Jakiś dziwny wirus... prosze o pomoc

losdamiano · 5 Kwiecień 2008 13:45

Proszę o pomoc przy usunięciu wirusa…

Wirus chyba przedostał się przez jakieś archiwum ściągnięte z internetu… Na początku zamiast tapety wyświetlał się jakiś komunikat zamiast tapety, ale ustawiłem z powrotem tapetę… Wirus zablokował menadżer zadań, lecz zmieniłem wpis w rejestrze i znowu działa… Tak co pół godziny wyświetlają się komunikaty (dołączone w załącznikach), klikniecie na jakiś przycisk tych okienek powoduje łaczenie się ze stroną

http://antispyware-reviews.biz/?wmid=46 … R3n1c2Bg8A

z której można ściągać pc-cleaner (który jest prawdopodobnie wadliwy, gdyż w stopzilli-miałem ten program zainstalowany tylko do sprawdzenia pokazywało, że są to wirusy) albo ponowną istalacje tego programu… dodatkowo wyświetla się dymek…

Dołączam log hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:11:26, on 2008-04-05

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

E:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\WINDOWS\system32\inmjejip.exe

E:\programy\Gadu-Gadu\gg.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\wuauclt.exe

E:\programy\foobar2000\foobar2000.exe

E:\programy\firefox\firefox.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\programy\Acrobat Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: PC-Antispyware Site Blocker Button - {10f0c2a9-8e38-43e3-204d-45524c494e20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [CorelDRAW ESSENTIALS14] E:\programy\skaner\Corel\Register\Registration.exe /title=“CorelDRAW ESSENTIALS” /date=041608 serial=ES02WBD-0090061-FBU

O4 - HKLM…\Run: [bDMCon] “C:\Program Files\Softwin\BitDefender10\bdmcon.exe” /reg

O4 - HKLM…\Run: [bDAgent] “C:\Program Files\Softwin\BitDefender10\bdagent.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [DAEMON Tools] “E:\Program Files\DAEMON Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [CBitSpirit] “E:\Program Files\BitSpirit\BitSpirit.exe” /start /nosplash

O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”

O4 - HKCU…\Run: [aegtfiza] C:\WINDOWS\system32\inmjejip.exe

O4 - HKCU…\Run: [Gadu-Gadu] “E:\programy\Gadu-Gadu\gg.exe” /tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Microsoft Office.lnk = E:\programy\Office stary\Office\OSA9.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\programy\Acrobat Reader\Reader\reader_sl.exe

O4 - Global Startup: Action Manager 32.lnk = E:\programy\skaner\sterowniki\AM32.exe

O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\programy\Office\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe

O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip…{950E3F52-D364-487D-AD0F-D29718449BED}: NameServer = 10.0.0.1

O21 - SSODL: RunOnceRom - {45d6aa5e-3c56-4bf4-bd24-e55aba562c3e} - (no file)

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

–

End of file - 8402 bytes

Jeśli coś będzie jeszcze potrzebne to dorzucę…

Proszę o odpowiedzi…

huber2t · 5 Kwiecień 2008 13:50

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

    C:\WINDOWS\system32\inmjejip.exe

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.

Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox

losdamiano · 5 Kwiecień 2008 15:17

zrobiłem tak jak kazałes…

ale po restarcie komputera podczas używania combofix pokazał się komunikat

http://img.wklej.org/v.php?id=78417koomuni.jpg <—screen

a oto log:

ComboFix 08-04-04.1 - r 2008-04-05 17:07:10.2 - FAT32 x86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1448 [GMT 2:00]

Running from: F:\Downloads\ComboFix.exe

Command switches used :: C:\Documents and Settings\r\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

C:\WINDOWS\system32\inmjejip.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\inmjejip.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SZKG5

((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))

.

2008-04-05 14:24 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe

2008-04-05 14:24 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf

2008-04-05 13:56 . 2008-04-05 13:56

2008-04-05 13:55 . 2008-04-05 13:55

2008-04-05 12:50 . 2008-04-05 12:50

2008-04-05 12:42 . 2008-04-05 17:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2008-04-05 12:34 . 2008-04-05 12:34 449,350 --a------ C:\HaxFix.exe

2008-04-04 17:29 . 2008-04-04 17:30

2008-04-04 15:57 . 2008-04-04 15:57

2008-04-04 15:57 . 2008-04-04 15:57 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-04-03 19:53 . 2008-04-03 19:53

2008-04-03 19:22 . 2008-04-05 13:28 40 --a------ C:\WINDOWS\system32\scolmpdain.xml

2008-04-03 18:58 . 2008-04-03 18:58

2008-04-02 22:09 . 2008-04-02 22:09

2008-04-02 19:55 . 2008-04-02 19:55

2008-04-02 18:42 . 2008-04-02 18:42

2008-04-02 18:36 . 2008-04-02 18:37

2008-04-02 18:18 . 2008-04-02 18:35 50 --a------ C:\smp.bat

2008-04-02 18:17 . 2008-04-02 18:34 59,392 --a------ C:\ilriupf.exe

2008-04-02 18:17 . 2008-04-02 18:17 219 --a------ C:\WINDOWS\system32\descript.lnk

2008-04-02 18:17 . 2008-04-02 18:35 2 --a------ C:-1667729403

2008-03-31 15:32 . 2008-03-31 15:33

2008-03-26 19:11 . 2008-03-26 19:11

2008-03-26 17:09 . 2004-04-12 17:27 609,584 --a------ C:\WINDOWS\system32\comctl32.ocx

2008-03-26 17:09 . 2004-04-12 17:27 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx

2008-03-25 20:40 . 2008-03-25 20:47 36 --a------ C:\WINDOWS\mafosav.INI

2008-03-25 17:53 . 1998-11-13 14:10 156,160 --a------ C:\WINDOWS\IsUn0415.exe

2008-03-22 18:30 . 2008-03-22 18:30

2008-03-22 17:20 . 2008-03-22 17:20

2008-03-21 18:53 . 2008-03-21 18:53

2008-03-20 20:20 . 2008-03-20 20:20

2008-03-20 16:54 . 1998-10-29 16:45 155,648 --a------ C:\WINDOWS\IsUninst.exe

2008-03-20 15:42 . 2008-03-20 15:42

2008-03-18 17:32 . 2008-03-18 17:32 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-03-18 17:32 . 2008-03-18 17:32 22,328 --a------ C:\Documents and Settings\r\Dane aplikacji\PnkBstrK.sys

2008-03-18 17:31 . 2008-04-02 19:00 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-03-18 17:31 . 2008-03-18 17:31 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-03-18 17:31 . 2008-03-18 17:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-03-11 16:14 . 2008-03-11 16:14

2008-03-10 16:37 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll

2008-03-10 16:37 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll

2008-03-10 16:37 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll

2008-03-10 16:37 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll

2008-03-10 16:37 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll

2008-03-10 16:37 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll

2008-03-08 12:55 . 2008-03-08 14:30 23 --a------ C:\WINDOWS\BlendSettings.ini

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-02 17:00 318,976 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe

2008-03-03 14:05 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys

2008-03-02 12:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-03-02 12:02 --------- d–h--r C:\Documents and Settings\r\Dane aplikacji\SecuROM

2008-03-02 10:18 --------- d-----w C:\Documents and Settings\r\Dane aplikacji\BitSpirit

2008-03-01 15:13 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft

2008-02-27 17:40 --------- d-----w C:\Program Files\Google

2008-02-27 15:46 --------- d-----w C:\Documents and Settings\r\Dane aplikacji\Daoisoft

2008-02-24 12:52 --------- d-----w C:\Documents and Settings\r\Dane aplikacji\WNR

2008-02-24 12:20 --------- d-----w C:\Program Files\Techland

2008-02-24 12:17 --------- d-----w C:\Documents and Settings\r\Dane aplikacji\Leadertech

2008-02-24 11:48 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys

2008-02-24 11:45 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd2093.sys

2008-02-24 11:45 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-02-24 08:26 196,608 ----a-w C:\WINDOWS\system32\libssl32.dll

2008-02-16 17:39 --------- d-----w C:\Program Files\Java

2008-02-16 17:28 --------- d-----w C:\Program Files\Common Files\Java

2008-02-15 12:34 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2008-02-13 18:23 --------- d-----w C:\Documents and Settings\r\Dane aplikacji\Bitdefender

2008-02-13 18:03 --------- d-----w C:\Program Files\Softwin

2008-02-13 18:03 --------- d-----w C:\Program Files\Common Files\Softwin

2008-02-13 18:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BitDefender

2008-02-12 16:22 --------- d-----w C:\Documents and Settings\r\Dane aplikacji\JLC’s Software

2008-02-11 17:24 --------- d-----w C:\Program Files\AC3Filter

2008-02-11 15:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-02-05 10:08 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-02-05 08:32 --------- d-----w C:\Program Files\uTorrent

2008-02-05 08:32 --------- d-----w C:\Documents and Settings\r\Dane aplikacji\uTorrent

2008-01-11 05:41 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

.

------- Sigcheck -------

2006-03-02 12:00 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys

2006-03-02 12:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys

2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot@2008-04-05_13.36.41.10 )))))))))))))))))))))))))))))))))))))))))

.

2004-12-07 19:33:14 96,768 ------w C:\WINDOWS$hf_mig$\KB888302\SP2QFE\srvsvc.dll
2004-11-30 12:47:26 9,216 ------w C:\WINDOWS$hf_mig$\KB888302\spmsg.dll
2008-04-02 17:02:12 171,520 ------w C:\WINDOWS$hf_mig$\KB888302\spuninst.exe
2004-11-30 18:22:46 21,504 ------w C:\WINDOWS$hf_mig$\KB888302\update\spcustom.dll
2008-04-02 17:02:12 662,016 ------w C:\WINDOWS$hf_mig$\KB888302\update\update.exe
2005-04-28 19:38:10 1,286,144 ------w C:\WINDOWS$hf_mig$\KB894391\SP2QFE\ole32.dll
2005-04-28 19:38:08 75,264 ------w C:\WINDOWS$hf_mig$\KB894391\SP2QFE\olecli32.dll
2005-04-28 19:38:08 37,376 ------w C:\WINDOWS$hf_mig$\KB894391\SP2QFE\olecnv32.dll
2005-04-28 19:38:08 396,288 ------w C:\WINDOWS$hf_mig$\KB894391\SP2QFE\rpcss.dll
2005-02-24 18:36:08 16,096 ------w C:\WINDOWS$hf_mig$\KB894391\spmsg.dll
2008-04-02 17:02:16 205,824 ------w C:\WINDOWS$hf_mig$\KB894391\spuninst.exe
2005-02-24 18:36:08 22,240 ------w C:\WINDOWS$hf_mig$\KB894391\update\spcustom.dll
2008-04-02 17:02:16 718,848 ------w C:\WINDOWS$hf_mig$\KB894391\update\update.exe
2005-02-24 18:36:08 387,296 ------w C:\WINDOWS$hf_mig$\KB894391\update\updspapi.dll
2005-09-01 02:54:26 19,968 ------w C:\WINDOWS$hf_mig$\KB900725\SP2QFE\linkinfo.dll
2005-09-23 03:27:38 8,481,280 ------w C:\WINDOWS$hf_mig$\KB900725\SP2QFE\shell32.dll
2005-09-02 23:55:56 474,112 ------w C:\WINDOWS$hf_mig$\KB900725\SP2QFE\shlwapi.dll
2005-09-27 00:47:56 23,040 ------w C:\WINDOWS$hf_mig$\KB900725\SP2QFE\spru0415.dll
2005-09-01 02:54:26 292,352 ------w C:\WINDOWS$hf_mig$\KB900725\SP2QFE\winsrv.dll
2005-02-24 18:36:08 16,096 ------w C:\WINDOWS$hf_mig$\KB900725\spmsg.dll
2008-04-02 17:02:20 205,824 ------w C:\WINDOWS$hf_mig$\KB900725\spuninst.exe
2005-09-26 15:36:24 30,720 ------w C:\WINDOWS$hf_mig$\KB900725\update\arpidfix.exe
2005-02-24 18:36:08 22,240 ------w C:\WINDOWS$hf_mig$\KB900725\update\spcustom.dll
2008-04-02 17:02:20 718,848 ------w C:\WINDOWS$hf_mig$\KB900725\update\update.exe
2005-02-24 18:36:08 387,296 ------w C:\WINDOWS$hf_mig$\KB900725\update\updspapi.dll
2005-06-29 01:55:00 254,976 ------w C:\WINDOWS$hf_mig$\KB901214\SP2QFE\icm32.dll
2005-06-29 01:55:00 73,728 ------w C:\WINDOWS$hf_mig$\KB901214\SP2QFE\mscms.dll
2005-02-24 18:36:08 16,096 ------w C:\WINDOWS$hf_mig$\KB901214\spmsg.dll
2008-04-02 17:02:24 205,824 ------w C:\WINDOWS$hf_mig$\KB901214\spuninst.exe
2005-02-24 18:36:08 22,240 ------w C:\WINDOWS$hf_mig$\KB901214\update\spcustom.dll
2008-04-02 17:02:24 718,848 ------w C:\WINDOWS$hf_mig$\KB901214\update\update.exe
2005-02-24 18:36:08 387,296 ------w C:\WINDOWS$hf_mig$\KB901214\update\updspapi.dll
2005-08-22 18:26:28 197,632 ------w C:\WINDOWS$hf_mig$\KB905414\SP2QFE\netman.dll
2005-02-25 02:36:06 16,096 ------w C:\WINDOWS$hf_mig$\KB905414\spmsg.dll
2008-04-02 17:02:16 205,824 ------w C:\WINDOWS$hf_mig$\KB905414\spuninst.exe
2005-08-19 23:50:32 30,720 ------w C:\WINDOWS$hf_mig$\KB905414\update\arpidfix.exe
2005-02-25 02:36:06 22,240 ------w C:\WINDOWS$hf_mig$\KB905414\update\spcustom.dll
2008-04-02 17:02:16 718,848 ------w C:\WINDOWS$hf_mig$\KB905414\update\update.exe
2005-02-25 02:36:08 387,296 ------w C:\WINDOWS$hf_mig$\KB905414\update\updspapi.dll
2005-08-23 03:42:10 123,904 ------w C:\WINDOWS$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll
2005-02-24 18:36:08 16,096 ------w C:\WINDOWS$hf_mig$\KB905749\spmsg.dll
2008-04-02 17:02:20 205,824 ------w C:\WINDOWS$hf_mig$\KB905749\spuninst.exe
2005-08-22 16:01:30 30,720 ------w C:\WINDOWS$hf_mig$\KB905749\update\arpidfix.exe
2005-02-24 18:36:08 22,240 ------w C:\WINDOWS$hf_mig$\KB905749\update\spcustom.dll
2008-04-02 17:02:20 718,848 ------w C:\WINDOWS$hf_mig$\KB905749\update\update.exe
2005-02-24 18:36:08 387,296 ------w C:\WINDOWS$hf_mig$\KB905749\update\updspapi.dll
2005-10-17 21:26:52 80,896 ------w C:\WINDOWS$hf_mig$\KB908519\SP2QFE\fontsub.dll
2005-10-17 21:26:52 117,760 ------w C:\WINDOWS$hf_mig$\KB908519\SP2QFE\t2embed.dll
2005-10-12 22:21:28 16,096 ------w C:\WINDOWS$hf_mig$\KB908519\spmsg.dll
2008-04-02 17:02:20 209,408 ------w C:\WINDOWS$hf_mig$\KB908519\spuninst.exe
2005-10-12 22:21:28 22,752 ------w C:\WINDOWS$hf_mig$\KB908519\update\spcustom.dll
2008-04-02 17:02:20 716,800 ------w C:\WINDOWS$hf_mig$\KB908519\update\update.exe
2005-10-12 22:21:40 386,784 ------w C:\WINDOWS$hf_mig$\KB908519\update\updspapi.dll
2006-03-17 04:50:50 8,483,328 ------w C:\WINDOWS$hf_mig$\KB908531\SP2QFE\shell32.dll
2006-03-22 01:51:58 24,064 ------w C:\WINDOWS$hf_mig$\KB908531\SP2QFE\spru0415.dll
2006-03-17 01:05:36 28,672 ------w C:\WINDOWS$hf_mig$\KB908531\SP2QFE\verclsid.exe
2005-10-12 22:21:28 16,096 ------w C:\WINDOWS$hf_mig$\KB908531\spmsg.dll
2008-04-02 17:02:22 209,408 ------w C:\WINDOWS$hf_mig$\KB908531\spuninst.exe
2005-10-12 22:21:28 22,752 ------w C:\WINDOWS$hf_mig$\KB908531\update\spcustom.dll
2008-04-02 17:02:22 716,800 ------w C:\WINDOWS$hf_mig$\KB908531\update\update.exe
2005-10-12 22:21:40 386,784 ------w C:\WINDOWS$hf_mig$\KB908531\update\updspapi.dll
2006-03-01 19:42:44 426,496 ------w C:\WINDOWS$hf_mig$\KB913580\SP2QFE\msdtcprx.dll
2006-03-01 19:42:44 956,416 ------w C:\WINDOWS$hf_mig$\KB913580\SP2QFE\msdtctm.dll
2006-03-01 19:42:44 161,280 ------w C:\WINDOWS$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll
2006-03-01 19:42:44 66,560 ------w C:\WINDOWS$hf_mig$\KB913580\SP2QFE\mtxclu.dll
2006-03-01 19:42:44 91,136 ------w C:\WINDOWS$hf_mig$\KB913580\SP2QFE\mtxoci.dll
2006-03-01 19:42:44 11,776 ------w C:\WINDOWS$hf_mig$\KB913580\SP2QFE\xolehlp.dll
2005-10-12 22:21:28 16,096 ------w C:\WINDOWS$hf_mig$\KB913580\spmsg.dll
2008-04-02 17:02:22 209,408 ------w C:\WINDOWS$hf_mig$\KB913580\spuninst.exe
2005-10-12 22:21:28 22,752 ------w C:\WINDOWS$hf_mig$\KB913580\update\spcustom.dll
2008-04-02 17:02:22 716,800 ------w C:\WINDOWS$hf_mig$\KB913580\update\update.exe
2005-10-12 22:21:40 386,784 ------w C:\WINDOWS$hf_mig$\KB913580\update\updspapi.dll
2006-03-17 01:08:10 262,656 ------w C:\WINDOWS$hf_mig$\KB916595\SP2QFE\http.sys
2005-10-12 22:27:18 16,096 ------w C:\WINDOWS$hf_mig$\KB916595\spmsg.dll
2008-04-02 17:02:24 209,408 ------w C:\WINDOWS$hf_mig$\KB916595\spuninst.exe
2005-10-12 22:27:18 22,752 ------w C:\WINDOWS$hf_mig$\KB916595\update\spcustom.dll
2008-04-02 17:02:24 716,800 ------w C:\WINDOWS$hf_mig$\KB916595\update\update.exe
2005-10-12 22:27:32 386,784 ------w C:\WINDOWS$hf_mig$\KB916595\update\updspapi.dll
2006-11-27 15:18:58 539,136 ------w C:\WINDOWS$hf_mig$\KB918118\SP2QFE\msftedit.dll
2006-11-27 15:18:58 433,664 ------w C:\WINDOWS$hf_mig$\KB918118\SP2QFE\riched20.dll
2005-10-12 23:21:28 16,096 ------w C:\WINDOWS$hf_mig$\KB918118\spmsg.dll
2008-04-02 17:02:14 209,408 ------w C:\WINDOWS$hf_mig$\KB918118\spuninst.exe
2005-10-12 23:21:28 22,752 ------w C:\WINDOWS$hf_mig$\KB918118\update\spcustom.dll
2008-04-02 17:02:14 716,800 ------w C:\WINDOWS$hf_mig$\KB918118\update\update.exe
2005-10-12 23:21:40 386,784 ------w C:\WINDOWS$hf_mig$\KB918118\update\updspapi.dll
2006-07-13 11:43:08 202,496 ------w C:\WINDOWS$hf_mig$\KB919007\SP2QFE\rmcast.sys
2005-10-12 23:21:28 16,096 ------w C:\WINDOWS$hf_mig$\KB919007\spmsg.dll
2008-04-02 17:02:18 209,408 ------w C:\WINDOWS$hf_mig$\KB919007\spuninst.exe
2005-10-12 23:21:28 22,752 ------w C:\WINDOWS$hf_mig$\KB919007\update\spcustom.dll
2008-04-02 17:02:18 716,800 ------w C:\WINDOWS$hf_mig$\KB919007\update\update.exe
2005-10-12 23:21:40 386,784 ------w C:\WINDOWS$hf_mig$\KB919007\update\updspapi.dll
2006-10-12 13:56:14 42,496 ------w C:\WINDOWS$hf_mig$\KB920213\SP2QFE\agentdp2.dll
2006-10-12 13:56:14 57,344 ------w C:\WINDOWS$hf_mig$\KB920213\SP2QFE\agentdpv.dll
2006-10-12 11:54:08 256,512 ------w C:\WINDOWS$hf_mig$\KB920213\SP2QFE\agentsvr.exe
2006-10-16 11:19:24 265,216 ------w C:\WINDOWS$hf_mig$\KB920213\SP2QFE\spru0415.dll
2005-10-12 22:27:18 16,096 ------w C:\WINDOWS$hf_mig$\KB920213\spmsg.dll
2008-04-02 17:02:24 209,408 ------w C:\WINDOWS$hf_mig$\KB920213\spuninst.exe
2005-10-12 22:27:18 22,752 ------w C:\WINDOWS$hf_mig$\KB920213\update\spcustom.dll
2008-04-02 17:02:24 716,800 ------w C:\WINDOWS$hf_mig$\KB920213\update\update.exe
2005-10-12 22:27:32 386,784 ------w C:\WINDOWS$hf_mig$\KB920213\update\updspapi.dll
2006-06-14 08:50:20 172,416 ------w C:\WINDOWS$hf_mig$\KB920872\SP2QFE\kmixer.sys
2006-06-14 08:50:20 6,272 ------w C:\WINDOWS$hf_mig$\KB920872\SP2QFE\splitter.sys
2006-06-14 09:17:04 82,944 ------w C:\WINDOWS$hf_mig$\KB920872\SP2QFE\wdmaud.sys
2005-10-12 22:21:28 16,096 ------w C:\WINDOWS$hf_mig$\KB920872\spmsg.dll
2008-04-02 17:02:20 209,408 ------w C:\WINDOWS$hf_mig$\KB920872\spuninst.exe
2005-10-12 22:21:28 22,752 ------w C:\WINDOWS$hf_mig$\KB920872\update\spcustom.dll
2008-04-02 17:02:20 716,800 ------w C:\WINDOWS$hf_mig$\KB920872\update\update.exe
2005-10-12 22:21:40 386,784 ------w C:\WINDOWS$hf_mig$\KB920872\update\updspapi.dll
2007-03-08 15:51:58 282,112 ------w C:\WINDOWS$hf_mig$\KB925902\SP2QFE\gdi32.dll
2007-03-08 15:51:58 40,960 ------w C:\WINDOWS$hf_mig$\KB925902\SP2QFE\mf3216.dll
2007-03-08 15:51:58 579,584 ------w C:\WINDOWS$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 15:49:54 1,844,224 ------w C:\WINDOWS$hf_mig$\KB925902\SP2QFE\win32k.sys
2006-01-19 18:30:18 16,096 ------w C:\WINDOWS$hf_mig$\KB925902\spmsg.dll
2008-04-02 17:02:22 209,408 ------w C:\WINDOWS$hf_mig$\KB925902\spuninst.exe
2006-01-19 18:30:18 22,752 ------w C:\WINDOWS$hf_mig$\KB925902\update\spcustom.dll
2008-04-02 17:02:22 716,800 ------w C:\WINDOWS$hf_mig$\KB925902\update\update.exe
2006-01-19 18:30:20 386,784 ------w C:\WINDOWS$hf_mig$\KB925902\update\updspapi.dll
2006-10-16 17:15:56 123,392 ------w C:\WINDOWS$hf_mig$\KB926436\SP2QFE\oledlg.dll
2005-10-12 22:27:18 16,096 ------w C:\WINDOWS$hf_mig$\KB926436\spmsg.dll
2008-04-02 17:02:24 209,408 ------w C:\WINDOWS$hf_mig$\KB926436\spuninst.exe
2005-10-12 22:27:18 22,752 ------w C:\WINDOWS$hf_mig$\KB926436\update\spcustom.dll
2008-04-02 17:02:24 716,800 ------w C:\WINDOWS$hf_mig$\KB926436\update\update.exe
2005-10-12 22:27:32 386,784 ------w C:\WINDOWS$hf_mig$\KB926436\update\updspapi.dll
2007-04-16 16:11:16 1,014,784 ------w C:\WINDOWS$hf_mig$\KB935839\SP2QFE\kernel32.dll
2005-10-12 22:21:28 16,096 ------w C:\WINDOWS$hf_mig$\KB935839\spmsg.dll
2008-04-02 17:02:22 209,408 ------w C:\WINDOWS$hf_mig$\KB935839\spuninst.exe
2005-10-12 22:21:28 22,752 ------w C:\WINDOWS$hf_mig$\KB935839\update\spcustom.dll
2008-04-02 17:02:22 716,800 ------w C:\WINDOWS$hf_mig$\KB935839\update\update.exe
2005-10-12 22:21:40 386,784 ------w C:\WINDOWS$hf_mig$\KB935839\update\updspapi.dll
2007-04-25 20:33:40 144,896 ------w C:\WINDOWS$hf_mig$\KB935840\SP2QFE\schannel.dll
2006-01-19 18:30:18 16,096 ------w C:\WINDOWS$hf_mig$\KB935840\spmsg.dll
2008-04-02 17:02:12 209,408 ------w C:\WINDOWS$hf_mig$\KB935840\spuninst.exe
2006-01-19 18:30:18 22,752 ------w C:\WINDOWS$hf_mig$\KB935840\update\spcustom.dll
2008-04-02 17:02:12 716,800 ------w C:\WINDOWS$hf_mig$\KB935840\update\update.exe
2006-01-19 18:30:20 386,784 ------w C:\WINDOWS$hf_mig$\KB935840\update\updspapi.dll
2007-07-12 23:29:44 765,952 ------w C:\WINDOWS$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
2007-03-06 02:28:36 16,096 ------w C:\WINDOWS$hf_mig$\KB938127-IE7\spmsg.dll
2008-04-02 17:02:06 209,408 ------w C:\WINDOWS$hf_mig$\KB938127-IE7\spuninst.exe
2007-03-06 02:28:34 22,752 ------w C:\WINDOWS$hf_mig$\KB938127-IE7\update\spcustom.dll
2008-04-02 17:02:06 716,800 ------w C:\WINDOWS$hf_mig$\KB938127-IE7\update\update.exe
2007-03-06 02:29:50 386,784 ------w C:\WINDOWS$hf_mig$\KB938127-IE7\update\updspapi.dll
2007-10-29 22:41:28 1,291,264 ------w C:\WINDOWS$hf_mig$\KB941568\SP2QFE\quartz.dll
2007-03-06 03:28:36 16,096 ------w C:\WINDOWS$hf_mig$\KB941568\spmsg.dll
2008-04-02 17:02:14 209,408 ------w C:\WINDOWS$hf_mig$\KB941568\spuninst.exe
2007-03-06 03:28:34 22,752 ------w C:\WINDOWS$hf_mig$\KB941568\update\spcustom.dll
2008-04-02 17:02:14 716,800 ------w C:\WINDOWS$hf_mig$\KB941568\update\update.exe
2007-03-06 03:29:50 386,784 ------w C:\WINDOWS$hf_mig$\KB941568\update\updspapi.dll
2007-11-13 11:02:46 60,416 ------w C:\WINDOWS$hf_mig$\KB942763\SP2QFE\tzchange.exe
2007-03-06 02:28:36 16,096 ------w C:\WINDOWS$hf_mig$\KB942763\spmsg.dll
2008-04-02 17:02:14 209,408 ------w C:\WINDOWS$hf_mig$\KB942763\spuninst.exe
2007-03-06 02:28:34 22,752 ------w C:\WINDOWS$hf_mig$\KB942763\update\spcustom.dll
2008-04-02 17:02:14 716,800 ------w C:\WINDOWS$hf_mig$\KB942763\update\update.exe
2007-03-06 02:29:50 386,784 ------w C:\WINDOWS$hf_mig$\KB942763\update\updspapi.dll
2007-12-04 18:31:00 551,936 ------w C:\WINDOWS$hf_mig$\KB943055\SP2QFE\oleaut32.dll
2007-03-06 02:28:36 16,096 ------w C:\WINDOWS$hf_mig$\KB943055\spmsg.dll
2008-04-02 17:02:12 209,408 ------w C:\WINDOWS$hf_mig$\KB943055\spuninst.exe
2007-03-06 02:28:34 22,752 ------w C:\WINDOWS$hf_mig$\KB943055\update\spcustom.dll
2008-04-02 17:02:12 716,800 ------w C:\WINDOWS$hf_mig$\KB943055\update\update.exe
2007-03-06 02:29:50 386,784 ------w C:\WINDOWS$hf_mig$\KB943055\update\updspapi.dll
2007-11-07 09:50:56 729,088 ------w C:\WINDOWS$hf_mig$\KB943485\SP2QFE\lsasrv.dll
2007-03-06 02:28:36 16,096 ------w C:\WINDOWS$hf_mig$\KB943485\spmsg.dll
2008-04-02 17:02:24 209,408 ------w C:\WINDOWS$hf_mig$\KB943485\spuninst.exe
2007-03-06 02:28:34 22,752 ------w C:\WINDOWS$hf_mig$\KB943485\update\spcustom.dll
2008-04-02 17:02:24 716,800 ------w C:\WINDOWS$hf_mig$\KB943485\update\update.exe
2007-03-06 02:29:50 386,784 ------w C:\WINDOWS$hf_mig$\KB943485\update\updspapi.dll
2007-12-07 01:58:38 124,928 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\advpack.dll
2007-12-19 22:40:30 347,136 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\dxtmsft.dll
2007-12-07 01:58:38 214,528 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\dxtrans.dll
2007-12-07 01:58:38 133,120 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\extmgr.dll
2007-12-07 01:58:38 63,488 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\icardie.dll
2007-12-06 08:34:28 70,656 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
2007-12-07 01:58:38 153,088 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\ieakeng.dll
2007-12-07 01:58:38 230,400 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\ieaksie.dll
2007-12-06 05:00:02 161,792 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\ieakui.dll
2007-07-01 02:31:34 2,455,488 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dat
2007-12-07 01:58:40 383,488 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dll
2007-12-07 01:58:40 388,096 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\iedkcs32.dll
2007-12-07 01:58:44 6,067,200 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\ieframe.dll
2007-12-07 01:58:44 44,544 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\iernonce.dll
2007-12-07 01:58:44 267,776 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\iertutil.dll
2007-12-06 08:34:30 13,824 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
2007-12-06 08:34:46 625,664 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
2007-12-07 01:58:44 27,648 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\jsproxy.dll
2007-12-07 01:58:46 459,264 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\msfeeds.dll
2007-12-07 01:58:46 52,224 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\msfeedsbs.dll
2007-12-07 01:58:48 3,593,216 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
2007-12-07 01:58:50 478,208 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\mshtmled.dll
2007-12-07 01:58:50 193,024 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\msrating.dll
2007-12-07 01:58:50 671,232 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\mstime.dll
2007-12-07 01:58:50 102,912 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\occache.dll
2008-01-11 05:55:32 44,544 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll
2007-12-07 01:58:50 105,984 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\url.dll
2007-12-07 01:58:52 1,162,752 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll
2007-12-07 01:58:52 233,472 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\webcheck.dll
2007-12-07 01:58:54 825,344 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2007-03-06 02:28:36 16,096 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\spmsg.dll
2008-04-02 17:02:20 209,408 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\spuninst.exe
2007-03-06 02:28:34 22,752 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\update\spcustom.dll
2008-04-02 17:02:20 716,800 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\update\update.exe
2007-03-06 02:29:50 386,784 ------w C:\WINDOWS$hf_mig$\KB944533-IE7\update\updspapi.dll
2007-12-18 09:39:00 179,712 ------w C:\WINDOWS$hf_mig$\KB946026\SP2QFE\mrxdav.sys
2007-03-06 02:28:36 16,096 ------w C:\WINDOWS$hf_mig$\KB946026\spmsg.dll
2008-04-02 17:02:10 209,408 ------w C:\WINDOWS$hf_mig$\KB946026\spuninst.exe
2007-03-06 02:28:34 22,752 ------w C:\WINDOWS$hf_mig$\KB946026\update\spcustom.dll
2008-04-02 17:02:10 716,800 ------w C:\WINDOWS$hf_mig$\KB946026\update\update.exe
2007-03-06 02:29:50 386,784 ------w C:\WINDOWS$hf_mig$\KB946026\update\updspapi.dll
2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
2006-06-14 08:47:46 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys
2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys
2006-06-14 09:00:46 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys
2008-04-02 17:02:06 209,408 ------w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
2007-03-06 02:29:50 386,784 ------w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
2007-08-13 16:54:10 765,952 ------w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
2007-10-10 22:52:52 124,928 ------w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
2007-08-13 16:35:46 346,624 ------w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
2007-10-10 22:52:52 214,528 ------w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
2007-10-10 22:52:52 132,608 ------w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
2007-10-10 22:52:52 63,488 ------w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
2007-10-10 10:03:00 70,656 ------w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
2007-10-10 22:52:52 153,088 ------w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
2007-10-10 22:52:54 230,400 ------w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
2007-10-10 04:46:56 161,792 ------w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
2007-10-10 22:52:54 383,488 ------w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
2007-10-10 22:52:54 384,512 ------w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
2007-10-10 22:52:54 6,065,664 ------w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
2007-10-10 22:52:54 44,544 ------w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
2007-10-10 22:52:54 267,776 ------w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
2007-10-10 09:59:40 13,824 ------w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
2007-10-10 10:03:10 625,152 ------w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
2007-10-10 22:52:54 27,648 ------w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
2007-10-10 22:52:54 459,264 ------w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
2007-10-10 22:52:54 52,224 ------w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
2007-10-31 02:56:30 3,590,656 ------w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
2007-10-10 22:52:56 478,208 ------w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
2007-10-10 22:52:56 193,024 ------w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
2007-10-10 22:52:56 671,232 ------w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
2007-10-10 22:52:56 102,400 ------w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
2007-08-13 16:36:12 44,544 ------w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
2008-04-02 17:02:20 209,408 ------w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
2007-03-06 02:29:50 386,784 ------w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
2007-10-10 22:52:56 105,984 ------w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
2007-10-10 22:52:58 1,159,680 ------w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
2007-10-10 22:52:58 232,960 ------w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
2007-10-10 22:52:58 824,832 ------w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll

2006-03-02 10:00:00 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll

2006-10-12 14:05:18 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll

2006-03-02 10:00:00 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll

2006-10-12 14:05:18 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll

2006-03-02 10:00:00 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe

2006-10-12 11:09:54 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
2008-04-05 13:28:10 15,556 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache{73CF43C4-AEF3-4699-9703-8938B5175369}.bin

2007-10-10 22:52:52 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

2007-12-07 02:14:10 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

2007-10-10 22:52:52 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll

2007-12-07 02:14:10 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll

2006-03-02 10:00:00 41,984 ----a-w C:\WINDOWS\system32\dllcache\agentdp2.dll

2006-10-12 14:05:18 42,496 ----a-w C:\WINDOWS\system32\dllcache\agentdp2.dll

2006-03-02 10:00:00 58,880 ----a-w C:\WINDOWS\system32\dllcache\agentdpv.dll

2006-10-12 14:05:18 57,344 ----a-w C:\WINDOWS\system32\dllcache\agentdpv.dll

2006-03-02 10:00:00 256,512 ----a-w C:\WINDOWS\system32\dllcache\agentsvr.exe

2006-10-12 11:09:54 256,512 ----a-w C:\WINDOWS\system32\dllcache\agentsvr.exe

2007-08-13 16:35:46 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-19 22:58:08 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-10-10 22:52:52 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-12-07 02:14:10 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-10 22:52:52 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-12-07 02:14:10 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

2006-03-02 10:00:00 79,360 ----a-w C:\WINDOWS\system32\dllcache\fontsub.dll

2005-10-17 21:21:40 80,896 ----a-w C:\WINDOWS\system32\dllcache\fontsub.dll

2006-03-02 11:00:00 278,016 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2007-03-08 15:38:48 281,600 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2007-10-10 22:52:52 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

2007-12-07 02:14:10 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

2006-03-02 10:00:00 253,952 ----a-w C:\WINDOWS\system32\dllcache\icm32.dll

2005-06-29 01:52:58 254,976 ----a-w C:\WINDOWS\system32\dllcache\icm32.dll

2007-10-10 10:03:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-12-06 11:05:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-10-10 22:52:52 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-12-07 02:14:10 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-10-10 22:52:54 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-12-07 02:14:10 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-10-10 04:46:56 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-12-06 04:59:52 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-10-10 22:52:54 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-12-07 02:14:10 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-10-10 22:52:54 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-12-07 02:14:10 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-10-10 22:52:54 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2007-12-07 02:14:10 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2007-10-10 22:52:54 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-12-07 02:14:10 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-10-10 22:52:54 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

2007-12-07 02:14:10 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

2007-10-10 09:59:40 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-06 11:00:58 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-10-10 10:03:10 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-12-06 11:06:22 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-10-10 22:52:54 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-12-07 02:14:10 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

2006-03-02 11:00:00 1,012,224 ----a-w C:\WINDOWS\system32\dllcache\kernel32.dll

2007-04-16 15:54:44 1,013,248 ----a-w C:\WINDOWS\system32\dllcache\kernel32.dll
2006-06-14 08:47:46 172,416 ------w C:\WINDOWS\system32\dllcache\kmixer.sys

2006-03-02 10:00:00 18,944 ----a-w C:\WINDOWS\system32\dllcache\linkinfo.dll

2005-09-01 02:28:38 19,968 ----a-w C:\WINDOWS\system32\dllcache\linkinfo.dll

2006-03-02 11:00:00 723,968 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll

2007-11-07 09:29:34 723,968 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll

2006-03-02 10:00:00 39,936 ----a-w C:\WINDOWS\system32\dllcache\mf3216.dll

2007-03-08 15:38:48 40,960 ----a-w C:\WINDOWS\system32\dllcache\mf3216.dll

2006-03-02 10:00:00 181,248 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys

2007-12-18 09:51:36 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys

2006-03-02 11:00:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll

2005-06-29 01:52:58 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll

2006-03-02 11:00:00 425,472 ----a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll

2006-03-01 19:44:20 426,496 ----a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll

2006-03-02 11:00:00 949,248 ----a-w C:\WINDOWS\system32\dllcache\msdtctm.dll

2006-03-01 19:44:20 956,416 ----a-w C:\WINDOWS\system32\dllcache\msdtctm.dll

2006-03-02 11:00:00 161,280 ----a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll

2006-03-01 19:44:20 161,280 ----a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll

2007-10-10 22:52:54 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-12-07 02:14:10 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-10-10 22:52:54 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-12-07 02:14:10 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2006-03-02 10:00:00 537,088 ----a-w C:\WINDOWS\system32\dllcache\msftedit.dll

2006-11-27 14:55:46 539,136 ----a-w C:\WINDOWS\system32\dllcache\msftedit.dll

2007-10-31 02:56:30 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-12-08 05:14:12 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-10 22:52:56 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-12-07 02:14:12 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-10 22:52:56 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll

2007-12-07 02:14:12 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-10 22:52:56 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll

2007-12-07 02:14:12 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll

2006-03-02 10:00:00 66,560 ----a-w C:\WINDOWS\system32\dllcache\mtxclu.dll

2006-03-01 19:44:20 66,560 ----a-w C:\WINDOWS\system32\dllcache\mtxclu.dll

2006-03-02 11:00:00 90,112 ----a-w C:\WINDOWS\system32\dllcache\mtxoci.dll

2006-03-01 19:44:20 91,136 ----a-w C:\WINDOWS\system32\dllcache\mtxoci.dll

2006-03-02 11:00:00 198,144 ----a-w C:\WINDOWS\system32\dllcache\netman.dll

2005-08-22 18:36:16 197,632 ----a-w C:\WINDOWS\system32\dllcache\netman.dll

2007-10-10 22:52:56 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll

2007-12-07 02:14:12 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll

2006-03-02 11:00:00 1,281,024 ----a-w C:\WINDOWS\system32\dllcache\ole32.dll

2005-04-28 19:32:52 1,284,608 ----a-w C:\WINDOWS\system32\dllcache\ole32.dll

2006-03-02 11:00:00 553,472 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll

2007-12-04 18:42:02 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll

2006-03-02 11:00:00 69,120 ----a-w C:\WINDOWS\system32\dllcache\olecli32.dll

2005-04-28 19:32:52 75,264 ----a-w C:\WINDOWS\system32\dllcache\olecli32.dll

2006-03-02 11:00:00 34,304 ----a-w C:\WINDOWS\system32\dllcache\olecnv32.dll

2005-04-28 19:32:52 37,888 ----a-w C:\WINDOWS\system32\dllcache\olecnv32.dll

2006-03-02 10:00:00 118,272 ----a-w C:\WINDOWS\system32\dllcache\oledlg.dll

2006-10-16 16:16:22 123,392 ----a-w C:\WINDOWS\system32\dllcache\oledlg.dll

2006-03-02 10:00:00 1,291,264 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-29 22:44:30 1,291,264 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2006-03-02 11:00:00 431,616 ----a-w C:\WINDOWS\system32\dllcache\riched20.dll

2006-11-27 14:55:46 433,152 ----a-w C:\WINDOWS\system32\dllcache\riched20.dll

2006-03-02 10:00:00 200,064 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys

2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys

2006-03-02 11:00:00 395,776 ----a-w C:\WINDOWS\system32\dllcache\rpcss.dll

2005-04-28 19:32:52 395,776 ----a-w C:\WINDOWS\system32\dllcache\rpcss.dll

2006-03-02 11:00:00 144,896 ----a-w C:\WINDOWS\system32\dllcache\schannel.dll

2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\dllcache\schannel.dll

2004-08-03 21:07:48 6,400 ----a-w C:\WINDOWS\system32\dllcache\splitter.sys

2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\dllcache\splitter.sys

2006-03-02 10:00:00 96,768 ----a-w C:\WINDOWS\system32\dllcache\srvsvc.dll

2004-12-07 19:34:12 96,768 ----a-w C:\WINDOWS\system32\dllcache\srvsvc.dll

2006-03-02 10:00:00 210,432 ----a-w C:\WINDOWS\system32\dllcache\t2embed.dll

2005-10-17 21:21:40 118,272 ----a-w C:\WINDOWS\system32\dllcache\t2embed.dll

2006-03-02 11:00:00 118,784 ----a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll

2005-08-23 03:40:06 123,904 ----a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll

2007-10-10 22:52:56 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll

2007-12-07 02:14:12 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll

2007-10-10 22:52:58 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-12-07 02:14:12 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2006-03-02 11:00:00 578,560 ----a-w C:\WINDOWS\system32\dllcache\user32.dll

2007-03-08 15:38:48 579,072 ----a-w C:\WINDOWS\system32\dllcache\user32.dll

2007-08-13 16:54:10 765,952 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll

2007-07-12 23:32:12 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll

2004-08-03 21:15:06 82,944 ----a-w C:\WINDOWS\system32\dllcache\wdmaud.sys

2006-06-14 09:00:46 82,944 ----a-w C:\WINDOWS\system32\dllcache\wdmaud.sys

2007-10-10 22:52:58 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll

2007-12-07 02:14:12 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll

2006-03-02 11:00:00 1,836,160 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2007-03-08 15:37:34 1,843,840 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2007-10-10 22:52:58 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2007-12-07 02:14:12 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2006-03-02 11:00:00 291,328 ----a-w C:\WINDOWS\system32\dllcache\winsrv.dll

2005-09-01 02:28:38 292,352 ----a-w C:\WINDOWS\system32\dllcache\winsrv.dll

2006-10-18 19:47:18 222,208 ----a-w C:\WINDOWS\system32\dllcache\WMASF.dll

2007-10-25 07:28:30 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2006-03-02 11:00:00 11,776 ----a-w C:\WINDOWS\system32\dllcache\xolehlp.dll

2006-03-01 19:44:20 11,776 ----a-w C:\WINDOWS\system32\dllcache\xolehlp.dll

2006-03-02 10:00:00 263,040 ----a-w C:\WINDOWS\system32\drivers\http.sys

2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys

2004-08-03 21:07:50 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys

2006-06-14 08:47:46 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys

2006-03-02 10:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-18 09:51:36 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2006-03-02 10:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys

2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys

2004-08-03 21:07:48 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys

2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys

2004-08-03 21:15:06 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2006-06-14 09:00:46 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2007-08-13 16:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll

2007-12-19 22:58:08 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

2007-10-10 22:52:52 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

2007-12-07 02:14:10 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

2007-10-10 22:52:52 132,608 ------w C:\WINDOWS\system32\extmgr.dll

2007-12-07 02:14:10 133,120 ------w C:\WINDOWS\system32\extmgr.dll

2008-03-30 10:12:00 696,048 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

2008-04-05 12:04:34 696,048 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

