Strange XP
-
Strange XP
hi, Turned on computer the other day and all had changed. No log on screen, very slow, put dvd in drive have to click on no auto start, screen freezes, all seems to have changed. Log to follow.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:01 PM, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Terminator\Quick TV\Scheduled.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Documents and Settings\David\Local Settings\temp\Toolkit.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SpamMATTERS Outlook Express Client\expressAI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.riverland.net.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.riverland.net.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.riverland.net.au/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Quick TV Agent] C:\Program Files\Terminator\Quick TV\Scheduled.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ToolKit] "C:\Program Files\SeagateToolkit\Toolkit.exe" -L -S /silent
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [SpamMATTERS Outlook Express Interface] C:\Program Files\SpamMATTERS Outlook Express Client\expressAI.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken 2004\BILLMIND.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken 2004\QWDLLS.EXE
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.geocities.com/TelevisionC...er/bigback.jpg
--
End of file - 9577 bytes
--------------------------------------------------------------------------------
The license associated with the Belarc Advisor product allows for free personal use only. Use on multiple computers in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your computer by the Belarc Advisor. Your computer profile was not sent to a web server. Click here for more info.
--------------------------------------------------------------------------------
About Belarc
System Management Products
Your Privacy
In page Links:
Installed Hotfixes
Software Licenses
Software Versions
System Security Status CIS Benchmark Score
Available only for Windows 2000, XP Pro, and 2003
Virus Protection
Up-to-date
Microsoft Security Updates
Status unknown
† Advisor security definitions are out of date. Click here for the latest definitions.
--------------------------------------------------------------------------------
Computer Profile Summary
Computer Name: David-cbd8a45b7 (in MSHOME)
Profile Date: Thursday, 20 March 2008 1:36:38 PM
Advisor Version: 7.2t
Windows Logon: David
Click here for Belarc's System Management products, for large and small companies.
Operating System System Model
Windows XP Home Edition Service Pack 2 (build 2600) System Serial Number: 12 4
Enclosure Type: Desktop
Processor a Main Circuit Board b
3.20 gigahertz Intel Pentium 4
16 kilobyte primary memory cache
1024 kilobyte secondary memory cache Board: AOpen i915Gm-I 918EM10I10
Serial Number: I0400061JEB1
Bus Clock: 200 megahertz
BIOS: Phoenix/Award Technologies, LTD 6.00 PG 06/23/2004
Drives Memory Modules c,d
280.06 Gigabytes Usable Hard Drive Capacity
212.02 Gigabytes Hard Drive Free Space
PIONEER DVD-RW DVR-112 [CD-ROM drive]
3.5" format removeable media [Floppy drive]
Generic IC1210 CF USB Device [Hard drive] -- drive 1
Generic IC1210 MS USB Device [Hard drive] -- drive 2
Generic IC1210 SM USB Device [Hard drive] -- drive 4
Generic IC1210 MMC/SD USB Device [Hard drive] -- drive 3
Maxtor 3200 USB Device [Hard drive] (160.04 GB) -- drive 5
ST3120827AS [Hard drive] (120.03 GB) -- drive 0, s/n 4MS0F9YQ, rev 3.42, SMART Status: Healthy 512 Megabytes Installed Memory
Slot 'A0' has 512 MB
Slot 'A2' is Empty
Slot 'A4' is Empty
Slot 'A3' is Empty
Local Drive Volumes
c: (NTFS on drive 0) 120.02 GB 64.29 GB free
j: (NTFS on drive 5) 160.04 GB 147.73 GB free
Network Drives
None detected
Users (mouse over user name for details) Printers
local user accounts last logon
David 20/03/2008 10:37:43 AM (admin)
local system accounts
Administrator never (admin)
ASPNET never
Guest never
HelpAssistant never
SUPPORT_388945a0 never
Marks a disabled account; Marks a locked account Adobe PDF Converter on My Documents\*.pdf
Canon PIXMA iP5000 on USB001
Canon PIXMA iP5000 on LPT1:
Controllers Display
Standard floppy disk controller
Intel(R) 82801FB Ultra ATA Storage Controllers - 2651
Primary IDE Channel [Controller]
Secondary IDE Channel [Controller] RADEON X300 Series [Display adapter]
RADEON X300 Series Secondary [Display adapter]
ACR Acer AL1912 [Monitor] (18.8"vis, s/n ETL2302041, April 2005)
Bus Adapters Multimedia
Intel(R) 82801FB/FBM USB Universal Host Controller - 2658
Intel(R) 82801FB/FBM USB Universal Host Controller - 2659
Intel(R) 82801FB/FBM USB Universal Host Controller - 265A
Intel(R) 82801FB/FBM USB Universal Host Controller - 265B
Intel(R) 82801FB/FBM USB2 Enhanced Host Controller - 265C MPU-401 Compatible MIDI Device
Philips TV7131 WDM Video Capture
Realtek High Definition Audio
Standard Game Port
Communications Other Devices
SoftV92 Data Fax Modem
Intel(R) PRO/100 VE Network Connection
primary Auto IP Address: 192.168.2.2 / 24
Gateway: 192.168.2.1
Dhcp Server: 192.168.2.1
Physical Address: 00:01:80:57
9:BA
Networking Dns Server: 192.168.2.1
CanoScan LiDE 25
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Microsoft PS/2 Port Mouse (IntelliPoint)
USB Mass Storage Device (2x)
USB Root Hub (5x)
Virus Protection [Back to Top]
Norton 360 Version 2007
Realtime File Scanning On
Missing Microsoft Security Hotfixes [Back to Top]
All required security hotfixes (using the 10/09/2007 Microsoft Security Bulletin Summary) have been installed.
Installed Microsoft Hotfixes [Back to Top]
.NET Framework 2.0
KB917283 on 12/07/2007 (details...)
KB922770 on 12/07/2007 (details...)
KB928365 on 12/07/2007 (details...)
.NETFramework
1.1
S867460 on 3/05/2007 (details...)
M928366 on 7/12/2007 (details...)
Microsoft .NET Framework 2.0
KB917283 on 7/12/2007 (details...)
KB922770 on 7/12/2007 (details...)
KB928365 on 7/12/2007 (details...)
MSXML4SP2
KB927978 on 22/11/2006 (details...)
