DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   Win32 generic host (http://www.daniweb.com/forums/thread102770.html)

momtworugrats Dec 28th, 2007 10:59 pm
Win32 generic host
 
When I first start up my computer a popup comes up that says windows has not allowed this program to open or something of that nature. i know its a virus or something of the sort. just dont know how to get rid of it. ive run anti-virus software and it finds a few things, but it still pops up. I currently have kaspersky anti-virus and superantispyware. I posted about 6 days ago, but no one replied. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:18 PM, on 2007-12-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsw37C.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195009468921
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 9664 bytes
PS. That last file [023-Service: Sym....] I've tried to delete becuase the file's missing, but it won't let me. Thank you for your help.

crunchie Dec 29th, 2007 3:36 am
Re: Win32 generic host
 
If you have uninstalled Symantec, do the following and the 023 entry should go;

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktop
You'll see a black screen flash,thats normal.

Quote:
@echo off
sc stop SymWSC
sc delete SymWSC
==.

Can you please do the following.


===============

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsw37C.dll


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\nsw37C.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

momtworugrats Dec 29th, 2007 8:03 pm
Re: Win32 generic host
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:01 PM, on 2007-12-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195009468921
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

--
End of file - 9917 bytes



I was able to find and delete the first file, but CNL the second. Does everything look good on the log? Thank you for your help.

crunchie Dec 30th, 2007 12:13 am
Re: Win32 generic host
 
Yep, everything looks good now. How is the pc?

momtworugrats Dec 30th, 2007 10:02 am
Re: Win32 generic host
 
The popup is still coming up when I turn on my compter.

DATA EXECUTION PREVENTION - MICROSOFT WINDOWS

NAME: GENERIC HOST PROCESS FOR WIN32 SERVICES

PUBLISHER: MICROSOFT WINDOWS

then I press close message

and it prompts me to send an error report to microsoft


The error report

ERROR SIGNATURE
EVENTTYPE: BEX P1:SCHOST.EXE P2:0.0.0.0 P3: 00000000
P4: UNKNOWN P5: 0.0.0.0 P6: 00000000 P7: 00000000
P8: C0000005 P9: 00000008

ERROR REPORT CONTENTS
C:/DOCUME~1\MARCI\LOCALS~1\TEMP\\WER91DA.DIR00\SVCHOST.EXE.MDMP
C:/DOCUME~1\MARCI\LOCALS~1\TEMP\\WER91DA.DIR00\APPCOMPAT.TXT

then i send it
don't know if any of that helps. but thats what happens. it doesnt happen when i restart, just when i turn off and then on later. the rest of the computer seems to be acting fine though.

momtworugrats Dec 30th, 2007 12:16 pm
Re: Win32 generic host
 
i just turned on my computer and instead of the previous message, now the name is UtilMan EXE

C:\DOCUME~1\marci\LOCALS~1\Temp\WER549b.dir00\utilman.exe.mdmp
C:\DOCUME~1\marci\LOCALS~1\Temp\WER549b.dir00\appcompat.txt