2006-03-02 10:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll

2005-10-17 21:21:40 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll

2006-03-02 10:00:00 278,016 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 15:38:48 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-10-10 22:52:52 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

2007-12-07 02:14:10 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

2006-03-02 10:00:00 253,952 ----a-w C:\WINDOWS\system32\icm32.dll

2005-06-29 01:52:58 254,976 ----a-w C:\WINDOWS\system32\icm32.dll

2007-10-10 10:03:00 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

2007-12-06 11:05:56 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

2007-10-10 22:52:52 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

2007-12-07 02:14:10 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

2007-10-10 22:52:54 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

2007-12-07 02:14:10 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

2007-10-10 04:46:56 161,792 ------w C:\WINDOWS\system32\ieakui.dll

2007-12-06 04:59:52 161,792 ------w C:\WINDOWS\system32\ieakui.dll

2007-10-10 22:52:54 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

2007-12-07 02:14:10 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

2007-10-10 22:52:54 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

2007-12-07 02:14:10 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

2007-10-10 22:52:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll

2007-12-07 02:14:10 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

2007-10-10 22:52:54 44,544 ------w C:\WINDOWS\system32\iernonce.dll

2007-12-07 02:14:10 44,544 ------w C:\WINDOWS\system32\iernonce.dll

2007-10-10 22:52:54 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

2007-12-07 02:14:10 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

2007-10-10 09:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

2007-10-10 22:52:54 27,648 ------w C:\WINDOWS\system32\jsproxy.dll

2007-12-07 02:14:10 27,648 ------w C:\WINDOWS\system32\jsproxy.dll

2006-03-02 10:00:00 1,012,224 ----a-w C:\WINDOWS\system32\kernel32.dll

2007-04-16 15:54:44 1,013,248 ----a-w C:\WINDOWS\system32\kernel32.dll

2006-03-02 10:00:00 18,944 ----a-w C:\WINDOWS\system32\linkinfo.dll

2005-09-01 02:28:38 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll

2006-03-02 10:00:00 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-07 09:29:34 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll

2006-03-02 10:00:00 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:38:48 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2006-03-02 10:00:00 73,728 ----a-w C:\WINDOWS\system32\mscms.dll

2005-06-29 01:52:58 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2006-03-02 11:00:00 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll

2006-03-01 19:44:20 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll

2006-03-02 11:00:00 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll

2006-03-01 19:44:20 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll

2006-03-02 11:00:00 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll

2006-03-01 19:44:20 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll

2007-10-10 22:52:54 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

2007-12-07 02:14:10 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

2007-10-10 22:52:54 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

2007-12-07 02:14:10 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

2006-03-02 10:00:00 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll

2006-11-27 14:55:46 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll

2007-10-31 02:56:30 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll

2007-12-08 05:14:12 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll

2007-10-10 22:52:56 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

2007-12-07 02:14:12 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

2007-10-10 22:52:56 193,024 ------w C:\WINDOWS\system32\msrating.dll

2007-12-07 02:14:12 193,024 ------w C:\WINDOWS\system32\msrating.dll

2007-10-10 22:52:56 671,232 ------w C:\WINDOWS\system32\mstime.dll

2007-12-07 02:14:12 671,232 ------w C:\WINDOWS\system32\mstime.dll

2006-03-02 10:00:00 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll

2006-03-01 19:44:20 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll

2006-03-02 11:00:00 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll

2006-03-01 19:44:20 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll

2006-03-02 10:00:00 198,144 ----a-w C:\WINDOWS\system32\netman.dll

2005-08-22 18:36:16 197,632 ----a-w C:\WINDOWS\system32\netman.dll

2007-10-10 22:52:56 102,400 ------w C:\WINDOWS\system32\occache.dll

2007-12-07 02:14:12 102,912 ------w C:\WINDOWS\system32\occache.dll

2006-03-02 10:00:00 1,281,024 ----a-w C:\WINDOWS\system32\ole32.dll

2005-04-28 19:32:52 1,284,608 ----a-w C:\WINDOWS\system32\ole32.dll

2006-03-02 10:00:00 553,472 ------w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 18:42:02 550,912 ------w C:\WINDOWS\system32\oleaut32.dll

2006-03-02 10:00:00 69,120 ----a-w C:\WINDOWS\system32\olecli32.dll

2005-04-28 19:32:52 75,264 ----a-w C:\WINDOWS\system32\olecli32.dll

2006-03-02 10:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll

2005-04-28 19:32:52 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll

2006-03-02 10:00:00 118,272 ----a-w C:\WINDOWS\system32\oledlg.dll

2006-10-16 16:16:22 123,392 ----a-w C:\WINDOWS\system32\oledlg.dll

2008-02-27 15:44:30 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat

2008-04-05 12:06:30 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat

2008-02-27 15:44:30 74,230 ----a-w C:\WINDOWS\system32\perfc015.dat

2008-04-05 12:06:30 74,230 ----a-w C:\WINDOWS\system32\perfc015.dat

2008-02-27 15:44:30 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat

2008-04-05 12:06:30 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat

2008-02-27 15:44:30 448,004 ----a-w C:\WINDOWS\system32\perfh015.dat

2008-04-05 12:06:30 448,004 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-08-13 16:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

2008-01-11 05:41:26 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

2006-03-02 10:00:00 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:44:30 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2006-03-02 10:00:00 431,616 ----a-w C:\WINDOWS\system32\riched20.dll

2006-11-27 14:55:46 433,152 ----a-w C:\WINDOWS\system32\riched20.dll

2006-03-02 10:00:00 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll

2005-04-28 19:32:52 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll

2006-03-02 10:00:00 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2006-03-02 10:00:00 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll

2004-12-07 19:34:12 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll

2006-03-02 10:00:00 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll

2005-10-17 21:21:40 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
2007-11-13 11:31:12 60,416 ------w C:\WINDOWS\system32\tzchange.exe

2006-03-02 10:00:00 118,784 ----a-w C:\WINDOWS\system32\umpnpmgr.dll

2005-08-23 03:40:06 123,904 ----a-w C:\WINDOWS\system32\umpnpmgr.dll

2007-10-10 22:52:56 105,984 ----a-w C:\WINDOWS\system32\url.dll

2007-12-07 02:14:12 105,984 ----a-w C:\WINDOWS\system32\url.dll

2007-10-10 22:52:58 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

2007-12-07 02:14:12 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

2006-03-02 10:00:00 578,560 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:38:48 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2006-03-17 00:38:02 28,672 ------w C:\WINDOWS\system32\verclsid.exe

2007-10-10 22:52:58 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll

2007-12-07 02:14:12 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

2006-03-02 10:00:00 1,836,160 ----a-w C:\WINDOWS\system32\win32k.sys

2007-03-08 15:37:34 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys

2007-10-10 22:52:58 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-07 02:14:12 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2006-03-02 10:00:00 291,328 ----a-w C:\WINDOWS\system32\winsrv.dll

2005-09-01 02:28:38 292,352 ----a-w C:\WINDOWS\system32\winsrv.dll

2006-10-18 19:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 07:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2006-03-02 11:00:00 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll

2006-03-01 19:44:20 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll

.