KB936181 on 16/08/2007 (details...)
MSXML6
KB933579 on 16/08/2007 (details...)
Windows Media Player 10
KB911565 (details...)
KB917734_WMP10 (details...)
KB936782_WMP10 (details...)
SP0
KB911565 on 19/02/2006 (details...)
KB917734_WMP10 on 18/06/2006 (details...)
SP2
KB936782_WMP10 on 16/08/2007 (details...)
Windows Media Player 6.4
KB925398_WMP64 (details...)
SP0
KB925398_WMP64 on 14/12/2006 (details...)
Windows Media Player
SP0
KB911564 on 19/02/2006 (details...)
Windows XP OOB
SP10
KB835221WXP on 17/06/2005 (details...)
Windows XP
KB923689 (details...)
KB941569 (details...)
SP0
KB923689 on 15/12/2006 (details...)
KB938127-IE7 on 8/11/2007 (details...)
KB939653-IE7 on 7/11/2007 (details...)
KB941569 on 16/12/2007 (details...)
KB942615-IE7 on 13/12/2007 (details...)
KB944533-IE7 on 18/02/2008 (details...)
SP3
KB873333 on 17/06/2005 (details...)
KB873339 on 17/06/2005 (details...)
KB883939 on 17/06/2005 (details...)
KB885250 on 17/06/2005 (details...)
KB885835 on 17/06/2005 (details...)
KB885836 on 17/06/2005 (details...)
KB886185 on 17/06/2005 (details...)
KB887472 on 17/06/2005 (details...)
KB887742 on 17/06/2005 (details...)
KB887797 on 19/06/2005 (details...)
KB888113 on 17/06/2005 (details...)
KB888302 on 17/06/2005 (details...)
KB890046 on 17/06/2005 (details...)
KB890175 on 17/06/2005 (details...)
KB890859 on 17/06/2005 (details...)
KB891781 on 17/06/2005 (details...)
KB893066 on 17/06/2005 (details...)
KB893086 on 17/06/2005 (details...)
KB893756 on 12/08/2005 (details...)
KB893803V2 on 17/06/2005 (details...)
KB894391 on 12/08/2005 (details...)
KB896358 on 17/06/2005 (details...)
KB896422 on 17/06/2005 (details...)
KB896423 on 12/08/2005 (details...)
KB896424 on 9/11/2005 (details...)
KB896428 on 17/06/2005 (details...)
KB896688 on 20/10/2005 (details...)
KB896727 on 14/08/2005 (details...)
KB898461 on 1/07/2005 (details...)
KB899587 on 12/08/2005 (details...)
KB899588 on 14/08/2005 (details...)
KB899591 on 14/08/2005 (details...)
KB900485 on 26/04/2006 (details...)
KB900725 on 20/10/2005 (details...)
KB901017 on 20/10/2005 (details...)
KB901190 on 17/06/2007 (details...)
KB901214 on 14/07/2005 (details...)
KB902400 on 20/10/2005 (details...)
KB903235 on 14/07/2005 (details...)
KB904706 on 20/10/2005 (details...)
KB904942 on 3/01/2007 (details...)
KB905414 on 20/10/2005 (details...)
KB905749 on 20/10/2005 (details...)
KB905915 on 18/12/2005 (details...)
KB908519 on 11/01/2006 (details...)
KB908531 on 13/04/2006 (details...)
Windows XP
SP3 (continued)
KB910437 on 18/12/2005 (details...)
KB911280 on 28/06/2006 (details...)
KB911562 on 12/04/2006 (details...)
KB911567 on 12/04/2006 (details...)
KB911927 on 19/02/2006 (details...)
KB912812 on 14/04/2006 (details...)
KB912919 on 6/01/2006 (details...)
KB913446 on 19/02/2006 (details...)
KB913580 on 10/05/2006 (details...)
KB914388 on 14/07/2006 (details...)
KB914389 on 17/06/2006 (details...)
KB914440 on 3/01/2007 (details...)
KB915865 on 3/01/2007 (details...)
KB916281 on 18/06/2006 (details...)
KB916595 on 14/07/2006 (details...)
KB917159 on 14/07/2006 (details...)
KB917344 on 16/06/2006 (details...)
KB917422 on 17/08/2006 (details...)
KB917953 on 16/06/2006 (details...)
KB918118 on 17/02/2007 (details...)
KB918439 on 17/06/2006 (details...)
KB918899 on 17/08/2006 (details...)
KB919007 on 14/09/2006 (details...)
KB920213 on 19/11/2006 (details...)
KB920214 on 17/08/2006 (details...)
KB920670 on 17/08/2006 (details...)
KB920683 on 17/08/2006 (details...)
KB920685 on 14/09/2006 (details...)
KB920872 on 14/09/2006 (details...)
KB921398 on 17/08/2006 (details...)
KB921503 on 16/08/2007 (details...)
KB921883 on 13/08/2006 (details...)
KB922582 on 14/09/2006 (details...)
KB922616 on 17/08/2006 (details...)
KB922760 on 19/11/2006 (details...)
KB922819 on 11/10/2006 (details...)
KB923191 on 11/10/2006 (details...)
KB923414 on 11/10/2006 (details...)
KB923694 on 14/12/2006 (details...)
KB923980 on 19/11/2006 (details...)
KB924191 on 11/10/2006 (details...)
KB924270 on 19/11/2006 (details...)
KB924496 on 11/10/2006 (details...)
KB924667 on 17/02/2007 (details...)
KB925454 on 3/01/2007 (details...)
KB925486 on 27/09/2006 (details...)
KB925902 on 5/04/2007 (details...)
KB926255 on 14/12/2006 (details...)
KB926436 on 17/02/2007 (details...)
KB927779 on 17/02/2007 (details...)
KB927802 on 17/02/2007 (details...)
KB927891 on 27/05/2007 (details...)
KB928090 on 17/02/2007 (details...)
KB928255 on 17/02/2007 (details...)
KB928843 on 17/02/2007 (details...)
KB929120 on 15/12/2006 (details...)
KB929123 on 15/06/2007 (details...)
KB929338 on 16/03/2007 (details...)
KB929969 on 29/01/2007 (details...)
KB930178 on 11/04/2007 (details...)
KB930916 on 9/05/2007 (details...)
KB931261 on 11/04/2007 (details...)
KB931768 on 9/05/2007 (details...)
KB931784 on 11/04/2007 (details...)
KB931836 on 17/02/2007 (details...)
KB932168 on 11/04/2007 (details...)
KB933360 on 29/08/2007 (details...)
KB933566 on 16/06/2007 (details...)
KB933729 on 10/10/2007 (details...)
KB935839 on 15/06/2007 (details...)
KB935840 on 15/06/2007 (details...)
KB936021 on 16/08/2007 (details...)
KB936357 on 12/07/2007 (details...)
KB937143 on 16/08/2007 (details...)
KB938127 on 16/08/2007 (details...)
KB938828 on 16/08/2007 (details...)
KB938829 on 16/08/2007 (details...)
KB939653 on 11/10/2007 (details...)
KB941202 on 10/10/2007 (details...)
KB941568 on 13/12/2007 (details...)
KB941644 on 9/01/2008 (details...)
KB942763 on 13/12/2007 (details...)
KB943055 on 14/02/2008 (details...)
KB943460 on 18/11/2007 (details...)
KB943485 on 13/01/2008 (details...)
KB944653 on 13/12/2007 (details...)
KB946026 on 14/02/2008 (details...)
Windows
SP1
IDNMITIGATIONAPIS on 3/01/2007 (Microsoft Internationalized Domain Names Mitigation APIs)
NLSDOWNLEVELMAPPING on 3/01/2007 (Microsoft National Language Support Downlevel APIs)
Click here to see all available Microsoft security hotfixes for this computer.
Marks a security hotfix (using the 10/09/2007 Microsoft Security Bulletin Summary)
Marks a security hotFix that fails verification (a security vulnerability)
Marks a hotfix that verifies correctly
Marks a hotfix that fails verification (note that failing hotfixes need to be reinstalled)
Unmarked hotfixes lack the data to allow verification
Click here for Belarc's System Management products, for large and small companies.
Software Licenses [Back to Top]
Adobe Systems - Adobe Acrobat 6.0.1 Standard 1016-1303-2131-3309-5798-5000
Ahead - InCD 1A22-0206-0530-1610-5715-1441
Ahead - Nero - Burning Rom 1A22-0206-0530-1610-5715-1441
Ahead - Nero Fast CD-Burning Plug-in 1A22-0206-0530-1610-5715-1441
Ahead - NeroMediaPlayer 1A22-0206-0530-1610-5715-1441
Ahead - NeroVision 1A22-0206-0530-1610-5715-1441
Belarc - Advisor b6ed8e12
Microsoft - Digital Image 2006 Suite Edition Editor 76922-404-3929032-04373 (Key: R2D43-3DHG9-DQ79W-W3DXQ-929DY)
Microsoft - Digital Image 2006 Suite Edition Library 76922-517-3936795-04009
Microsoft - Internet Explorer 92318-600-0060017-37532
Microsoft - Office 2000 Premium 50106-707-9999992-02379
Microsoft - WebFldrs XP 12345-111-1111111-18223
Microsoft - Windows XP Home Edition 76477-OEM-0060017-37532 (Key: P2KQ6-FFQFG-KF3RK-26M3K-PT2DM)e
ScanSoft - OmniPageSE2.0 2809Z-H08-001002
Symantec - AppCore 1
Symantec - AV 1
Symantec - Bonus 1
Symantec - CIB 1
Symantec - GearDrvs 1
Symantec - Norton 360 1
Symantec - Norton AntiSpam 1
Symantec - Real Time Storage Protection Component 1
Symantec - SuppSoft 1
Symantec - SymNet 1
Symantec - Technical Support Controls 1
Software Versions (mouse over * for details, click * for location) [Back to Top]
AcroTray - Adobe Acrobat Distiller helper application. Version 6.0.1.2003102300 *
Adobe Acrobat Version 6.0.3.2004113000 *
Adobe Acrobat Version 7.0.0.0 *
Adobe Reader Version 7.0.0.0 *
Adobe Systems Incorporated. - Acrobat Distiller for Windows Version 6.0.1.2003102300 *
Ahead software - NeroMediaPlayer Version 1, 4, 0, 24 *
Ahead Software AG - Cover Designer Version 2, 3, 0, 16 *
Ahead Software AG - InfoTool Application Version 2, 2, 7, 0 *
Ahead Software AG - Nero BackItUp Restore Version 1, 2, 0, 32 *
Ahead Software AG - Nero BackItUp Scheduler Version 1, 2, 0, 32 *
Ahead Software AG - Nero BackItUp Version 1, 2, 0, 32 *
Ahead Software AG - Nero Burning ROM Version 6, 6, 0, 2 *
Ahead Software AG - Nero CD - DVD Speed Version 3, 5, 0, 0 *
Ahead Software AG - Nero DriveSpeed Version 2, 0, 4, 0 *
Ahead Software AG - Nero Recode 2 Version 2, 1, 1, 25 *
Ahead software AG - Nero ShowTime Version 2, 0, 0, 18 *
Ahead Software AG - Nero StartSmart Version 2, 0, 0, 3 *
Ahead Software AG - Nero Wave Editor DLL Version 2, 0, 0, 42 *
Ahead Software AG - NeroVision Version 3,0,1,18 *
Ahead Software AG InCD Version 4, 3, 7, 3 *
Ahead Software AG incdsrv Version 4, 3, 7, 3 *
Ahead Software Gmbh NeroCheck Version 1, 0, 0, 2 *
Alexander Roshal - WinRAR archiver Version 3.51.0.0 *
All My Movies *
Apple Computer, Inc. - QuickTime QuickTime 6.4 *
ArcSoft, Inc. - PhotoStudio Version 5.5.0.62 *
Asian Pacific Advisory Group - AutoProfitTest Version 7.0.0.0 *
Asian Pacific Advisory Group - DBSetup Version 1.0.0.0 *
Asian Pacific Advisory Group - Integra Pro Version 7.0.1.0 *
ATI Desktop Component Version 6.14.10.5140 *
ATI External Event Utility for WindowsNT and Windows9X Version 6.14.10.4112.02 *
ATI Smart Version 5.13.0023 *
ATI Technologies Inc. HydraVision Control Panel Version 3.25.0006 *
ATI Technologies Inc. HydraVision Setup Wizard Version 3.25.0006 *
Belarc, Inc. - Advisor Version 7.2t *