crunchie Jan 1st, 2008 5:15 am
Re: Win32 generic host
 
Try this;
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

momtworugrats Jan 1st, 2008 9:54 am
Re: Win32 generic host
 
ComboFix 07-12-31.4 - marci 2008-01-01 8:43:37.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.616 [GMT -5:00]
Running from: C:\Documents and Settings\marci\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2008-01-01 08:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 15:36 . 2007-12-31 15:36 <DIR> d-------- C:\Documents and Settings\marci\Application Data\Hewlett-Packard
2007-12-31 10:11 . 2007-12-31 10:11 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-30 15:54 . 2007-12-30 15:54 63 --a------ C:\WINDOWS\1
2007-12-30 11:18 . 2007-12-30 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-12-29 21:33 . 2007-12-29 21:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-29 21:33 . 2007-12-29 21:33 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-27 20:56 . 2007-12-27 20:56 <DIR> d-------- C:\Documents and Settings\Gregory\Application Data\HPQ
2007-12-27 20:15 . 2007-12-27 20:15 <DIR> d-------- C:\Documents and Settings\Gregory\Application Data\Yahoo!
2007-12-27 20:09 . 2007-12-27 20:09 <DIR> d-------- C:\Documents and Settings\marci\Application Data\Yahoo!
2007-12-27 20:09 . 2007-12-27 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-25 12:20 . 2007-12-31 13:10 <DIR> d-------- C:\Documents and Settings\Gregory\Shared
2007-12-25 12:20 . 2007-12-31 13:10 <DIR> d-------- C:\Documents and Settings\Gregory\Incomplete
2007-12-25 12:17 . 2007-12-27 23:19 <DIR> d-------- C:\Documents and Settings\Gregory\Application Data\FrostWire
2007-12-25 12:14 . 2005-11-17 08:56 <DIR> d-------- C:\Documents and Settings\Gregory\WINDOWS
2007-12-25 12:14 . 2005-11-17 09:17 <DIR> d-------- C:\Documents and Settings\Gregory\Application Data\Symantec
2007-12-25 12:14 . 2005-11-17 08:59 <DIR> d-------- C:\Documents and Settings\Gregory\Application Data\Intuit
2007-12-25 12:14 . 2005-11-17 08:42 <DIR> d-------- C:\Documents and Settings\Gregory\Application Data\Digital Interactive Systems Corporation
2007-12-22 13:54 . 2007-12-22 14:00 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-22 13:54 . 2007-12-22 14:00 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-22 13:53 . 2007-12-22 13:53 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-22 13:53 . 2008-01-01 08:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-22 13:53 . 2008-01-01 08:46 6,030,112 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-22 13:53 . 2008-01-01 08:46 93,728 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-22 13:53 . 2007-12-31 21:37 81,404 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-22 13:53 . 2007-12-31 21:37 9,620 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-22 13:52 . 2007-12-22 13:52 <DIR> d-------- C:\KAV
2007-12-20 08:04 . 2007-12-20 08:04 <DIR> d-------- C:\Documents and Settings\Chase\Application Data\FrostWire
2007-12-20 08:02 . 2007-12-20 08:02 <DIR> d-------- C:\Documents and Settings\Chase\Application Data\MySpace
2007-12-14 17:40 . 2006-10-23 13:26 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-14 17:40 . 2006-10-23 13:26 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-14 17:39 . 2007-12-14 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo
2007-12-14 17:34 . 2007-12-14 17:35 <DIR> d-------- C:\Program Files\RCA
2007-12-11 09:48 . 2007-12-11 09:50 <DIR> d-------- C:\Program Files\FreeShield Toolbar
2007-12-11 09:38 . 2005-11-17 08:56 <DIR> d-------- C:\Documents and Settings\Chase\WINDOWS
2007-12-11 09:38 . 2005-11-17 09:17 <DIR> d-------- C:\Documents and Settings\Chase\Application Data\Symantec
2007-12-11 09:38 . 2005-11-17 08:59 <DIR> d-------- C:\Documents and Settings\Chase\Application Data\Intuit
2007-12-11 09:38 . 2005-11-17 08:42 <DIR> d-------- C:\Documents and Settings\Chase\Application Data\Digital Interactive Systems Corporation
2007-12-09 14:30 . 2007-12-09 14:30 0 --a------ C:\WINDOWS\WB.ini
2007-12-09 14:27 . 2007-12-09 14:27 <DIR> d-------- C:\Program Files\Stardock
2007-12-09 14:27 . 2007-07-11 14:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2007-12-09 11:57 . 2007-12-09 11:57 40 --a------ C:\Auth.prof
2007-12-01 13:30 . 2007-12-01 13:30 260 --a------ C:\WINDOWS\_delis32.ini
2007-12-01 12:57 . 1999-08-20 16:53 5,455,526 -ra------ C:\temp\ar40eng.exe
2007-12-01 12:56 . 2007-12-01 12:56 36,864 --a------ C:\WINDOWS\uneng.exe
2007-12-01 12:52 . 1999-01-12 13:11 29,184 --a------ C:\WINDOWS\system32\Popup.ocx
2007-12-01 09:42 . 2007-12-01 09:42 <DIR> d-------- C:\Program Files\Webshots
2007-12-01 09:42 . 2007-12-01 09:42 <DIR> d-------- C:\Documents and Settings\marci\Application Data\Webshots

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 20:56 --------- d-----w C:\Program Files\Opera
2007-12-30 20:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 16:25 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-30 16:18 --------- d-----w C:\Program Files\Uniblue
2007-12-30 16:18 --------- d-----w C:\Documents and Settings\marci\Application Data\Uniblue
2007-12-28 00:57 --------- d-----w C:\Program Files\Yahoo!
2007-12-24 23:15 --------- d-----w C:\Program Files\Google
2007-12-22 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-22 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-20 12:53 --------- d-----w C:\Program Files\FrostWire
2007-12-14 22:40 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-12-11 14:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 18:59 --------- d-----w C:\Program Files\Sonic
2007-12-09 16:43 --------- d-----w C:\Program Files\InterVideo
2007-12-05 00:47 --------- d-----w C:\Documents and Settings\marci\Application Data\FrostWire
2007-12-03 18:22 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2007-11-29 01:56 --------- d-----w C:\Program Files\lsounds
2007-11-29 01:18 --------- d-----w C:\Program Files\lletters
2007-11-27 13:32 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-24 23:07 --------- d-----w C:\Program Files\n7 Studios
2007-11-24 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-24 17:51 --------- d-----w C:\Documents and Settings\marci\Application Data\AVG7
2007-11-23 02:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-22 22:11 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2007-11-22 01:33 --------- d-----w C:\Program Files\Java
2007-11-21 13:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-21 03:31 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-19 01:55 --------- d-----w C:\Documents and Settings\marci\Application Data\WinBatch
2007-11-19 01:44 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2007-11-18 20:36 --------- d-----w C:\Program Files\GemMaster
2007-11-18 03:41 --------- d-----w C:\Program Files\Lavasoft
2007-11-18 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-18 03:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-18 03:15 --------- d-----w C:\Program Files\Trend Micro
2007-11-18 02:50 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-18 02:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\HPQ
2007-11-17 17:41 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-17 17:17 4,112 ----a-w C:\WINDOWS\system32\tmp.reg
2007-11-17 17:14 --------- d-----w C:\Program Files\DISC
2007-11-17 14:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-17 14:00 --------- d-----w C:\Documents and Settings\marci\Application Data\SUPERAntiSpyware.com
2007-11-17 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-17 13:31 --------- d-----w C:\Documents and Settings\marci\Application Data\HPQ
2007-11-17 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-17 01:49 --------- d-----w C:\Documents and Settings\marci\Application Data\WinPatrol
2007-11-17 01:48 --------- d-----w C:\Program Files\BillP Studios
2007-11-16 03:28 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-11-16 02:08 --------- d-----w C:\Documents and Settings\marci\Application Data\Apple Computer
2007-11-16 02:05 0 ----a-w C:\Documents and Settings\marci\Application Data\wklnhst.dat
2007-11-16 02:05 --------- d-----w C:\Documents and Settings\marci\Application Data\Template
2007-11-15 02:55 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 02:42 --------- d-----w C:\Program Files\QuickTime
2007-11-12 02:41 --------- d-----w C:\Program Files\Apple Software Update
2007-11-12 02:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-12 02:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-11 04:28 --------- d-----w C:\Documents and Settings\marci\Application Data\Sonic
2007-11-11 04:28 --------- d-----w C:\Documents and Settings\marci\Application Data\Leadertech
2007-11-11 03:25 --------- d-----w C:\Program Files\The Weather Channel FW
2007-11-10 20:32 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-10 20:30 --------- d-----w C:\Documents and Settings\marci\Application Data\HP
2007-11-10 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-10 03:27 --------- d-----w C:\Program Files\MySpace
2007-11-10 03:27 --------- d-----w C:\Documents and Settings\marci\Application Data\MySpace
2007-11-04 02:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-11-04 02:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Otto
2007-11-04 01:59 --------- d-----w C:\Program Files\Quicken
2007-11-03 23:05 --------- d-----w C:\Program Files\WildTangent
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 21:53 1,012,519 ----a-w C:\WINDOWS\system32\RAC_English_1_screensaver.scr
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-25_12.26.18.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
- 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
- 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
- 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
+ 2005-10-11 23:40:32 237,568 -c----w C:\WINDOWS\$NtUninstallKB925766$\ehrecvr.exe
+ 2005-10-11 23:39:32 1,669,120 -c----w C:\WINDOWS\$NtUninstallKB925766$\msvidctl.dll
+ 2005-08-06 05:01:54 282,112 -c----w C:\WINDOWS\$NtUninstallKB925766$\sbe.dll
+ 2005-10-13 18:22:46 213,216 -c----w C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe
+ 2005-10-13 18:22:48 371,424 -c----w C:\WINDOWS\$NtUninstallKB925766$\spuninst\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
+ 2006-10-19 02:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
+ 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
+ 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
+ 2006-10-19 02:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
+ 2005-06-28 15:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2005-06-28 15:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2006-11-01 23:31:34 315,904 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
+ 2006-09-25 22:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2006-09-25 22:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2004-08-10 12:00:00 480,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\audiodev.dll
+ 2006-03-03 12:26:29 429,056 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2005-08-04 09:29:52 207,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2005-08-04 09:29:52 178,936 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmupgds.exe
+ 2006-03-03 12:26:57 581,632 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2005-08-04 09:29:52 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2005-08-04 09:29:52 96,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2005-08-04 09:29:52 106,496 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mfplat.dll
+ 2004-08-10 12:00:00 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2004-08-10 12:00:00 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2004-08-10 12:00:00 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2005-08-04 09:29:52 115,200 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2005-08-04 09:29:52 25,088 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2005-08-04 09:29:52 173,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2005-08-04 09:29:52 353,520 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2005-08-04 09:29:52 315,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2005-08-04 09:29:52 221,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-16 23:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2006-05-16 23:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2006-11-02 16:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2005-08-04 09:29:52 47,104 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
+ 2005-08-04 09:29:52 15,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
+ 2005-08-04 09:29:52 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2005-08-04 09:29:52 359,936 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2005-08-04 09:29:52 716,288 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2005-08-04 09:29:52 227,840 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
+ 2005-08-04 09:29:52 29,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2005-08-04 09:29:52 37,376 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2005-08-04 09:29:52 344,064 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2005-08-04 09:29:52 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2005-08-04 09:29:52 180,224 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmsdk.dll
+ 2005-08-04 09:29:52 150,016 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2005-08-04 09:29:52 988,672 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2005-08-04 09:29:52 771,584 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2005-08-04 09:29:52 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2005-08-04 09:29:52 819,200 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsetsdk.exe
+ 2005-08-04 09:29:54 407,552 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2005-08-04 09:29:54 940,544 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2005-08-04 09:29:54 1,216,000 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2005-08-04 09:29:54 1,512,448 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
+ 2006-12-07 04:14:51 2,330,624 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
+ 2005-08-04 09:29:54 826,368 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2005-08-04 09:29:54 1,003,008 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2006-03-03 12:33:09 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2006-03-03 12:32:57 61,952 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
+ 2006-03-03 12:33:00 114,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2006-03-03 12:33:00 66,560 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2006-03-03 12:33:10 329,728 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
+ 2006-03-03 12:33:01 18,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
+ 2004-08-10 12:00:00 8,192 -c----w C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
+ 2004-08-10 12:00:00 356,352 -c----w C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
+ 2006-10-02 18:30:10 819,200 -c----w C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
+ 2006-05-16 23:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
+ 2006-05-16 23:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
+ 2004-08-10 12:00:00 192,512 -c----w C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
+ 2004-08-10 12:00:00 189,440 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
+ 2004-08-10 12:00:00 118,784 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmlaunch.exe
+ 2007-04-30 13:20:24 5,537,792 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
+ 2004-08-10 12:00:00 131,072 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
+ 2004-08-10 12:00:00 77,824 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
+ 2004-08-10 12:00:00 278,528 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
+ 2004-08-10 12:00:00 28,672 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpenc.exe
+ 2004-08-10 12:00:00 1,582,080 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpencen.dll
+ 2005-06-24 01:09:49 73,728 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
+ 2005-06-24 01:15:30 3,371,008 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
+ 2004-08-10 12:00:00 81,920 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
+ 2004-08-10 12:00:00 174,080 -c----w C:\WINDOWS\$NtUninstallwmp11$\wmpsrcwp.dll
+ 2006-09-16 06:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 06:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-29 00:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
- 2005-11-17 13:29:45 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
+ 2007-12-09 16:38:05 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
