1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Warning Flashing on Desktop / Winlognn.exe

Discussion in 'Malware and Virus Removal Archive' started by scorpion657, 2009/02/17.

Page 2 of 2
  1. 2009/02/20
    scorpion657

    scorpion657 Inactive Thread Starter

    Joined:
    2008/04/03
    Messages:
    78
    Likes Received:
    0
    + 2009-02-18 16:53:34 1,035,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\646ab52eef343380aa002c220dc31e13\System.Printing.ni.dll
    + 2009-02-18 17:13:52 2,338,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\034c91b133dee73d452652c52767b5ea\System.Runtime.Serialization.ni.dll
    + 2009-02-18 17:16:01 311,296 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfd6e16d8c3589cd2bd3f8d46f0a5402\System.Runtime.Serialization.Formatters.Soap.ni.dll
    + 2009-02-18 17:14:46 676,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
    + 2009-02-18 17:16:10 1,706,496 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\340cad17fe57947eacbc8fa2cea780da\System.ServiceModel.Web.ni.dll
    + 2009-02-18 17:14:18 17,317,888 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4146033013edebd7e0cb604e504ebfee\System.ServiceModel.ni.dll
    + 2009-02-18 17:16:11 212,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
    + 2009-02-18 16:53:37 1,917,440 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\63cf639b6e0a3c25c1643c85016e7422\System.Speech.ni.dll
    + 2009-02-18 17:16:13 627,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
    + 2009-02-18 17:16:24 141,312 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\00ec08741a765c707bd9169346064a81\System.Web.Abstractions.ni.dll
    + 2009-02-18 17:16:30 36,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\19ca1747c1ea18a3b639b302bca8df93\System.Web.DynamicData.Design.ni.dll
    + 2009-02-18 17:16:29 547,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b7891f5659db299dbd1b3c72db7edb9f\System.Web.DynamicData.ni.dll
    + 2009-02-18 17:16:32 301,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d3d65e34fa60f0b6c72ca0d12ec89933\System.Web.Entity.Design.ni.dll
    + 2009-02-18 17:16:31 328,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\79c29ac85dd57dd485ab60118ac292ff\System.Web.Entity.ni.dll
    + 2009-02-18 17:16:34 859,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\58f62044fa702ea6f936071aa5520baa\System.Web.Extensions.Design.ni.dll
    + 2009-02-18 17:16:28 2,403,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\7f64c9d25471b72e1e957bdfe67947c8\System.Web.Extensions.ni.dll
    + 2009-02-18 17:16:36 2,209,280 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\81197e32ec931f439b3114e9031b65d6\System.Web.Mobile.ni.dll
    + 2009-02-18 17:16:37 202,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
    + 2009-02-18 17:16:25 129,536 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\bb77ea11f46ab438b2b7ed7c180011a1\System.Web.Routing.ni.dll
    + 2009-02-18 17:16:39 1,840,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
    + 2009-02-18 17:16:23 11,796,992 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3963ce03d445a8619abbf388d590134b\System.Web.ni.dll
    + 2009-02-18 16:53:47 12,430,848 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
    + 2009-02-18 17:35:30 37,888 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\423f794d1f4ed6e120fbb02e436491cb\System.Windows.Presentation.ni.dll
    + 2009-02-18 17:35:53 2,992,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\cc99fbbac0b6e4e9ca62093e49b0c16b\System.Workflow.Activities.ni.dll
    + 2009-02-18 17:36:09 4,514,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\693a8fbe6f7ad6e4e429052da4317e59\System.Workflow.ComponentModel.ni.dll
    + 2009-02-18 17:36:19 1,908,224 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d265da36954fcb4cb7ad5adc693ea0f2\System.Workflow.Runtime.ni.dll
    + 2009-02-18 17:36:39 1,356,288 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\ac1750e78d79520dcf19195772eff1b6\System.WorkflowServices.ni.dll
    + 2009-02-18 17:36:42 400,896 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c338a470b14851ce5987bb0f0869c310\System.Xml.Linq.ni.dll
    + 2009-02-18 16:53:53 5,450,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
    + 2009-02-18 16:51:24 7,868,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
    + 2009-02-18 16:53:54 447,488 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\5c028c3d8db6c0f0277673ea4a2d89fb\UIAutomationClient.ni.dll
    + 2009-02-18 16:53:55 1,049,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f3c7957351aec85f526a3350c9718b1e\UIAutomationClientsideProviders.ni.dll
    + 2009-02-18 16:53:56 60,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a715aa442ef87ae99b3ade185599249d\UIAutomationProvider.ni.dll
    + 2009-02-18 16:53:56 187,904 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a6d9503962d47c722231c1478f180695\UIAutomationTypes.ni.dll
    + 2009-02-18 16:51:45 3,313,664 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\14cd5f4b61d35f9b76327d6be9853755\WindowsBase.ni.dll
    + 2009-02-18 16:53:58 240,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6a818099f0386e2356ae94f886a2196f\WindowsFormsIntegration.ni.dll
    + 2009-02-18 17:14:31 321,536 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2ef5bc3a2edd7570bb23886a4f32294a\WsatConfig.ni.exe
    + 2008-07-06 12:06:10 89,088 ------w c:\windows\Driver Cache\i386\filterpipelineprintproc.dll
    + 2008-07-06 12:06:10 765,440 ------w c:\windows\Driver Cache\i386\mxdwdrv.dll
    + 2008-07-06 12:06:10 198,656 ------w c:\windows\Driver Cache\i386\mxdwdui.dll
    + 2008-07-06 12:06:10 373,248 ------w c:\windows\Driver Cache\i386\unidrv.dll
    + 2008-07-06 12:06:10 744,960 ------w c:\windows\Driver Cache\i386\unidrvui.dll
    + 2008-03-13 04:52:36 761,344 ------w c:\windows\Driver Cache\i386\unires.dll
    - 2009-01-06 03:38:53 117,364 ----a-w c:\windows\hpoins11.dat
    + 2009-02-19 22:29:06 116,764 ----a-w c:\windows\hpoins11.dat
    - 2004-08-04 10:00:00 61,440 -c--a-w c:\windows\ie7\admparse.dll
    + 2008-04-14 00:11:48 61,440 -c--a-w c:\windows\ie7\admparse.dll
    - 2004-08-04 10:00:00 99,840 -c--a-w c:\windows\ie7\advpack.dll
    + 2008-04-14 00:11:48 99,840 -c--a-w c:\windows\ie7\advpack.dll
    - 2006-06-03 11:40:49 33,792 -c--a-w c:\windows\ie7\custsat.dll
    + 2008-04-14 00:11:51 33,792 -c--a-w c:\windows\ie7\custsat.dll
    - 2008-04-21 07:03:57 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
    + 2008-04-14 00:11:52 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
    - 2008-04-21 07:03:57 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
    + 2008-04-14 00:11:52 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
    - 2008-04-21 07:03:57 55,808 -c--a-w c:\windows\ie7\extmgr.dll
    + 2008-04-14 00:11:53 55,808 -c--a-w c:\windows\ie7\extmgr.dll
    - 2004-08-04 10:00:00 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
    + 2008-04-14 00:11:54 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
    + 2008-04-14 00:12:22 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
    - 2004-08-04 10:00:00 139,264 -c--a-w c:\windows\ie7\ieakeng.dll
    + 2008-04-14 00:11:54 143,360 -c--a-w c:\windows\ie7\ieakeng.dll
    - 2004-08-04 10:00:00 216,576 -c--a-w c:\windows\ie7\ieaksie.dll
    + 2008-04-14 00:11:54 216,576 -c--a-w c:\windows\ie7\ieaksie.dll
    - 2004-08-04 10:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
    + 2001-08-23 13:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
    - 2004-08-04 10:00:00 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
    + 2008-04-14 00:11:54 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
    + 2008-04-14 00:12:22 18,432 -c--a-w c:\windows\ie7\iedw.exe
    - 2008-04-21 07:03:58 251,392 -c--a-w c:\windows\ie7\iepeers.dll
    + 2008-04-14 00:11:54 251,904 -c--a-w c:\windows\ie7\iepeers.dll
    - 2004-08-04 10:00:00 48,640 -c--a-w c:\windows\ie7\iernonce.dll
    + 2008-04-14 00:11:54 48,640 -c--a-w c:\windows\ie7\iernonce.dll
    - 2004-08-04 10:00:00 62,976 -c--a-w c:\windows\ie7\iesetup.dll
    + 2008-04-14 00:11:54 62,976 -c--a-w c:\windows\ie7\iesetup.dll
    + 2008-04-14 00:12:22 93,184 -c--a-w c:\windows\ie7\iexplore.exe
    - 2004-08-04 10:00:00 35,840 -c--a-w c:\windows\ie7\imgutil.dll
    + 2008-04-14 00:11:54 35,840 -c--a-w c:\windows\ie7\imgutil.dll
    - 2008-04-21 07:03:58 96,256 -c--a-w c:\windows\ie7\inseng.dll
    + 2008-04-14 00:11:55 96,256 -c--a-w c:\windows\ie7\inseng.dll
    - 2008-04-21 07:03:58 16,384 -c--a-w c:\windows\ie7\jsproxy.dll
    + 2008-04-14 00:11:56 15,872 -c--a-w c:\windows\ie7\jsproxy.dll
    - 2004-08-04 10:00:00 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
    + 2008-04-14 00:11:56 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
    + 2008-04-14 00:12:27 29,184 -c--a-w c:\windows\ie7\mshta.exe
    - 2008-04-21 07:03:59 3,059,712 -c--a-w c:\windows\ie7\mshtml.dll
    + 2008-12-12 17:01:00 3,067,904 -c--a-w c:\windows\ie7\mshtml.dll
    - 2008-04-21 07:03:59 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
    + 2008-04-14 00:11:59 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
    - 2004-08-04 10:00:00 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
    + 2008-04-13 16:26:26 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
    - 2004-08-04 10:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
    + 2001-08-23 13:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
    - 2008-04-21 07:03:59 146,432 -c--a-w c:\windows\ie7\msrating.dll
    + 2008-04-14 00:12:00 146,432 -c--a-w c:\windows\ie7\msrating.dll
    - 2008-04-21 07:03:59 532,480 -c--a-w c:\windows\ie7\mstime.dll
    + 2008-04-14 00:12:00 532,480 -c--a-w c:\windows\ie7\mstime.dll
    - 2004-08-04 10:00:00 96,256 -c--a-w c:\windows\ie7\occache.dll
    + 2008-04-14 00:12:02 96,256 -c--a-w c:\windows\ie7\occache.dll
    - 2008-04-21 07:03:59 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
    + 2008-04-14 00:12:02 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
    - 2007-08-13 22:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
    + 2007-08-13 23:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
    + 2007-08-13 23:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
    - 2006-09-06 21:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
    + 2006-09-06 22:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
    - 2006-09-06 21:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
    + 2006-09-06 22:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
    - 2004-08-04 10:00:00 37,888 -c--a-w c:\windows\ie7\url.dll
    + 2008-04-14 00:12:08 37,888 -c--a-w c:\windows\ie7\url.dll
    - 2008-04-21 07:04:00 615,936 -c--a-w c:\windows\ie7\urlmon.dll
    + 2008-10-16 01:00:11 619,520 -c--a-w c:\windows\ie7\urlmon.dll
    - 2007-06-26 15:13:22 851,968 -c--a-w c:\windows\ie7\vgx.dll
    + 2008-04-14 00:12:08 851,968 -c--a-w c:\windows\ie7\vgx.dll
    - 2004-08-04 10:00:00 276,480 -c--a-w c:\windows\ie7\webcheck.dll
    + 2008-04-14 00:12:08 276,480 -c--a-w c:\windows\ie7\webcheck.dll
    - 2008-04-21 07:04:00 659,456 -c--a-w c:\windows\ie7\wininet.dll
    + 2008-10-16 01:00:11 666,112 -c--a-w c:\windows\ie7\wininet.dll
    + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
    + 2007-08-13 23:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
    - 2008-06-23 16:57:27 124,928 -c--a-w c:\windows\ie7updates\KB956390-IE7\advpack.dll
    + 2007-08-13 23:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
    + 2007-08-13 23:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll.000
    - 2008-06-23 16:57:27 347,136 -c--a-w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
    + 2007-08-13 23:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
    + 2007-08-13 23:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll.000
    - 2008-06-23 16:57:27 214,528 -c--a-w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
    + 2007-08-13 23:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
    + 2007-08-13 23:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll.000
    - 2008-06-23 16:57:27 133,120 -c--a-w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
    + 2007-08-13 23:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
    + 2007-08-13 23:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll.000
    + 2007-08-13 23:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
    + 2007-08-13 23:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe.000
    - 2008-06-23 16:57:29 153,088 -c--a-w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
    + 2007-08-13 23:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
    + 2007-08-13 23:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll.000
    - 2008-06-23 16:57:29 230,400 -c--a-w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
    + 2007-08-13 23:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
    + 2007-08-13 23:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll.000
    - 2008-06-21 05:23:54 161,792 -c--a-w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
    + 2007-08-13 22:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
    - 2008-06-23 16:57:29 383,488 -c--a-w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
    + 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
    - 2008-06-23 16:57:29 384,512 -c--a-w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
    + 2007-08-13 23:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
    + 2007-08-13 23:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll.000
    - 2008-06-23 16:57:33 44,544 -c--a-w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
    + 2007-08-13 23:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
    + 2007-08-13 23:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll.000
    + 2007-08-13 23:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
    + 2007-08-13 23:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
    + 2007-08-13 23:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe.000
    - 2008-06-23 16:57:35 27,648 -c--a-w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
    + 2007-08-13 23:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
    + 2007-08-13 23:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll.000
    - 2008-06-24 14:57:40 3,592,192 -c--a-w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
    + 2007-08-13 23:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
    - 2008-06-23 16:57:39 477,696 -c--a-w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
    + 2007-08-13 23:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
    + 2007-08-13 23:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll.000
    - 2008-06-23 16:57:39 193,024 -c--a-w c:\windows\ie7updates\KB956390-IE7\msrating.dll
    + 2007-08-13 23:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
    + 2007-08-13 23:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll.000
    - 2008-06-23 16:57:40 671,232 -c--a-w c:\windows\ie7updates\KB956390-IE7\mstime.dll
    + 2007-08-13 23:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
    + 2007-08-13 23:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll.000
    - 2008-06-23 16:57:40 102,912 -c--a-w c:\windows\ie7updates\KB956390-IE7\occache.dll
    + 2007-08-13 23:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
    + 2007-08-13 23:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll.000
    - 2008-06-23 16:57:40 44,544 -c--a-w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
    + 2007-08-13 23:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
    + 2007-08-13 23:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll.000
    + 2007-03-06 01:22:34 22,752 -c----w c:\windows\ie7updates\KB956390-IE7\spcustom.dll
    + 2007-03-06 01:22:36 14,048 -c----w c:\windows\ie7updates\KB956390-IE7\spmsg.dll
    + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst.exe
    - 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:22:59 716,000 -c----w c:\windows\ie7updates\KB956390-IE7\update.exe
    + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\updspapi.dll
    - 2008-06-23 16:57:40 105,984 -c--a-w c:\windows\ie7updates\KB956390-IE7\url.dll
    + 2007-08-13 23:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
    + 2007-08-13 23:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll.000
    - 2008-06-23 16:57:40 1,159,680 -c--a-w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
    + 2007-08-13 23:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
    - 2008-06-23 16:57:41 233,472 -c--a-w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
    + 2007-08-13 23:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
    + 2007-08-13 23:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll.000
    - 2008-06-23 16:57:41 826,368 -c--a-w c:\windows\ie7updates\KB956390-IE7\wininet.dll
    + 2007-08-13 23:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
    + 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
    + 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll.000
    + 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
    + 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll.000
    + 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
    + 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll.000
    + 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
    + 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
    + 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
    + 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
    + 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
    + 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
    + 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
    + 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll.000
    + 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
    + 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
    + 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
    + 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
    + 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
    + 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
    + 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe.000
    + 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
    + 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll.000
    + 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
    + 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
    + 2008-08-27 18:54:32 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
    + 2008-08-27 18:54:32 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll.000
    + 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
    + 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll.000
    + 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
    + 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
    + 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
    + 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
    + 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll.000
    + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
    + 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
    + 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll.000
    + 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
    + 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll.000
    + 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
    + 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll.000
    + 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
    + 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll.000
    - 2008-04-14 00:12:38 208,896 ----a-w c:\windows\inf\unregmp2.exe
    + 2007-06-27 03:10:26 317,440 ----a-w c:\windows\inf\unregmp2.exe
    - 2008-05-29 01:50:14 29,926 ----a-r c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
    + 2009-02-18 14:26:59 29,926 ----a-r c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
    + 2009-02-19 22:27:26 65,536 ----a-r c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\ARPPRODUCTICON.exe
    + 2009-02-19 22:27:26 65,536 ----a-r c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut2_D7CAE58E26DE49B7A75DEAEDF76726BE.exe
    + 2009-02-19 22:27:26 65,536 ----a-r c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut3_D7CAE58E26DE49B7A75DEAEDF76726BE_3.exe
    + 2009-02-19 22:27:26 65,536 ----a-r c:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut7_856D48883B484D0C99D439AA7CF9DB2E.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut1.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut10.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut11.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut12.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut13.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut14.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 65,536 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut15_1.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut16.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut17.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut18.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut19.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut2.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut20.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut21.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut22.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut23.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut24.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 65,536 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut25.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 65,536 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut27.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut6.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut7.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut8.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2009-02-19 22:23:09 110,592 ----a-r c:\windows\Installer\{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}\NewShortcut9.DE9B046B_865A_4DEC_B555_7F4B3C92BD42.exe
    + 2008-07-25 16:16:58 82,944 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
    - 2005-09-23 11:28:52 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    + 2008-07-25 16:16:58 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
    - 2005-09-23 11:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    + 2008-07-25 16:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
    - 2005-09-23 11:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    + 2008-07-25 16:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
    - 2005-09-23 11:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    + 2008-07-25 16:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll
    - 2005-09-23 11:28:52 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    + 2008-07-25 16:16:58 96,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
    - 2005-09-23 11:28:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    + 2008-07-25 16:16:42 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
    - 2005-09-23 11:28:42 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    + 2008-07-25 16:16:48 145,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
    - 2005-09-23 11:28:44 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    + 2008-07-25 16:16:50 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
    - 2005-09-23 11:29:04 183,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    + 2008-07-25 16:17:10 193,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
    - 2005-09-23 11:28:28 208,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    + 2008-07-25 16:16:36 218,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
    - 2005-09-23 11:28:56 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    + 2008-07-25 16:17:00 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
    - 2005-09-23 11:28:58 138,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    + 2008-07-25 16:17:02 147,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
    - 2005-09-23 11:28:36 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
    + 2008-07-25 16:16:44 98,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
    - 2005-09-23 11:28:58 55,488 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2008-07-25 16:17:02 58,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
    + 2008-07-25 16:16:40 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
    - 2005-09-23 11:28:32 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    + 2008-07-25 16:16:40 22,024 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
    - 2005-09-23 11:28:32 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    + 2008-07-25 16:16:40 17,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
    - 2005-09-23 11:28:32 23,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    + 2008-07-25 16:16:40 33,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    - 2005-09-23 11:28:32 70,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2008-07-25 16:16:38 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
    + 2008-07-25 16:16:40 24,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
    - 2005-09-23 11:28:32 26,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2008-07-25 16:16:40 33,288 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
    + 2008-07-25 16:16:40 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
    - 2005-09-23 11:28:32 29,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    + 2008-07-25 16:16:40 34,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    - 2005-09-23 11:28:32 29,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2008-11-25 09:59:18 31,560 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    - 2005-09-23 11:28:32 503,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2008-07-25 16:16:40 507,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
    + 2008-07-25 16:17:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
    - 2005-09-23 11:28:56 88,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    + 2008-07-25 16:17:00 89,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    - 2005-09-23 11:28:42 76,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
    + 2008-07-25 16:16:50 80,376 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
    - 2005-09-23 11:28:42 1,144,832 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    + 2008-07-25 16:16:50 1,163,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
    - 2005-09-23 11:28:42 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    + 2008-07-25 16:16:50 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
    - 2005-09-23 11:28:58 17,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    + 2008-07-25 16:17:02 27,136 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
    - 2005-09-23 11:28:56 68,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    + 2008-07-25 16:17:00 69,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
    - 2005-09-23 11:28:44 31,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    + 2008-07-25 16:16:50 35,320 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    - 2005-09-23 11:28:38 52,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    + 2008-07-25 16:16:46 62,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
    + 2008-07-25 16:16:46 5,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    - 2005-09-23 11:29:12 547,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    + 2008-07-25 16:17:16 575,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
    - 2005-09-23 11:28:56 788,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    + 2008-07-25 16:17:00 798,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
    - 2005-09-23 11:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    + 2008-07-25 16:16:58 18,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
    + 2008-07-25 16:17:00 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
    - 2005-09-23 11:28:56 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    + 2008-07-25 16:17:02 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
    - 2005-09-23 11:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    + 2008-07-25 16:17:00 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
    - 2005-09-23 11:28:56 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    + 2008-07-25 16:17:00 6,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
    - 2005-09-23 11:28:56 224,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    + 2008-07-25 16:17:00 230,904 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
    + 2008-07-25 16:17:00 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
    - 2005-09-23 11:28:56 55,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    + 2008-07-25 16:17:00 65,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
    - 2005-09-23 11:28:56 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    + 2008-07-25 16:17:00 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
    + 2008-07-25 16:16:54 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
    - 2005-09-23 11:28:48 413,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    + 2008-07-25 16:16:56 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
    - 2005-09-23 11:28:48 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    + 2008-07-25 16:16:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
    - 2005-09-23 11:28:48 647,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    + 2008-07-25 16:16:56 655,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
    - 2005-09-23 11:28:48 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    + 2008-07-25 16:16:56 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
    - 2005-09-23 11:28:48 745,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    + 2008-07-25 16:16:54 749,568 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
    - 2005-09-23 11:29:10 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2008-07-25 16:17:14 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2005-09-23 11:29:10 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    + 2008-07-25 16:17:14 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
    - 2005-09-23 11:29:08 667,648 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
    + 2008-07-25 16:17:12 659,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
    - 2005-09-23 11:28:30 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    + 2008-07-25 16:16:38 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
    - 2005-09-23 11:29:10 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    + 2008-07-25 16:17:16 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
    - 2005-09-23 11:28:30 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    + 2008-07-25 16:16:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
    - 2005-09-23 11:28:30 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2008-07-25 16:16:38 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2005-09-23 11:28:30 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    + 2008-07-25 16:16:38 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
    - 2005-09-23 11:28:32 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    + 2008-07-25 16:16:40 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
    + 2008-07-25 16:16:56 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
    - 2005-09-23 11:28:56 800,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    + 2008-11-25 09:59:40 990,032 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2005-09-23 11:28:56 73,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    + 2008-07-25 16:17:00 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
    - 2005-09-23 11:28:56 288,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    + 2008-07-25 16:17:00 308,224 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
    - 2005-09-23 11:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    + 2008-07-25 16:17:00 46,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
    - 2005-09-23 11:28:56 326,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    + 2008-11-25 09:59:40 364,872 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
    - 2005-09-23 11:28:56 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    + 2008-07-25 16:17:00 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
    - 2005-09-23 11:28:56 4,308,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2008-11-25 09:59:40 4,546,560 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    - 2005-09-23 11:28:56 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    + 2008-07-25 16:17:00 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
    - 2005-09-23 11:29:00 330,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    + 2008-07-25 16:17:04 345,600 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    - 2005-09-23 11:28:56 67,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    + 2008-07-25 16:17:00 77,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
    - 2005-09-23 11:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    + 2008-07-25 16:16:58 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
    - 2005-09-23 11:28:56 226,816 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    + 2008-07-25 16:17:02 230,912 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
    - 2005-09-23 11:28:56 66,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    + 2008-07-25 16:17:02 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    - 2005-09-23 11:28:56 10,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    + 2008-07-25 16:17:02 19,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
    - 2005-09-23 11:28:50 5,615,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2008-11-25 09:59:36 5,813,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    - 2005-09-23 11:29:00 22,528 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    + 2008-07-25 16:17:04 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
    - 2005-09-23 11:28:56 96,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    + 2008-07-25 16:17:02 100,856 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    - 2005-09-23 11:28:56 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    + 2008-07-25 16:17:02 24,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
    - 2005-09-23 11:28:56 78,336 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    + 2008-07-25 16:17:02 88,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    - 2005-09-23 11:28:50 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2008-07-25 16:16:58 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
    + 2008-07-25 16:17:00 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    + 2008-07-25 16:17:00 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    - 2005-09-23 11:29:02 59,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    + 2008-07-25 16:17:06 61,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
    - 2005-09-23 11:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    + 2008-07-25 16:17:02 16,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
    - 2005-09-23 11:28:56 107,520 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
    + 2008-07-25 16:17:00 118,784 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
    - 2005-09-23 11:29:00 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    + 2008-07-25 16:17:04 95,232 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
    - 2005-09-23 11:28:56 377,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    + 2008-07-25 16:17:02 392,184 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
    - 2005-09-23 11:28:56 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    + 2008-07-25 16:17:02 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
    - 2005-09-23 11:28:58 389,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    + 2008-07-25 16:17:02 425,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
    - 2005-09-23 11:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    + 2008-07-25 16:17:00 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
    - 2005-09-23 11:28:56 2,878,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    + 2008-07-25 16:17:00 2,933,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
    - 2005-09-23 11:28:56 482,304 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    + 2008-11-25 09:59:40 486,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
    - 2005-09-23 11:28:56 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    + 2008-07-25 16:17:02 745,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
    - 2005-09-23 11:28:38 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    + 2008-07-25 16:16:46 970,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
    - 2005-09-23 11:28:56 5,050,368 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    + 2008-07-25 16:17:00 5,062,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
    - 2005-09-23 11:28:56 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    + 2008-07-25 16:17:00 401,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
    - 2005-09-23 11:28:56 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    + 2008-07-25 16:17:02 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
    - 2005-09-23 11:28:56 3,018,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    + 2008-07-25 16:17:00 3,149,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
    - 2005-09-23 11:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    + 2008-07-25 16:17:00 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
    - 2005-09-23 11:28:56 700,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    + 2008-07-25 16:17:00 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
    - 2005-09-23 11:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    + 2008-07-25 16:17:02 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
    - 2005-09-23 11:28:56 47,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    + 2008-07-25 16:17:02 57,392 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
    - 2005-09-23 11:28:56 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    + 2008-07-25 16:17:02 113,664 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
    - 2005-09-23 11:28:56 368,640 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    + 2008-07-25 16:17:00 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
    - 2005-09-23 11:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    + 2008-07-25 16:17:00 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
    - 2005-09-23 11:28:56 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    + 2008-07-25 16:17:00 303,104 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
    - 2005-09-23 11:28:56 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    + 2008-07-25 16:17:00 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
    - 2005-09-23 11:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    + 2008-07-25 16:17:00 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
    - 2005-09-23 11:28:56 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    + 2008-07-25 16:17:00 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
    - 2005-09-23 11:28:56 260,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    + 2008-07-25 16:17:02 261,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
    - 2005-09-23 11:28:56 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2008-11-25 09:59:40 5,242,880 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    - 2005-09-23 11:28:56 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
    + 2008-07-25 16:17:02 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
    - 2005-09-23 11:28:56 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
    + 2008-07-25 16:17:02 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
    - 2005-09-23 11:28:56 823,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    + 2008-07-25 16:17:00 839,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
    - 2005-09-23 11:28:56 5,316,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    + 2008-07-25 16:17:00 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
    - 2005-09-23 11:28:56 2,035,712 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    + 2008-11-25 09:59:40 2,048,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
    - 2005-09-23 11:28:56 71,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    + 2008-07-25 16:17:02 81,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
    - 2005-09-23 11:29:06 1,140,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    + 2008-07-25 16:17:10 1,172,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    - 2005-09-23 11:28:30 1,306,624 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    + 2008-07-25 16:16:38 1,344,000 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
    - 2005-09-23 11:28:32 298,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2008-11-25 09:59:18 436,040 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2005-09-23 11:28:56 28,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    + 2008-07-25 16:17:02 37,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
    + 2008-07-30 00:16:38 168,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
    + 2008-07-30 00:24:50 881,664 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    + 2008-07-30 00:16:38 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
    + 2008-07-30 00:16:38 163,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
    + 2008-07-30 00:16:38 11,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
    + 2008-07-30 00:16:38 156,688 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
    + 2008-07-30 00:16:38 20,504 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
    + 2008-07-30 00:16:38 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
    + 2008-07-30 00:16:38 132,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    + 2008-07-30 00:16:38 966,656 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
    + 2008-12-06 01:12:12 5,931,008 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
    + 2008-07-30 00:16:38 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
    + 2008-07-30 00:16:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
    + 2008-07-30 00:16:38 152,576 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
    + 2008-07-30 00:32:52 17,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
    + 2008-07-30 02:10:04 806,928 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
    + 2008-07-30 02:10:04 4,883,464 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
    + 2008-07-30 02:10:04 2,637,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
    + 2008-07-30 02:10:04 71,160 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
    + 2008-07-30 00:59:58 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
    + 2008-07-30 02:10:04 46,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    + 2008-07-30 00:59:58 132,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
    + 2008-07-30 01:35:46 864,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
    + 2008-12-06 00:35:22 1,736,528 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
    + 2008-07-30 04:40:48 168,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
    + 2008-07-30 04:40:48 233,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
    + 2008-07-30 04:40:48 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe
    + 2008-07-30 04:40:48 41,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
    + 2008-07-30 04:40:48 41,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
    + 2008-07-30 04:40:48 1,548,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\csc.exe
    + 2008-07-30 04:40:48 78,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
     
    scorpion657,
    #21
  2. 2009/02/20
    scorpion657

    scorpion657 Inactive Thread Starter

    Joined:
    2008/04/03
    Messages:
    78
    Likes Received:
    0
    + 2008-07-30 04:40:48 95,224 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe
    + 2008-07-30 04:15:24 225,490 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
    + 2008-07-29 23:47:34 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
    + 2008-07-29 23:47:34 276,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
    + 2008-07-29 23:47:34 1,064,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
    + 2008-07-29 23:47:34 177,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
    + 2008-07-29 23:47:34 269,304 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    + 2008-07-29 23:47:34 113,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
    + 2008-07-29 23:47:34 84,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
    + 2008-07-29 23:47:34 125,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
    + 2008-07-29 23:47:34 126,464 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
    + 2008-07-29 23:47:34 130,048 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
    + 2008-07-29 23:47:34 137,728 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
    + 2008-07-29 23:47:34 122,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
    + 2008-07-29 23:47:34 133,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
    + 2008-07-29 23:47:34 111,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
    + 2008-07-29 23:47:34 132,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
    + 2008-07-29 23:47:34 128,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
    + 2008-07-29 23:47:34 97,792 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
    + 2008-07-29 23:47:34 94,720 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
    + 2008-07-29 23:47:34 129,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
    + 2008-07-29 23:47:34 121,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
    + 2008-07-29 23:47:34 128,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
    + 2008-07-29 23:47:34 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
    + 2008-07-29 23:47:34 123,904 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
    + 2008-07-29 23:47:34 121,344 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
    + 2008-07-29 23:47:34 121,344 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
    + 2008-07-29 23:47:34 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
    + 2008-07-29 23:47:34 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
    + 2008-07-29 23:47:34 131,584 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
    + 2008-07-29 23:47:34 110,080 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
    + 2008-07-29 23:47:34 1,364,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
    + 2008-07-29 23:47:34 1,054,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
    + 2008-07-29 23:47:34 632,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
    + 2008-07-29 23:47:34 413,184 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
    + 2008-07-29 23:47:34 689,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
    + 2008-07-29 23:47:34 102,904 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
    + 2008-07-29 23:47:34 89,592 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
    + 2008-07-29 23:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
    + 2008-07-29 23:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
    + 2008-07-29 23:47:34 111,608 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
    + 2008-07-29 23:47:34 113,656 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
    + 2008-07-29 23:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
    + 2008-07-29 23:47:34 112,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
    + 2008-07-29 23:47:34 101,368 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
    + 2008-07-29 23:47:34 111,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
    + 2008-07-29 23:47:34 110,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
    + 2008-07-29 23:47:34 95,224 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
    + 2008-07-29 23:47:34 92,664 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
    + 2008-07-29 23:47:34 108,536 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
    + 2008-07-29 23:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
    + 2008-07-29 23:47:34 109,048 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
    + 2008-07-29 23:47:34 107,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
    + 2008-07-29 23:47:34 107,000 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
    + 2008-07-29 23:47:34 105,976 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
    + 2008-07-29 23:47:34 106,488 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
    + 2008-07-29 23:47:34 89,080 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
    + 2008-07-29 23:47:34 110,072 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
    + 2008-07-29 23:47:34 111,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
    + 2008-07-29 23:47:34 107,512 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
    + 2008-07-29 23:47:34 984,056 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
    + 2008-07-30 04:40:48 802,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
    + 2008-07-30 04:40:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
    + 2008-07-30 04:40:48 41,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
    + 2008-07-30 04:40:48 91,136 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe
    + 2008-07-30 04:40:48 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
    + 2008-07-30 04:40:48 1,720,824 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\vbc.exe
    + 2008-07-30 04:40:48 196,104 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
    + 2008-07-30 04:40:48 70,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    - 2008-04-14 00:11:48 61,440 ----a-w c:\windows\system32\admparse.dll
    + 2007-08-13 23:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
    - 2008-04-14 00:11:48 99,840 ----a-w c:\windows\system32\advpack.dll
    + 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
    - 2008-04-13 17:23:38 8,192 ----a-w c:\windows\system32\asferror.dll
    + 2006-10-19 02:47:08 7,168 ----a-w c:\windows\system32\asferror.dll
    - 2008-07-19 14:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe
    + 2009-02-05 21:11:35 1,256,296 ----a-w c:\windows\system32\aswBoot.exe
    - 2008-07-19 14:30:53 94,392 ----a-w c:\windows\system32\AvastSS.scr
    + 2009-02-05 21:04:45 97,480 ----a-w c:\windows\system32\AvastSS.scr
    - 2008-04-14 00:11:50 286,720 ----a-w c:\windows\system32\blackbox.dll
    + 2006-10-19 02:47:10 542,720 ----a-w c:\windows\system32\blackbox.dll
    - 2008-04-14 00:11:50 159,232 ----a-w c:\windows\system32\cewmdm.dll
    + 2006-10-19 02:47:10 229,376 ----a-w c:\windows\system32\cewmdm.dll
    - 2008-04-14 00:12:15 139,264 ----a-w c:\windows\system32\cscript.exe
    + 2008-05-07 09:07:23 135,168 ----a-w c:\windows\system32\cscript.exe
    - 2005-09-23 11:28:38 83,456 ----a-w c:\windows\system32\dfshim.dll
    + 2008-07-25 16:16:46 96,760 ----a-w c:\windows\system32\dfshim.dll
    + 2007-08-13 23:39:20 71,680 -c----w c:\windows\system32\dllcache\admparse.dll
    + 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
    - 2008-04-13 17:23:38 8,192 -c--a-w c:\windows\system32\dllcache\asferror.dll
    + 2006-10-19 02:47:08 7,168 -c--a-w c:\windows\system32\dllcache\asferror.dll
    - 2008-04-14 00:11:50 286,720 -c--a-w c:\windows\system32\dllcache\blackbox.dll
    + 2006-10-19 02:47:10 542,720 -c--a-w c:\windows\system32\dllcache\blackbox.dll
    + 2006-09-23 18:12:50 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll
    - 2008-04-14 00:11:50 159,232 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
    + 2006-10-19 02:47:10 229,376 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
    + 2007-08-13 23:42:54 17,408 -c----w c:\windows\system32\dllcache\corpol.dll
    + 2008-05-07 09:07:23 135,168 -c----w c:\windows\system32\dllcache\cscript.exe
    - 2008-04-14 00:11:51 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
    + 2007-08-13 23:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
    + 2008-06-20 17:46:57 147,968 -c----w c:\windows\system32\dllcache\dnsapi.dll
    - 2008-04-14 00:12:57 695,808 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
    + 2006-10-19 02:47:10 991,744 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
    + 2008-12-20 23:15:12 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
    + 2008-12-20 23:15:13 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
    + 2008-07-07 20:26:58 253,952 -c----w c:\windows\system32\dllcache\es.dll
    + 2008-12-20 23:15:13 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
    + 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
    + 2007-08-13 23:18:02 60,416 -c----w c:\windows\system32\dllcache\hmmapi.dll
    + 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
    + 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
    + 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
    - 2001-08-23 13:00:00 221,184 -c--a-w c:\windows\system32\dllcache\ieakui.dll
    + 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
    + 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
    + 2007-08-13 23:44:02 69,120 -c----w c:\windows\system32\dllcache\iedw.exe
    + 2007-08-13 23:45:18 78,336 -c----w c:\windows\system32\dllcache\ieencode.dll
    + 2007-08-13 23:54:10 191,488 -c----w c:\windows\system32\dllcache\iepeers.dll
    + 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
    + 2007-08-13 23:39:12 55,296 -c----w c:\windows\system32\dllcache\iesetup.dll
    + 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
    + 2007-08-13 23:36:06 36,352 -c----w c:\windows\system32\dllcache\imgutil.dll
    + 2007-08-13 23:39:02 92,672 -c----w c:\windows\system32\dllcache\inseng.dll
    + 2008-05-09 10:53:39 512,000 -c----w c:\windows\system32\dllcache\jscript.dll
    + 2008-12-20 23:15:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
    - 2008-04-14 00:11:56 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll
    + 2006-10-19 02:47:14 11,264 -c--a-w c:\windows\system32\dllcache\LAPRXY.dll
    + 2007-08-13 23:44:18 40,960 -c----w c:\windows\system32\dllcache\licmgr10.dll
    - 2008-04-14 00:12:24 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
    + 2008-06-18 06:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
    - 2008-04-14 00:11:57 310,272 -c--a-w c:\windows\system32\dllcache\mp43dmod.dll
    + 2006-10-19 02:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MP43DMOD.dll
    - 2008-04-14 00:11:57 384,512 -c--a-w c:\windows\system32\dllcache\mp4sdmod.dll
    + 2006-10-19 02:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MP4SDMOD.dll
    - 2008-04-14 00:11:57 240,640 -c--a-w c:\windows\system32\dllcache\mpg4dmod.dll
    + 2006-10-19 02:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MPG4DMOD.dll
    - 2008-04-14 00:11:57 368,640 -c--a-w c:\windows\system32\dllcache\mpvis.dll
    + 2006-10-19 02:47:14 243,712 -c--a-w c:\windows\system32\dllcache\mpvis.dll
    + 2008-06-24 16:43:16 74,240 -c----w c:\windows\system32\dllcache\mscms.dll
    + 2007-08-13 23:32:30 45,568 -c----w c:\windows\system32\dllcache\mshta.exe
    + 2008-12-20 23:15:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
    + 2007-08-13 23:01:12 48,128 -c----w c:\windows\system32\dllcache\mshtmler.dll
    - 2001-08-23 13:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll
    + 2007-08-13 23:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
    - 2008-04-14 00:12:55 259,072 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
    + 2006-10-19 02:47:16 179,712 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
    - 2008-04-14 00:12:00 52,224 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
    + 2006-10-19 02:47:16 27,136 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
    - 2008-04-14 00:12:00 201,728 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
    + 2006-10-19 02:47:16 175,616 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
    + 2008-12-20 23:15:31 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
    - 2008-04-14 00:12:56 356,352 -c--a-w c:\windows\system32\dllcache\msscp.dll
    + 2006-12-04 21:21:50 414,720 -c--a-w c:\windows\system32\dllcache\msscp.dll
    + 2008-12-20 23:15:32 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
    - 2008-04-14 00:12:01 245,760 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
    + 2006-10-19 02:47:16 321,536 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
    + 2008-06-20 17:46:57 245,248 -c----w c:\windows\system32\dllcache\mswsock.dll
    - 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
    + 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
    + 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll
    + 2008-12-20 23:15:38 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
    + 2008-05-07 05:12:40 1,288,192 -c----w c:\windows\system32\dllcache\quartz.dll
    + 2008-05-09 10:53:39 180,224 -c----w c:\windows\system32\dllcache\scrobj.dll
    + 2008-05-09 10:53:40 172,032 -c----w c:\windows\system32\dllcache\scrrun.dll
    - 2008-04-14 00:12:35 774,144 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
    + 2006-11-01 23:31:38 1,669,120 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
    + 2006-09-23 18:12:50 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
    + 2008-06-20 11:51:12 361,600 -c----w c:\windows\system32\dllcache\tcpip.sys
    + 2008-06-20 11:08:27 225,856 -c----w c:\windows\system32\dllcache\tcpip6.sys
    - 2008-04-14 00:12:38 208,896 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
    + 2007-06-27 03:10:26 317,440 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
    + 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
    + 2008-05-09 10:53:40 430,080 -c----w c:\windows\system32\dllcache\vbscript.dll
    + 2008-05-27 17:23:58 765,952 -c----w c:\windows\system32\dllcache\vgx.dll
    + 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
    + 2008-09-06 04:30:42 241,704 -c----w c:\windows\system32\dllcache\wgaLogon.dll
    + 2008-09-06 04:29:58 917,032 -c----w c:\windows\system32\dllcache\WgaTray.exe
    - 2008-04-14 00:12:09 408,064 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
    + 2006-10-19 02:47:18 757,248 -c--a-w c:\windows\system32\dllcache\WMADMOD.dll
    - 2008-04-14 00:12:09 670,720 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll
    + 2006-10-19 02:47:18 1,117,696 -c--a-w c:\windows\system32\dllcache\WMADMOE.dll
    - 2008-04-14 00:12:09 230,912 -c--a-w c:\windows\system32\dllcache\wmasf.dll
    + 2007-10-27 22:40:30 222,720 -c--a-w c:\windows\system32\dllcache\wmasf.dll
    - 2008-04-14 00:12:09 27,136 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
    + 2006-10-19 02:47:18 33,792 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
    - 2008-04-14 00:12:09 23,552 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
    + 2006-10-19 02:47:18 37,376 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
    - 2008-04-13 17:23:24 168,448 -c--a-w c:\windows\system32\dllcache\wmerror.dll
    + 2006-10-19 02:47:20 227,328 -c--a-w c:\windows\system32\dllcache\wmerror.dll
    - 2008-04-14 00:12:09 151,552 -c--a-w c:\windows\system32\dllcache\wmidx.dll
    + 2006-10-19 02:47:20 157,184 -c--a-w c:\windows\system32\dllcache\wmidx.dll
    - 2008-04-14 00:12:09 1,053,184 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
    + 2008-06-18 10:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
    - 2008-04-14 00:12:09 4,874,240 -c--a-w c:\windows\system32\dllcache\wmp.dll
    + 2007-06-12 04:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
    - 2008-04-14 00:12:09 114,688 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
    + 2006-10-19 02:47:20 242,688 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
    - 2008-04-14 00:12:09 98,304 -c--a-w c:\windows\system32\dllcache\wmpband.dll
    + 2006-10-19 02:47:20 96,256 -c--a-w c:\windows\system32\dllcache\wmpband.dll
    - 2008-04-14 00:12:09 233,472 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
    + 2006-10-19 02:47:20 314,880 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
    - 2008-04-14 00:12:40 73,728 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
    + 2006-10-19 02:46:20 64,000 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
    - 2008-04-13 17:28:21 2,940,928 -c--a-w c:\windows\system32\dllcache\wmploc.dll
    + 2006-10-19 02:47:20 8,231,936 -c--a-w c:\windows\system32\dllcache\wmploc.dll
    - 2008-04-14 00:12:09 102,400 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
    + 2006-10-19 02:47:20 99,840 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
    - 2008-04-14 00:12:09 759,296 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
    + 2006-10-19 02:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
    - 2008-04-14 00:12:09 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
    + 2006-10-19 02:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
    - 2008-04-14 00:12:09 485,376 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll
    + 2006-10-19 02:47:22 603,648 -c--a-w c:\windows\system32\dllcache\WMSPDMOD.dll
    - 2008-04-14 00:12:10 897,024 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll
    + 2006-10-19 02:47:22 1,329,152 -c--a-w c:\windows\system32\dllcache\WMSPDMOE.dll
    - 2008-04-14 00:12:58 2,109,440 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
    + 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
    - 2008-04-14 00:12:10 809,984 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
    + 2006-10-19 02:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
    - 2008-04-14 00:12:10 1,001,472 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
    + 2006-10-19 02:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
    + 2008-05-08 11:24:44 155,648 -c----w c:\windows\system32\dllcache\wscript.exe
    + 2008-05-09 10:53:40 90,112 -c----w c:\windows\system32\dllcache\wshext.dll
    - 2008-04-14 00:11:52 147,968 ----a-w c:\windows\system32\dnsapi.dll
    + 2008-06-20 17:46:57 147,968 ----a-w c:\windows\system32\dnsapi.dll
    - 2008-07-19 14:32:15 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
    + 2009-02-05 21:05:11 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
    - 2008-07-19 14:37:42 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
    + 2009-02-05 21:07:12 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
    - 2008-01-17 16:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys
    + 2009-02-05 21:08:19 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
    - 2008-07-19 14:37:21 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
    + 2009-02-05 21:08:10 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
    - 2008-07-19 14:33:42 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
    + 2009-02-05 21:06:10 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
    - 2008-07-19 14:35:18 78,416 ----a-w c:\windows\system32\drivers\aswSP.sys
    + 2009-02-05 21:07:23 114,768 ----a-w c:\windows\system32\drivers\aswSP.sys
    - 2008-07-19 14:32:36 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys
    + 2009-02-05 21:06:20 51,376 ----a-w c:\windows\system32\drivers\aswTdi.sys
    + 2005-07-22 16:01:00 717,952 ----a-w c:\windows\system32\drivers\HSF_CNXT.sys
    + 2005-07-22 16:02:12 1,035,008 ----a-w c:\windows\system32\drivers\HSF_DPV.sys
    + 2005-07-22 16:01:08 201,600 ----a-w c:\windows\system32\drivers\HSFHWAZL.sys
    - 2005-10-05 04:57:08 12,544 ----a-r c:\windows\system32\drivers\mdmxsdk.sys
    + 2004-03-17 16:04:14 13,059 ----a-w c:\windows\system32\drivers\mdmxsdk.sys
    - 2008-04-13 19:20:16 361,344 ----a-w c:\windows\system32\drivers\tcpip.sys
    + 2008-06-20 11:51:12 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys
    - 2008-04-13 19:00:02 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys
    + 2008-06-20 11:08:27 225,856 ----a-w c:\windows\system32\drivers\tcpip6.sys
    - 2005-05-13 21:27:56 28,672 ----a-w c:\windows\system32\drivers\usbccid.sys
    + 2006-06-14 16:53:00 29,184 ----a-w c:\windows\system32\drivers\usbccid.sys
    - 2008-04-14 00:12:57 695,808 ----a-w c:\windows\system32\drmv2clt.dll
    + 2006-10-19 02:47:10 991,744 ----a-w c:\windows\system32\drmv2clt.dll
    - 2008-04-14 00:11:52 357,888 ----a-w c:\windows\system32\dxtmsft.dll
    + 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
    - 2008-04-14 00:11:52 205,312 ----a-w c:\windows\system32\dxtrans.dll
    + 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
    + 2008-07-30 02:10:04 73,720 ----a-w c:\windows\system32\dxva2.dll
    - 2008-04-14 00:11:53 246,272 ----a-w c:\windows\system32\es.dll
    + 2008-07-07 20:26:58 253,952 ----a-w c:\windows\system32\es.dll
    + 2008-07-30 02:10:04 493,048 ----a-w c:\windows\system32\evr.dll
    - 2008-04-14 00:11:53 55,808 ----a-w c:\windows\system32\extmgr.dll
    + 2008-12-20 23:15:13 133,120 ------w c:\windows\system32\extmgr.dll
    - 2009-02-18 14:15:01 250,288 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-02-18 16:55:58 253,472 ----a-w c:\windows\system32\FNTCACHE.DAT
    - 2008-04-14 00:11:54 285,184 ----a-w c:\windows\system32\gdi32.dll
    + 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
    + 2008-07-30 00:24:50 622,080 ----a-w c:\windows\system32\icardagt.exe
    - 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
    + 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
    + 2008-07-30 00:24:50 11,264 ----a-w c:\windows\system32\icardres.dll
    - 2008-04-14 00:12:22 34,304 ----a-w c:\windows\system32\ie4uinit.exe
    + 2008-12-19 09:10:15 70,656 ------w c:\windows\system32\ie4uinit.exe
    - 2008-04-14 00:11:54 143,360 ----a-w c:\windows\system32\ieakeng.dll
    + 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\ieakeng.dll
    - 2008-04-14 00:11:54 216,576 ----a-w c:\windows\system32\ieaksie.dll
    + 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\ieaksie.dll
    - 2001-08-23 13:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll
    + 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll
    - 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
    + 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
    - 2008-04-14 00:11:54 323,584 ----a-w c:\windows\system32\iedkcs32.dll
    + 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\iedkcs32.dll
    - 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
    + 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
    - 2008-04-14 00:11:54 251,904 ----a-w c:\windows\system32\iepeers.dll
    + 2007-08-13 23:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
    - 2008-04-14 00:11:54 48,640 ----a-w c:\windows\system32\iernonce.dll
    + 2008-12-20 23:15:21 44,544 ------w c:\windows\system32\iernonce.dll
    - 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
    + 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
    - 2008-04-14 00:11:54 62,976 ----a-w c:\windows\system32\iesetup.dll
    + 2007-08-13 23:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
    - 2007-10-10 10:59:40 13,824 ----a-w c:\windows\system32\ieudinit.exe
    + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
    - 2008-04-14 00:11:54 35,840 ----a-w c:\windows\system32\imgutil.dll
    + 2007-08-13 23:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
    + 2008-07-30 00:24:50 97,800 ----a-w c:\windows\system32\infocardapi.dll
    - 2008-04-14 00:11:55 96,256 ----a-w c:\windows\system32\inseng.dll
    + 2007-08-13 23:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
    - 2005-11-10 16:27:06 49,248 ----a-w c:\windows\system32\java.exe
    + 2009-02-18 15:48:11 144,792 ----a-w c:\windows\system32\java.exe
    - 2005-11-10 16:27:16 49,250 ----a-w c:\windows\system32\javaw.exe
    + 2009-02-18 15:48:11 144,792 ----a-w c:\windows\system32\javaw.exe
    + 2009-02-18 15:48:12 148,888 ----a-w c:\windows\system32\javaws.exe
    - 2008-04-14 00:11:56 512,000 ----a-w c:\windows\system32\jscript.dll
    + 2008-05-09 10:53:39 512,000 ----a-w c:\windows\system32\jscript.dll
    - 2008-04-14 00:11:56 15,872 ----a-w c:\windows\system32\jsproxy.dll
    + 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
    - 2008-04-14 00:11:56 6,656 ----a-w c:\windows\system32\laprxy.dll
    + 2006-10-19 02:47:14 11,264 ----a-w c:\windows\system32\LAPRXY.dll
    - 2008-04-14 00:11:56 22,016 ----a-w c:\windows\system32\licmgr10.dll
    + 2007-08-13 23:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
    - 2008-04-14 00:12:24 103,936 ----a-w c:\windows\system32\logagent.exe
    + 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
    - 2009-02-01 00:19:00 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
    + 2009-02-18 15:46:49 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
    - 2005-10-05 04:56:44 86,016 ----a-r c:\windows\system32\mdmxsdk.dll
    + 2004-03-17 16:00:32 86,016 ----a-w c:\windows\system32\mdmxsdk.dll
    - 2008-04-14 00:11:57 310,272 ----a-w c:\windows\system32\mp43dmod.dll
    + 2006-10-19 02:47:14 4,096 ----a-w c:\windows\system32\MP43DMOD.dll
    - 2008-04-14 00:11:57 384,512 ----a-w c:\windows\system32\mp4sdmod.dll
    + 2006-10-19 02:47:14 4,096 ----a-w c:\windows\system32\MP4SDMOD.dll
    - 2008-04-14 00:11:57 240,640 ----a-w c:\windows\system32\mpg4dmod.dll
    + 2006-10-19 02:47:14 4,096 ----a-w c:\windows\system32\MPG4DMOD.dll
    - 2008-06-25 13:15:48 17,972,344 ----a-w c:\windows\system32\MRT.exe
    + 2009-02-12 01:56:18 21,244,872 ----a-w c:\windows\system32\MRT.exe
    - 2008-04-14 00:11:58 73,728 ----a-w c:\windows\system32\mscms.dll
    + 2008-06-24 16:43:16 74,240 ----a-w c:\windows\system32\mscms.dll
    - 2006-12-22 17:28:14 271,360 ----a-w c:\windows\system32\mscoree.dll
    + 2008-07-25 16:16:58 282,112 ----a-w c:\windows\system32\mscoree.dll
    - 2005-09-23 11:28:52 150,016 ----a-w c:\windows\system32\mscorier.dll
    + 2008-07-25 16:16:58 158,720 ----a-w c:\windows\system32\mscorier.dll
    - 2005-09-23 11:28:52 74,240 ----a-w c:\windows\system32\mscories.dll
    + 2008-07-25 16:16:58 83,968 ----a-w c:\windows\system32\mscories.dll
    - 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
    + 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
    - 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
    + 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
    - 2008-04-14 00:12:27 29,184 ----a-w c:\windows\system32\mshta.exe
    + 2007-08-13 23:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
    - 2008-12-12 17:01:00 3,067,904 ----a-w c:\windows\system32\mshtml.dll
    + 2009-01-17 02:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
    - 2008-04-14 00:11:59 449,024 ----a-w c:\windows\system32\mshtmled.dll
    + 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
    - 2008-04-13 16:26:26 56,832 ----a-w c:\windows\system32\mshtmler.dll
    + 2007-08-13 23:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
    - 2001-08-23 13:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
    + 2007-08-13 23:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
    - 2008-04-14 00:12:55 259,072 ----a-w c:\windows\system32\msnetobj.dll
    + 2006-10-19 02:47:16 179,712 ----a-w c:\windows\system32\msnetobj.dll
    - 2008-04-14 00:12:00 52,224 ----a-w c:\windows\system32\mspmsnsv.dll
    + 2006-10-19 02:47:16 27,136 ----a-w c:\windows\system32\mspmsnsv.dll
    - 2008-04-14 00:12:00 201,728 ----a-w c:\windows\system32\mspmsp.dll
    + 2006-10-19 02:47:16 175,616 ----a-w c:\windows\system32\mspmsp.dll
    - 2008-04-14 00:12:00 146,432 ----a-w c:\windows\system32\msrating.dll
    + 2008-12-20 23:15:31 193,024 ------w c:\windows\system32\msrating.dll
    - 2008-04-14 00:12:56 356,352 ----a-w c:\windows\system32\msscp.dll
    + 2006-12-04 21:21:50 414,720 ----a-w c:\windows\system32\msscp.dll
    - 2008-04-14 00:12:00 532,480 ----a-w c:\windows\system32\mstime.dll
    + 2008-12-20 23:15:32 671,232 ------w c:\windows\system32\mstime.dll
    - 2008-04-14 00:12:01 245,760 ----a-w c:\windows\system32\mswmdm.dll
    + 2006-10-19 02:47:16 321,536 ----a-w c:\windows\system32\mswmdm.dll
    - 2008-04-14 00:12:01 245,248 ----a-w c:\windows\system32\mswsock.dll
    + 2008-06-20 17:46:57 245,248 ----a-w c:\windows\system32\mswsock.dll
    - 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\msxml6.dll
    + 2008-09-10 01:14:56 1,307,648 ----a-w c:\windows\system32\msxml6.dll
    - 2006-12-22 18:02:36 6,144 ----a-w c:\windows\system32\mui\0409\mscorees.dll
    + 2008-07-25 16:17:04 15,360 ----a-w c:\windows\system32\mui\0409\mscorees.dll
    - 2008-04-14 00:12:02 96,256 ----a-w c:\windows\system32\occache.dll
    + 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\occache.dll
    - 2009-02-18 14:20:11 37,256 ----a-w c:\windows\system32\perfc009.dat
    + 2009-02-19 22:43:54 57,240 ----a-w c:\windows\system32\perfc009.dat
    - 2009-02-18 14:20:11 302,446 ----a-w c:\windows\system32\perfh009.dat
    + 2009-02-19 22:43:54 367,818 ----a-w c:\windows\system32\perfh009.dat
    - 2008-04-14 00:12:02 39,424 ----a-w c:\windows\system32\pngfilt.dll
    + 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll
    + 2008-07-30 00:59:58 105,016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    + 2008-07-30 01:35:46 326,160 ----a-w c:\windows\system32\PresentationHost.exe
    + 2008-07-30 00:59:58 43,544 ----a-w c:\windows\system32\PresentationHostProxy.dll
    + 2008-07-30 00:59:58 781,344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
    - 2008-04-14 00:12:03 237,568 ----a-w c:\windows\system32\qasf.dll
    + 2006-10-19 02:47:18 211,456 ----a-w c:\windows\system32\qasf.dll
    - 2008-04-14 00:12:03 1,288,192 ----a-w c:\windows\system32\quartz.dll
    + 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\system32\quartz.dll
    + 2005-05-13 21:27:56 28,672 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\usbccid.sys
    + 2006-08-24 21:15:06 150,808 ----a-w c:\windows\system32\rgb9rast_2.dll
    - 2008-04-14 00:12:05 180,224 ----a-w c:\windows\system32\scrobj.dll
    + 2008-05-09 10:53:39 180,224 ----a-w c:\windows\system32\scrobj.dll
    - 2008-04-14 00:12:05 172,032 ----a-w c:\windows\system32\scrrun.dll
    + 2008-05-09 10:53:40 172,032 ----a-w c:\windows\system32\scrrun.dll
    - 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
    + 2007-07-27 14:41:40 16,760 ------w c:\windows\system32\spmsg.dll
    + 2008-07-06 12:06:10 765,440 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
    + 2008-07-06 12:06:10 198,656 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll
    - 2008-04-14 00:12:07 373,248 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
    + 2008-07-06 12:06:10 373,248 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll
    - 2008-04-14 00:12:07 744,448 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
    + 2008-07-06 12:06:10 744,960 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
    - 2007-05-15 08:08:53 761,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unires.dll
    + 2008-03-13 04:52:36 761,344 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unires.dll
    + 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll
    + 2008-07-06 12:06:10 89,088 ----a-w c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    + 2008-07-06 10:50:03 597,504 ------w c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    + 2008-07-06 12:06:10 147,456 ----a-w c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
    + 2008-07-06 12:06:10 748,032 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
    + 2008-07-06 22:36:12 2,936,832 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
    + 2008-07-06 12:06:10 748,032 ----a-w c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll
    + 2008-07-06 22:36:12 2,936,832 ----a-w c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll
    + 2008-07-06 12:06:10 765,440 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
    + 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll
    + 2008-07-06 12:06:10 765,440 ----a-w c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll
    + 2008-07-06 12:06:10 1,676,288 ----a-w c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll
    - 2007-08-11 01:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\system32\spupdsvc.exe
    + 2008-07-30 02:10:04 26,112 ----a-w c:\windows\system32\TsWpfWrp.exe
    + 2005-06-20 14:57:20 110,592 ----a-w c:\windows\system32\uci100.dll
    + 2008-07-30 00:59:58 161,296 ----a-w c:\windows\system32\UIAutomationCore.dll
    - 2008-04-14 00:12:08 37,888 ----a-w c:\windows\system32\url.dll
    + 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
    - 2008-10-16 01:00:11 619,520 ----a-w c:\windows\system32\urlmon.dll
    + 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
    - 2008-04-14 00:12:08 434,176 ----a-w c:\windows\system32\vbscript.dll
    + 2008-05-09 10:53:40 430,080 ----a-w c:\windows\system32\vbscript.dll
    - 2008-04-14 00:12:08 276,480 ----a-w c:\windows\system32\webcheck.dll
    + 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
    + 2008-09-06 04:30:42 241,704 ------w c:\windows\system32\WgaLogon.dll
    - 2007-04-10 19:01:18 336,768 ----a-w c:\windows\system32\WgaTray.exe
    + 2008-09-06 04:29:58 917,032 ----a-w c:\windows\system32\WgaTray.exe
    - 2008-10-16 01:00:11 666,112 ----a-w c:\windows\system32\wininet.dll
    + 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll
    - 2008-04-14 00:12:09 408,064 ----a-w c:\windows\system32\wmadmod.dll
    + 2006-10-19 02:47:18 757,248 ----a-w c:\windows\system32\WMADMOD.dll
    - 2008-04-14 00:12:09 670,720 ----a-w c:\windows\system32\wmadmoe.dll
    + 2006-10-19 02:47:18 1,117,696 ----a-w c:\windows\system32\WMADMOE.dll
    - 2008-04-14 00:12:09 230,912 ----a-w c:\windows\system32\wmasf.dll
    + 2007-10-27 22:40:30 222,720 ----a-w c:\windows\system32\wmasf.dll
    - 2008-04-14 00:12:09 27,136 ----a-w c:\windows\system32\wmdmlog.dll
    + 2006-10-19 02:47:18 33,792 ----a-w c:\windows\system32\wmdmlog.dll
    - 2008-04-14 00:12:09 23,552 ----a-w c:\windows\system32\wmdmps.dll
    + 2006-10-19 02:47:18 37,376 ----a-w c:\windows\system32\wmdmps.dll
    - 2008-04-13 17:23:24 168,448 ----a-w c:\windows\system32\wmerror.dll
    + 2006-10-19 02:47:20 227,328 ----a-w c:\windows\system32\wmerror.dll
    - 2008-04-14 00:12:09 151,552 ----a-w c:\windows\system32\wmidx.dll
    + 2006-10-19 02:47:20 157,184 ----a-w c:\windows\system32\wmidx.dll
    - 2008-04-14 00:12:09 1,053,184 ----a-w c:\windows\system32\wmnetmgr.dll
    + 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
    - 2008-04-14 00:12:09 4,874,240 ----a-w c:\windows\system32\wmp.dll
    + 2007-06-12 04:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
    - 2008-04-14 00:12:09 114,688 ----a-w c:\windows\system32\wmpasf.dll
    + 2006-10-19 02:47:20 242,688 ----a-w c:\windows\system32\wmpasf.dll
    - 2008-04-14 00:12:09 233,472 ----a-w c:\windows\system32\wmpdxm.dll
    + 2006-10-19 02:47:20 314,880 ----a-w c:\windows\system32\wmpdxm.dll
    - 2008-04-13 17:28:21 2,940,928 ----a-w c:\windows\system32\wmploc.dll
    + 2006-10-19 02:47:20 8,231,936 ----a-w c:\windows\system32\wmploc.dll
    - 2008-04-14 00:12:09 102,400 ----a-w c:\windows\system32\wmpshell.dll
    + 2006-10-19 02:47:20 99,840 ----a-w c:\windows\system32\wmpshell.dll
    - 2008-04-14 00:12:09 759,296 ----a-w c:\windows\system32\wmsdmod.dll
    + 2006-10-19 02:47:22 4,096 ----a-w c:\windows\system32\wmsdmod.dll
    - 2008-04-14 00:12:09 1,119,744 ----a-w c:\windows\system32\wmsdmoe2.dll
    + 2006-10-19 02:47:22 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll
    - 2008-04-14 00:12:09 485,376 ----a-w c:\windows\system32\wmspdmod.dll
    + 2006-10-19 02:47:22 603,648 ----a-w c:\windows\system32\WMSPDMOD.dll
    - 2008-04-14 00:12:10 897,024 ----a-w c:\windows\system32\wmspdmoe.dll
    + 2006-10-19 02:47:22 1,329,152 ----a-w c:\windows\system32\WMSPDMOE.dll
    - 2008-04-14 00:12:58 2,109,440 ----a-w c:\windows\system32\wmvcore.dll
    + 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
    - 2008-04-14 00:12:10 809,984 ----a-w c:\windows\system32\wmvdmod.dll
    + 2006-10-19 02:47:22 4,096 ----a-w c:\windows\system32\wmvdmod.dll
    - 2008-04-14 00:12:10 1,001,472 ----a-w c:\windows\system32\wmvdmoe2.dll
    + 2006-10-19 02:47:22 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll
    - 2006-10-19 01:47:22 38,400 ----a-w c:\windows\system32\wpdshextres.dll
    + 2006-10-19 02:47:22 38,400 ----a-w c:\windows\system32\wpdshextres.dll
    - 2008-04-14 00:12:41 155,648 ----a-w c:\windows\system32\wscript.exe
    + 2008-05-08 11:24:44 155,648 ----a-w c:\windows\system32\wscript.exe
    - 2008-04-14 00:12:10 90,112 ----a-w c:\windows\system32\wshext.dll
    + 2008-05-09 10:53:40 90,112 ----a-w c:\windows\system32\wshext.dll
    + 2006-09-28 23:56:38 146,432 ------w c:\windows\system32\WudfHost.exe
    + 2008-07-30 02:26:06 301,568 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe
    + 2009-02-20 16:54:56 16,384 ----atw c:\windows\temp\Perflib_Perfdata_19c.dat
    + 2009-02-20 16:54:56 16,384 ----atw c:\windows\temp\Perflib_Perfdata_684.dat
    + 2009-02-18 16:50:06 8,192 ----a-w c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2008-07-25 16:17:20 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
    + 2008-07-25 16:17:20 558,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
    + 2008-07-25 16:17:20 635,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
    + 2007-11-07 02:23:56 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
    + 2007-11-07 07:19:32 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
    + 2007-11-07 07:19:32 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
    - 2008-06-11 20:31:30 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2009-02-18 16:50:13 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2008-06-11 20:31:30 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2009-02-18 16:50:13 113,664 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-02-18 136600]
    "avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-22 185872]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall "= "c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1963:UDP "= 1963:UDP:Windows Media Format SDK (RecordingManager.exe)
    "1962:UDP "= 1962:UDP:Windows Media Format SDK (RecordingManager.exe)

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-28 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-28 20560]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 ktiwrfyx;ktiwrfyx;\??\c:\windows\System32\Drivers\ktiwrfyx.sys --> c:\windows\System32\Drivers\ktiwrfyx.sys [?]
    S3 ptshozee;ptshozee;\??\c:\windows\System32\Drivers\ptshozee.sys --> c:\windows\System32\Drivers\ptshozee.sys [?]
    S3 raqcfxvf;raqcfxvf;\??\c:\windows\System32\Drivers\raqcfxvf.sys --> c:\windows\System32\Drivers\raqcfxvf.sys [?]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-02-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

    2009-02-20 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

    2009-01-21 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
    - c:\program files\norton pc checkup\PC_Checkup.exe [2009-01-10 19:45]

    2009-01-24 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
    - c:\program files\norton pc checkup\PC_Checkup.exe [2009-01-10 19:45]
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe


    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.google.com/
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-20 11:56:07
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\scardsvr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\wbem\wmiadap.exe
    .
    **************************************************************************
    .
    Completion time: 2009-02-20 11:59:32 - machine was rebooted [BTMS09]
    ComboFix-quarantined-files.txt 2009-02-20 16:59:29
    ComboFix2.txt 2009-02-18 14:25:30
    ComboFix3.txt 2009-02-18 05:36:13
    ComboFix4.txt 2008-09-28 06:14:38

    Pre-Run: 10,315,677,696 bytes free
    Post-Run: 10,359,742,464 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    1654 --- E O F --- 2009-02-19 22:22:57
     
    scorpion657,
    #22


  3. to hide this advert.

  4. 2009/02/20
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK delete the CFScript you have and do this one.

    Code:
    File::
c:\windows\System32\Drivers\ktiwrfyx.sys 
c:\windows\System32\Drivers\ptshozee.sys
c:\windows\System32\Drivers\raqcfxvf.sys 
Driver::
ktiwrfyx
ptshozee
raqcfxvf
    Please post the combofix log.

    Let me know how things are running.

    Thanks
    Geri
     
    Geri,
    #23
  5. 2009/02/22
    scorpion657

    scorpion657 Inactive Thread Starter

    Joined:
    2008/04/03
    Messages:
    78
    Likes Received:
    0
    here it is. The system is running really good. Thanks for your help:

    ComboFix 09-02-21.01 - BTMS09 2009-02-22 13:23:05.7 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.601 [GMT -5:00]
    Running from: c:\documents and settings\BTMS09\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\BTMS09\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090221-0] *On-access scanning disabled* (Updated)
    * Created a new restore point

    FILE ::
    c:\windows\System32\Drivers\ktiwrfyx.sys
    c:\windows\System32\Drivers\ptshozee.sys
    c:\windows\System32\Drivers\raqcfxvf.sys
    .

    ((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
    .

    2009-02-19 17:27 . 2009-02-19 17:28 94,084 --a------ c:\windows\hpqins07.dat
    2009-02-19 17:25 . 2009-02-19 17:25 116,734 --------- c:\windows\hpoins11.dat.temp
    2009-02-19 17:25 . 2007-04-19 18:14 11,634 --------- c:\windows\hpomdl11.dat.temp
    2009-02-18 11:54 . 2009-02-18 11:54 268 --ah----- C:\sqmdata19.sqm
    2009-02-18 11:54 . 2009-02-18 11:54 244 --ah----- C:\sqmnoopt19.sqm
    2009-02-18 11:46 . 2009-02-18 11:46 <DIR> d-------- c:\windows\system32\XPSViewer
    2009-02-18 11:46 . 2009-02-18 11:46 <DIR> d-------- c:\program files\MSBuild
    2009-02-18 11:45 . 2009-02-18 11:45 <DIR> d-------- c:\program files\Reference Assemblies
    2009-02-18 11:45 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
    2009-02-18 11:45 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
    2009-02-18 11:45 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-02-18 11:45 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
    2009-02-18 11:45 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-02-18 11:45 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
    2009-02-18 11:45 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-02-18 10:48 . 2009-02-18 10:48 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-02-18 10:27 . 2009-02-18 10:27 268 --ah----- C:\sqmdata18.sqm
    2009-02-18 10:27 . 2009-02-18 10:27 244 --ah----- C:\sqmnoopt18.sqm
    2009-02-18 10:19 . 2008-12-20 18:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
    2009-02-18 10:19 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
    2009-02-18 10:19 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
    2009-02-18 10:19 . 2008-12-20 18:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
    2009-02-18 10:19 . 2008-12-20 18:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
    2009-02-18 10:19 . 2008-12-20 18:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
    2009-02-18 10:19 . 2008-12-20 18:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
    2009-02-18 10:19 . 2008-12-20 18:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-02-18 10:19 . 2008-12-19 04:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
    2009-02-18 09:27 . 2009-02-18 09:27 244 --ah----- C:\sqmnoopt17.sqm
    2009-02-18 09:27 . 2009-02-18 09:27 232 --ah----- C:\sqmdata17.sqm
    2009-02-18 09:13 . 2009-02-18 09:13 268 --ah----- C:\sqmdata16.sqm
    2009-02-18 09:13 . 2009-02-18 09:13 244 --ah----- C:\sqmnoopt16.sqm
    2009-02-18 02:12 . 2009-02-18 02:12 <DIR> d-------- c:\windows\system32\scripting
    2009-02-18 02:12 . 2009-02-18 02:12 <DIR> d-------- c:\windows\system32\en
    2009-02-18 02:12 . 2009-02-18 02:12 <DIR> d-------- c:\windows\system32\bits
    2009-02-18 02:12 . 2009-02-18 02:12 <DIR> d-------- c:\windows\l2schemas
    2009-02-18 02:08 . 2009-02-18 02:12 <DIR> d-------- c:\windows\ServicePackFiles
    2009-02-18 01:49 . 2009-02-18 01:49 268 --ah----- C:\sqmdata15.sqm
    2009-02-18 01:49 . 2009-02-18 01:49 244 --ah----- C:\sqmnoopt15.sqm
    2009-02-18 01:29 . 2009-02-18 01:29 <DIR> d-------- C:\Office2003SP3Changes
    2009-02-18 01:24 . 2009-02-18 01:24 <DIR> d-------- c:\program files\Microsoft.NET
    2009-02-18 01:23 . 2009-02-18 01:24 <DIR> d-------- c:\windows\SHELLNEW
    2009-02-18 00:14 . 2009-02-18 00:14 268 --ah----- C:\sqmdata14.sqm
    2009-02-18 00:14 . 2009-02-18 00:14 244 --ah----- C:\sqmnoopt14.sqm
    2009-02-17 23:55 . 2004-03-24 10:04 851,968 --a------ c:\windows\system32\nvdspsch.exe
    2009-02-17 23:48 . 2001-08-23 07:00 15,872 --a------ c:\windows\system32\expand.exe
    2009-02-17 23:24 . 2009-02-18 00:07 <DIR> d-------- C:\SDFix
    2009-02-17 21:38 . 2009-02-17 21:38 244 --ah----- C:\sqmnoopt13.sqm
    2009-02-17 21:38 . 2009-02-17 21:38 244 --ah----- C:\sqmnoopt12.sqm
    2009-02-17 21:38 . 2009-02-17 21:38 232 --ah----- C:\sqmdata13.sqm
    2009-02-17 21:38 . 2009-02-17 21:38 232 --ah----- C:\sqmdata12.sqm
    2009-02-17 19:30 . 2004-07-17 12:45 613,334 -----c--- c:\windows\system32\dllcache\wmplayer.chm
    2009-02-17 19:30 . 2008-04-13 19:12 276,992 --------- c:\windows\system32\wmphoto.dll
    2009-02-17 19:30 . 2004-08-04 05:00 172,196 -----c--- c:\windows\system32\dllcache\wmpaud9.wav
    2009-02-17 19:30 . 2006-04-25 10:10 69,612 -----c--- c:\windows\system32\dllcache\wmplayer.adm
    2009-02-17 19:30 . 2004-07-17 23:54 23,195 -----c--- c:\windows\system32\dllcache\wmplay.chm
    2009-02-17 19:30 . 2004-08-04 05:00 10,457 -----c--- c:\windows\system32\dllcache\wmptour.hta
    2009-02-17 19:30 . 2004-08-04 05:00 1,771 -----c--- c:\windows\system32\dllcache\wmptour.css
    2009-02-17 19:30 . 2004-08-03 23:51 855 -----c--- c:\windows\system32\dllcache\wmpocm.inf
    2009-02-17 19:30 . 2004-08-04 05:00 420 -----c--- c:\windows\system32\dllcache\wmploc.js
    2009-02-17 19:28 . 2008-04-13 19:10 294,912 -----c--- c:\windows\system32\dllcache\msaud32.acm
    2009-02-17 19:28 . 2008-04-13 19:12 155,136 --------- c:\windows\system32\mssha.dll
    2009-02-17 19:28 . 2008-04-13 19:11 106,496 --------- c:\windows\system32\mmcfxcommon.dll
    2009-02-17 19:28 . 2001-08-23 08:00 97,117 -----c--- c:\windows\system32\dllcache\mplayer2.hlp
    2009-02-17 19:28 . 2008-04-13 13:14 76,800 --------- c:\windows\system32\msshavmsg.dll
    2009-02-17 19:28 . 2004-08-03 23:51 18,286 -----c--- c:\windows\system32\dllcache\mplayer2.inf
    2009-02-17 19:28 . 2004-08-04 05:00 2,778 -----c--- c:\windows\system32\dllcache\mplogoh.gif
    2009-02-17 19:28 . 2004-08-04 05:00 2,545 -----c--- c:\windows\system32\dllcache\mplogo.gif
    2009-02-17 19:28 . 2001-08-23 08:00 1,885 -----c--- c:\windows\system32\dllcache\mplayer2.cnt
    2009-02-17 19:27 . 2004-08-04 05:00 457,607 -----c--- c:\windows\system32\dllcache\mdlib.wmv
    2009-02-17 19:27 . 2008-04-13 19:11 397,312 --------- c:\windows\system32\mmcex.dll
    2009-02-17 19:27 . 2008-04-13 19:09 290,816 -----c--- c:\windows\system32\dllcache\l3codeca.acm
    2009-02-17 19:27 . 2008-04-13 19:11 184,320 --------- c:\windows\system32\microsoft.managementconsole.dll
    2009-02-17 19:27 . 2008-04-13 19:11 61,440 --------- c:\windows\system32\kmsvc.dll
    2009-02-17 19:27 . 2008-04-13 19:11 37,376 --------- c:\windows\system32\l2gpstore.dll
    2009-02-17 19:27 . 2008-04-13 19:09 6,144 --------- c:\windows\system32\kbdpash.dll
    2009-02-17 19:27 . 2008-04-13 19:09 6,144 --------- c:\windows\system32\kbdnepr.dll
    2009-02-17 19:27 . 2008-04-13 19:09 6,144 --------- c:\windows\system32\kbdiultn.dll
    2009-02-17 19:27 . 2008-04-13 19:09 6,144 --------- c:\windows\system32\kbdbhc.dll
    2009-02-17 19:26 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
    2009-02-17 19:26 . 2004-08-03 22:41 685,056 --------- c:\windows\system32\drivers\hsfcxts2.sys
    2009-02-17 19:26 . 2004-08-03 22:41 220,032 --------- c:\windows\system32\drivers\hsfbs2s2.sys
    2009-02-17 19:26 . 2008-04-13 13:45 46,592 --------- c:\windows\system32\drivers\irbus.sys
    2009-02-17 19:26 . 2008-04-13 19:11 32,285 --------- c:\windows\system32\hsfcisp2.dll
    2009-02-17 19:26 . 2008-04-13 13:46 25,600 --------- c:\windows\system32\drivers\hidbth.sys
    2009-02-17 19:26 . 2008-04-13 13:45 19,200 --------- c:\windows\system32\drivers\hidir.sys
    2009-02-17 19:26 . 2007-06-21 00:52 974 --------- c:\windows\system32\pid.inf
    2009-02-17 19:24 . 2008-04-13 19:11 1,888,992 --------- c:\windows\system32\ati3duag.dll
    2009-02-17 18:43 . 2008-10-15 20:00 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll
    2009-02-17 18:43 . 2008-12-20 18:15 1,160,192 -----c--- c:\windows\system32\dllcache\urlmon.dll
    2009-02-17 18:43 . 2008-12-20 18:15 826,368 -----c--- c:\windows\system32\dllcache\wininet.dll
    2009-02-17 18:43 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
    2009-02-17 18:43 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
    2009-02-17 18:42 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
    2009-02-17 18:41 . 2009-01-16 21:35 3,594,752 -----c--- c:\windows\system32\dllcache\mshtml.dll
    2009-02-17 18:41 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-02-17 18:41 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-02-17 18:41 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-02-17 18:41 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-02-17 18:40 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2009-02-17 18:40 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
    2009-02-17 18:40 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2009-02-17 18:40 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2009-02-17 18:40 . 2008-12-11 05:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
    2009-02-17 18:40 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
    2009-02-17 18:40 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
    2009-02-17 18:36 . 2006-07-14 16:03 139,264 --a------ c:\windows\system32\igfxres.dll
    2009-02-17 18:11 . 2009-02-17 18:11 268 --ah----- C:\sqmdata11.sqm
    2009-02-17 18:11 . 2009-02-17 18:11 244 --ah----- C:\sqmnoopt11.sqm
    2009-02-17 18:03 . 2009-02-17 18:03 <DIR> d-------- c:\program files\Windows Defender
    2009-02-17 17:58 . 2009-02-17 17:58 268 --ah----- C:\sqmdata10.sqm
    2009-02-17 17:58 . 2009-02-17 17:58 244 --ah----- C:\sqmnoopt10.sqm
    2009-02-17 17:14 . 2009-02-17 17:14 268 --ah----- C:\sqmdata09.sqm
    2009-02-17 17:14 . 2009-02-17 17:14 244 --ah----- C:\sqmnoopt09.sqm
    2009-02-17 15:41 . 2009-02-17 15:41 2,444 --a------ c:\windows\system32\wpa.bak
    2009-02-17 15:25 . 2008-04-13 19:11 571,392 --a--c--- c:\windows\system32\dllcache\tintlgnt.ime
    2009-02-17 15:24 . 2008-04-13 19:09 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
    2009-02-17 15:23 . 2001-08-23 08:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
    2009-02-17 15:22 . 2001-08-23 08:00 169,984 --a--c--- c:\windows\system32\dllcache\iisui.dll
    2009-02-17 15:22 . 2001-08-23 08:00 94,720 --a--c--- c:\windows\system32\dllcache\certmap.ocx
    2009-02-17 15:22 . 2001-08-23 08:00 19,968 --a--c--- c:\windows\system32\dllcache\inetsloc.dll
    2009-02-17 15:22 . 2001-08-23 08:00 14,336 --a--c--- c:\windows\system32\dllcache\iisreset.exe
    2009-02-17 15:22 . 2001-08-23 08:00 7,680 --a--c--- c:\windows\system32\dllcache\inetmgr.exe
    2009-02-17 15:22 . 2001-08-23 08:00 6,144 --a--c--- c:\windows\system32\dllcache\ftpsapi2.dll
    2009-02-17 15:22 . 2001-08-23 08:00 5,632 --a--c--- c:\windows\system32\dllcache\iisrstap.dll
    2009-02-17 15:18 . 2008-04-13 19:12 677,888 --a------ c:\windows\system32\mstsc.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-19 22:27 --------- d-----w c:\program files\HP
    2009-02-18 17:23 --------- d-----w c:\program files\Windows Media Connect 2
    2009-02-18 16:16 --------- d-----w c:\program files\Microsoft Plus!
    2009-02-18 15:57 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-18 15:57 --------- d-----w c:\program files\Google
    2009-02-18 15:53 --------- d-----w c:\program files\GmoteServer
    2009-02-18 15:53 --------- d-----w c:\documents and settings\BTMS09\Application Data\Gmote
    2009-02-18 15:48 --------- d-----w c:\program files\Java
    2009-02-18 06:50 --------- d-----w c:\program files\Yahoo!
    2009-02-18 05:23 2,923,321 ----a-r C:\ComboFix.exe
    2009-02-17 23:51 --------- d-----w c:\program files\Common Files\Symantec Shared
    2009-02-17 22:16 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-02-17 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-17 01:24 --------- d-----w c:\program files\Windows Live Toolbar
    2009-02-17 01:21 --------- d-----w c:\program files\QuickTime
    2009-02-17 01:12 --------- d-----w c:\program files\LimeWire
    2009-02-17 01:02 --------- d-----w c:\program files\eSignal
    2009-01-31 23:05 --------- d-----w c:\documents and settings\BTMS09\Application Data\LimeWire
    2009-01-23 04:23 --------- d-----w c:\program files\Common Files\Real
    2009-01-18 00:06 --------- d--h--w c:\program files\InstallJammer Registry
    2009-01-12 00:05 --------- d-----w c:\program files\NCH Software
    2009-01-12 00:02 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
    2009-01-11 23:49 --------- d-----w c:\documents and settings\BTMS09\Application Data\HP
    2009-01-11 00:45 --------- d-----w c:\program files\Norton PC Checkup
    2009-01-08 12:56 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
    2009-01-06 03:36 --------- d-----w c:\documents and settings\All Users\Application Data\HP
    2009-01-06 03:33 --------- d-----w c:\program files\Common Files\Sonic Shared
    2009-01-06 03:33 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
    2009-01-06 03:32 --------- d-----w c:\program files\Common Files\HP
    2009-01-06 03:27 --------- d-----w c:\program files\Hewlett-Packard
    2009-01-06 03:26 --------- d-----w c:\program files\Common Files\Hewlett-Packard
    2008-12-23 18:04 --------- d-----w c:\documents and settings\BTMS09\Application Data\Apple Computer
    2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((( SnapShot_2009-02-20_11.58.43.06 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-19 22:43:54 57,240 ----a-w c:\windows\system32\perfc009.dat
    + 2009-02-22 18:12:37 57,240 ----a-w c:\windows\system32\perfc009.dat
    - 2009-02-19 22:43:54 367,818 ----a-w c:\windows\system32\perfh009.dat
    + 2009-02-22 18:12:37 367,818 ----a-w c:\windows\system32\perfh009.dat
    + 2009-02-22 18:08:10 16,384 ----atw c:\windows\temp\Perflib_Perfdata_154.dat
    + 2009-02-22 18:08:10 16,384 ----atw c:\windows\temp\Perflib_Perfdata_680.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-02-18 136600]
    "avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-22 185872]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall "= "c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop "= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCuTKd]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1963:UDP "= 1963:UDP:Windows Media Format SDK (RecordingManager.exe)
    "1962:UDP "= 1962:UDP:Windows Media Format SDK (RecordingManager.exe)

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-28 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-28 20560]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-02-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

    2009-02-22 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

    2009-01-21 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
    - c:\program files\norton pc checkup\PC_Checkup.exe [2009-01-10 19:45]

    2009-01-24 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
    - c:\program files\norton pc checkup\PC_Checkup.exe [2009-01-10 19:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.google.com/
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-22 13:23:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-02-22 13:26:02
    ComboFix-quarantined-files.txt 2009-02-22 18:25:52
    ComboFix2.txt 2009-02-22 18:16:39
    ComboFix3.txt 2009-02-22 00:53:47
    ComboFix4.txt 2009-02-20 16:59:33
    ComboFix5.txt 2009-02-22 18:22:34

    Pre-Run: 10,285,309,952 bytes free
    Post-Run: 10,270,969,856 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    271 --- E O F --- 2009-02-19 22:22:57
     
    scorpion657,
    #24
  6. 2009/02/22
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK good.