– Snapshot reset to current date –

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 12:00 15360]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-03-20 15:06 171448]

“uTorrent”=“C:\Program Files\uTorrent\uTorrent.exe” [2008-02-05 10:32 219952]

“Gadu-Gadu”=“E:\programy\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SkyTel”=“SkyTel.EXE” [2006-05-20 11:04 2879488 C:\WINDOWS\SkyTel.exe]

“RTHDCPL”=“RTHDCPL.EXE” [2007-02-03 11:54 16116224 C:\WINDOWS\RTHDCPL.exe]

“Gainward”=“C:\Program Files\VDOTool\TBPanel.exe” [2007-11-27 14:36 2169368]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-11-28 09:45 8523776]

“nwiz”=“nwiz.exe” [2007-11-28 09:45 1626112 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-11-28 09:45 81920]

“CorelDRAW ESSENTIALS14”=“E:\programy\skaner\Corel\Register\Registration.exe” [2003-07-21 16:17 413696]

“BDMCon”=“C:\Program Files\Softwin\BitDefender10\bdmcon.exe” [2007-04-02 16:48 290816]

“BDAgent”=“C:\Program Files\Softwin\BitDefender10\bdagent.exe” [2007-03-26 15:49 69632]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]

“DAEMON Tools”=“E:\Program Files\DAEMON Tools\daemon.exe” [2005-11-09 00:00 128920]

“CBitSpirit”=“E:\Program Files\BitSpirit\BitSpirit.exe” [2007-09-09 21:29 3063296]

“UserFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -u” []

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 12:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Microsoft Office.lnk - E:\programy\Office stary\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

Adobe Reader Speed Launch.lnk - E:\programy\Acrobat Reader\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

Action Manager 32.lnk - E:\programy\skaner\sterowniki\AM32.exe [2008-02-01 21:32:17 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.ffds”= C:\WINDOWS\system32\ffdshow\ffdshow.ax

“VIDC.FPS1”= frapsvid.dll

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“E:\nauka\wierszownik\DATA\BIN\mysqld-nt.exe”=

“E:\programy\Gadu-Gadu\gg.exe”=

“C:\Program Files\uTorrent\uTorrent.exe”=

“F:\Program Files\BearShare\BearShare.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“E:\gry\cs\hl.exe”=

“E:\Program Files\FlashGet\flashget.exe”=

“E:\gry\Worms_4_Mayhem___PL___FULL_uplad_rogery1\Worms 4 Mayhem ( PL ) FULL\Worms.4.Mayhem\WORMS 4 MAYHEM.EXE”=

“E:\Program Files\BitSpirit\BitSpirit.exe”=

“E:\gry\crysicek\Bin32\Crysis.exe”=

“E:\gry\crysicek\Bin32\CrysisDedicatedServer.exe”=

“C:\WINDOWS\System32\PnkBstrA.exe”=

“C:\WINDOWS\System32\PnkBstrB.exe”=

“E:\gry\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx9.exe”=

“E:\gry\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx10.exe”=

“E:\gry\Ubisoft\Assassin’s Creed\AssassinsCreed_Launcher.exe”=

“E:\gry\Ubisoft\Ghost Recon Advanced Warfighter 2\graw2.exe”=

“C:\WINDOWS\System32\mmc.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“20890:TCP”= 20890:TCP:BitComet 20890 TCP

“20890:UDP”= 20890:UDP:BitComet 20890 UDP

“12807:TCP”= 12807:TCP:BitComet 12807 TCP

“12807:UDP”= 12807:UDP:BitComet 12807 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-22 13:22]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-04 15:57]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 04:58]

R3 SaiClass;SaiClass;C:\WINDOWS\system32\drivers\SaiNtBus.sys [2003-04-10 11:41]

R3 SaiNtHid;SaiNtHid;C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys [2003-04-10 11:42]

R3 SaiNtSub;SaiNtSub;C:\WINDOWS\system32\DRIVERS\SaiNtSub.sys [2003-04-10 11:42]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-05 17:09:24

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\dumprep.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe

E:\programy\irfanview\i_view32.exe

C:\WINDOWS\system32\dwwin.exe

.

**************************************************************************

.

Completion time: 2008-04-05 17:10:19 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-05 15:10:18

ComboFix2.txt 2008-04-05 11:36:52

Pre-Run: 2,400,854,016 bajtów wolnych

Post-Run: 2,384,371,712 bajt˘w wolnych

.

2008-04-05 14:40:38 — E O F —

losdamiano · 5 Kwiecień 2008 15:20

sprawdzę czy komunikaty będą się pokazywały…

jeśli coś nie będzie tak w logu proszę o odpowiedź…

losdamiano · 5 Kwiecień 2008 16:07

komunikat się nie pokazuje… komputer działa normalnie… Dzięki wielki… =D> Jednak co ekspert to ekspert…

Leon1 · 5 Kwiecień 2008 19:08

Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

losdamiano · 6 Kwiecień 2008 10:33

Nie wiem czy to ważne ale na początku w combofixie pisało, iż “nazwa swreg.cfexe nie jest rozpoznawana jako polecenie wewnętrzne lub zewnętrzne, program wykonywalny lub plik wsadowy”.

Proszę oto log:

ComboFix 08-04-04.1 - r 2008-04-06 12:27:57.3 - FAT32 x86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1516 [GMT 2:00]

Running from: F:\Downloads\ComboFix.exe

Command switches used :: C:\Documents and Settings\r\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

C:-1667729403

C:\ilriupf.exe

C:\smp.bat

C:\WINDOWS\system32\descript.lnk

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:-1667729403

C:-1667729403\

C:\Documents and Settings\All Users\Dane aplikacji\kpivwxcx

C:\Documents and Settings\All Users\Dane aplikacji\kpivwxcx\qreputyd.exe

C:\FOUND.005

C:\FOUND.005\FILE0000.CHK

C:\FOUND.005\FILE0001.CHK

C:\FOUND.005\FILE0002.CHK

C:\FOUND.005\FILE0003.CHK

C:\FOUND.005\FILE0004.CHK

C:\FOUND.005\FILE0005.CHK

C:\FOUND.005\FILE0006.CHK

C:\FOUND.005\FILE0007.CHK

C:\FOUND.005\FILE0008.CHK

C:\FOUND.005\FILE0009.CHK

C:\FOUND.005\FILE0010.CHK

C:\FOUND.005\FILE0011.CHK

C:\FOUND.005\FILE0012.CHK

C:\FOUND.005\FILE0013.CHK

C:\FOUND.005\FILE0014.CHK

C:\FOUND.005\FILE0015.CHK

C:\FOUND.005\FILE0016.CHK

C:\FOUND.005\FILE0017.CHK

C:\FOUND.005\FILE0018.CHK

C:\FOUND.005\FILE0019.CHK

C:\FOUND.005\FILE0020.CHK

C:\FOUND.005\FILE0021.CHK

C:\FOUND.005\FILE0022.CHK

C:\FOUND.005\FILE0023.CHK

C:\FOUND.005\FILE0024.CHK

C:\FOUND.005\FILE0025.CHK

C:\FOUND.006

C:\FOUND.006\FILE0000.CHK

C:\FOUND.006\FILE0001.CHK

C:\FOUND.007

C:\FOUND.007\FILE0000.CHK

C:\FOUND.007\FILE0001.CHK

C:\FOUND.007\FILE0002.CHK

C:\FOUND.007\FILE0003.CHK

C:\FOUND.007\FILE0004.CHK

C:\FOUND.008

C:\FOUND.008\FILE0000.CHK

C:\FOUND.008\FILE0001.CHK

C:\FOUND.008\FILE0002.CHK

C:\FOUND.008\FILE0003.CHK

C:\FOUND.009

C:\FOUND.009\FILE0000.CHK

C:\FOUND.009\FILE0001.CHK

C:\ilriupf.exe

C:\smp.bat

C:\WINDOWS\system32\descript.lnk

.

((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))

.

2008-04-05 14:24 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe

2008-04-05 14:24 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf

2008-04-05 13:56 . 2008-04-05 13:56

2008-04-05 13:55 . 2008-04-05 13:55

2008-04-05 12:50 . 2008-04-05 12:50

2008-04-05 12:42 . 2008-04-06 12:27 81,984 --a------ C:\WINDOWS\system32\bdod.bin