:50 --------- d---a-w C:\Program Files\Encarta Online
2008-07-31 00:09 318 ----a-w C:\delete.bat
2008-06-22 23:27 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-06-22 23:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 11:21 --------- d-----w C:\Program Files\Common Files\McAfee
2001-07-22 02:45 94,784 --sh--w C:\WINDOWS\twain.dll
2001-08-18 05:36 46,592 --sh--w C:\WINDOWS\twain_32.dll
2001-08-18 05:36 995,383 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll
2001-08-18 05:36 50,688 --sha-w C:\WINDOWS\SYSTEM32\msvcirt.dll
2002-08-29 10:41 401,462 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2002-08-29 10:41 323,072 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll
2001-08-18 05:36 9,728 --sha-w C:\WINDOWS\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot_2008-08-03_ 8.37.12.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-03 12:07:02 143,360 ----a-w C:\WINDOWS\LastGood\System32\dunzip32.dll
+ 2002-08-29 10:41:10 17,408 ----a-w C:\WINDOWS\LastGood\System32\psapi.dll
- 2008-08-03 12:27:27 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat
+ 2008-08-05 23:49:38 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat
- 2008-08-03 12:27:27 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-05 23:49:38 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-03 12:27:27 65,536 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-05 23:49:38 65,536 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-15 20:25 28739]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 12:04 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 17:56 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-06-15 18:34 212992]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 20:25 143360]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 19:36 90112]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2001-07-03 17:13 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-03 20:35 98304]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 09:36 299008]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-01-11 13:57 291760]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 22:30 294912]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 02:05 98304]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 11:09 106496]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoPlay.exe [2001-08-27 16:52:06 36864]

S2 0003041217980824mcinstcleanup;McAfee Application Installer Cleanup (0003041217980824);C:\WINDOWS\TEMP\000304~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2006-12-20 C:\WINDOWS\Tasks\ISP signup reminder 1.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]

2006-12-20 C:\WINDOWS\Tasks\ISP signup reminder 3.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]

2008-06-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2006-12-20 C:\WINDOWS\Tasks\Registration reminder 1.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]

2006-12-20 C:\WINDOWS\Tasks\Registration reminder 2.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]

2006-12-20 C:\WINDOWS\Tasks\Registration reminder 3.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2002-08-29 06:41]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 20:10:43
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-05 20:16:12
ComboFix-quarantined-files.txt 2008-08-06 00:16:08
ComboFix2.txt 2008-08-03 22:11:26
ComboFix3.txt 2008-08-03 12:38:27
ComboFix4.txt 2008-03-29 21:53:05

Pre-Run: 25,740,619,776 bytes free
Post-Run: 25,748,824,064 bytes free

113 --- E O F --- 2008-04-03 01:13:26


and here is the hijackthis report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:54 PM, on 8/5/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\lxctcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\vasa129.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/oneclickfix/tgctlsr.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.phgenit.com/plugin/awarewebp ... wswaxf.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://playgames.comcast.net/online2/pi ... 0.0.32.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://playgames.comcast.net/online2/go ... dfever.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: McAfee Application Installer Cleanup (0003041217980824) (0003041217980824mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\000304~1.EXE (file missing)
O23 - Service: lxct_device - - C:\WINDOWS\System32\lxctcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6379 bytes
vasa129
Regular Member
 
Posts: 22
Joined: March 23rd, 2008, 9:57 am

Re: HiJackthis report

Unread postby Shaba » August 6th, 2008, 9:03 am

Please make sure that all programs are closed when installing Java.

  1. Click here to visit Java's website.
  2. Scroll down to Java Runtime Environment (JRE) 6 Update 7. Click on Download.
  3. Select Windows from the drop-down list for Platform.
  4. Select Multi-language from the drop-down list for Language.
  5. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  6. Click on jre-6u7-windows-i586-p.exe link to download it and save this to a convenient location.
  7. Double click on jre-6u7-windows-i586-p.exe to install Java.
  8. After the Java installation has finished, please go to Kaspersky website and perform an online antivirus scan.
  9. Read through the requirements and privacy statement and click on Accept button.
  10. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  11. When the downloads have finished, click on Settings.
  12. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  13. Click on My Computer under Scan.
  14. Once the scan is complete, it will display the results. Click on View Scan Report.
  15. You will see a list of infected items there. Click on Save Report As....
  16. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  17. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: HiJackthis report

Unread postby vasa129 » August 7th, 2008, 4:42 pm

Ok, I'm having some issues with this... since I ran combofix I've been having issues logging on to websites. When I try to log onto this site, I put in my user & password, everything looks ok but a few seconds later a window pops up at the bottom in my toolbar section and it kicks me back to the log in page.

Also, I downloaded Java. I've tried 3 times to run the scan from the Kaspersky site but for some reason when it gets around 40 - 60% complete the same window pops up in the toolbar section and the window running the scan closes on it's own

Hope this makes sense
vasa129
Regular Member
 
Posts: 22
Joined: March 23rd, 2008, 9:57 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 312 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware