Jump to content

cant remove Trojan.Agent


Recommended Posts

been trying to remove this for the last 24hrs now, but the bastard keeps replacing its self no matter what i try.

HijackthisLogfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:33:51 PM, on 3/31/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe

C:\Documents and Settings\Lance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\AIM6\aim6.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"

O4 - HKLM\..\Run: [Myigelole] rundll32.exe "C:\WINDOWS\opogurinaz.dll",e

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.pandora.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1193871411734

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

MBAMMalwarebytes' Anti-Malware 1.35

Database version: 1925

Windows 5.1.2600 Service Pack 2

3/31/2009 2:39:02 PM

mbam-log-2009-03-31 (14-39-00).txt

Scan type: Quick Scan

Objects scanned: 68989

Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\myigelole (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\opogurinaz.dll (Trojan.Agent) -> No action taken.

Link to post
Share on other sites

  • Staff

feetz, please don't post in someone elses thread, because we always look at the reply count and when set to more than 1, we assume that the threadstarter is already receiving help while (s)he is not since you replied here.

anotheruser, can you update mbam via update tab > check for updates once again?

Then perform a new scan and post the log in your next reply together with a new HijackThislog.

Link to post
Share on other sites

updated as you requested. ive ran MB, rebooted, ran MB a second time, and am now posting the logs.

Mbam

Malwarebytes' Anti-Malware 1.35

Database version: 1926

Windows 5.1.2600 Service Pack 2

3/31/2009 6:10:45 PM

mbam-log-2009-03-31 (18-10-45).txt

Scan type: Quick Scan

Objects scanned: 69534

Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:12:34 PM, on 3/31/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Lance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Lance\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Documents and Settings\Lance\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"

O4 - HKLM\..\Run: [Myigelole] rundll32.exe "C:\WINDOWS\aloxaroyuy.dll",e

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-21-1993962763-1220945662-725345543-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.pandora.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1193871411734

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

--

End of file - 6141 bytes

Link to post
Share on other sites

  • Staff

Hi,

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

i can not run combofix. ive tried all 3 mirrors and downloaded to different locations on different drives.

exact error is "Windows can not access the specified Device, Path, or File. You may not have appropriate permissions to access them"

im sitting here on an admin account with full permissions.

Link to post
Share on other sites

  • Staff

Ok

Also... I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

Link to post
Share on other sites

Combofix Log

ComboFix 09-03-31.01 - Administrator 2009-03-31 19:07:25.3 - NTFSx86 MINIMAL

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))

.

2009-03-30 23:59 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys

2009-03-30 23:43 . 2009-03-31 14:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-03-30 15:19 . 2009-03-31 17:44 1,258 --a------ c:\windows\Fbaku.dat

2009-03-30 15:19 . 2009-03-31 18:54 16 --a------ c:\windows\Gwuvoga.bin

2009-03-08 02:20 . 2009-03-08 02:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-31 21:51 --------- d-----w c:\program files\SUPERAntiSpyware

2009-03-31 03:44 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-30 05:53 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-27 21:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-03-26 20:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-26 20:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-26 06:59 --------- d-----w c:\documents and settings\Lance\Application Data\GetRightToGo

2009-03-25 22:35 --------- d-----w c:\documents and settings\Lance\Application Data\Azureus

2009-03-20 13:59 --------- d-----w c:\documents and settings\Lance\Application Data\WeatherBug

2009-03-14 00:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-03-14 00:23 --------- d-----w c:\program files\AGEIA Technologies

2009-02-27 02:32 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-26 22:18 46,992 ----a-w c:\windows\system32\drivers\vcache.sys

2009-02-26 22:18 28,944 ----a-w c:\windows\system32\drivers\vfilter.sys

2009-02-16 06:30 --------- d-----w c:\program files\DivX

2009-01-29 08:01 --------- d-----w c:\program files\MSXML 6.0

2009-01-28 19:24 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-28 19:24 --------- d-----w c:\program files\ASUS

2009-01-28 00:44 --------- d-----w c:\program files\MSBuild

2009-01-28 00:41 --------- d-----w c:\program files\Reference Assemblies

2009-01-28 00:37 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2007-11-09 22:32 22,328 ----a-w c:\documents and settings\Lance\Application Data\PnkBstrK.sys

.

((((((((((((((((((((((((((((( snapshot@2009-01-15_ 2.30.36.40 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-10-04 10:40:05 72,704 ----a-w c:\windows\$hf_mig$\KB925720\SP2QFE\magnify.exe

+ 2006-10-04 10:40:06 53,760 ----a-w c:\windows\$hf_mig$\KB925720\SP2QFE\narrator.exe

+ 2006-10-04 10:40:06 215,552 ----a-w c:\windows\$hf_mig$\KB925720\SP2QFE\osk.exe

+ 2006-10-04 14:05:57 35,840 ----a-w c:\windows\$hf_mig$\KB925720\SP2QFE\umandlg.dll

+ 2006-10-04 10:40:06 50,176 ----a-w c:\windows\$hf_mig$\KB925720\SP2QFE\utilman.exe

+ 2005-10-12 23:16:49 14,048 ----a-w c:\windows\$hf_mig$\KB925720\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w c:\windows\$hf_mig$\KB925720\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w c:\windows\$hf_mig$\KB925720\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w c:\windows\$hf_mig$\KB925720\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w c:\windows\$hf_mig$\KB925720\update\updspapi.dll

+ 2008-07-03 13:03:29 8,460,800 ----a-w c:\windows\$hf_mig$\KB967715\SP2QFE\shell32.dll

+ 2008-02-15 09:06:21 351,744 ----a-w c:\windows\$hf_mig$\KB967715\SP2QFE\xpsp3res.dll

+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\$hf_mig$\KB967715\SP3GDR\shell32.dll

+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll

+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll

+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe

+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll

+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe

+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll

+ 2004-08-04 07:56:50 72,704 -c----w c:\windows\$NtUninstallKB925720$\magnify.exe

+ 2004-08-04 07:56:54 53,760 -c----w c:\windows\$NtUninstallKB925720$\narrator.exe

+ 2004-08-04 07:56:55 215,552 -c----w c:\windows\$NtUninstallKB925720$\osk.exe

+ 2005-10-12 23:16:49 213,216 -c----w c:\windows\$NtUninstallKB925720$\spuninst\spuninst.exe

+ 2005-10-12 23:16:56 371,424 -c----w c:\windows\$NtUninstallKB925720$\spuninst\updspapi.dll

+ 2004-08-04 07:56:46 35,840 -c----w c:\windows\$NtUninstallKB925720$\umandlg.dll

+ 2004-08-04 07:56:57 50,176 -c----w c:\windows\$NtUninstallKB925720$\utilman.exe

+ 2006-10-16 21:10:58 221,488 -c----w c:\windows\$NtUninstallWIC$\spuninst\spuninst.exe

+ 2006-10-16 21:10:58 379,184 -c----w c:\windows\$NtUninstallWIC$\spuninst\updspapi.dll

+ 2007-03-08 15:36:28 156,672 ----a-w c:\windows\aloxaroyuy.dll

- 2008-11-24 00:47:13 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2009-03-14 00:20:54 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

- 2008-11-24 00:47:13 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

+ 2009-03-14 00:20:54 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2008-11-24 00:47:13 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2009-03-14 00:20:54 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

- 2008-11-24 00:47:10 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-14 00:20:47 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-11-24 00:47:10 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-14 00:20:49 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-11-24 00:47:11 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-14 00:20:50 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-11-24 00:47:11 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-14 00:20:50 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-11-24 00:47:11 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-14 00:20:51 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-11-24 00:47:12 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-14 00:20:51 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-11-24 00:47:12 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-14 00:20:52 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-11-24 00:47:12 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-14 00:20:52 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-11-24 00:47:13 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-14 00:20:53 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-11-24 00:47:13 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-03-14 00:20:55 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2008-11-24 00:47:13 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2009-03-14 00:20:55 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

- 2008-11-24 00:47:14 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2009-03-14 00:20:55 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2008-11-24 00:47:14 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2009-03-14 00:20:56 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

- 2008-11-24 00:47:14 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2009-03-14 00:20:56 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2008-11-24 00:47:13 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2009-03-14 00:20:54 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2009-01-28 00:41:29 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2009-01-28 00:41:56 3,915,776 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2009-01-28 00:41:57 344,064 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2009-01-28 00:41:28 352,256 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2009-01-28 00:41:55 593,920 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

+ 2009-01-28 00:41:55 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

+ 2009-01-28 00:41:57 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2009-01-28 00:41:57 126,976 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2009-01-28 00:41:57 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2009-01-28 00:41:57 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2009-01-28 00:41:56 4,972,544 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2009-01-28 00:41:57 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2009-01-28 00:41:57 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2009-01-28 00:41:29 94,208 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

+ 2009-01-28 00:41:29 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2009-01-28 00:41:29 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2009-01-28 00:41:29 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2009-01-28 00:41:30 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2009-01-28 00:41:32 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

+ 2009-01-28 00:41:32 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2009-01-28 00:41:30 5,623,808 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2009-01-28 00:41:58 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2009-01-28 00:44:30 1,108,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

+ 2009-01-28 00:44:31 1,641,272 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

+ 2009-01-28 00:44:30 588,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

+ 2009-01-28 00:41:57 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2009-01-28 00:41:57 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2009-01-28 00:41:57 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2009-01-28 00:41:57 86,016 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2009-01-28 00:41:55 1,167,360 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2009-01-28 00:41:58 81,920 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2009-01-28 06:42:58 499,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\7309c87c4bbffa9069cb585781e19c56\ComSvcConfig.ni.exe

+ 2009-01-28 06:42:59 1,118,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c6e439ab82a087af43351d35806d20be\Microsoft.Transactions.Bridge.ni.dll

+ 2009-01-28 06:43:00 405,504 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\e68849ac25d0d9b84beab5ab242d80ec\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2009-01-28 00:42:24 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\432c60c721db75d2e4dd77ec0d3ad16a\Microsoft.VisualC.ni.dll

+ 2009-01-28 06:43:16 1,568,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b4b0412c9f9da77f84aa0e08bef94f43\PresentationBuildTasks.ni.dll

+ 2009-01-28 00:43:04 40,448 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3217577518b7feeac20d65466511433d\PresentationCFFRasterizer.ni.dll

+ 2009-01-28 00:43:03 11,984,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a5915f3b5d6629d213038a1ec9afe0a0\PresentationCore.ni.dll

+ 2009-01-28 00:44:23 48,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\ba0269ec18d53ea61fe5ea92c5701c16\PresentationFontCache.ni.exe

+ 2009-01-28 00:44:17 241,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0935b12b52f213a152cf4fee608e9f4b\PresentationFramework.Classic.ni.dll

+ 2009-01-28 00:44:18 270,336 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\667cc9a6af16e7656629bc0c934593f4\PresentationFramework.Royale.ni.dll

+ 2009-01-28 00:44:22 393,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8ae1a4afa54e03208bc315e949eb02dd\PresentationFramework.Aero.ni.dll

+ 2009-01-28 00:44:03 14,680,064 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ddc11c94b26219b494d4e0779971b1bb\PresentationFramework.ni.dll

+ 2009-01-28 00:44:18 548,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e8d90efaf1442c8432bdf798186a4d1e\PresentationFramework.Luna.ni.dll

+ 2009-01-28 00:44:08 1,982,464 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\11f9ee845a9971c7e6037003ddb35ba7\PresentationUI.ni.dll

+ 2009-01-28 00:44:14 2,396,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c0f3586e782a348db0a0d921470bdd6d\ReachFramework.ni.dll

+ 2009-01-28 06:43:00 135,168 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\071f091a9abbe617ccb17994138079ea\ServiceModelReg.ni.exe

+ 2009-01-28 06:43:00 286,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\d2fd4e1065ad8da6d07279656ce145cc\SMDiagnostics.ni.dll

+ 2009-01-28 06:43:01 323,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\55747e996342f509674fe2085f1d6ae1\SMSvcHost.ni.exe

+ 2009-01-28 06:43:18 262,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\8d0fd9c88b6507a02646e1e941438b64\sysglobl.ni.dll

+ 2009-01-28 00:42:29 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b28b1679d60b93906d621eeae3d4ff7f\System.Configuration.Install.ni.dll

+ 2009-01-28 00:42:28 1,179,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\13a18416358185b2650f1fb55c094a12\System.Data.OracleClient.ni.dll

+ 2009-01-28 00:42:24 2,695,168 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\3aca90d9aaf6db5ad3738deb9382e146\System.Data.SqlXml.ni.dll

+ 2009-01-28 06:42:34 241,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\f7e2fb253ae673983c34324b98500857\System.IdentityModel.Selectors.ni.dll

+ 2009-01-28 06:42:33 987,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\bada01cc2b438417a0c37e7cbb6d4791\System.IdentityModel.ni.dll

+ 2009-01-28 06:42:35 421,888 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\3be35dcc40fc2697ed23493033c0f871\System.IO.Log.ni.dll

+ 2009-01-28 00:44:47 655,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\20c4049594ab146b2dca11048124387f\System.Messaging.ni.dll

+ 2009-01-28 00:44:16 1,118,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\afd17f5c9ebcb2058e055c591323387b\System.Printing.ni.dll

+ 2009-01-28 00:42:26 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bb4ff5ebd9da1fc013085ff558b44637\System.Runtime.Remoting.ni.dll

+ 2009-01-28 06:42:37 2,363,392 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0289787fa6d965bfd3a40bbb8aea9956\System.Runtime.Serialization.ni.dll

+ 2009-01-28 00:42:26 339,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\53b95d5f101d4c992a019a719f4ba78a\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2009-01-28 06:42:56 17,534,976 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\c35a3d9a080da6ba05ee13ea4492eaf5\System.ServiceModel.ni.dll

+ 2009-01-28 00:42:29 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\37f7c4365edf8c99d7ed79959894a8af\System.ServiceProcess.ni.dll

+ 2009-01-28 06:43:18 2,031,616 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\9944b68d666308bc0a801226bc758c3e\System.Speech.ni.dll

+ 2009-01-28 00:44:37 2,994,176 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\1d7e28de65da565f455c712a2bb717be\System.Workflow.Activities.ni.dll

+ 2009-01-28 00:44:42 4,587,520 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\7813381e59efe5269bf18f2e0af0f65c\System.Workflow.ComponentModel.ni.dll

+ 2009-01-28 00:44:46 2,101,248 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\e2f8525911c68ebdb385056a50054525\System.Workflow.Runtime.ni.dll

+ 2009-01-28 06:43:19 483,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\f475f4fad539756a49945c122242560c\UIAutomationClient.ni.dll

+ 2009-01-28 06:43:20 1,118,208 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\ad4340502c644ba2ddc433098330d767\UIAutomationClientsideProviders.ni.dll

+ 2009-01-28 00:43:04 50,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\6d275cb8cbe7f5c73bc3554bf610b422\UIAutomationProvider.ni.dll

+ 2009-01-28 00:43:04 196,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\233889a4c3a5be89011814cc0faa79ae\UIAutomationTypes.ni.dll

+ 2009-01-28 00:42:20 3,272,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\ba496d673c5a8b8401a1eb793a3f07bf\WindowsBase.ni.dll

+ 2009-01-28 06:43:22 274,432 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\773f05ba0ab7eb8f5b5dfb4e1c3d5252\WindowsFormsIntegration.ni.dll

+ 2009-01-28 06:43:02 380,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\67c5be8fc9311acff5278fe1352c7bbe\WsatConfig.ni.exe

- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll

+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll

+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll

+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll

+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll

+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe

+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll

+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll

+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll

+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll

+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll

+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll

+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll

+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll

+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe

+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe

+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll

+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll

+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll

+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll

+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll

+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll

+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll

+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll

+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll

+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll

+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll

+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll

+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll

+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll

+ 2009-01-21 23:28:42 22,486 ----a-r c:\windows\Installer\{948BE614-F37B-4A73-AD43-0245F23C110D}\ARPPRODUCTICON.exe

+ 2009-01-21 23:28:42 335,872 ----a-r c:\windows\Installer\{948BE614-F37B-4A73-AD43-0245F23C110D}\NewShortcut1_948BE614F37B4A73AD430245F23C110D.exe

+ 2009-01-21 23:28:42 49,152 ----a-r c:\windows\Installer\{948BE614-F37B-4A73-AD43-0245F23C110D}\NewShortcut2_948BE614F37B4A73AD430245F23C110D.exe

+ 2006-10-30 09:06:28 189,828 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat

+ 2006-10-30 08:25:56 99,600 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe

+ 2006-10-30 04:15:06 220,672 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll

+ 2006-10-30 04:17:56 1,054,720 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll

+ 2006-10-30 04:14:26 163,328 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll

+ 2006-10-30 08:25:54 194,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe

+ 2006-10-30 08:25:56 167,176 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe

+ 2006-10-30 08:25:56 365,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

+ 2006-10-30 08:17:12 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll

+ 2006-10-30 08:17:30 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll

+ 2006-10-30 08:17:36 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll

+ 2006-10-30 08:17:44 87,040 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll

+ 2006-10-30 08:17:50 89,600 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll

+ 2006-10-30 08:17:56 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll

+ 2006-10-30 08:18:10 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll

+ 2006-10-30 08:18:16 91,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll

+ 2006-10-30 08:18:22 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll

+ 2006-10-30 08:18:30 89,600 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll

+ 2006-10-30 08:18:36 88,064 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll

+ 2006-10-30 08:18:42 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll

+ 2006-10-30 08:18:48 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll

+ 2006-10-30 08:18:56 87,040 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll

+ 2006-10-30 08:19:02 83,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll

+ 2006-10-30 08:19:08 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll

+ 2006-10-30 08:19:14 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll

+ 2006-10-30 08:19:28 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll

+ 2006-10-30 08:19:34 83,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll

+ 2006-10-30 08:19:42 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll

+ 2006-10-30 08:17:24 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll

+ 2006-10-30 08:19:22 90,624 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll

+ 2006-10-30 08:18:02 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll

+ 2006-10-30 04:15:20 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll

+ 2006-10-30 04:15:22 1,621,504 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll

+ 2006-10-30 04:16:52 1,139,712 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll

+ 2006-10-30 04:18:26 590,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll

+ 2006-10-30 04:20:20 541,184 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll

+ 2006-10-30 04:18:12 816,128 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll

+ 2006-10-30 08:17:14 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll

+ 2006-10-30 08:17:30 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll

+ 2006-10-30 08:17:38 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll

+ 2006-10-30 08:17:44 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll

+ 2006-10-30 08:17:50 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll

+ 2006-10-30 08:17:58 104,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll

+ 2006-10-30 08:18:10 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll

+ 2006-10-30 08:18:16 103,424 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll

+ 2006-10-30 08:18:24 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll

+ 2006-10-30 08:18:30 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll

+ 2006-10-30 08:18:36 101,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll

+ 2006-10-30 08:18:42 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll

+ 2006-10-30 08:18:50 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll

+ 2006-10-30 08:18:56 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll

+ 2006-10-30 08:19:02 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll

+ 2006-10-30 08:19:08 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll

+ 2006-10-30 08:19:16 99,328 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll

+ 2006-10-30 08:19:28 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll

+ 2006-10-30 08:19:36 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll

+ 2006-10-30 08:19:42 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll

+ 2006-10-30 08:17:24 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll

+ 2006-10-30 08:19:22 101,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll

+ 2006-10-30 08:18:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll

+ 2006-10-30 04:18:36 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll

+ 2006-10-30 04:19:30 1,103,872 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll

+ 2006-10-30 08:34:02 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe

+ 2006-10-30 08:33:58 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

+ 2009-01-28 00:41:23 626,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe

+ 2009-01-28 00:41:23 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll

+ 2006-10-30 08:34:00 352,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll

+ 2006-10-30 08:34:00 151,552 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll

+ 2006-10-30 08:34:02 2,560 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

+ 2006-10-30 08:34:02 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe

+ 2006-10-30 08:34:02 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll

+ 2006-10-30 08:34:00 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll

+ 2006-10-30 08:34:02 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

+ 2006-10-30 08:34:02 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

+ 2006-10-30 08:34:02 5,623,808 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

+ 2006-10-30 08:34:00 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll

+ 2006-10-30 08:34:00 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2006-10-30 08:34:02 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe

+ 2006-07-26 02:32:00 14,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe

+ 2006-10-20 21:08:52 797,696 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll

+ 2006-10-20 21:09:02 4,874,240 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll

+ 2006-10-20 19:03:40 2,628,608 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll

+ 2006-10-21 02:29:46 72,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll

+ 2006-10-21 02:21:24 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll

+ 2006-10-21 02:21:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

+ 2006-10-21 02:29:52 106,272 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll

+ 2006-10-21 02:21:26 897,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll

+ 2006-10-21 02:21:26 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe

- 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe

+ 2000-08-31 12:00:00 29,696 ----a-w c:\windows\NIRCMD.exe

+ 2007-03-08 15:36:28 154,624 ----a-w c:\windows\notepad3.exe

+ 2007-03-08 15:36:28 46,080 ----a-w c:\windows\rtsh42.dll

- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe

+ 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe

- 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll

+ 2007-07-24 12:20:06 207,405 ----a-w c:\windows\system32\AGEIA\AG1011\app.bin

+ 2007-05-16 12:42:42 122,249 ----a-w c:\windows\system32\AGEIA\AG1011\diag.bin

+ 2007-07-25 12:30:38 214,141 ----a-w c:\windows\system32\AGEIA\AG1021\app.bin

+ 2007-10-25 12:29:50 114,505 ----a-w c:\windows\system32\AGEIA\AG1021\diag.bin

+ 2002-09-11 00:35:34 16,302 ----a-w c:\windows\system32\ASINDIS5.sys

+ 2003-04-22 02:46:56 61,440 ----a-w c:\windows\system32\ASIW32N50.dll

+ 2002-09-10 00:54:06 16,269 ----a-w c:\windows\system32\ASNDIS5.sys

+ 2002-09-10 02:01:08 61,440 ----a-w c:\windows\system32\ASUSW32N50.dll

- 2008-05-30 18:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll

+ 2008-05-30 19:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll

- 2008-07-12 12:18:52 1,493,528 ----a-w c:\windows\system32\D3DCompiler_39.dll

+ 2008-07-12 13:18:52 1,493,528 ----a-w c:\windows\system32\D3DCompiler_39.dll

- 2008-05-30 18:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll

+ 2008-05-30 19:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll

- 2008-07-12 12:18:52 467,984 ----a-w c:\windows\system32\d3dx10_39.dll

+ 2008-07-12 13:18:52 467,984 ----a-w c:\windows\system32\d3dx10_39.dll

- 2008-05-30 18:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll

+ 2008-05-30 19:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll

- 2008-07-12 12:18:52 3,851,784 ----a-w c:\windows\system32\D3DX9_39.dll

+ 2008-07-12 13:18:52 3,851,784 ----a-w c:\windows\system32\D3DX9_39.dll

- 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll

+ 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll

- 2008-10-16 20:38:34 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-12-20 23:15:12 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll

- 2008-10-16 20:38:34 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-12-20 23:15:13 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll

- 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll

+ 2008-12-20 23:15:13 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll

+ 2006-10-14 21:43:18 27,648 -c----w c:\windows\system32\dllcache\FilterPipelinePrintProc.dll

+ 2004-08-04 03:08:20 36,224 -c--a-w c:\windows\system32\dllcache\hidclass.sys

+ 2004-08-04 03:08:16 24,960 -c--a-w c:\windows\system32\dllcache\hidparse.sys

+ 2004-08-04 04:56:42 21,504 -c--a-w c:\windows\system32\dllcache\hidserv.dll

- 2001-08-17 22:02:20 9,600 -c--a-w c:\windows\system32\dllcache\hidusb.sys

+ 2008-11-21 05:04:24 9,600 -c--a-w c:\windows\system32\dllcache\hidusb.sys

- 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

+ 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll

- 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe

- 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll

+ 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll

- 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll

+ 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll

- 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

+ 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

- 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

+ 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

- 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll

- 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll

+ 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll

- 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll

+ 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll

- 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

+ 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll

- 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe

- 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe

+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe

- 2008-10-16 20:38:37 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-12-20 23:15:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll

+ 2004-08-04 02:58:34 14,848 -c--a-w c:\windows\system32\dllcache\kbdhid.sys

+ 2006-10-04 08:48:36 72,704 -c----w c:\windows\system32\dllcache\magnify.exe

- 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

+ 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll

- 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll

+ 2009-01-17 02:35:14 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll

- 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-12-20 23:15:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll

- 2008-10-16 20:38:38 193,024 -c----w c:\windows\system32\dllcache\msrating.dll

+ 2008-12-20 23:15:31 193,024 -c----w c:\windows\system32\dllcache\msrating.dll

- 2008-10-16 20:38:39 671,232 -c----w c:\windows\system32\dllcache\mstime.dll

+ 2008-12-20 23:15:32 671,232 -c----w c:\windows\system32\dllcache\mstime.dll

+ 2006-10-04 08:48:36 53,760 -c----w c:\windows\system32\dllcache\narrator.exe

- 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll

+ 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll

+ 2006-10-04 08:48:37 215,552 -c----w c:\windows\system32\dllcache\osk.exe

- 2008-10-16 20:38:39 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-12-20 23:15:38 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll

+ 2006-10-14 21:44:44 671,744 -c----w c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe

- 2007-04-25 14:21:15 144,896 -c----w c:\windows\system32\dllcache\schannel.dll

+ 2008-12-05 07:12:45 144,896 -c----w c:\windows\system32\dllcache\schannel.dll

- 2007-10-26 03:36:51 8,454,656 -c----w c:\windows\system32\dllcache\shell32.dll

+ 2008-07-03 13:16:57 8,454,656 -c----w c:\windows\system32\dllcache\shell32.dll

+ 2006-10-04 13:33:38 35,840 -c----w c:\windows\system32\dllcache\umandlg.dll

- 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll

+ 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll

- 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll

+ 2008-12-20 23:15:40 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-04 03:08:46 31,616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys

+ 2006-10-04 08:48:37 50,176 -c----w c:\windows\system32\dllcache\utilman.exe

- 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll

+ 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll

- 2008-09-15 11:57:41 1,846,016 -c----w c:\windows\system32\dllcache\win32k.sys

+ 2009-02-09 10:19:34 1,846,272 -c----w c:\windows\system32\dllcache\win32k.sys

- 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll

+ 2008-12-20 23:15:41 826,368 -c----w c:\windows\system32\dllcache\wininet.dll

+ 2006-10-15 01:21:58 580,352 -c----w c:\windows\system32\dllcache\XPSSHHDR.dll

+ 2006-10-15 01:22:00 1,698,048 -c----w c:\windows\system32\dllcache\XpsSvcs.dll

+ 2005-03-04 00:47:42 31,104 ----a-w c:\windows\system32\drivers\CYUSB.sys

+ 2007-08-02 22:32:26 22,784 ----a-w c:\windows\system32\drivers\dadder.sys

- 2004-08-04 06:08:19 36,224 ----a-w c:\windows\system32\drivers\hidclass.sys

+ 2004-08-04 03:08:20 36,224 ----a-w c:\windows\system32\drivers\hidclass.sys

- 2004-08-04 06:08:16 24,960 ----a-w c:\windows\system32\drivers\hidparse.sys

+ 2004-08-04 03:08:16 24,960 ----a-w c:\windows\system32\drivers\hidparse.sys

- 2001-08-17 22:02:20 9,600 ----a-w c:\windows\system32\drivers\hidusb.sys

+ 2008-11-21 05:04:24 9,600 ----a-w c:\windows\system32\drivers\hidusb.sys

+ 2004-08-04 02:58:34 14,848 ----a-w c:\windows\system32\drivers\kbdhid.sys

+ 2004-08-04 03:08:46 31,616 ----a-w c:\windows\system32\drivers\usbccgp.sys

+ 2007-08-02 22:32:26 22,784 -c--a-w c:\windows\system32\DRVSTORE\dadder_1D206EBC9FC4C5439CDE5E133FD5DADD76F8E58F\dadder.sys

+ 2007-09-13 11:43:00 120,320 -c--a-w c:\windows\system32\DRVSTORE\PhysX32_FFB51AAB1A2BF852A002A5B1138133BBA89337D4\physX32.sys

- 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll

- 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll

+ 2006-10-21 02:29:46 69,408 ----a-w c:\windows\system32\dxva2.dll

+ 2006-10-21 02:30:00 478,496 ----a-w c:\windows\system32\evr.dll

- 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll

+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll

- 2009-01-13 23:15:54 91,888 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2009-03-31 07:05:55 95,072 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2004-08-04 04:56:42 21,504 ----a-w c:\windows\system32\hidserv.dll

+ 2006-10-30 08:33:58 556,296 ----a-w c:\windows\system32\icardagt.exe

- 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll

+ 2006-10-30 08:33:58 9,480 ----a-w c:\windows\system32\icardres.dll

- 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe

+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe

- 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll

+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll

- 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll

+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll

- 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll

+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll

- 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll

+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll

- 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll

+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll

- 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll

+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll

- 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll

+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll

- 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll

+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll

- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2006-10-30 08:33:58 83,968 ----a-w c:\windows\system32\infocardapi.dll

- 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll

- 2008-11-21 21:46:10 1,044,480 ----a-w c:\windows\system32\libdivx.dll

+ 2008-11-06 16:35:00 1,044,480 ----a-w c:\windows\system32\libdivx.dll

- 2004-08-04 07:56:50 72,704 ----a-w c:\windows\system32\magnify.exe

+ 2006-10-04 08:48:36 72,704 ----a-w c:\windows\system32\magnify.exe

+ 2006-10-21 02:30:06 1,980,704 ----a-w c:\windows\system32\milcore.dll

- 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll

+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll

- 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll

- 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll

+ 2009-01-17 02:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll

- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll

+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll

+ 2007-08-27 20:41:22 1,089,440 ----a-w c:\windows\system32\msidcrl40.dll

- 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll

+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll

- 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll

+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll

+ 2008-08-30 01:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll

+ 2006-07-19 15:55:18 86,728 ----a-w c:\windows\system32\msxml6r.dll

- 2004-08-04 07:56:54 53,760 ----a-w c:\windows\system32\narrator.exe

+ 2006-10-04 08:48:36 53,760 ----a-w c:\windows\system32\narrator.exe

- 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll

+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll

- 2004-08-04 07:56:55 215,552 ----a-w c:\windows\system32\osk.exe

+ 2006-10-04 08:48:37 215,552 ----a-w c:\windows\system32\osk.exe

- 2008-11-02 17:26:23 62,286 ----a-w c:\windows\system32\perfc009.dat

+ 2009-03-08 07:02:53 70,066 ----a-w c:\windows\system32\perfc009.dat

- 2008-11-02 17:26:23 400,624 ----a-w c:\windows\system32\perfh009.dat

+ 2009-03-08 07:02:53 435,920 ----a-w c:\windows\system32\perfh009.dat

+ 2006-10-24 17:30:20 412,160 ------w c:\windows\system32\photometadatahandler.dll

- 2007-03-26 14:45:18 71,208 ----a-w c:\windows\system32\PhysXLoader.dll

+ 2007-11-13 14:54:36 70,944 ----a-w c:\windows\system32\PhysXLoader.dll

- 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll

- 2008-12-04 01:45:50 66,872 ----a-w c:\windows\system32\PnkBstrA.exe

+ 2009-02-19 02:19:58 66,872 ----a-w c:\windows\system32\PnkBstrA.exe

- 2008-12-04 01:47:55 201,352 ----a-w c:\windows\system32\PnkBstrB.exe

+ 2009-02-27 02:31:19 201,352 ----a-w c:\windows\system32\PnkBstrB.exe

+ 2006-10-21 02:29:52 104,224 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

+ 2006-10-21 02:29:58 344,352 ----a-w c:\windows\system32\PresentationHost.exe

+ 2006-10-21 02:29:46 20,768 ----a-w c:\windows\system32\PresentationHostProxy.dll

+ 2006-10-21 02:30:02 769,312 ----a-w c:\windows\system32\PresentationNative_v0300.dll

+ 2006-10-14 21:43:38 124,416 ------w c:\windows\system32\prntvpt.dll

+ 2004-08-04 07:56:42 20,992 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\hid.dll

+ 2004-08-04 06:08:19 36,224 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\hidclass.sys

+ 2004-08-04 06:08:16 24,960 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\hidparse.sys

+ 2001-08-17 22:02:20 9,600 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\hidusb.sys

+ 2009-03-31 18:27:12 1,198,336 ----a-w c:\windows\system32\Restore\rstrlog.dat

+ 2006-08-24 21:15:06 150,808 ----a-w c:\windows\system32\rgb9rast_2.dll

- 2007-04-25 14:21:15 144,896 ----a-w c:\windows\system32\schannel.dll

+ 2008-12-05 07:12:45 144,896 ----a-w c:\windows\system32\schannel.dll

- 2007-10-26 03:36:51 8,454,656 ----a-w c:\windows\system32\shell32.dll

+ 2008-07-03 13:16:57 8,454,656 ----a-w c:\windows\system32\shell32.dll

- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll

+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll

+ 2006-06-29 18:07:36 14,048 ------w c:\windows\system32\spmsg2.dll

+ 2006-10-14 21:43:18 751,104 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll

+ 2006-10-14 21:42:40 131,584 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll

+ 2006-10-14 21:42:18 376,320 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll

+ 2006-10-14 21:42:28 510,464 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll

+ 2006-10-14 21:40:36 619,008 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unires.dll

+ 2006-10-15 01:22:00 1,698,048 ----a-w c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll

+ 2006-10-14 21:43:18 27,648 ----a-w c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

+ 2006-10-14 21:44:44 671,744 ------w c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe

+ 2006-10-14 22:13:02 34,304 ----a-w c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

+ 2006-10-14 22:12:14 737,792 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll

+ 2006-10-15 01:09:04 2,946,304 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll

+ 2006-10-14 22:12:14 737,792 ----a-w c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll

+ 2006-10-15 01:09:04 2,946,304 ----a-w c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll

+ 2006-10-14 21:43:18 751,104 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll

+ 2006-10-15 01:22:00 1,698,048 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll

+ 2006-10-14 21:43:18 751,104 ----a-w c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll

+ 2006-10-15 01:22:00 1,698,048 ----a-w c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll

- 2006-09-25 21:58:48 23,856 ----a-w c:\windows\system32\spupdsvc.exe

+ 2007-07-27 13:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe

- 2008-11-21 21:46:10 200,704 ----a-w c:\windows\system32\ssldivx.dll

+ 2008-11-06 16:35:00 200,704 ----a-w c:\windows\system32\ssldivx.dll

+ 2006-10-21 02:29:54 159,008 ----a-w c:\windows\system32\UIAutomationCore.dll

- 2004-08-04 07:56:46 35,840 ----a-w c:\windows\system32\umandlg.dll

+ 2006-10-04 13:33:38 35,840 ----a-w c:\windows\system32\umandlg.dll

- 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll

+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll

- 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll

+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll

- 2004-08-04 07:56:57 50,176 ----a-w c:\windows\system32\utilman.exe

+ 2006-10-04 08:48:37 50,176 ----a-w c:\windows\system32\utilman.exe

- 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll

+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll

- 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys

+ 2009-02-09 10:19:34 1,846,272 ----a-w c:\windows\system32\win32k.sys

+ 2006-10-24 17:30:06 716,288 ------w c:\windows\system32\WindowsCodecs.dll

+ 2006-10-24 17:29:50 352,256 ------w c:\windows\system32\WindowsCodecsExt.dll

- 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll

+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll

- 2007-06-12 03:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll

+ 2008-11-11 22:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll

+ 2006-10-24 17:30:00 276,992 ------w c:\windows\system32\WMPhoto.dll

- 2008-05-30 18:17:00 25,608 ----a-w c:\windows\system32\X3DAudio1_4.dll

+ 2008-05-30 19:17:00 25,608 ----a-w c:\windows\system32\X3DAudio1_4.dll

- 2008-05-30 18:18:52 238,088 ----a-w c:\windows\system32\xactengine3_1.dll

+ 2008-05-30 19:18:52 238,088 ----a-w c:\windows\system32\xactengine3_1.dll

- 2008-07-31 14:41:54 238,088 ----a-w c:\windows\system32\xactengine3_2.dll

+ 2008-07-31 15:41:54 238,088 ----a-w c:\windows\system32\xactengine3_2.dll

- 2008-05-30 18:17:30 65,032 ----a-w c:\windows\system32\XAPOFX1_0.dll

+ 2008-05-30 19:17:30 65,032 ----a-w c:\windows\system32\XAPOFX1_0.dll

- 2008-07-31 14:41:52 68,616 ----a-w c:\windows\system32\XAPOFX1_1.dll

+ 2008-07-31 15:41:52 68,616 ----a-w c:\windows\system32\XAPOFX1_1.dll

- 2008-05-30 18:19:18 507,400 ----a-w c:\windows\system32\XAudio2_1.dll

+ 2008-05-30 19:19:18 507,400 ----a-w c:\windows\system32\XAudio2_1.dll

- 2008-07-31 14:40:32 509,448 ----a-w c:\windows\system32\XAudio2_2.dll

+ 2008-07-31 15:40:32 509,448 ----a-w c:\windows\system32\XAudio2_2.dll

+ 2008-10-28 22:41:22 14,303,392 ----a-w c:\windows\system32\xlive.dll

+ 2008-10-28 22:19:04 134,144 ----a-w c:\windows\system32\xlive\sqmapi.dll

+ 2008-10-28 22:41:20 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll

+ 2006-10-15 01:21:58 580,352 ------w c:\windows\system32\XPSSHHDR.dll

+ 2006-10-15 01:22:00 1,698,048 ------w c:\windows\system32\XpsSvcs.dll

+ 2006-10-21 02:29:54 304,928 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe

+ 2008-07-29 12:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll

+ 2007-11-07 01:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2007-11-07 06:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-07 06:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

+ 2008-07-29 07:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll

+ 2008-07-29 12:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll

+ 2008-07-29 12:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll

+ 2008-07-29 12:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll

+ 2008-07-29 12:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll

+ 2008-07-29 10:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll

+ 2008-07-29 10:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll

+ 2008-07-29 12:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll

+ 2008-07-29 12:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll

+ 2008-07-29 12:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll

+ 2008-07-29 12:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll

+ 2008-07-29 12:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll

+ 2008-07-29 12:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll

+ 2008-07-29 12:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll

+ 2008-07-29 12:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll

+ 2008-07-29 12:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll

+ 2008-07-29 12:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll

+ 2008-07-29 12:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll

+ 2007-11-07 06:19:20 54,272 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Google Update"="c:\documents and settings\Lance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-17 2094352]

"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-07-17 99600]

"Myigelole"="c:\windows\aloxaroyuy.dll" [2007-03-08 156672]

"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

Bootexecute REG_MULTI_SZ autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli rtsh42.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk

backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

-ra------ 2007-03-01 11:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]

--a------ 2002-12-06 20:07 617984 c:\program files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-08-22 09:52 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 03:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

--a------ 2008-08-01 14:36 1103216 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-06-02 11:13 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]

--a------ 2007-02-22 20:53 2209224 c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-12-23 22:16 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

--a------ 2009-03-31 17:51 1830128 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"NBService"=3 (0x3)

"aawservice"=2 (0x2)

"AresChatServer"=3 (0x3)

"PDEngine"=3 (0x3)

"PDAgent"=2 (0x2)

"Viewpoint Manager Service"=2 (0x2)

"PD91Engine"=3 (0x3)

"PD91Agent"=2 (0x2)

"iPod Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"WMPNetworkSvc"=2 (0x2)

"PnkBstrA"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"NMSAccessU"=2 (0x2)

"AntiVirService"=2 (0x2)

"AntiVirScheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"f:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]

R3 jswmidin;jswmidin; [x]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

R3 vcache;vcache;c:\windows\system32\DRIVERS\vcache.sys [2009-02-26 46992]

R3 vfilter;vfilter;c:\windows\system32\DRIVERS\vfilter.sys [2009-02-26 28944]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

S0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2003-10-30 77312]

S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-31 9968]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]

S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]

--- Other Services/Drivers In Memory ---

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - AmdLLD

*Deregistered* - Arp1394

*Deregistered* - aslm75

*Deregistered* - Ati HotKey Poller

*Deregistered* - ATI Smart

*Deregistered* - ATITool

*Deregistered* - atitray

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - Beep

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - dmio

*Deregistered* - dmload

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - helpsvc

*Deregistered* - HidServ

*Deregistered* - HTTP

*Deregistered* - HTTPFilter

*Deregistered* - ImapiService

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - Kbdclass

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - mnmdd

*Deregistered* - Mouclass

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - rdpdr

*Deregistered* - RemoteRegistry

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - SASDIFSV

*Deregistered* - SASKUTIL

*Deregistered* - Schedule

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - sptd

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - ViaIde

*Deregistered* - viasraid

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WS2IFSL

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

.

Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1220945662-725345543-1003.job

- c:\documents and settings\Lance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 14:56]

2009-03-31 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 15:31]

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe

MSConfigStartUp-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe

.

------- Supplementary Scan -------

.

uStart Page = msn.com

uInternet Settings,ProxyOverride = *.local

Trusted Zone: pandora.com

FF - ProfilePath - c:\documents and settings\Lance\Application Data\Mozilla\Firefox\Profiles\qr1z3zqr.default\

FF - prefs.js: browser.startup.homepage - msn.com

FF - plugin: c:\documents and settings\Lance\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Download Manager\npfpdlm.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: d:\program files\AWOMO\npgdp.dll

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 100

FF - user.js: content.notify.ontimer - true

FF - user.js: content.notify.interval - 100000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 4

FF - user.js: network.http.max-persistent-connections-per-server - 2

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-31 19:12:04

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-1220945662-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Shared Tools\MSConfig\startupreg\Myigelole]

@Denied: (Full) (Administrators)

@Denied: (Full) (S-1-5-21-1993962763-1220945662-725345543-1003)

@Denied: (Full) (Owner)

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="uhebogebute"

"hkey"="HKLM"

"command"="rundll32.exe \"c:\\WINDOWS\\uhebogebute.dll\",e"

"inimapping"="0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(720)

c:\windows\rtsh42.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\Razer\DeathAdder\razerofa.exe

.

**************************************************************************

.

Completion time: 2009-03-31 19:13:34 - machine was rebooted [Lance]

ComboFix-quarantined-files.txt 2009-03-31 23:13:31

ComboFix2.txt 2009-01-15 07:31:16

ComboFix3.txt 2009-01-13 23:35:48

Pre-Run: 59,423,514,624 bytes free

Post-Run: 59,612,229,632 bytes free

905 --- E O F --- 2009-03-31 07:02:02

Link to post
Share on other sites

  • Staff

Hi,

Looks like a Windows update etc was busy in between?

Please reboot once again before performing my instructions, because it may cause extra problems otherwise.

Also, not sure how some keys (msconfig) got locked here. Did you tinker with that to avoid it recreating again?

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

File::

c:\windows\aloxaroyuy.dll

c:\windows\Fbaku.dat

c:\windows\Gwuvoga.bin

Collect::[8]

c:\windows\rtsh42.dll

Driver::

jswmidin

Registry::

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Myigelole"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000000

REGLOCKDEL::

[HKEY_LOCAL_MACHINE\software\Microsoft\Shared Tools\MSConfig\startupreg\Myigelole]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again.