Canon BJ Raster Printer Driver Installer Version 1.80.2.9 *
CANON INC. - BJEZPRN.EXE Version 3, 0, 0, 0 *
CANON INC. - BJPSMAIN.EXE Version 1, 1, 0, 0 *
CANON INC. - BJPSUNST.EXE Version 1, 0, 0, 0 *
CANON INC. - CanoScan Toolbox Application Version 4.9.3.1 *
CANON INC. - ScanGear Starter Version 1.1.1.1 *
Canon Information Systems Research Australia Pty Ltd. - PhotoRecord Version 2, 2, 0, 13 *
Cinematronics - 3D Pinball Version 5.1.2600.2180 *
Core FTP Version 1, 3, 4, 0 *
Download Driver *
DVD Shrink Version 3.2.0.15 *
Electronic Arts - EasyInfo 2 Version 2,0,2,5 *
Electronic Arts Inc. - EReg Version 1, 0, 0, 59 *
Fengtao Software Inc. - DVD Region-Free - Watch and copy CSS encrypted DVDs from any region! Version 5, 9, 8, 85 *
Google Earth Version 4.0.2737.0 *
Guide *
InstallDriver Module Version 7.04 *
InstallShield unInstaller Version 2.20.917.0 *
Intuit - Quicken 2004 for Windows Version 009.000.000.000 *
Intuit - Quicken 2004 for Windows Version 010.000.000.000 *
Intuit - Quicken 99 for Windows Version 008.000.000.000 *
Kworld Computer Co., Ltd. - TV713X Remote Control for SAA713X Version 1, 2, 1, 0 * Kworld Computer Co., Ltd. - TV713X Uninstallation Application Version 1, 2, 0, 1 *
Lavasoft Ad-Aware SE SE 106 *
LIGHTNING UK! - DVD Decrypter Version 3.5.4.0 *
Manly MM - UBD on Disk Version 5.01 *
Medal of Honor Pacific Assault(tm) Setup by Electronic Arts, Inc. Version 1.0.0.1 *
Media Navigation,Inc/Monolith Corp. - CD-LabelPrint Version 1.0.2.0 *
Microsoft (r) Windows Script Host Version 5.6.0.8820 *
Microsoft Clip Gallery Version 5.1.00.1221 *
Microsoft Corporation - Import Picture Wizard Version 11.00.422.0 *
Microsoft Corporation - Internet Explorer Version 7.00.6000.16608 *
Microsoft Corporation - Messenger Version 4.7.3001 *
Microsoft Corporation - Windows Installer - Unicode Version 3.1.4000.1823 *
Microsoft Corporation - Windows Movie Maker Version 2.1.4026.0 *
Microsoft Corporation - Windows® NetMeeting® Version 3.01 *
Microsoft Corporation - Zone.com Version 1.2.626.1 *
Microsoft Data Access Components Version 3.525.1117.0 *
Microsoft Digital Image 2006 Editor Version 11.00.422.0 *
Microsoft Digital Image 2006 Library Version 11.00.422.0 *
Microsoft IntelliPoint Version 5.1 *
Microsoft IntelliType Pro / IntelliPoint Version 5.1 *
Microsoft IntelliType Pro Version 5.1 *
Microsoft Office 2000 Version 9.0.2719 *
Microsoft Outlook Version 9.0.2416 *
Microsoft Photo Story 3.1 Version 11.00.422.0 *
Microsoft PowerPoint for Windows Version 9.0.2716 *
Microsoft SQL Server Version 9.00.3042.00 *
Microsoft(R) Windows Media Player Version 10.00.00.3646 *
Microsoft® .NET Framework Version 2.0.50727.832 *
Microsoft® Access Version 9.0.2719 *
Microsoft® FrontPage® 2000 Version 4.0.2.2717 *
Microsoft® Internet Services Version 6.1.27.0 *
MindVision - Installer VISE 2.8.3 Version 2.8.3 *
ParetoLogic - Xoftspy Version 4, 33, 5259, 1 *
Photo Organizer *
Play Jewel Quest *
Primary Industries and Resources SA - IRES Version 2.05 *
PrintMaster *
Quick TV Agent Version 1.2.0.2 *
Quick TV Version 1.0.0.2 *
Realtek HD Sound Manager Version 1, 0, 0, 9 *
ScanSoft Inc. - Scanner Wizard Version 3.0.256.2 *
ScanSoft, Inc. - OmniPage SE Version 2.0 *
Seagate Pocket Drive toolkit Application Version 2, 2, 2, 0 *
SpamMATTERS - ExpressAI Version 3, 0, 12, 0 *
Sun Microsystems, Inc. - Java(TM) 2 Platform Standard Edition 5.0 U11 Version 5.0.110.3 *
Symantec Core Component Version 1.9.1.1088 *
Symantec Corporation - Firewall Component Version 1.2 *
Symantec Corporation - LiveUpdate Notice Version 1.4 *
Symantec Corporation - LiveUpdate Version 3.2.0.68 *
Symantec Corporation - Norton 360 Version 1.3 *
Symantec Security Technologies Version 106.3.5.1 *
TamaSoftware - Pepakura Viewer 2 Version 2, 1, 0, 0 *
The Learning Company - Reminder Application Version 8.0 *
Trend Micro Inc. - HijackThis Version 2.00.0002 *
UnderCoverXP Application Version 1, 7, 0, 0 *
Wizards to adjust .NET Framework security, assign trust to assemblies, and fix broken .NET applications. Version 1.0.5000.0 *
--------------------------------------------------------------------------------
* Click to see where software is installed.
a. Megahertz measurement may be inaccurate if other programs were busy during last analysis.
b. Data may be transferred on the bus at one, two, or four times the Bus Clock rate.
c. Memory slot contents may not add up to Installed Memory if some memory is not recognized by Windows.
d. Memory slot contents is reported by the motherboard BIOS. Contact system vendor if slot contents are wrong.
e. This may be the manufacturer's factory installed product key rather than yours.
Copyright 2000-7, Belarc, Inc. All rights reserved.
Legal notice. U.S. Patents 6085229, 5665951 and Patents pending.
--------------------------------------------------------------------------------
-
If you have previously downloaded ComboFix,please delete that version now.
Now download ComboFix and save to your desktop:
Note:
It is IMPORTANT that it is saved directly to your desktop
Close any open browsers.
Disconnect from the Internet.
Please do not re-connect your machine back to the Internet until Combofix has completely finished.
Disable your antivirus program and any realtime malware scanners now
How To Disable
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Re-enable your anti-virus and re-connect back to the internet and post the combofix log.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
ComboFix SHOULD NOT be used unless requested by a forum helper.
New hijackthis log please.
-
ComboFix 08-03-21.2 - David 2008-03-22 18:55:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.218 [GMT 10.5:30]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.
2008-03-11 16:43 . 2008-03-11 16:43 <DIR> d-------- C:\ceb0167f136b344c87ef9ce94d80ab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-22 07:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-21 08:52 --------- d-----w C:\Documents and Settings\David\Application Data\AdobeUM
2008-03-19 03:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-16 09:21 --------- d-----w C:\Program Files\XoftSpySE
2008-03-12 08:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-27 03:19 3,840 ----a-w C:\WINDOWS\system32\drivers\BANTExt.sys
2008-02-17 09:35 --------- d-----w C:\Program Files\Microsoft Digital Image 2006
.
((((((((((((((((((((((((((((( snapshot@2007-11-06_10.00.14.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-12 23:28:55 765,952 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2007-08-20 10:02:09 124,928 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
+ 2007-08-20 10:02:11 214,528 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
+ 2007-08-20 10:02:09 132,608 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
+ 2007-08-20 10:02:09 63,488 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
+ 2007-08-17 10:12:34 70,656 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
+ 2007-08-20 10:02:09 153,088 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
+ 2007-08-20 10:02:09 230,400 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
+ 2007-08-17 07:29:55 161,792 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
+ 2007-08-20 10:02:09 383,488 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
+ 2007-08-20 10:02:09 387,584 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
+ 2007-08-20 10:02:10 6,066,176 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
+ 2007-08-20 10:02:10 44,544 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
+ 2007-08-20 10:02:10 267,776 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
+ 2007-08-17 10:12:35 13,824 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
+ 2007-08-17 10:12:49 625,152 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
+ 2007-08-20 10:02:10 27,648 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
+ 2007-08-20 10:02:10 459,264 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
+ 2007-08-20 10:02:10 52,224 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
+ 2007-08-20 10:02:11 3,592,192 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
+ 2007-08-20 10:02:11 478,208 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
+ 2007-08-20 10:02:11 193,024 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
+ 2007-08-20 10:02:11 671,232 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
+ 2007-08-20 10:02:11 102,400 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
+ 2007-08-20 10:02:11 105,984 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
+ 2007-08-20 10:02:11 1,161,728 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
+ 2007-08-20 10:02:11 232,960 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
+ 2007-08-20 10:02:11 825,344 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-10-10 23:47:27 124,928 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
+ 2007-10-10 23:47:27 214,528 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
+ 2007-10-10 23:47:27 132,608 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
+ 2007-10-10 23:47:27 63,488 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
+ 2007-10-10 08:16:47 70,656 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
+ 2007-10-10 23:47:27 153,088 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
+ 2007-10-10 23:47:27 230,400 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
+ 2007-10-10 05:47:20 161,792 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
+ 2007-10-10 23:47:27 383,488 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
+ 2007-10-10 23:47:27 388,096 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
+ 2007-10-10 23:47:27 6,067,200 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
+ 2007-10-10 23:47:27 44,544 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
+ 2007-10-10 23:47:27 267,776 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
+ 2007-10-10 08:16:47 13,824 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
+ 2007-10-10 08:16:56 625,664 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
+ 2007-10-10 23:47:28 27,648 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
+ 2007-10-10 23:47:28 459,264 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
+ 2007-10-10 23:47:28 52,224 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
+ 2007-10-30 23:48:49 3,593,216 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
+ 2007-10-10 23:47:28 478,208 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
+ 2007-10-10 23:47:28 193,024 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
+ 2007-10-10 23:47:28 671,232 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
+ 2007-10-10 23:47:28 102,912 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
+ 2007-10-10 23:47:28 105,984 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
+ 2007-10-10 23:47:29 1,162,240 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
+ 2007-10-10 23:47:29 233,472 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
+ 2007-10-10 23:47:29 825,344 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-07 02:01:07 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\advpack.dll
+ 2007-12-19 22:57:52 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\dxtmsft.dll
+ 2007-12-07 02:01:07 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\dxtrans.dll
+ 2007-12-07 02:01:07 133,120 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\extmgr.dll
+ 2007-12-07 02:01:07 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\icardie.dll
+ 2007-12-06 08:34:28 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
+ 2007-12-07 02:01:08 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieakeng.dll
+ 2007-12-07 02:01:08 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieaksie.dll
+ 2007-12-06 05:00:02 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dat
+ 2007-12-07 02:01:08 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dll
+ 2007-12-07 02:01:08 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iedkcs32.dll
+ 2007-12-07 02:01:10 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieframe.dll
+ 2007-12-07 02:01:10 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iernonce.dll
+ 2007-12-07 02:01:11 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iertutil.dll
+ 2007-12-06 08:34:29 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
+ 2007-12-06 08:34:45 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
+ 2007-12-07 02:01:11 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\jsproxy.dll
+ 2007-12-07 02:01:11 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msfeeds.dll
+ 2007-12-07 02:01:11 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msfeedsbs.dll
+ 2007-12-07 02:01:12 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
+ 2007-12-07 02:01:12 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mshtmled.dll
+ 2007-12-07 02:01:13 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msrating.dll
+ 2007-12-07 02:01:13 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mstime.dll
+ 2007-12-07 02:01:13 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\occache.dll
+ 2008-01-11 05:57:26 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll
+ 2007-12-07 02:01:13 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\url.dll
+ 2007-12-07 02:01:13 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll
+ 2007-12-07 02:01:13 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\webcheck.dll
+ 2007-12-07 02:01:13 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst .exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi .dll
+ 2007-10-27 06:09:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst .exe
+ 2007-10-27 06:09:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi .dll
+ 2004-09-22 09:16:12 229,376 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst .exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi .dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst .exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi .dll
+ 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst .exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi .dll
+ 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst .exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi .dll
+ 2007-08-21 10:13:33 350,720 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst .exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi .dll
