trojan horse BHO.HNP atmli.dll

Question

reland 0 Newbie Poster

15 Years Ago

I have this malicous virus.

I found it using avg, didn't do anything, then SUPERAntiSpyware, no go, then combofix, then avenger. Still nothing works.

my logs are below (hijack this then combofix then avenger).

Please help!
-----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:41 PM, on 13/02/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {7D740B85-F0CC-4E92-A096-DE3D2E16622B} - C:\WINDOWS\System32\atmli.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe

--
End of file - 4024 bytes

-----------------------------------

ComboFix 09-02-12.03 - Owner 2009-02-13 21:35:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.510.308 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-02-13 21:34 . 2009-02-13 21:34 <DIR> d-------- c:\program files\Trend Micro
2009-02-13 20:40 . 2009-02-13 20:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-13 20:40 . 2009-02-13 20:40 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-13 20:40 . 2009-02-13 20:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-02-13 20:40 . 2009-02-13 20:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-13 20:38 . 2009-02-13 20:38 <DIR> d-------- c:\program files\utorrent
2009-01-31 22:00 . 2001-08-18 07:00 96,256 --a------ c:\windows\system32\atmli.dll
2009-01-30 17:41 . 2009-01-31 14:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Lavasoft
2009-01-30 17:34 . 2009-01-30 17:40 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-30 17:30 . 2009-01-31 14:40 <DIR> d-------- c:\program files\Lavasoft
2009-01-30 17:30 . 2009-01-31 14:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-30 17:17 . 2009-01-30 17:17 <DIR> d---s---- c:\documents and settings\Owner\UserData
2009-01-28 18:17 . 2009-01-28 18:17 <DIR> d-------- c:\program files\DivX
2009-01-28 18:17 . 2009-01-30 17:55 2,516 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-01-28 18:17 . 2009-01-28 18:17 56 -r-hs---- c:\windows\system32\C872BC0329.sys
2009-01-22 18:38 . 2001-08-17 22:36 19,456 --a------ c:\windows\system32\hidserv.dll
2009-01-22 18:38 . 2001-08-17 22:36 19,456 --a------ c:\windows\system32\dllcache\hidserv.dll
2009-01-22 18:38 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-22 18:38 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2009-01-22 18:38 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-22 18:38 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\dllcache\hidusb.sys
2009-01-21 08:18 . 2009-02-13 21:31 <DIR> dr-h----- C:\$VAULT$.AVG
2009-01-16 08:51 . 2009-01-16 08:51 <DIR> d--h----- c:\documents and settings\Owner\Application Data\Local Settings

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 01:59 --------- d-----w c:\documents and settings\Owner\Application Data\AVG7
2009-02-14 01:56 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-02-14 00:49 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2009-02-04 13:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2009-01-13 01:36 --------- d-----w c:\documents and settings\Owner\Application Data\vlc
2009-01-13 00:41 --------- d-----w c:\program files\VideoLAN
2009-01-12 06:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-12 06:14 --------- d-----w c:\program files\PowerQuest
2009-01-12 06:13 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-12 06:12 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-01-12 06:12 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-01-12 06:12 23,424 ----a-w c:\windows\system32\drivers\avgmfrs.sys
2009-01-12 06:12 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-01-12 06:04 --------- d-----w c:\program files\Hewlett-Packard
2009-01-12 06:02 --------- d-----w c:\program files\Common Files\Adobe
2009-01-12 06:00 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-12 05:36 --------- d-----w c:\program files\InterVideo
2009-01-12 05:36 --------- d-----w c:\program files\HP RecordNow
2009-01-12 05:36 --------- d-----w c:\program files\HP DLA
2001-08-18 12:00 94,784 --sha-w c:\windows\twain.dll
2001-08-18 12:00 46,592 --sha-w c:\windows\twain_32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-13_21.13.40.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-14 02:12:50 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-14 02:30:38 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-14 02:12:50 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-14 02:30:38 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-14 02:12:50 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-14 02:30:38 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-12 05:37:55 40,190 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-14 02:17:31 40,190 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-12 05:37:55 311,842 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-14 02:17:31 311,842 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D740B85-F0CC-4E92-A096-DE3D2E16622B}]
2001-08-18 07:00 96256 --a------ c:\windows\System32\atmli.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-04-12 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-04-12 536576]
"HP TV Now"="c:\program files\Hewlett-Packard\HP TV Now\HpTvNow.exe" [2002-04-30 237568]
"HP Display Settings"="c:\program files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe" [2002-03-07 61440]
"QT4HPOT"="c:\progra~1\HEWLET~1\ONE-TO~1\OneTouch.EXE" [2002-04-20 77824]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2001-07-19 52736]
"hp Silent Service"="c:\windows\system32\HpSrvUI.exe" [2001-11-29 32768]
"hpScannerFirstBoot"="c:\hp\drivers\scanners\scannerfb.exe" [2001-12-13 20480]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-03-14 102455]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-01-13 590848]
"CARPService"="carpserv.exe" [2002-03-27 c:\windows\system32\carpserv.exe]
"ATIModeChange"="Ati2mdxx.exe" [2002-04-22 c:\windows\system32\Ati2mdxx.exe]
"AtiPTA"="atiptaxx.exe" [2002-04-23 c:\windows\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2009-01-12 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

R0 ALiAGP;ALi AGP Bus Filter Driver;c:\windows\system32\drivers\ALiAGP.SYS [1980-01-01 30733]
R0 yckqgdiq;yckqgdiq;c:\windows\system32\drivers\yckqgdiq.sys [1980-01-01 23424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 CALIAUD;HP ALI 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [1980-01-01 321504]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [1980-01-01 225504]
R3 DP83815;National Semiconductor Corp. DP83815 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [1980-01-01 16064]
S3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [2002-05-29 26112]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2002-05-29 69692]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;c:\windows\system32\drivers\Express.sys [1980-01-01 57344]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig?hl=en&source=iglk
uDefault_Search_URL = hxxp://srch-us4nb.hpwis.com/
mSearch Bar = hxxp://srch-us4nb.hpwis.com/
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 21:37:30
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\ODBC32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(720)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-02-13 21:38:58
ComboFix-quarantined-files.txt 2009-02-14 02:38:56
ComboFix2.txt 2009-02-14 02:14:35

Pre-Run: 15,398,715,392 bytes free
Post-Run: 15,396,839,424 bytes free

139

------------------------------

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: could not open file "C:\WINDOWS\system32\atmli.dll"
Deletion of file "C:\WINDOWS\system32\atmli.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Completed script processing.

*******************

Finished! Terminate.

windows-virus

2 Contributors
11 Replies
203 Views
6 Days Discussion Span
Latest Post 15 Years Ago Latest Post by crunchie

crunchie 990 Most Valuable Poster

15 Years Ago

You have already run combofix twice, at least, so I'm not helping there. Combofix should not be run without supervision as it can wreck your OS.

==

Please go here & install ALL critical updates required for your system, including service pack 1a for both XP and IE6.
Do NOT install SP2 or higher.
Most malware is designed to attack unpatched XP systems - exploiting the available 'holes' - and can bypass third-party protection on an unpatched system. The most that can be done with an unpatched system is put a temporary bandage on it. Your system can potentially be reinfected within minutes of cleaning it.
Post back a new hijackthis log after rebooting your system.

==

Do that first and then we will have another look.

==

Out of interest, what did you do with The Avenger?

crunchie 990 Most Valuable Poster

15 Years Ago

Please post the entire log, including the header.

crunchie 990 Most Valuable Poster

15 Years Ago

Do NOT install SP2 or higher.

There are reasons why we helpers write things like that. With malware on your pc, installing service pack 2 or higher, your pc can get mashed.

==

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

reland 0 Newbie Poster · Answer 1 · 2009-02-17T19:46:39+00:00

Okay done, took a while but done. and i just re-read your post and I went all the way to sp3 SORRY!

With avenger a ran a script to kill the problem dlll file, (from anothe thread in this forum that had a similar problem)

Here is my new log.

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {7D740B85-F0CC-4E92-A096-DE3D2E16622B} - C:\WINDOWS\System32\atmli.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent\utorrent 1.5.exe"
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234828503378
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234828474667
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe

--
End of file - 5030 bytes

reland 0 Newbie Poster · Answer 2 · 2009-02-18T05:04:42+00:00

OKAY

----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:40 PM, on 17/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {7D740B85-F0CC-4E92-A096-DE3D2E16622B} - C:\WINDOWS\System32\atmli.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent\utorrent 1.5.exe"
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234828503378
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234828474667
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe

--
End of file - 5111 bytes

reland 0 Newbie Poster · Answer 3 · 2009-02-18T19:33:18+00:00

Crunchie,

below are the requested logs.

----

Malwarebytes' Anti-Malware 1.34
Database version: 1773
Windows 5.1.2600 Service Pack 3

18/02/2009 8:20:24 AM
mbam-log-2009-02-18 (08-20-24).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 96146
Time elapsed: 27 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d740b85-f0cc-4e92-a096-de3d2e16622b} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7d740b85-f0cc-4e92-a096-de3d2e16622b} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d740b85-f0cc-4e92-a096-de3d2e16622b} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\atmli.dll (Trojan.BHO.H) -> Delete on reboot.

----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:37 AM, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\utorrent\utorrent 1.5.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {7D740B85-F0CC-4E92-A096-DE3D2E16622B} - C:\WINDOWS\System32\atmli.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent\utorrent 1.5.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234828503378
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234828474667
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe

--
End of file - 5136 bytes

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 4 · 2009-02-19T01:47:10+00:00

Can you please do the following.

===============

Scan with HijackThis and then place a check next to all the following, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/

O2 - BHO: (no name) - {7D740B85-F0CC-4E92-A096-DE3D2E16622B} - C:\WINDOWS\System32\atmli.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINDOWS\System32\atmli.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

reland 0 Newbie Poster · Answer 5 · 2009-02-19T05:43:45+00:00

no go, still there.

it removed everything but O2 - BHO: (no name) - {7D740B85-F0CC-4E92-A096-DE3D2E16622B} - C:\WINDOWS\System32\atmli.dll

the hjt log.
----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:03 PM, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=en&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {7D740B85-F0CC-4E92-A096-DE3D2E16622B} - C:\WINDOWS\System32\atmli.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent\utorrent 1.5.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234828503378
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234828474667
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe

--
End of file - 4874 bytes

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 6 · 2009-02-19T06:42:29+00:00

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

reland 0 Newbie Poster · Answer 7 · 2009-02-20T05:56:29+00:00

Done attached are the logs.

---

ComboFix 09-02-12.03 - Owner 2009-02-19 18:35:50.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.327 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.

2009-02-18 00:00 . 2009-02-18 00:00 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-18 00:00 . 2009-02-18 00:00 d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-02-18 00:00 . 2009-02-18 00:00 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-18 00:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-18 00:00 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-17 08:36 . 2008-12-20 18:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-02-17 08:36 . 2007-04-17 04:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-17 08:36 . 2007-03-08 00:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-17 08:36 . 2008-12-20 18:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-02-17 08:36 . 2008-12-20 18:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-17 08:36 . 2008-12-20 18:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-02-17 08:36 . 2008-12-20 18:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-02-17 08:36 . 2008-12-20 18:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-17 08:36 . 2008-12-19 04:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-17 08:18 . 2008-06-13 06:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-02-17 08:17 . 2008-10-15 20:00 1,499,136 --------- c:\windows\system32\dllcache\shdocvw.dll
2009-02-17 08:17 . 2008-12-20 18:15 1,160,192 --------- c:\windows\system32\dllcache\urlmon.dll
2009-02-17 08:17 . 2008-12-20 18:15 826,368 --------- c:\windows\system32\dllcache\wininet.dll
2009-02-17 08:16 . 2009-01-16 21:35 3,594,752 --------- c:\windows\system32\dllcache\mshtml.dll
2009-02-17 08:16 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-17 08:16 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-17 08:16 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-17 08:16 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-17 08:16 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2009-02-17 08:15 . 2008-04-11 14:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-02-17 08:15 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-17 08:15 . 2008-12-11 05:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-02-17 08:15 . 2008-05-01 09:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-02-17 08:15 . 2008-05-08 09:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-02-17 08:14 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-02-17 08:14 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-02-16 22:16 . 2009-02-16 22:16 d-------- c:\windows\system32\scripting
2009-02-16 22:16 . 2009-02-16 22:16 d-------- c:\windows\system32\en
2009-02-16 22:16 . 2009-02-16 22:16 d-------- c:\windows\l2schemas
2009-02-16 21:53 . 2008-09-09 20:14 1,307,648 --a------ c:\windows\system32\msxml6.dll
2009-02-16 21:52 . 2008-04-13 19:12 695,808 --------- c:\windows\system32\dllcache\drmv2clt.dll
2009-02-16 21:18 . 2009-02-17 08:10 316,640 --a------ c:\windows\WMSysPr9.prx
2009-02-16 21:18 . 2008-04-13 19:12 221,184 --a------ c:\windows\system32\wmpns.dll
2009-02-16 21:16 . 2009-02-16 21:16 d-------- c:\windows\provisioning
2009-02-16 21:16 . 2009-02-16 22:16 d-------- c:\windows\peernet
2009-02-16 21:13 . 2009-02-16 22:17 d-------- c:\windows\ServicePackFiles
2009-02-16 21:07 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-02-16 21:03 . 2009-02-16 22:03 d-------- c:\windows\EHome
2009-02-16 20:56 . 2008-04-14 05:42 11,264 --------- c:\windows\system32\spnpinst.exe
2009-02-16 20:56 . 2004-08-02 14:20 7,208 --------- c:\windows\system32\secupd.sig
2009-02-16 20:56 . 2004-08-02 14:20 4,569 --------- c:\windows\system32\secupd.dat
2009-02-16 19:27 . 2008-04-13 19:11 614,912 --a------ c:\windows\system32\h323msp.dll
2009-02-16 19:27 . 2008-04-13 19:11 331,264 --a------ c:\windows\system32\ipnathlp.dll
2009-02-16 19:27 . 2008-04-13 19:12 265,728 --a------ c:\windows\system32\h323.tsp
2009-02-16 19:27 . 2008-04-13 19:11 77,824 --a------ c:\windows\system32\browser.dll
2009-02-16 19:27 . 2008-04-13 19:11 40,960 --a------ c:\windows\system32\mf3216.dll
2009-02-16 19:27 . 2004-03-29 20:25 40,960 --------- c:\windows\system32\dllcache\evtgprov.dll
2009-02-16 19:24 . 2008-04-13 19:12 713,216 --a------ c:\windows\system32\sxs.dll
2009-02-16 19:21 . 2008-04-13 19:11 33,792 --a------ c:\windows\system32\msgsvc.dll
2009-02-16 19:17 . 2008-04-13 19:12 239,104 --a------ c:\windows\system32\srrstr.dll
2009-02-16 19:14 . 2009-02-16 19:27 d--h-c--- c:\windows\$xpsp1hfm$
2009-02-16 19:14 . 2008-04-13 19:11 498,742 --a------ c:\windows\system32\dxmasf.dll
2009-02-16 19:10 . 2008-04-13 19:11 138,240 --a------ c:\windows\system32\itss.dll
2009-02-16 19:09 . 2008-04-13 19:12 274,944 --a------ c:\windows\system32\mstask.dll
2009-02-16 19:09 . 2008-04-13 19:12 192,512 --a------ c:\windows\system32\schedsvc.dll
2009-02-16 19:09 . 2008-04-13 19:12 12,288 --a------ c:\windows\system32\mstinit.exe
2009-02-16 19:08 . 2009-02-17 18:07 d--h----- c:\windows\$hf_mig$
2009-02-16 19:01 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-16 19:01 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-16 18:57 . 2009-02-16 22:16 d-------- c:\windows\system32\bits
2009-02-16 18:57 . 2008-04-13 12:39 438,784 --------- c:\windows\system32\xpob2res.dll
2009-02-16 18:57 . 2008-04-13 19:12 354,304 --a------ c:\windows\system32\winhttp.dll
2009-02-16 18:57 . 2008-04-13 19:12 18,944 --a------ c:\windows\system32\qmgrprxy.dll
2009-02-16 18:57 . 2008-04-13 19:11 8,192 --------- c:\windows\system32\bitsprx2.dll
2009-02-16 18:57 . 2008-04-13 19:11 7,168 --------- c:\windows\system32\bitsprx3.dll
2009-02-16 18:55 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll
2009-02-16 18:55 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll
2009-02-16 18:55 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl
2009-02-16 18:55 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-02-16 18:55 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll
2009-02-16 18:55 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-02-16 18:55 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-02-16 18:55 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-16 18:55 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-13 21:34 . 2009-02-13 21:34 d-------- c:\program files\Trend Micro
2009-02-13 20:40 . 2009-02-13 20:40 d-------- c:\program files\SUPERAntiSpyware
2009-02-13 20:40 . 2009-02-13 20:40 d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-13 20:40 . 2009-02-13 20:40 d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-02-13 20:40 . 2009-02-13 20:40 d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-13 20:38 . 2009-02-13 20:38 d-------- c:\program files\utorrent
2009-01-31 22:00 . 2001-08-18 07:00 96,256 --a------ c:\windows\system32\atmli.dll
2009-01-30 17:41 . 2009-01-31 14:40 d-------- c:\documents and settings\Owner\Application Data\Lavasoft
2009-01-30 17:34 . 2009-01-30 17:40 d----c--- c:\windows\system32\DRVSTORE
2009-01-30 17:30 . 2009-01-31 14:40 d-------- c:\program files\Lavasoft
2009-01-30 17:30 . 2009-01-31 14:41 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-30 17:17 . 2009-01-30 17:17 d--hs---- c:\documents and settings\Owner\UserData
2009-01-28 18:17 . 2009-01-28 18:17 d-------- c:\program files\DivX
2009-01-28 18:17 . 2009-01-30 17:55 2,516 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-01-28 18:17 . 2009-01-28 18:17 56 -r-hs---- c:\windows\system32\C872BC0329.sys
2009-01-22 18:38 . 2008-04-13 19:11 21,504 --a------ c:\windows\system32\hidserv.dll
2009-01-22 18:38 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-22 18:38 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2009-01-22 18:38 . 2008-04-13 13:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-21 08:18 . 2009-02-18 03:36 dr-h----- C:\$VAULT$.AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 23:33 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent
2009-02-19 08:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2009-02-14 01:59 --------- d-----w c:\documents and settings\Owner\Application Data\AVG7
2009-02-04 13:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2009-01-16 13:51 --------- d--h--w c:\documents and settings\Owner\Application Data\Local Settings
2009-01-13 01:36 --------- d-----w c:\documents and settings\Owner\Application Data\vlc
2009-01-13 00:41 --------- d-----w c:\program files\VideoLAN
2009-01-12 06:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-12 06:14 --------- d-----w c:\program files\PowerQuest
2009-01-12 06:13 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-12 06:12 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-01-12 06:12 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-01-12 06:12 23,424 ----a-w c:\windows\system32\drivers\avgmfrs.sys
2009-01-12 06:12 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-01-12 06:04 --------- d-----w c:\program files\Hewlett-Packard
2009-01-12 06:02 --------- d-----w c:\program files\Common Files\Adobe
2009-01-12 06:00 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-12 05:36 --------- d-----w c:\program files\InterVideo
2009-01-12 05:36 --------- d-----w c:\program files\HP RecordNow
2009-01-12 05:36 --------- d-----w c:\program files\HP DLA
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2001-08-18 12:00 94,784 --sha-w c:\windows\twain.dll
2008-04-14 00:12 50,688 --sha-w c:\windows\twain_32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-13_21.13.40.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-07-24 21:40:22 477,696 -c--a-w c:\windows\$xpsp1hfm$\KB823182\cryptui.dll
+ 2003-07-14 22:41:10 6,656 -c--a-w c:\windows\$xpsp1hfm$\KB823182\spmsg.dll
+ 2003-07-14 22:42:18 100,352 -c--a-w c:\windows\$xpsp1hfm$\KB823182\spuninst.exe
+ 2003-07-14 22:42:18 22,016 -c--a-w c:\windows\$xpsp1hfm$\KB823182\update\spcustom.dll
+ 2003-07-14 22:41:10 431,104 -c--a-w c:\windows\$xpsp1hfm$\KB823182\update\update.exe
+ 2003-07-08 21:48:54 149,248 -c--a-w c:\windows\$xpsp1hfm$\KB824105\netbt.sys
+ 2003-07-14 22:41:10 6,656 -c--a-w c:\windows\$xpsp1hfm$\KB824105\spmsg.dll
+ 2003-07-14 22:42:18 100,352 -c--a-w c:\windows\$xpsp1hfm$\KB824105\spuninst.exe
+ 2003-07-14 22:42:18 22,016 -c--a-w c:\windows\$xpsp1hfm$\KB824105\update\spcustom.dll
+ 2003-07-14 22:41:10 431,104 -c--a-w c:\windows\$xpsp1hfm$\KB824105\update\update.exe
+ 2003-10-21 23:06:41 32,256 -c--a-w c:\windows\$xpsp1hfm$\KB828035\msgsvc.dll
+ 2003-10-13 22:48:36 6,656 -c--a-w c:\windows\$xpsp1hfm$\KB828035\spmsg.dll
+ 2003-10-14 06:50:14 140,800 -c--a-w c:\windows\$xpsp1hfm$\KB828035\spuninst.exe
+ 2003-10-14 06:50:13 22,016 -c--a-w c:\windows\$xpsp1hfm$\KB828035\update\spcustom.dll
+ 2003-10-13 22:48:36 568,320 -c--a-w c:\windows\$xpsp1hfm$\KB828035\update\update.exe
+ 2003-10-21 23:06:41 119,808 -c--a-w c:\windows\$xpsp1hfm$\KB828035\wkssvc.dll
+ 2004-03-06 02:16:10 225,280 -c--a-w c:\windows\$xpsp1hfm$\KB828741\catsrv.dll
+ 2004-03-06 02:16:10 594,944 -c--a-w c:\windows\$xpsp1hfm$\KB828741\catsrvut.dll
+ 2004-03-06 02:16:10 110,080 -c--a-w c:\windows\$xpsp1hfm$\KB828741\clbcatex.dll
+ 2004-03-06 02:16:11 499,712 -c--a-w c:\windows\$xpsp1hfm$\KB828741\clbcatq.dll
+ 2004-03-06 02:16:10 64,512 -c--a-w c:\windows\$xpsp1hfm$\KB828741\colbact.dll
+ 2004-03-06 02:16:10 187,904 -c--a-w c:\windows\$xpsp1hfm$\KB828741\comadmin.dll
+ 2004-02-17 18:49:58 8,192 -c--a-w c:\windows\$xpsp1hfm$\KB828741\comrepl.exe
+ 2004-03-06 02:16:11 1,194,496 -c--a-w c:\windows\$xpsp1hfm$\KB828741\comsvcs.dll
+ 2004-03-06 02:16:10 499,200 -c--a-w c:\windows\$xpsp1hfm$\KB828741\comuid.dll
+ 2004-03-06 02:16:11 226,816 -c--a-w c:\windows\$xpsp1hfm$\KB828741\es.dll
+ 2004-02-17 18:50:10 6,656 -c--a-w c:\windows\$xpsp1hfm$\KB828741\migregdb.exe
+ 2004-03-06 02:16:10 367,616 -c--a-w c:\windows\$xpsp1hfm$\KB828741\msdtcprx.dll
+ 2004-03-06 02:16:11 977,920 -c--a-w c:\windows\$xpsp1hfm$\KB828741\msdtctm.dll
+ 2004-03-06 02:16:10 150,528 -c--a-w c:\windows\$xpsp1hfm$\KB828741\msdtcuiu.dll
+ 2004-03-06 02:16:10 64,512 -c--a-w c:\windows\$xpsp1hfm$\KB828741\mtxclu.dll
+ 2004-03-06 02:16:10 82,432 -c--a-w c:\windows\$xpsp1hfm$\KB828741\mtxoci.dll
+ 2004-03-06 02:16:11 1,183,744 -c--a-w c:\windows\$xpsp1hfm$\KB828741\ole32.dll
+ 2004-03-06 02:16:11 535,552 -c--a-w c:\windows\$xpsp1hfm$\KB828741\rpcrt4.dll
+ 2004-03-06 02:16:11 263,680 -c--a-w c:\windows\$xpsp1hfm$\KB828741\rpcss.dll
+ 2004-01-09 22:46:46 6,656 -c--a-w c:\windows\$xpsp1hfm$\KB828741\spmsg.dll
+ 2004-01-10 05:11:06 140,800 -c--a-w c:\windows\$xpsp1hfm$\KB828741\spuninst.exe
+ 2004-03-06 02:16:10 97,280 -c--a-w c:\windows\$xpsp1hfm$\KB828741\txflog.dll
+ 2004-01-10 05:11:04 22,016 -c--a-w c:\windows\$xpsp1hfm$\KB828741\update\spcustom.dll
+ 2004-01-09 22:46:46 568,320 -c--a-w c:\windows\$xpsp1hfm$\KB828741\update\update.exe
+ 2004-03-02 21:19:47 1,638,400 -c--a-w c:\windows\$xpsp1hfm$\KB833987\asms\10\msft\windows\gdiplus\gdiplus.dll
+ 2004-01-09 22:46:46 6,656 -c--a-w c:\windows\$xpsp1hfm$\KB833987\spmsg.dll
+ 2004-01-10 05:11:06 140,800 -c--a-w c:\windows\$xpsp1hfm$\KB833987\spuninst.exe
+ 2004-03-09 02:25:19 676,864 -c--a-w c:\windows\$xpsp1hfm$\KB833987\sxs.dll
+ 2004-03-09 00:22:00 4,608 -c--a-w c:\windows\$xpsp1hfm$\KB833987\update\CleanReg.dll
+ 2004-01-10 05:11:04 22,016 -c--a-w c:\windows\$xpsp1hfm$\KB833987\update\spcustom.dll
+ 2004-01-09 22:46:46 568,320 -c--a-w c:\windows\$xpsp1hfm$\KB833987\update\update.exe
+ 2004-03-30 01:48:36 364,544 -c--a-w c:\windows\$xpsp1hfm$\KB835732\callcont.dll
+ 2004-03-30 01:48:36 40,960 -c--a-w c:\windows\$xpsp1hfm$\KB835732\evtgprov.dll
+ 2004-03-30 01:48:36 257,536 -c--a-w c:\windows\$xpsp1hfm$\KB835732\gdi32.dll
+ 2004-03-30 01:48:36 593,408 -c--a-w c:\windows\$xpsp1hfm$\KB835732\h323msp.dll
+ 2004-03-30 01:34:15 741,376 -c--a-w c:\windows\$xpsp1hfm$\KB835732\helpctr.exe
+ 2004-03-30 01:48:36 439,808 -c--a-w c:\windows\$xpsp1hfm$\KB835732\ipnathlp.dll
+ 2004-03-30 01:48:36 667,648 -c--a-w c:\windows\$xpsp1hfm$\KB835732\lsasrv.dll
+ 2004-03-30 01:48:36 36,864 -c--a-w c:\windows\$xpsp1hfm$\KB835732\mf3216.dll
+ 2004-03-30 01:48:36 51,712 -c--a-w c:\windows\$xpsp1hfm$\KB835732\msasn1.dll
+ 2004-03-30 01:48:36 971,264 -c--a-w c:\windows\$xpsp1hfm$\KB835732\msgina.dll
+ 2004-03-30 01:48:36 253,952 -c--a-w c:\windows\$xpsp1hfm$\KB835732\mst120.dll
+ 2004-03-30 01:48:36 306,176 -c--a-w c:\windows\$xpsp1hfm$\KB835732\netapi32.dll
+ 2004-03-30 01:48:36 73,728 -c--a-w c:\windows\$xpsp1hfm$\KB835732\nmcom.dll
+ 2004-03-30 01:48:36 548,352 -c--a-w c:\windows\$xpsp1hfm$\KB835732\rtcdll.dll
+ 2004-03-30 01:48:36 136,704 -c--a-w c:\windows\$xpsp1hfm$\KB835732\schannel.dll
+ 2004-01-09 22:46:46 6,656 -c--a-w c:\windows\$xpsp1hfm$\KB835732\spmsg.dll
+ 2004-01-10 05:11:06 140,800 -c--a-w c:\windows\$xpsp1hfm$\KB835732\spuninst.exe
+ 2004-01-10 05:11:04 22,016 -c--a-w c:\windows\$xpsp1hfm$\KB835732\update\spcustom.dll
+ 2004-01-09 22:46:46 568,320 -c--a-w c:\windows\$xpsp1hfm$\KB835732\update\update.exe
+ 2004-03-10 17:59:50 593,408 -c--a-w c:\windows\$xpsp1hfm$\KB835732\xpsp2res.dll
+ 2004-03-01 18:55:22 561,179 -c--a-w c:\windows\$xpsp1hfm$\KB837001\dao360.dll
+ 2004-01-10 11:37:02 380,957 -c--a-w c:\windows\$xpsp1hfm$\KB837001\expsrv.dll
+ 2004-03-01 18:55:23 512,029 -c--a-w c:\windows\$xpsp1hfm$\KB837001\msexch40.dll
+ 2004-03-01 18:55:24 319,517 -c--a-w c:\windows\$xpsp1hfm$\KB837001\msexcl40.dll
+ 2004-03-16 18:44:10 1,507,356 -c--a-w c:\windows\$xpsp1hfm$\KB837001\msjet40.dll
+ 2004-03-01 18:52:15 358,976 -c--a-w c:\windows\$xpsp1hfm$\KB837001\msjetol1.dll
+ 2004-03-16 17:38:32 151,583 -c--a-w c:\windows\$xpsp1hfm$\KB837001\msjint40.dll
+ 2004-01-10 11:36:33 53,279 -c--a-w c:\windows\$xpsp1hfm$\KB837001\msjter40.dll
+ 2004-03-01 18:55:29 241,693 -c--a-w c:\windows\$xpsp1hfm$\KB837001\msjtes40.dll
+ 2004-01-10 11:36:38 213,023 -c--a-w c:\windows\$xpsp1hfm$\KB837001\msltus40.dll
+ 2004-03-01 18:55:31 348,189 -c--a-w c:\windows\$xpsp1hfm$\KB837001\mspbde40.dll
+ 2004-01-10 11:36:42 421,919 -c--a-w c:\windows\$xpsp1hfm$\KB837001\msrd2x40.dll
+ 2004-01-10 11:36:43 315,423 -c--a-w c:\windows\$xpsp1hfm$\KB837001\msrd3x40.dll
+ 2004-03-01 18:55:35 552,989 -c--a-w c:\windows\$xpsp1hfm$\KB837001\msrepl40.dll
+ 2004-03-01 18:55:35 258,077 -c--a-w c:\windows\$xpsp1hfm$\KB837001\mstext40.dll
+ 2004-01-10 11:36:50 831,519 -c--a-w c:\windows\$xpsp1hfm$\KB837001\mswdat10.dll
+ 2004-03-16 17:38:33 614,431 -c--a-w c:\windows\$xpsp1hfm$\KB837001\mswstr10.dll
+ 2004-03-01 18:55:39 348,189 -c--a-w c:\windows\$xpsp1hfm$\KB837001\msxbde40.dll
+ 2004-01-09 22:46:46 6,656 -c--a-w c:\windows\$xpsp1hfm$\KB837001\spmsg.dll
+ 2004-01-10 05:11:06 140,800 -c--a-w c:\windows\$xpsp1hfm$\KB837001\spuninst.exe
+ 2004-01-10 05:11:04 22,016 -c--a-w c:\windows\$xpsp1hfm$\KB837001\update\spcustom.dll
+ 2004-01-09 22:46:46 568,320 -c--a-w c:\windows\$xpsp1hfm$\KB837001\update\update.exe
+ 2004-03-16 18:44:16 30,749 -c--a-w c:\windows\$xpsp1hfm$\KB837001\vbajet32.dll
+ 2004-05-05 23:03:21 8,192 -c--a-w c:\windows\$xpsp1hfm$\KB839643\custom_uninstall.dll
+ 2004-05-12 22:29:45 214,528 -c--a-w c:\windows\$xpsp1hfm$\KB839643\dplayx.dll
+ 2004-05-12 22:29:45 50,176 -c--a-w c:\windows\$xpsp1hfm$\KB839643\dpwsockx.dll
+ 2004-04-09 23:53:40 6,656 -c--a-w c:\windows\$xpsp1hfm$\KB839643\spmsg.dll
+ 2004-04-10 19:24:38 158,208 -c--a-w c:\windows\$xpsp1hfm$\KB839643\spuninst.exe
+ 2004-04-10 19:24:37 22,016 -c--a-w c:\windows\$xpsp1hfm$\KB839643\update\spcustom.dll
+ 2004-04-09 23:53:41 616,960 -c--a-w c:\windows\$xpsp1hfm$\KB839643\update\update.exe
+ 2004-04-16 22:56:04 921,600 -c--a-w c:\windows\$xpsp1hfm$\KB839645\asms\60\msft\windows\Common\Controls\comctl32.dll
+ 2004-04-17 00:56:06 82,432 -c--a-w c:\windows\$xpsp1hfm$\KB839645\fldrclnr.dll
+ 2004-06-10 19:51:27 8,350,720 -c--a-w c:\windows\$xpsp1hfm$\KB839645\shell32.dll
+ 2004-04-08 18:12:20 406,528 -c--a-w c:\windows\$xpsp1hfm$\KB839645\shlwapi.dll
+ 2004-01-09 22:46:46 6,656 -c--a-w c:\windows\$xpsp1hfm$\KB839645\spmsg.dll
+ 2004-01-10 05:11:06 140,800 -c--a-w c:\windows\$xpsp1hfm$\KB839645\spuninst.exe
+ 2004-04-17 00:56:04 676,864 -c--a-w c:\windows\$xpsp1hfm$\KB839645\sxs.dll
+ 2004-01-10 05:11:04 22,016 -c--a-w c:\windows\$xpsp1hfm$\KB839645\update\spcustom.dll
+ 2004-01-09 22:46:46 568,320 -c--a-w c:\windows\$xpsp1hfm$\KB839645\update\update.exe
+ 2004-04-11 04:04:21 593,408 -c--a-w c:\windows\$xpsp1hfm$\KB839645\xpsp2res.dll
+ 2004-04-14 22:50:06 740,864 -c--a-w c:\windows\$xpsp1hfm$\KB840374\helpctr.exe
+ 2004-04-11 00:53:14 16,384 -c--a-w c:\windows\$xpsp1hfm$\KB840374\hscupd.exe
+ 2004-04-09 21:53:42 6,656 -c--a-w c:\windows\$xpsp1hfm$\KB840374\spmsg.dll
+ 2004-04-10 17:24:40 158,208 -c--a-w c:\windows\$xpsp1hfm$\KB840374\spuninst.exe
+ 2004-04-10 17:24:38 22,016 -c--a-w c:\windows\$xpsp1hfm$\KB840374\update\spcustom.dll
+ 2004-04-09 21:53:42 616,960 -c--a-w c:\windows\$xpsp1hfm$\KB840374\update\update.exe
+ 2002-09-06 20:54:00 4,608 -c--a-w c:\windows\$xpsp1hfm$\Q329048\spmsg.dll
+ 2002-09-21 17:44:06 46,080 -c--a-w c:\windows\$xpsp1hfm$\Q329048\spuninst.exe
+ 2002-09-21 17:44:06 10,752 -c--a-w c:\windows\$xpsp1hfm$\Q329048\update\spcustom.dll
+ 2002-09-21 17:44:06 273,408 -c--a-w c:\windows\$xpsp1hfm$\Q329048\update\update.exe
+ 2002-09-25 20:18:58 316,928 -c--a-w c:\windows\$xpsp1hfm$\Q329048\zipfldr.dll
+ 2002-11-14 15:01:10 4,608 -c--a-w c:\windows\$xpsp1hfm$\Q329170\spmsg.dll
+ 2002-12-17 18:32:14 87,040 -c--a-w c:\windows\$xpsp1hfm$\Q329170\spuninst.exe
+ 2002-12-20 17:36:00 322,048 -c--a-w c:\windows\$xpsp1hfm$\Q329170\srv.sys
+ 2002-12-17 18:32:14 18,432 -c--a-w c:\windows\$xpsp1hfm$\Q329170\update\spcustom.dll
+ 2002-11-14 15:01:10 409,088 -c--a-w c:\windows\$xpsp1hfm$\Q329170\update\update.exe
+ 2002-09-30 15:58:10 125,440 -c--a-w c:\windows\$xpsp1hfm$\Q329390\shmedia.dll
+ 2002-09-06 20:54:00 4,608 -c--a-w c:\windows\$xpsp1hfm$\Q329390\spmsg.dll
+ 2002-09-21 17:44:06 46,080 -c--a-w c:\windows\$xpsp1hfm$\Q329390\spuninst.exe
+ 2002-09-21 17:44:06 10,752 -c--a-w c:\windows\$xpsp1hfm$\Q329390\update\spcustom.dll
+ 2002-09-21 17:44:06 273,408 -c--a-w c:\windows\$xpsp1hfm$\Q329390\update\update.exe
+ 2003-07-15 00:41:08 6,656 -c--a-w c:\windows\$xpsp1hfm$\Q329441\spmsg.dll
+ 2003-08-02 04:14:56 100,352 -c--a-w c:\windows\$xpsp1hfm$\Q329441\spuninst.exe
+ 2002-11-14 20:50:42 226,816 -c--a-w c:\windows\$xpsp1hfm$\Q329441\srrstr.dll
+ 2003-08-02 02:14:56 22,016 -c--a-w c:\windows\$xpsp1hfm$\Q329441\update\spcustom.dll
+ 2003-07-15 00:41:08 431,104 -c--a-w c:\windows\$xpsp1hfm$\Q329441\update\update.exe
+ 2002-10-01 22:52:30 46,208 -c--a-w c:\windows\$xpsp1hfm$\Q329834\raspptp.sys
+ 2002-09-06 20:54:00 4,608 -c--a-w c:\windows\$xpsp1hfm$\Q329834\spmsg.dll
+ 2002-09-21 17:44:06 46,080 -c--a-w c:\windows\$xpsp1hfm$\Q329834\spuninst.exe
+ 2002-09-21 17:44:06 10,752 -c--a-w c:\windows\$xpsp1hfm$\Q329834\update\spcustom.dll
+ 2002-09-21 17:44:06 273,408 -c--a-w c:\windows\$xpsp1hfm$\Q329834\update\update.exe
+ 2002-11-18 16:27:40 392,576 -c--a-w c:\windows\$xpsp1hfm$\Q810577\mrxsmb.sys
+ 2002-11-14 15:01:10 4,608 -c--a-w c:\windows\$xpsp1hfm$\Q810577\spmsg.dll
+ 2002-11-14 15:04:54 87,040 -c--a-w c:\windows\$xpsp1hfm$\Q810577\spuninst.exe
+ 2002-11-14 15:04:54 18,432 -c--a-w c:\windows\$xpsp1hfm$\Q810577\update\spcustom.dll
+ 2002-11-14 15:01:10 409,088 -c--a-w c:\windows\$xpsp1hfm$\Q810577\update\update.exe
+ 2002-12-03 23:50:10 68,608 -c--a-w c:\windows\$xpsp1hfm$\Q810833\locator.exe
+ 2002-11-14 15:01:10 4,608 -c--a-w c:\windows\$xpsp1hfm$\Q810833\spmsg.dll
+ 2002-11-14 15:04:54 87,040 -c--a-w c:\windows\$xpsp1hfm$\Q810833\spuninst.exe
+ 2002-11-14 15:04:54 18,432 -c--a-w c:\windows\$xpsp1hfm$\Q810833\update\spcustom.dll
+ 2002-11-14 15:01:10 409,088 -c--a-w c:\windows\$xpsp1hfm$\Q810833\update\update.exe
+ 2002-12-17 22:43:00 10,752 -c--a-w c:\windows\$xpsp1hfm$\Q811630\hh.exe
+ 2003-01-10 19:43:46 37,888 -c--a-w c:\windows\$xpsp1hfm$\Q811630\hhsetup.dll
+ 2003-01-10 19:43:48 143,872 -c--a-w c:\windows\$xpsp1hfm$\Q811630\itircl.dll
+ 2003-01-10 19:43:48 122,368 -c--a-w c:\windows\$xpsp1hfm$\Q811630\itss.dll
+ 2002-11-14 15:01:10 4,608 -c--a-w c:\windows\$xpsp1hfm$\Q811630\spmsg.dll
+ 2002-12-17 18:32:14 87,040 -c--a-w c:\windows\$xpsp1hfm$\Q811630\spuninst.exe
+ 2002-12-17 18:32:14 18,432 -c--a-w c:\windows\$xpsp1hfm$\Q811630\update\spcustom.dll
+ 2002-11-14 15:01:10 409,088 -c--a-w c:\windows\$xpsp1hfm$\Q811630\update\update.exe
+ 2003-05-01 21:56:12 654,336 -c--a-w c:\windows\$xpsp1hfm$\Q815021\ntdll.dll
+ 2003-03-21 21:54:56 6,656 -c--a-w c:\windows\$xpsp1hfm$\Q815021\spmsg.dll
+ 2003-03-21 21:56:52 89,088 -c--a-w c:\windows\$xpsp1hfm$\Q815021\spuninst.exe
+ 2003-03-21 21:56:50 18,944 -c--a-w c:\windows\$xpsp1hfm$\Q815021\update\spcustom.dll
+ 2003-03-21 21:54:58 411,136 -c--a-w c:\windows\$xpsp1hfm$\Q815021\update\update.exe
+ 2003-05-13 15:28:52 1,132,032 -c--a-w c:\windows\$xpsp1hfm$\Q819696\quartz.dll
+ 2003-05-10 02:03:40 6,656 -c--a-w c:\windows\$xpsp1hfm$\Q819696\spmsg.dll
+ 2003-05-11 21:26:34 89,088 -c--a-w c:\windows\$xpsp1hfm$\Q819696\spuninst.exe
+ 2003-05-11 21:26:34 18,944 -c--a-w c:\windows\$xpsp1hfm$\Q819696\update\spcustom.dll
+ 2003-05-10 02:03:40 411,136 -c--a-w c:\windows\$xpsp1hfm$\Q819696\update\update.exe
+ 2008-04-14 00:11:48 39,424 ------w c:\windows\AppPatch\acadproc.dll
- 2001-08-18 12:00:00 1,229,312 ----a-w c:\windows\AppPatch\AcGenral.dll
+ 2008-04-14 00:11:48 1,852,928 ----a-w c:\windows\AppPatch\acgenral.dll
- 2001-08-18 12:00:00 370,688 ----a-w c:\windows\AppPatch\AcLayers.dll
+ 2008-04-14 00:11:48 451,072 ----a-w c:\windows\AppPatch\aclayers.dll
- 2001-08-18 12:00:00 45,568 ----a-w c:\windows\AppPatch\AcLua.dll
+ 2008-04-14 00:11:48 141,312 ----a-w c:\windows\AppPatch\aclua.dll
- 2001-08-18 12:00:00 204,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
+ 2008-04-14 00:11:48 245,248 ----a-w c:\windows\AppPatch\acspecfc.dll
- 2001-08-18 12:00:00 105,472 ----a-w c:\windows\AppPatch\AcXtrnal.dll
+ 2008-04-14 00:11:48 116,224 ----a-w c:\windows\AppPatch\acxtrnal.dll
+ 2008-06-13 11:05:51 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2002-03-08 17:13:48 1,846,272 ----a-w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 10:09:26 2,145,280 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2002-03-08 17:14:20 1,901,312 ----a-w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,066,048 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2002-03-08 17:14:20 1,874,432 ----a-w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:33:16 2,023,936 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2002-03-08 17:13:48 1,879,040 ----a-w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:11:02 2,189,184 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2001-08-18 12:00:00 1,000,960 ----a-w c:\windows\explorer.exe
+ 2008-04-14 00:12:19 1,033,728 ----a-w c:\windows\explorer.exe
- 2001-07-16 22:57:00 1,069,056 ----a-w c:\windows\Help\SBSI\Training\orun32.exe
+ 2006-08-21 20:57:14 1,077,321 ----a-w c:\windows\Help\SBSI\Training\orun32.exe
- 2001-08-18 12:00:00 32,256 ----a-w c:\windows\Help\sniffpol.dll
+ 2008-04-14 00:12:06 34,816 ----a-w c:\windows\Help\sniffpol.dll
- 2001-08-18 12:00:00 30,720 ----a-w c:\windows\Help\sstub.dll
+ 2008-04-14 00:12:07 33,280 ----a-w c:\windows\Help\sstub.dll
- 2001-08-18 12:00:00 262,656 ----a-w c:\windows\Help\tshoot.dll
+ 2008-04-14 00:12:07 279,040 ----a-w c:\windows\Help\tshoot.dll
- 2001-08-18 12:00:00 26,647 ----a-w c:\windows\hh.exe
+ 2008-04-14 00:12:21 10,752 ----a-w c:\windows\hh.exe
+ 2008-04-14 00:11:48 61,440 -c--a-w c:\windows\ie7\admparse.dll
+ 2008-04-14 00:11:48 99,840 -c--a-w c:\windows\ie7\advpack.dll
+ 2008-04-14 00:11:51 33,792 -c--a-w c:\windows\ie7\custsat.dll
+ 2008-04-14 00:11:52 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
+ 2008-04-14 00:11:52 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
+ 2008-04-14 00:11:53 55,808 -c--a-w c:\windows\ie7\extmgr.dll
+ 2008-04-14 00:11:54 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
+ 2008-04-14 00:12:22 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
+ 2008-04-14 00:11:54 143,360 -c--a-w c:\windows\ie7\ieakeng.dll
+ 2008-04-14 00:11:54 216,576 -c--a-w c:\windows\ie7\ieaksie.dll
+ 2001-08-18 12:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
+ 2008-04-14 00:11:54 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
+ 2008-04-14 00:12:22 18,432 -c--a-w c:\windows\ie7\iedw.exe
+ 2008-04-14 00:11:54 251,904 -c--a-w c:\windows\ie7\iepeers.dll
+ 2008-04-14 00:11:54 48,640 -c--a-w c:\windows\ie7\iernonce.dll
+ 2008-04-14 00:11:54 62,976 -c--a-w c:\windows\ie7\iesetup.dll
+ 2008-04-14 00:12:22 93,184 -c--a-w c:\windows\ie7\iexplore.exe
+ 2008-04-14 00:11:54 35,840 -c--a-w c:\windows\ie7\imgutil.dll
+ 2008-04-14 00:11:55 96,256 -c--a-w c:\windows\ie7\inseng.dll
+ 2008-04-14 00:11:56 15,872 -c--a-w c:\windows\ie7\jsproxy.dll
+ 2008-04-14 00:11:56 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2008-04-14 00:12:27 29,184 -c--a-w c:\windows\ie7\mshta.exe
+ 2008-12-12 17:01:00 3,067,904 -c--a-w c:\windows\ie7\mshtml.dll
+ 2008-12-12 17:01:00 3,067,904 -c--a-w c:\windows\ie7\mshtml.dll.000
+ 2008-04-14 00:11:59 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
+ 2008-04-13 16:26:26 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
+ 2001-08-18 12:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
+ 2008-04-14 00:12:00 146,432 -c--a-w c:\windows\ie7\msrating.dll
+ 2008-04-14 00:12:00 532,480 -c--a-w c:\windows\ie7\mstime.dll
+ 2008-04-14 00:12:02 96,256 -c--a-w c:\windows\ie7\occache.dll
+ 2008-04-14 00:12:02 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
+ 2007-08-13 23:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-08-13 23:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 22:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 22:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2008-04-14 00:12:08 37,888 -c--a-w c:\windows\ie7\url.dll
+ 2008-10-16 01:00:11 619,520 -c--a-w c:\windows\ie7\urlmon.dll
+ 2008-10-16 01:00:11 619,520 -c--a-w c:\windows\ie7\urlmon.dll.000
+ 2008-04-14 00:12:08 851,968 -c--a-w c:\windows\ie7\vgx.dll
+ 2008-04-14 00:12:08 276,480 -c--a-w c:\windows\ie7\webcheck.dll
+ 2008-10-16 01:00:11 666,112 -c--a-w c:\windows\ie7\wininet.dll
+ 2008-10-16 01:00:11 666,112 -c--a-w c:\windows\ie7\wininet.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-13 23:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2007-08-13 23:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll.000
+ 2007-08-13 23:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2007-08-13 23:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll.000
+ 2007-08-13 23:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-08-13 23:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll.000
+ 2007-08-13 23:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2007-08-13 23:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll.000
+ 2007-08-13 23:36:26 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2007-08-13 23:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-08-13 23:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe.000
+ 2007-08-13 23:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-08-13 23:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll.000
+ 2007-08-13 23:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-08-13 23:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll.000
+ 2007-08-13 22:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-08-13 22:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll.000
+ 2007-02-12 21:10:12 2,451,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dat
+ 2007-07-11 17:27:48 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-08-13 23:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-08-13 23:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll.000
+ 2007-08-13 23:54:10 6,049,280 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-08-13 23:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-08-13 23:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll.000
+ 2007-08-13 23:34:04 266,752 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-08-13 23:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-08-13 23:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-08-13 23:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe.000
+ 2007-08-13 23:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-08-13 23:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll.000
+ 2007-08-13 23:54:10 458,752 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-08-13 23:54:10 50,688 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-08-13 23:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-08-13 23:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll.000
+ 2007-08-13 23:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-08-13 23:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll.000
+ 2007-08-13 23:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2007-08-13 23:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll.000
+ 2007-08-13 23:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2007-08-13 23:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll.000
+ 2007-08-13 23:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2007-08-13 23:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll.000
+ 2007-08-13 23:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-08-13 23:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2007-08-13 23:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll.000
+ 2007-08-13 23:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-08-13 23:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll.000
+ 2007-08-13 23:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-08-13 23:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll.000
+ 2007-08-13 23:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2007-08-13 23:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll.000
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll.000
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll.000
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dat
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll.000
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll.000
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll.000
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll.000
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll.000
+ 2008-08-27 18:54:32 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-08-27 18:54:32 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll.000
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll.000
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll.000
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll.000
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll.000
- 2001-08-18 12:00:00 238,592 ----a-w c:\windows\ime\mscandui.dll
+ 2008-04-14 00:11:58 220,160 ----a-w c:\windows\ime\mscandui.dll
- 2001-08-18 12:00:00 160,768 ----a-w c:\windows\ime\SOFTKBD.DLL
+ 2008-04-14 00:12:06 130,048 ----a-w c:\windows\ime\softkbd.dll
+ 2008-04-13 16:43:18 62,976 ------w c:\windows\ime\spgrmr.dll
- 2001-08-18 12:00:00 256,000 ----a-w c:\windows\ime\SPTIP.dll
+ 2008-04-14 00:12:06 250,368 ----a-w c:\windows\ime\sptip.dll
- 2001-08-18 12:00:00 229,376 ----a-w c:\windows\inf\unregmp2.exe
+ 2008-04-14 00:12:38 208,896 ----a-w c:\windows\inf\unregmp2.exe
+ 2008-01-18 15:13:09 2,247 ------w c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 10:33:51 18,917 ------w c:\windows\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 10:06:46 13,801 ------w c:\windows\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 00:11:31 25,600 ------w c:\windows\Installer\tsclientmsitrans\tscupdc.dll
- 2002-02-18 14:35:32 6,550 ----a-w c:\windows\jautoexp.dat
+ 2003-02-28 21:35:26 6,550 ----a-w c:\windows\jautoexp.dat
+ 2009-02-17 00:22:18 2,678 ----a-w c:\windows\java\Packages\Data\13LBT3XZ.DAT
+ 2009-02-17 00:22:21 2,678 ----a-w c:\windows\java\Packages\Data\BXVXJRBP.DAT
+ 2009-02-17 00:22:18 2,678 ----a-w c:\windows\java\Packages\Data\HVXJBRH3.DAT
+ 2009-02-17 00:22:18 2,678 ----a-w c:\windows\java\Packages\Data\Q3D7B9NB.DAT
+ 2009-02-17 00:22:18 2,678 ----a-w c:\windows\java\Packages\Data\TVP3VTNN.DAT
- 2001-08-18 12:00:00 22,016 ----a-w c:\windows\msagent\agentanm.dll
+ 2008-04-14 00:11:48 24,064 ----a-w c:\windows\msagent\agentanm.dll
- 2001-08-18 12:00:00 204,288 ----a-w c:\windows\msagent\agentctl.dll
+ 2008-04-14 00:11:48 214,016 ----a-w c:\windows\msagent\agentctl.dll
- 2001-08-18 12:00:00 35,840 ----a-w c:\windows\msagent\agentdp2.dll
+ 2008-04-14 00:11:48 42,496 ----a-w c:\windows\msagent\agentdp2.dll
- 2001-08-18 12:00:00 50,688 ----a-w c:\windows\msagent\agentdpv.dll
+ 2008-04-14 00:11:48 57,344 ----a-w c:\windows\msagent\agentdpv.dll
- 2001-08-18 12:00:00 44,032 ----a-w c:\windows\msagent\agentmpx.dll
+ 2008-04-14 00:11:48 49,152 ----a-w c:\windows\msagent\agentmpx.dll
- 2001-08-18 12:00:00 21,504 ----a-w c:\windows\msagent\agentpsh.dll
+ 2008-04-14 00:11:48 24,064 ----a-w c:\windows\msagent\agentpsh.dll
- 2001-08-18 12:00:00 39,936 ----a-w c:\windows\msagent\agentsr.dll
+ 2008-04-14 00:11:48 44,032 ----a-w c:\windows\msagent\agentsr.dll
- 2001-08-18 12:00:00 235,008 ----a-w c:\windows\msagent\agentsvr.exe
+ 2008-04-14 00:12:12 256,512 ----a-w c:\windows\msagent\agentsvr.exe
- 2001-08-18 12:00:00 21,504 ----a-w c:\windows\msagent\agtintl.dll
+ 2008-04-14 00:11:49 24,064 ----a-w c:\windows\msagent\agtintl.dll
- 2001-08-18 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ----a-w c:\windows\msagent\intl\agt0405.dll
- 2001-08-18 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0406.dll
+ 2007-04-02 18:25:59 19,456 ----a-w c:\windows\msagent\intl\agt0406.dll
- 2001-08-18 12:00:00 21,504 ----a-w c:\windows\msagent\intl\agt0407.dll
+ 2007-04-02 18:26:00 21,504 ----a-w c:\windows\msagent\intl\agt0407.dll
- 2001-08-18 12:00:00 22,016 ----a-w c:\windows\msagent\intl\agt0408.dll
+ 2007-04-02 18:26:00 22,016 ----a-w c:\windows\msagent\intl\agt0408.dll
- 2001-08-18 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0409.dll
+ 2008-04-13 17:32:28 19,968 ----a-w c:\windows\msagent\intl\agt0409.dll
- 2001-08-18 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt040b.dll
+ 2007-04-02 18:26:00 19,456 ----a-w c:\windows\msagent\intl\agt040b.dll
- 2001-08-18 12:00:00 21,504 ----a-w c:\windows\msagent\intl\agt040c.dll
+ 2007-04-02 18:26:00 21,504 ----a-w c:\windows\msagent\intl\agt040c.dll
- 2001-08-18 12:00:00 19,968 ----a-w c:\windows\msagent\intl\agt040e.dll
+ 2007-04-02 18:26:00 19,968 ----a-w c:\windows\msagent\intl\agt040e.dll
- 2001-08-18 12:00:00 20,992 ----a-w c:\windows\msagent\intl\agt0410.dll
+ 2007-04-02 18:26:00 20,992 ----a-w c:\windows\msagent\intl\agt0410.dll
- 2001-08-18 12:00:00 20,992 ----a-w c:\windows\msagent\intl\agt0413.dll
+ 2007-04-02 18:26:01 20,992 ----a-w c:\windows\msagent\intl\agt0413.dll
- 2001-08-18 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt0414.dll
- 2001-08-18 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0415.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt0415.dll
- 2001-08-18 12:00:00 20,480 ----a-w c:\windows\msagent\intl\agt0416.dll
+ 2007-04-02 18:26:01 20,480 ----a-w c:\windows\msagent\intl\agt0416.dll
- 2001-08-18 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt0419.dll
- 2001-08-18 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt041d.dll
- 2001-08-18 12:00:00 19,456 ----a-w c:\windows\msagent\intl\agt041f.dll
+ 2007-04-02 18:26:01 19,456 ----a-w c:\windows\msagent\intl\agt041f.dll
- 2001-08-18 12:00:00 20,992 ----a-w c:\windows\msagent\intl\agt0816.dll
+ 2007-04-02 18:26:02 20,992 ----a-w c:\windows\msagent\intl\agt0816.dll
- 2001-08-18 12:00:00 20,480 ----a-w c:\windows\msagent\intl\agt0c0a.dll
+ 2007-04-02 18:26:02 20,480 ----a-w c:\windows\msagent\intl\agt0c0a.dll
- 2001-08-18 12:00:00 36,352 ----a-w c:\windows\msagent\mslwvtts.dll
+ 2008-04-14 00:12:00 39,936 ----a-w c:\windows\msagent\mslwvtts.dll
+ 2004-06-18 19:40:50 33,280 ----a-w c:\windows\muninst.exe
+ 2008-04-14 00:11:51 33,792 ------w c:\windows\network diagnostic\custsat.dll
+ 2008-04-13 18:53:32 558,080 ------w c:\windows\network diagnostic\xpnetdiag.exe
- 2001-08-18 12:00:00 66,048 ----a-w c:\windows\NOTEPAD.EXE
+ 2008-04-14 00:12:29 69,120 ----a-w c:\windows\notepad.exe
- 2001-08-18 12:00:00 692,224 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
+ 2008-04-14 00:12:21 769,024 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\helpctr.exe
- 2001-08-18 12:00:00 694,272 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\HelpSvc.exe
+ 2008-04-14 00:12:21 744,448 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
+ 2008-04-14 00:12:21 18,432 ------w c:\windows\PCHEALTH\HELPCTR\Binaries\hscupd.exe
- 2001-08-18 12:00:00 145,408 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\msconfig.exe
+ 2008-04-14 00:12:27 169,984 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\msconfig.exe
- 2001-08-18 12:00:00 348,160 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\msinfo.dll
+ 2008-04-14 00:11:59 376,832 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\msinfo.dll
- 2001-08-18 12:00:00 97,792 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\pchshell.dll
+ 2008-04-14 00:12:02 102,912 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\pchshell.dll
- 2001-08-18 12:00:00 29,184 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
+ 2008-04-14 00:12:02 38,400 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\pchsvc.dll
- 2002-05-29 21:02:06 9,258 ----a-w c:\windows\PCHEALTH\HELPCTR\Config\Cntstore.bin
+ 2009-02-17 02:19:03 9,492 ----a-w c:\windows\PCHEALTH\HELPCTR\Config\Cntstore.bin
- 2002-05-29 21:02:44 81,071 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
+ 2009-02-17 03:20:56 86,867 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
- 2002-05-29 21:02:44 3,628 ----a-w c:\windows\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
+ 2009-02-17 03:20:56 17,678 ----a-w c:\windows\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
- 2001-08-18 12:00:00 138,752 ----a-w c:\windows\PCHEALTH\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 00:12:38 150,528 ----a-w c:\windows\PCHEALTH\UploadLB\Binaries\uploadm.exe
+ 2008-04-14 00:12:06 151,552 ------w c:\windows\peernet\sqldb20.dll
+ 2008-04-14 00:12:06 462,848 ------w c:\windows\peernet\sqlqp20.dll
+ 2008-04-14 00:12:06 110,592 ------w c:\windows\peernet\sqlse20.dll
- 2001-08-18 12:00:00 134,144 ----a-w c:\windows\regedit.exe
+ 2008-04-14 00:12:32 146,432 ----a-w c:\windows\regedit.exe
+ 2008-04-13 18:46:18 53,376 ------w c:\windows\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 18:40:50 12,288 ------w c:\windows\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 18:46:20 48,128 ------w c:\windows\ServicePackFiles\i386\61883.sys
+ 2008-04-14 00:11:48 100,352 ------w c:\windows\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 00:11:48 136,192 ------w c:\windows\ServicePackFiles\i386\aaclient.dll
+ 2004-08-04 05:32:21 231,552 ------w c:\windows\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-04 05:32:31 84,480 ------w c:\windows\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 00:11:48 39,424 ------w c:\windows\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 00:12:11 184,320 ------w c:\windows\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 00:11:48 1,852,928 ------w c:\windows\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 00:11:48 451,072 ------w c:\windows\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 00:11:48 141,312 ------w c:\windows\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 00:11:48 115,712 ------w c:\windows\ServicePackFiles\i386\aclui.dll
+ 2008-04-13 18:36:35 187,776 ------w c:\windows\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 00:11:48 245,248 ------w c:\windows\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 00:11:48 193,536 ------w c:\windows\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 00:12:12 4,096 ------w c:\windows\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 00:11:48 98,304 ------w c:\windows\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 00:11:48 116,224 ------w c:\windows\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 00:11:48 20,540 ------w c:\windows\ServicePackFiles\i386\admin.dll
+ 2008-04-14 00:12:12 16,439 ------w c:\windows\ServicePackFiles\i386\admin.exe
+ 2004-08-04 05:32:22 10,880 ------w c:\windows\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 00:11:48 61,440 ------w c:\windows\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 00:11:48 175,616 ------w c:\windows\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 00:11:48 143,360 ------w c:\windows\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 00:11:48 68,096 ------w c:\windows\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 00:11:48 263,680 ------w c:\windows\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 00:11:48 4,255 ------w c:\windows\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 00:11:48 3,967 ------w c:\windows\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 00:11:48 3,615 ------w c:\windows\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 00:11:48 3,647 ------w c:\windows\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 00:11:48 3,135 ------w c:\windows\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 00:11:48 3,711 ------w c:\windows\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 00:11:48 3,775 ------w c:\windows\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 00:11:48 617,472 ------w c:\windows\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 00:11:48 99,840 ------w c:\windows\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 16:39:23 142,592 ------w c:\windows\ServicePackFiles\i386\aec.sys
+ 2008-04-13 19:19:23 138,112 ------w c:\windows\ServicePackFiles\i386\afd.sys
+ 2008-04-14 00:11:48 24,064 ------w c:\windows\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 00:11:48 214,016 ------w c:\windows\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 00:11:48 42,496 ------w c:\windows\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 00:11:48 57,344 ------w c:\windows\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 00:11:48 49,152 ------w c:\windows\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 00:11:48 24,064 ------w c:\windows\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 00:11:48 44,032 ------w c:\windows\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 00:12:12 256,512 ------w c:\windows\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 18:36:38 42,368 ------w c:\windows\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 18:36:39 44,928 ------w c:\windows\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w c:\windows\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ------w c:\windows\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ------w c:\windows\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ------w c:\windows\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 18:26:00 19,968 ------w c:\windows\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ------w c:\windows\ServicePackFiles\i386\agt0410.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ------w c:\windows\ServicePackFiles\i386\agt0412.dll
+ 2007-04-02 18:26:01 20,992 ------w c:\windows\ServicePackFiles\i386\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ------w c:\windows\ServicePackFiles\i386\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w c:\windows\ServicePackFiles\i386\agt041f.dll
+ 2007-04-02 18:26:02 19,456 ------w c:\windows\ServicePackFiles\i386\agt0804.dll