Then, please visit this site:

http://www.bleepingcomputer.com/submit-malware.php?channel=8

Where it says: "Browse to the file you want to submit", use the Browse button to navigate to the following file: C:\Qoobox\Quarantine\[8]-Submit_date_time.zip (date_time will be replaced with the date and time when this file was created)

Then click the "Send File" button below in order to upload it.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Link to post
Share on other sites

uploading the file in a moment

ComboFix

ComboFix 09-03-31.01 - Administrator 2009-03-31 20:09:46.4 - NTFSx86 MINIMAL

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

FILE ::

c:\windows\aloxaroyuy.dll

c:\windows\Fbaku.dat

c:\windows\Gwuvoga.bin

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\aloxaroyuy.dll

c:\windows\Fbaku.dat

c:\windows\Gwuvoga.bin

c:\windows\rtsh42.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_JSWMIDIN

-------\Service_jswmidin

((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 )))))))))))))))))))))))))))))))

.

2009-03-31 20:01 . 2009-03-31 20:01 <DIR> d-------- c:\windows\system32\KB905474

2009-03-31 20:01 . 2009-03-10 22:26 1,403,264 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe

2009-03-31 20:01 . 2009-03-10 22:18 453,512 --a------ c:\windows\system32\KB905474\wgasetup.exe

2009-03-31 20:01 . 2009-02-09 18:51 12,490 --a------ c:\windows\system32\KB905474\wga_eula.txt

2009-03-30 23:59 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys

2009-03-30 23:43 . 2009-03-31 14:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-03-08 02:20 . 2009-03-08 02:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-31 21:51 --------- d-----w c:\program files\SUPERAntiSpyware

2009-03-31 03:44 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-30 05:53 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-03-27 21:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-03-26 20:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-26 20:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-26 06:59 --------- d-----w c:\documents and settings\Lance\Application Data\GetRightToGo

2009-03-25 22:35 --------- d-----w c:\documents and settings\Lance\Application Data\Azureus

2009-03-20 13:59 --------- d-----w c:\documents and settings\Lance\Application Data\WeatherBug

2009-03-14 00:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-03-14 00:23 --------- d-----w c:\program files\AGEIA Technologies

2009-02-27 02:32 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-26 22:18 46,992 ----a-w c:\windows\system32\drivers\vcache.sys

2009-02-26 22:18 28,944 ----a-w c:\windows\system32\drivers\vfilter.sys

2009-02-16 06:30 --------- d-----w c:\program files\DivX

2007-11-09 22:32 22,328 ----a-w c:\documents and settings\Lance\Application Data\PnkBstrK.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Google Update"="c:\documents and settings\Lance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-17 2094352]

"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-07-17 99600]

"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

Bootexecute REG_MULTI_SZ autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk

backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

-ra------ 2007-03-01 11:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]

--a------ 2002-12-06 20:07 617984 c:\program files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-08-22 09:52 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 03:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

--a------ 2008-08-01 14:36 1103216 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-06-02 11:13 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]

--a------ 2007-02-22 20:53 2209224 c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-12-23 22:16 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

--a------ 2009-03-31 17:51 1830128 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"NBService"=3 (0x3)

"aawservice"=2 (0x2)

"AresChatServer"=3 (0x3)

"PDEngine"=3 (0x3)

"PDAgent"=2 (0x2)

"Viewpoint Manager Service"=2 (0x2)

"PD91Engine"=3 (0x3)

"PD91Agent"=2 (0x2)

"iPod Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"WMPNetworkSvc"=2 (0x2)

"PnkBstrA"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"NMSAccessU"=2 (0x2)

"AntiVirService"=2 (0x2)

"AntiVirScheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"f:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.SYS [2002-09-09 16269]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

R3 vcache;vcache;c:\windows\system32\DRIVERS\vcache.sys [2009-02-26 46992]

R3 vfilter;vfilter;c:\windows\system32\DRIVERS\vfilter.sys [2009-02-26 28944]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

S0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2003-10-30 77312]

S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-31 9968]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]

S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]

--- Other Services/Drivers In Memory ---

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - AmdLLD

*Deregistered* - Arp1394

*Deregistered* - aslm75

*Deregistered* - Ati HotKey Poller

*Deregistered* - ATI Smart

*Deregistered* - ATITool

*Deregistered* - atitray

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - Beep

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - dmio

*Deregistered* - dmload

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - helpsvc

*Deregistered* - HidServ

*Deregistered* - HTTP

*Deregistered* - HTTPFilter

*Deregistered* - ImapiService

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - Kbdclass

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - mnmdd

*Deregistered* - Mouclass

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - rdpdr

*Deregistered* - RemoteRegistry

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - SASDIFSV

*Deregistered* - SASKUTIL

*Deregistered* - Schedule

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - sptd

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - ViaIde

*Deregistered* - viasraid

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WS2IFSL

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

.

Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1220945662-725345543-1003.job

- c:\documents and settings\Lance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 14:56]

2009-04-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 15:31]

2009-04-01 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18]

.

.

------- Supplementary Scan -------

.

uStart Page = msn.com

uInternet Settings,ProxyOverride = *.local

Trusted Zone: pandora.com

FF - ProfilePath - c:\documents and settings\Lance\Application Data\Mozilla\Firefox\Profiles\qr1z3zqr.default\

FF - prefs.js: browser.startup.homepage - msn.com

FF - plugin: c:\documents and settings\Lance\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Download Manager\npfpdlm.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: d:\program files\AWOMO\npgdp.dll

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 100

FF - user.js: content.notify.ontimer - true

FF - user.js: content.notify.interval - 100000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 4

FF - user.js: network.http.max-persistent-connections-per-server - 2

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-31 20:14:04

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-1220945662-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\Razer\DeathAdder\razerofa.exe

.

**************************************************************************

.

Completion time: 2009-03-31 20:15:36 - machine was rebooted [Lance]

ComboFix-quarantined-files.txt 2009-04-01 00:15:33

ComboFix2.txt 2009-03-31 23:13:34

ComboFix3.txt 2009-01-15 07:31:16

ComboFix4.txt 2009-01-13 23:35:48

Pre-Run: 59,554,557,952 bytes free

Post-Run: 59,576,856,576 bytes free

332 --- E O F --- 2009-04-01 00:01:31

Link to post
Share on other sites

  • Staff

Hi,

This looks OK again.

Please enable your Avira via msconfig again.

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

  • Staff

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.