    Now lets get a on line scan. Please do the following.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

    Please do an online scan with Kaspersky WebScanner

    It's best to disable real time protection applications as they sometimes interfere with the scan.
    Check this link for any applicable programs you may have.

    Click on “Accept” If your pop –up blocker blocks any windows from opening.

    Click Run on the window that opens.
    Windows Vista users you must open the web browser using the Run as Administrator command.
    • The program will launch and then begin downloading the latest definition files:
    • Under Scan on the left side.Click on My Computer
    • This will start the program and scan your system.
    • Click the “Scan Report” On the left side.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
    • Save the text file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky results.

    Thanks
    Geri
     
    Geri,
    #25
  7. 2009/02/22
    scorpion657

    scorpion657 Inactive Thread Starter

    Joined:
    2008/04/03
    Messages:
    78
    Likes Received:
    0
    I tried to run the online scanner but I get this error:
    You need to install Java version 1.5 or later to run Kaspersky Online Scanner 7.0.
    I already installed Java Version 6 Update 12 and reloaded the system. I also checked the browser add ons and it look fine.
     
    scorpion657,
    #26
  8. 2009/02/22
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK lets try this one.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

    Geri
     
    Geri,
    #27
  9. 2009/02/23
    scorpion657

    scorpion657 Inactive Thread Starter

    Joined:
    2008/04/03
    Messages:
    78
    Likes Received:
    0
    here is the active scan report

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-02-23 14:38:45
    PROTECTIONS: 1
    MALWARE: 43
    SUSPECTS: 1
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    avast! antivirus 4.8.1335 [VPS 090223-0] 4.8.1335 Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDelfrtk1.zip
    00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}
    00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\signingmodule.signingmodule.1
    00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
    00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm
    00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\signingmodule.signingmodule
    00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\signingmodule.signingmodule.1
    00029258 application/altnet HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}
    00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\signingmodule.signingmodule
    00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438}
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.trafficmp.com/]
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.trafficmp.com/]
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.trafficmp.com/]
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.trafficmp.com/]
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.trafficmp.com/]
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.atdmt.com/]
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.atdmt.com/]
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.247realmedia.com/]
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.tribalfusion.com/]
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.tribalfusion.com/]
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.tribalfusion.com/]
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS09\Cookies\btms09@tribalfusion[1].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.tribalfusion.com/]
    00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.paycounter.com/]
    00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.ccbill.com/]
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.com.com/]
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.toplist.cz/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS09\Cookies\btms09@ad.yieldmanager[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[ad.yieldmanager.com/]
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[ad.yieldmanager.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.serving-sys.com/]
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.bs.serving-sys.com/]
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[www.burstbeacon.com/]
    00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.adtech.de/]
    00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[stat.onestat.com/]
    00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[stat.onestat.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\jeua71mo.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\jeua71mo.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\jeua71mo.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\jeua71mo.default\cookies.txt[.advertising.com/]
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.advertising.com/]
    00169752 application/need2find HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}
    00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\need2findbar.toolbarplugin.1
    00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\need2findbar.toolbarplugin
    00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\need2findbar.settingsplugin.1
    00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\need2findbar.settingsplugin
    00169752 application/need2find HackTools No 0 Yes No hkey_classes_root\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b}
    00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall
    00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find
    00169752 application/need2find HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.ads.pointroll.com/]
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.ads.pointroll.com/]
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.ads.pointroll.com/]
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.ads.pointroll.com/]
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.ads.pointroll.com/]
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.ads.pointroll.com/]
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.ads.pointroll.com/]
    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.overture.com/]
    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.overture.com/]
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.realmedia.com/]
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.realmedia.com/]
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.realmedia.com/]
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.realmedia.com/]
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.realmedia.com/]
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.realmedia.com/]
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.realmedia.com/]
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.realmedia.com/]
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.questionmarket.com/]
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.questionmarket.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.adultfriendfinder.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.adultfriendfinder.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.adultfriendfinder.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.adultfriendfinder.com/]
    00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.go.com/]
    00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.go.com/]
    00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.go.com/]
    00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.go.com/]
    00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.go.com/]
    00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.go.com/]
    00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.go.com/]
    00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.target.com/]
    00250251 Adware/ISearch Adware No 0 No No C:\Qoobox\Quarantine\C\WINDOWS\b104.exe.bin.vir[b104.exe][MTE3MTk6ODoxNg.exe]
    00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.atwola.com/]
    00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.ads.addynamix.com/]
    00361460 Application/Altnet HackTools No 0 Yes No C:\Qoobox\Quarantine\C\Program Files\Altnet\Download Manager\admdata.dll.vir
    00392623 Adware/ActiveSearch Adware No 0 No No C:\Qoobox\Quarantine\C\WINDOWS\b104.exe.bin.vir[b104.exe][²ÃœÃ‡\Services.dll]
    00490801 Trj/Proxy.BW Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\file.bat.vir
    00490801 Trj/Proxy.BW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP8\A0000743.bat
    00582267 W32/Sality.AO Virus No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP7\A0000466.exe
    00582267 W32/Sality.AO Virus No 1 Yes No C:\SDFix\backups\backups.zip[backups/winlogon.exe]
    00582267 W32/Sality.AO Virus No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP5\A0000226.exe
    00582267 W32/Sality.AO Virus No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP7\A0000474.exe
    00582267 W32/Sality.AO Virus No 1 Yes No D:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP2\A0000107.exe
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP29\A0008832.bat
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP8\A0000739.bat
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP7\A0000613.bat
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP7\A0000553.bat
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP14\A0005636.bat
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP30\A0009037.exe[32788R22FWJFW\List.bat]
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP27\A0008291.exe[32788R22FWJFW\List.bat]
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP27\A0008415.bat
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP28\A0008431.bat
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP30\A0009036.exe[32788R22FWJFW\List.bat]
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP30\A0008957.bat
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP29\A0008662.bat
    00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP29\A0008817.exe[32788R22FWJFW\List.bat]
    00598174 Trj/Downloader.VKJ Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP2\A0000077.sys
    00598189 Trj/Agent.LNX Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\inf\xccefb090131.scr.vir
    00598189 Trj/Agent.LNX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP2\A0000071.exe
    00598189 Trj/Agent.LNX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP8\A0000749.scr
    01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP28\A0008536.EXE
    01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP29\A0008767.EXE
    01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP8\A0000853.EXE
    01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP29\A0008670.EXE
    01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.enhance.com/]
    01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\BTMS\Application Data\Mozilla\Firefox\Profiles\y4hx1dvj.default\cookies.txt[.enhance.com/]
    01723795 Generic Malware Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\b103.exe.bin.vir[b103.exe]
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP29\A0008680.sys
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP28\A0008444.sys
    02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{7E98936C-D239-40BA-B0CB-F0CD53713FBE}\RP8\A0000765.sys
    02927481 Adware/Matcash Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\b157.exe.bin.vir[b157.exe]
    03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\WINDOWS\system32\secupdat.dat
    03487709 Adware/VapSup Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\b158.exe.bin.vir[b158.exe]
    05011385 Adware/Xpantivirus2008 Adware No 0 Yes No C:\SDFix\backups\backups.zip[backups/B.tmp]
    05011385 Adware/Xpantivirus2008 Adware No 0 Yes No C:\SDFix\backups\backups.zip[backups/8.tmp]
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No C:\Documents and Settings\Administrator\Desktop\ComboFix(2).exe
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
     
    scorpion657,
    #28
  10. 2009/02/23
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Ok please do the following.

    We need to remove the cookies from Firefox.

    To clear these open Firefox
    Click on Tools > Options > click on the Privacy Tab.
    Click on the Show Cookies button
    Click on Remove All Cookies.

    Please clear your Firefox cache.
    Open Firefox
    Click on Tools.
    Click on Clear Private Data
    Put a check in the Cache box
    Click Clear Private Data Now.
    OK any prompts.

    Now please do this.

    Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Post the entire report in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Please post the MBAM log.

    Thanks
    Geri
     
    Geri,
    #29
  11. 2009/02/23
    scorpion657

    scorpion657 Inactive Thread Starter

    Joined:
    2008/04/03
    Messages:
    78
    Likes Received:
    0
    Hey Geri here is the log:

    Malwarebytes' Anti-Malware 1.34
    Database version: 1798
    Windows 5.1.2600 Service Pack 3

    2/23/2009 10:48:02 PM
    mbam-log-2009-02-23 (22-48-02).txt

    Scan type: Quick Scan
    Objects scanned: 78443
    Time elapsed: 4 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    scorpion657,
    #30
  12. 2009/02/23
    steveo39

    steveo39 Inactive

    Joined:
    2007/12/01
    Messages:
    6
    Likes Received:
    0
    Note the odd spelling. The 04 line shows where the file is located and that it is being run from the registry. It should be easy to eliminate from this info.

    Good luck
     
    steveo39,
    #31
  13. 2009/02/23
    scorpion657

    scorpion657 Inactive Thread Starter

    Joined:
    2008/04/03
    Messages:
    78
    Likes Received:
    0
    Geri has been helping me a lot on this. The system seems to be behaving really good now. I'm waiting for his last word :)
     
    scorpion657,
    #32
  14. 2009/02/24
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    I'll get back to you as soon as I can. I need to have something checked.

    Thanks
    Geri.
     
    Geri,
    #33
  15. 2009/02/26
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK please do this.

    Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    **NOTE - Allow ComboFix to update if prompted.

    Code:
    File::
C:\WINDOWS\system32\secupdat.dat
Registry::
[-HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}]
[-hkey_local_machine\software\need2find]
[-hkey_local_machine\software\microsoft\windows\currentversion\uninstall\need2findbar] 
[-hkey_classes_root\clsid\{630d6140-04c5-4db0-b27a-020d766ff09b}]
[-hkey_classes_root\need2findbar.settingsplugin]
[-hkey_classes_root\need2findbar.settingsplugin.1]
[-hkey_classes_root\need2findbar.toolbarplugin]
[-hkey_classes_root\need2findbar.toolbarplugin.1]
[-HKEY_LOCAL_MACHINE\software\classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}]
[-HKEY_CLASSES_ROOT\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438}]
[-hkey_classes_root\signingmodule.signingmodule]
[-HKEY_LOCAL_MACHINE\software\classes\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}]
[-hkey_local_machine\software\classes\signingmodule.signingmodule.1]
[-hkey_local_machine\software\classes\signingmodule.signingmodule]
[-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm]
[-hkey_classes_root\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}]
[-hkey_classes_root\signingmodule.signingmodule.1]
[-HKEY_CLASSES_ROOT\TypeLib\{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCuTKd]
    Please post the Combofix log.

    Thanks
    Geri
     
    Geri,
    #34
  16. 2009/03/04
    scorpion657

    scorpion657 Inactive Thread Starter

    Joined:
    2008/04/03
    Messages:
    78
    Likes Received:
    0
    Hey Geri,

    Sorry for getting to you this late I didn't know something was posted. My buddy got his machine back. The system was running really good. I'll try to find some time to get it back and run that script.

    Thanks again !
     
    scorpion657,
    #35
  17. 2009/03/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    OK let me know.

    Geri
     
    Geri,
    #36
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...