+ 2007-04-02 18:26:02 20,992 ------w c:\windows\ServicePackFiles\i386\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ------w c:\windows\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 00:11:49 24,064 ------w c:\windows\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 00:12:12 98,304 ------w c:\windows\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 00:12:12 44,544 ------w c:\windows\ServicePackFiles\i386\alg.exe
+ 2008-04-13 18:36:38 42,752 ------w c:\windows\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 00:11:49 17,408 ------w c:\windows\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-13 18:36:39 43,008 ------w c:\windows\ServicePackFiles\i386\amdagp.sys
+ 2008-04-13 18:31:32 37,376 ------w c:\windows\ServicePackFiles\i386\amdk6.sys
+ 2008-04-13 18:31:33 37,760 ------w c:\windows\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 00:11:49 70,656 ------w c:\windows\ServicePackFiles\i386\amstream.dll
+ 2004-08-04 05:31:18 36,224 ------w c:\windows\ServicePackFiles\i386\an983.sys
+ 2008-04-14 00:11:49 125,952 ------w c:\windows\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 00:11:49 331,264 ------w c:\windows\ServicePackFiles\i386\aqueue.dll
+ 2008-04-13 18:51:25 60,800 ------w c:\windows\ServicePackFiles\i386\arp1394.sys
+ 2004-08-04 07:55:59 8,192 ------w c:\windows\ServicePackFiles\i386\asferror.dll
+ 2008-04-14 00:11:49 65,024 ------w c:\windows\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-13 18:57:27 14,336 ------w c:\windows\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 00:12:12 25,088 ------w c:\windows\ServicePackFiles\i386\at.exe
+ 2008-04-13 18:40:30 96,512 ------w c:\windows\ServicePackFiles\i386\atapi.sys
+ 2004-08-04 05:29:29 56,623 ------w c:\windows\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-04 05:29:29 11,615 ------w c:\windows\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-04 05:29:29 12,047 ------w c:\windows\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-04 05:29:30 30,671 ------w c:\windows\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-04 05:29:30 63,663 ------w c:\windows\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-04 05:29:31 26,367 ------w c:\windows\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-04 05:29:31 21,343 ------w c:\windows\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-04 05:29:31 36,463 ------w c:\windows\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-04 05:29:31 29,455 ------w c:\windows\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-04 05:29:31 34,735 ------w c:\windows\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 00:11:49 229,376 ------w c:\windows\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 00:11:49 377,984 ------w c:\windows\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 00:11:49 201,728 ------w c:\windows\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-04 05:29:26 327,040 ------w c:\windows\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-04 05:29:26 701,440 ------w c:\windows\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 00:11:49 870,784 ------w c:\windows\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 00:11:49 1,057,760 ------w c:\windows\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 00:11:50 1,888,992 ------w c:\windows\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-04 05:29:27 57,856 ------w c:\windows\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-04 05:29:28 13,824 ------w c:\windows\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-04 05:29:29 14,336 ------w c:\windows\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-04 05:29:29 52,224 ------w c:\windows\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-04 05:29:30 104,960 ------w c:\windows\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-04 05:29:30 28,672 ------w c:\windows\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-04 05:29:30 13,824 ------w c:\windows\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-04 05:29:31 73,216 ------w c:\windows\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-04 05:29:31 31,744 ------w c:\windows\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-04 05:29:31 63,488 ------w c:\windows\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 00:11:50 32,768 ------w c:\windows\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 00:11:50 516,768 ------w c:\windows\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 00:11:50 58,880 ------w c:\windows\ServicePackFiles\i386\atl.dll
+ 2008-04-14 00:12:12 11,264 ------w c:\windows\ServicePackFiles\i386\atmadm.exe
+ 2008-04-13 18:51:25 59,904 ------w c:\windows\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 00:09:01 285,696 ------w c:\windows\ServicePackFiles\i386\atmfd.dll
+ 2008-04-13 18:51:30 55,808 ------w c:\windows\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 00:11:50 30,208 ------w c:\windows\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 00:12:12 12,288 ------w c:\windows\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 00:11:50 21,183 ------w c:\windows\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 00:11:50 11,359 ------w c:\windows\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 00:11:50 25,471 ------w c:\windows\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 00:11:50 14,143 ------w c:\windows\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 00:11:50 17,279 ------w c:\windows\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 00:11:50 42,496 ------w c:\windows\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 00:12:12 14,336 ------w c:\windows\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 00:11:50 20,540 ------w c:\windows\ServicePackFiles\i386\author.dll
+ 2008-04-14 00:12:12 16,439 ------w c:\windows\ServicePackFiles\i386\author.exe
+ 2008-04-14 00:11:50 62,464 ------w c:\windows\ServicePackFiles\i386\authz.dll
+ 2008-04-14 00:12:12 588,800 ------w c:\windows\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 00:12:12 602,624 ------w c:\windows\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 00:12:13 580,608 ------w c:\windows\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 00:12:13 11,264 ------w c:\windows\ServicePackFiles\i386\autolfn.exe
+ 2008-04-13 18:46:20 38,912 ------w c:\windows\ServicePackFiles\i386\avc.sys
+ 2008-04-13 18:46:07 13,696 ------w c:\windows\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 00:11:50 84,992 ------w c:\windows\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 00:11:50 233,472 ------w c:\windows\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 00:11:50 52,736 ------w c:\windows\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 00:11:50 29,184 ------w c:\windows\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 00:11:50 8,704 ------w c:\windows\ServicePackFiles\i386\batt.dll
+ 2008-04-13 18:36:32 14,208 ------w c:\windows\ServicePackFiles\i386\battc.sys
+ 2008-04-13 18:46:21 11,776 ------w c:\windows\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 00:11:50 17,408 ------w c:\windows\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 00:11:50 8,192 ------w c:\windows\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 00:11:50 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 00:11:50 7,168 ------w c:\windows\ServicePackFiles\i386\bitsprx4.dll
+ 2004-08-04 07:56:41 286,208 ------w c:\windows\ServicePackFiles\i386\blackbox.dll
+ 2008-04-14 00:12:13 71,680 ------w c:\windows\ServicePackFiles\i386\blastcln.exe
+ 2008-04-13 18:53:23 71,552 ------w c:\windows\ServicePackFiles\i386\bridge.sys
+ 2008-04-13 17:03:24 63,488 ------w c:\windows\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 00:11:50 77,824 ------w c:\windows\ServicePackFiles\i386\browser.dll
+ 2008-04-14 00:11:50 1,025,024 ------w c:\windows\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 00:11:50 78,336 ------w c:\windows\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 00:11:50 20,992 ------w c:\windows\ServicePackFiles\i386\bthci.dll
+ 2008-04-13 18:46:33 17,024 ------w c:\windows\ServicePackFiles\i386\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w c:\windows\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w c:\windows\ServicePackFiles\i386\bthpan.sys
+ 2008-04-13 18:46:32 273,024 ------w c:\windows\ServicePackFiles\i386\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w c:\windows\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 00:11:50 30,208 ------w c:\windows\ServicePackFiles\i386\bthserv.dll
+ 2008-04-13 18:46:29 18,944 ------w c:\windows\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 00:11:50 50,688 ------w c:\windows\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 00:11:50 218,112 ------w c:\windows\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 00:11:50 60,416 ------w c:\windows\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 00:11:50 84,480 ------w c:\windows\ServicePack

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 8 · 2009-02-20T07:12:09+00:00

Run Combofix ONCE only!!

I am sure that says "ONCE only" yet you ran it three times. The log posted does not show what was done the first two runs.
C:\qoobox is where they will be. Please post them.