+ 2007-04-24 09:36:45 11,973 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst .exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi .dll
+ 2004-08-04 12:00:00 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst .exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi .dll
+ 2000-08-30 21:30:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2004-08-04 12:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 12:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-04 12:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2007-08-22 12:55:30 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 12:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 12:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-04 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 12:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-08-21 10:19:39 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 12:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2007-08-22 12:55:32 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 12:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 12:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 12:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 12:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2007-08-22 12:55:32 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2007-08-22 12:55:32 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 12:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 12:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2007-08-22 12:55:36 3,064,832 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2007-08-22 12:55:37 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2007-08-22 12:55:37 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2007-08-22 12:55:38 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2007-08-22 12:55:38 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 08:24:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 08:22:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 07:13:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 07:13:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-04 12:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2007-08-22 12:55:43 617,984 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-04 12:00:00 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 12:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2007-08-22 12:55:44 665,600 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 08:24:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 08:09:00 123,904 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
+ 2007-08-13 08:05:38 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
+ 2007-08-13 08:24:10 131,584 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
+ 2007-08-13 08:06:26 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
+ 2007-08-13 08:09:06 54,784 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
+ 2007-08-13 08:09:26 152,064 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
+ 2007-08-13 08:09:54 229,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
+ 2007-08-13 07:26:54 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
+ 2007-02-12 05:40:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dat
+ 2007-07-11 01:57:48 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
+ 2007-08-13 08:09:50 382,976 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
+ 2007-08-13 08:24:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
+ 2007-08-13 08:09:10 43,008 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
+ 2007-08-13 08:04:04 266,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
+ 2007-08-13 08:09:10 13,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
+ 2007-08-13 08:13:56 622,080 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
+ 2007-08-13 08:24:10 27,136 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
+ 2007-08-13 08:24:10 458,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
+ 2007-08-13 08:24:10 50,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
+ 2007-08-13 08:24:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
+ 2007-08-13 08:24:10 475,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
+ 2007-08-13 08:14:26 192,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
+ 2007-08-13 08:24:10 670,720 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
+ 2007-08-13 08:14:06 101,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
+ 2007-08-13 08:14:30 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
+ 2007-08-13 08:24:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
+ 2007-08-13 08:24:10 231,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
+ 2007-08-13 08:24:10 818,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
+ 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-17 10
21 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-20 05:04:42 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2007-10-10 23:55:51 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2007-08-13 08:05:46 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2007-10-10 23:55:51 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2007-10-10 23:55:51 132,608 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2007-10-10 23:55:51 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2007-10-10 10:59:40 70,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2007-10-10 23:55:51 153,088 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2007-10-10 23:55:51 230,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2007-10-10 23:55:52 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2007-10-10 23:55:52 384,512 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2007-10-10 23:55:54 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2007-10-10 23:55:55 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2007-10-10 23:55:55 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2007-10-10 10:59:52 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2007-10-10 23:55:56 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2007-10-10 23:55:56 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2007-10-10 23:55:56 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2007-10-30 23:42:28 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2007-10-10 23:55:58 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2007-10-10 23:55:58 193,024 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2007-10-10 23:55:59 671,232 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2007-10-10 23:55:59 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2007-08-13 08:06:12 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2007-10-10 23:55:59 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2007-10-10 23
00 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2007-10-10 2300 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2007-10-10 2300 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
- 2007-06-16 13:41:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-30 21:30:00 28,160 -c--a-w C:\WINDOWS\NirCmd.exe
+ 2004-08-04 12:00:00 73,376 -c--a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2004-08-04 12:00:00 25,264 -c--a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2004-08-04 12:00:00 28,160 -c--a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2004-08-04 12:00:00 3,360 -c--a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2004-08-04 12:00:00 4,048 -c--a-w C:\WINDOWS\system\TIMER.DRV
+ 2004-08-04 12:00:00 13,600 -c--a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system\WINSPOOL.DRV
- 2004-08-04 12:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 08:09:20 71,680 -c--a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-04 12:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-12-07 0245 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2004-08-04 12:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
- 2004-08-04 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 08:09:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2004-08-04 12:00:00 99,840 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-12-07 0245 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2004-08-04 12:00:00 36,992 -c--a-w C:\WINDOWS\system32\dllcache\amdk6.sys
+ 2004-08-04 12:00:00 37,376 -c--a-w C:\WINDOWS\system32\dllcache\amdk7.sys
+ 2004-08-04 12:00:00 60,800 -c--a-w C:\WINDOWS\system32\dllcache\arp1394.sys
+ 2004-08-04 12:00:00 30,208 -c--a-w C:\WINDOWS\system32\dllcache\bthserv.dll
+ 2004-08-04 12:00:00 262,528 -c--a-w C:\WINDOWS\system32\dllcache\cinemst2.sys
+ 2004-08-04 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\cpqdap01.sys
+ 2004-08-04 12:00:00 36,480 -c--a-w C:\WINDOWS\system32\dllcache\crusoe.sys
- 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 08:24:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2004-08-04 12:00:00 52,224 -c--a-w C:\WINDOWS\system32\dllcache\dmutil.dll
+ 2004-08-04 12:00:00 55,296 -c--a-w C:\WINDOWS\system32\dllcache\dvdplay.exe
- 2007-08-22 12:55:30 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-12-19 23:01:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-22 12:55:31 205,824 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-12-07 0245 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-22 12:55:31 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-12-07 0245 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00:00 193,024 -c--a-w C:\WINDOWS\system32\dllcache\fsquirt.exe
+ 2004-08-04 12:00:00 12,160 -c--a-w C:\WINDOWS\system32\dllcache\fsvga.sys
+ 2004-08-04 12:00:00 36,224 -c--a-w C:\WINDOWS\system32\dllcache\hidclass.sys
- 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 07:48:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-12-07 0245 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-12-07 0245 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-12-07 0245 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00:00 221,184 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2007-12-07 0245 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2004-08-04 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-12-07 0245 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-21 10:19:39 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 08:14:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-04 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 08:15:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-12-07 0246 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-22 12:55:32 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 08:24:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-04 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-12-07 0246 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-12-07 0246 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2004-08-04 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 08:09:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2004-08-04 12:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2004-08-04 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 08:06:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-08-22 12:55:32 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 08:09:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 08:08:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-08-22 12:55:32 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-12-07 0247 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 08:14:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2006-08-17 12:28:27 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2004-08-04 12:00:00 73,376 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2004-08-04 12:00:00 25,264 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2004-08-04 12:00:00 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2004-08-04 12:00:00 147,968 -c--a-w C:\WINDOWS\system32\dllcache\mdwmdmsp.dll
+ 2004-08-04 12:00:00 63,744 -c--a-w C:\WINDOWS\system32\dllcache\mf.sys
- 2004-08-04 12:00:00 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2007-12-07 0247 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2007-12-07 0247 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2004-08-04 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-13 08:02:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-08-22 12:55:36 3,064,832 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-12-08 0548 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-22 12:55:37 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-12-07 0247 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 07:31:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 08:24:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-08-22 12:55:37 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-12-07 0248 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-22 12:55:38 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 0248 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2004-08-04 12:00:00 61,824 -c--a-w C:\WINDOWS\system32\dllcache\nic1394.sys
+ 2004-08-04 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\nikedrv.sys
- 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-12-07 0248 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-05-17 11:28:05 549,376 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2004-08-04 12:00:00 3,456 -c--a-w C:\WINDOWS\system32\dllcache\oprghdlr.sys
+ 2004-08-04 12:00:00 42,496 -c--a-w C:\WINDOWS\system32\dllcache\p3.sys
+ 2004-08-04 12:00:00 157,696 -c--a-w C:\WINDOWS\system32\dllcache\paqsp.dll
+ 2004-08-04 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\pid.dll
- 2007-08-22 12:55:38 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-01-11 05:53:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\processr.sys
- 2005-08-30 03:54:26 1,287,168 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2004-08-03 13:31:16 196,864 -c--a-w C:\WINDOWS\system32\dllcache\rdpdr.sys
+ 2004-08-04 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\rio8drv.sys
+ 2004-08-04 12:00:00 12,032 -c--a-w C:\WINDOWS\system32\dllcache\riodrv.sys
+ 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\scsiport.sys
+ 2004-08-04 12:00:00 67,584 -c--a-w C:\WINDOWS\system32\dllcache\sdbus.sys
+ 2004-08-04 12:00:00 11,136 -c--a-w C:\WINDOWS\system32\dllcache\sffdisk.sys
+ 2004-08-04 12:00:00 10,240 -c--a-w C:\WINDOWS\system32\dllcache\sffp_sd.sys
- 2006-12-19 21:52:18 8,453,632 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2004-08-04 12:00:00 25,472 -c--a-w C:\WINDOWS\system32\dllcache\sonydcam.sys
+ 2004-08-04 12:00:00 70,656 -c--a-w C:\WINDOWS\system32\dllcache\sprio600.dll
+ 2004-08-04 12:00:00 72,192 -c--a-w C:\WINDOWS\system32\dllcache\sprio800.dll
+ 2004-08-04 0046 74,752 -c--a-w C:\WINDOWS\system32\dllcache\storprop.dll
+ 2004-08-04 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\streamci.dll
+ 2004-08-04 12:00:00 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv
- 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2004-08-04 12:00:00 4,048 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv
+ 2004-08-04 12:00:00 51,712 -c--a-w C:\WINDOWS\system32\dllcache\tosdvd.sys
+ 2004-08-04 12:00:00 21,376 -c--a-w C:\WINDOWS\system32\dllcache\tsbvcap.sys
+ 2004-08-04 12:00:00 12,416 -c--a-w C:\WINDOWS\system32\dllcache\tunmp.sys
- 2004-08-04 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-12-07 0248 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-22 12:55:43 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-07 0248 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00:00 23,808 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd.sys
+ 2004-08-04 12:00:00 23,936 -c--a-w C:\WINDOWS\system32\dllcache\usbcamd2.sys
+ 2004-08-04 12:00:00 16,000 -c--a-w C:\WINDOWS\system32\dllcache\usbintel.sys
+ 2004-08-04 12:00:00 69,699 -c--a-w C:\WINDOWS\system32\dllcache\usrcoina.dll
+ 2004-08-04 12:00:00 102,457 -c--a-w C:\WINDOWS\system32\dllcache\usrv42a.dll
- 2004-08-04 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 08:24:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2004-08-04 12:00:00 58,112 -c--a-w C:\WINDOWS\system32\dllcache\vdmindvd.sys
- 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2004-08-04 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.drv
- 2004-08-04 12:00:00 276,480 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-12-07 0248 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00:00 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv
- 2007-08-22 12:55:44 665,600 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-12-07 0248 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\winspool.drv
- 2004-09-22 09:16:12 229,376 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 07:10:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2004-08-04 12:00:00 108,032 -c--a-w C:\WINDOWS\system32\dllcache\wshbth.dll
- 2007-05-29 04:25:35 22,112 ----a-r C:\WINDOWS\system32\drivers\COH_Mon.sys
+ 2008-01-12 08:02:00 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
- 2004-08-04 12:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2007-04-24 09:36:45 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2007-09-18 05:13:36 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
+ 2007-11-30 13:27:12 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
- 2007-09-18 05:13:36 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
+ 2007-11-30 13:27:12 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
- 2007-09-18 05:13:36 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
+ 2007-11-30 13:27:12 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
- 2007-10-04 00:34:36 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
+ 2007-12-10 05:57:25 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-12-07 0245 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 0245 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2000-08-30 21:30:00 73,728 ----a-w C:\WINDOWS\system32\fdsv.exe
- 2007-08-28 06:44:55 245,512 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-02-23 23:27:09 247,104 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2000-08-30 21:30:00 80,412 ----a-w C:\WINDOWS\system32\grep.exe
+ 2007-12-07 0245 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2004-08-04 12:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-12-06 11:00:57 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-04 12:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-12-07 0245 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-04 12:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-12-07 0245 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-04 12:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-12-07 0245 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-04 12:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-12-07 0245 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-04 12:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 08:15:18 78,336 -c--a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-12-07 0246 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 08:24:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 12:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-12-07 0246 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-12-07 0246 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-04 12:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 08:09:12 55,296 -c--a-w C:\WINDOWS\system32\iesetup.dll
- 2006-11-06 1632 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 08:24:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-04 12:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 08:06:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 08:09:02 92,672 -c--a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 08:08:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-12-07 0247 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2004-08-04 12:00:00 221,600 ----a-w C:\WINDOWS\system32\lanman.drv
- 2004-08-04 12:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 08:14:18 40,960 -c--a-w C:\WINDOWS\system32\licmgr10.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2004-08-04 12:00:00 73,376 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 2004-08-04 12:00:00 25,264 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2004-08-04 12:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2004-08-04 12:00:00 20,480 ----a-w C:\WINDOWS\system32\msacm32.drv
+ 2007-12-07 0247 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-12-07 0247 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 08:06:40 12,288 -c----w C:\WINDOWS\system32\msfeedssync.exe
+ 2004-08-04 12:00:00 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-03 15:26:58 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2004-08-04 12:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 08:02:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-08 0548 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-12-07 0247 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 12:00:00 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 07:31:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 08:24:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-12-07 0248 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-07 0248 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 12:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-12-07 0248 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
- 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2004-08-04 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\wdmaud.drv
+ 2004-08-03 15:26:58 294,912 -c--a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\msh263.drv
+ 2004-08-04 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\wdmaud.drv
- 2007-10-04 00:34:36 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
+ 2007-12-10 05:57:25 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
+ 2000-08-30 21:30:00 98,816 ----a-w C:\WINDOWS\system32\sed.exe
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2005-06-28 00:51:34 22,752 -c--a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-06 07:13:16 22,752 -c--a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-07-22 08:09:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-30 21:30:00 161,792 -c--a-w C:\WINDOWS\system32\swreg.exe
+ 2004-08-04 12:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2004-08-04 12:00:00 4,048 ----a-w C:\WINDOWS\system32\timer.drv
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 -c----w C:\WINDOWS\system32\tzchange.exe
- 2004-08-04 12:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-12-07 0248 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 0248 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 08:24:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2004-08-04 12:00:00 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
- 2004-08-04 12:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-12-07 0248 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2004-08-04 12:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
+ 2007-08-13 08:15:16 206,336 -c----w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 0248 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\winspool.drv
- 2004-09-22 09:16:12 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 07:10:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2000-08-30 21:30:00 68,096 ----a-w C:\WINDOWS\system32\zip.exe
+ 2008-03-22 05:23:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_148.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpamMATTERS Outlook Express Interface"="C:\Program Files\SpamMATTERS Outlook Express Client\expressAI.exe" [2005-10-05 13:08 20480]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 19:02 1880064]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:30 15360]
"RemoveIT Pro XT"="C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-06-15 16:43 68096 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-06-15 19:51 2550272 C:\WINDOWS\ALCWZRD.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 22:05 339968]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 11:40 409600]
"Quick TV Agent"="C:\Program Files\Terminator\Quick TV\Scheduled.exe" [2004-07-26 13:27 740352]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-03-19 15:00 184320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-03-19 14:59 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-19 17:41 77824]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-11-26 23:12 1349120]
"ToolKit"="C:\Program Files\SeagateToolkit\Toolkit.exe" [2005-03-24 17:22 888832]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-15 13:40 116328]
"NWEReboot"="" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:30 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 15:07:56 217194]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
Billminder.lnk - C:\Program Files\Quicken 2004\BILLMIND.EXE [2005-06-21 10:59:00 36864]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE [2005-06-26 21:31:25 327680]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:35:56 65588]
Quicken Startup.lnk - C:\Program Files\Quicken 2004\QWDLLS.EXE [2005-06-21 10:59:09 36864]
TV Remote Control.lnk - C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe [2005-06-20 16:40:07 57344]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 16:18 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-08-17 21:45]
S2 713xTVCard;SAA7131 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 13:00]
S3 EzInstall;EzInstall;D:\ezinstall\EzInstall.sys []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2005-12-02 23:51:35 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
"2008-03-22 06:30:06 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-22 05:58:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 18:57:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-03-22 18:57:46
ComboFix-quarantined-files.txt 2008-03-22 08:27:43
.
2008-03-14 09:51:45 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:50 PM, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Terminator\Quick TV\Scheduled.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\SpamMATTERS Outlook Express Client\expressAI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.riverland.net.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.riverland.net.au/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Quick TV Agent] C:\Program Files\Terminator\Quick TV\Scheduled.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ToolKit] "C:\Program Files\SeagateToolkit\Toolkit.exe" -L -S /silent
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [SpamMATTERS Outlook Express Interface] C:\Program Files\SpamMATTERS Outlook Express Client\expressAI.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken 2004\BILLMIND.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken 2004\QWDLLS.EXE
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/act...a/nprdtinf.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.geocities.com/TelevisionC...er/bigback.jpg
--
End of file - 9260 bytes
-
Not much happened there, what is going on now?
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found: 
* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.
New hijackthis log please.
-
Hi, Drweb-cureit found nothing, didnt leave a folder at all.
-
Apparently this is not a malware issue.
Did you have SP3 at one time on this PC?
Malware is all we work on here on this side of the forum.
Might post in the XP forum and see what they got to say.
You can get rid of Dr. Web and anything else we installed.
I would like to try one more scanner:
Download AVG Anti-Rootkit Beta from Anti-Rootkit and save it to your Desktop.
Close all open programs as this will require a reboot.
Double click AVG_AntiRootkit_1.0.0.13.exe to install the program.
(By default this will be to C:\Program Files\GRISOFT\AVG Anti-Rootkit Beta.)
Once the program has installed, you will be prompted to reboot - please allow this to happen.
When the PC has rebooted, click the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
Click Perform in-depth search and put your feet up as this can take a while.
Once the scan has completed, if any files have been detected, click Save result to file and save the log to somewhere convenient.
If anything has been detected, copy and paste the log into your next reply. If not, just let me know.
Last edited by Neal; 24-03-2008 at 10:41 PM.
-
Hi, Sorry I have not got back to you. Anti-Rootkit found nothing as well.
-
Apparently this is not a malware issue, you an delete/uninstall all tools we used.
Might post in the xp help forum and see what they say as we deal with malware only here.