- 2005-11-17 13:29:45 864,256 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2007-12-09 16:38:05 868,352 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2005-11-17 13:17:27 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2007-12-09 16:38:05 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
+ 2007-11-25 19:05:45 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d6652cfc7f6018eed9f5af0ab54a5fbd\Accessibility.ni.dll
+ 2007-11-25 19:05:49 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\092bf3cc8044d2d907d217ddadaee5bf\AspNetMMCExt.ni.dll
+ 2007-11-25 19:05:50 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e916794475f60f6fdeda5abc582ab0e0\CustomMarshalers.ni.dll
+ 2007-11-25 19:05:49 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\b287592c089a5c567ff52af8c9bbfd3f\dfsvc.ni.exe
+ 2007-11-25 19:05:52 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a332a2f7f965beb9f3b2661c5b7b7920\Microsoft.Build.Engine.ni.dll
+ 2007-11-25 19:05:52 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4f35fff09ced0739ec67374b29ca257c\Microsoft.Build.Framework.ni.dll
+ 2007-11-25 19:05:56 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\40c449b85be08f74666e578de70723b7\Microsoft.Build.Tasks.ni.dll
+ 2007-11-25 19:05:56 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2892e08fb3b2dd93f88db30da4437a9f\Microsoft.Build.Utilities.ni.dll
+ 2007-11-25 19:06:00 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\25e198cac97b29d08c492bc5388a9fec\Microsoft.VisualBasic.ni.dll
+ 2007-11-25 19:06:01 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\54f291b3d674c2ea212a9244f3ba9fbd\System.Configuration.ni.dll
+ 2007-11-25 19:06:03 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\8b1086c976b2577a95e0e7f113caf7bf\System.Deployment.ni.dll
+ 2007-11-25 19:06:05 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\046eec3d74cec4cd460ff7c1842d257e\System.DirectoryServices.ni.dll
+ 2007-11-25 19:06:06 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\5449046c90901704a120252427a00033\System.DirectoryServices.Protocols.ni.dll
+ 2007-11-25 19:06:07 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a50404715d38a9b2035dcac4d5fbf9c8\System.EnterpriseServices.ni.dll
+ 2007-11-25 19:06:07 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a50404715d38a9b2035dcac4d5fbf9c8\System.EnterpriseServices.Wrapper.dll
+ 2007-11-25 19:06:09 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\8962db3b03601d2c02f3836f1e523170\System.Security.ni.dll
+ 2007-11-25 19:06:10 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\610351fe2a8d287c009a958ac852e2d0\System.Transactions.ni.dll
+ 2007-11-25 19:06:32 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ab2958c06dce21c6cc3515068671c3a9\System.Web.Mobile.ni.dll
+ 2007-11-25 19:06:33 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\bede7399f09b947c9c27f702bfff7c7a\System.Web.RegularExpressions.ni.dll
+ 2007-11-25 19:06:36 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\0c492219b15640ed399b978141942e54\System.Web.Services.ni.dll
+ 2007-11-25 19:06:29 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7a66b932276b50c95261a636d7a51f34\System.Web.ni.dll
- 2005-08-06 05:01:54 239,104 ----a-w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
+ 2006-10-09 21:12:14 235,008 ----a-w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
- 2005-10-11 23:39:38 1,863,680 ----a-w C:\WINDOWS\ehome\ehcm.dll
+ 2006-10-09 21:16:00 1,863,680 ----a-w C:\WINDOWS\ehome\ehcm.dll
- 2005-10-11 23:32:46 864,256 ----a-w C:\WINDOWS\ehome\ehepg.dll
+ 2006-10-09 21:07:44 868,352 ----a-w C:\WINDOWS\ehome\ehepg.dll
- 2005-10-11 23:40:36 332,288 ----a-w C:\WINDOWS\ehome\ehglid.dll
+ 2006-10-09 21:17:04 328,704 ----a-w C:\WINDOWS\ehome\ehglid.dll
- 2004-08-10 18:11:48 178,688 ----a-w C:\WINDOWS\ehome\ehkeyctl.dll
+ 2006-10-09 21:18:32 178,176 ----a-w C:\WINDOWS\ehome\ehkeyctl.dll
- 2005-10-11 23:40:32 237,568 ----a-w C:\WINDOWS\ehome\ehrecvr.exe
+ 2006-10-09 21:16:56 237,568 ----a-w C:\WINDOWS\ehome\ehrecvr.exe
- 2005-10-11 23:43:18 3,219,456 ----a-w C:\WINDOWS\ehome\ehshell.exe
+ 2006-10-09 21:19:14 3,223,552 ----a-w C:\WINDOWS\ehome\ehshell.exe
- 2005-08-06 05:01:58 492,032 ----a-w C:\WINDOWS\ehome\ehui.dll
+ 2006-10-09 21:16:30 558,592 ----a-w C:\WINDOWS\ehome\ehui.dll
- 2005-08-06 04:06:02 105,984 ----a-w C:\WINDOWS\ehome\mstvcapn.dll
+ 2006-10-09 21:12:52 107,008 ----a-w C:\WINDOWS\ehome\mstvcapn.dll
+ 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-17 10:21:21 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-20 20:34:42 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
- 2004-08-10 12:00:00 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-12-24 23:16:13 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe
+ 2007-12-24 23:16:14 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-12-24 23:16:14 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-12-24 23:16:14 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-12-24 23:16:14 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-12-24 23:16:14 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
- 2007-11-25 02:43:00 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-13 03:29:09 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-11-25 02:42:59 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-13 03:29:09 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-11-25 02:43:00 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-13 03:29:09 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-11-25 02:43:00 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-13 03:29:09 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-11-25 02:43:00 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-12-13 03:29:09 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-11-25 02:43:00 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-13 03:29:09 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-11-25 02:43:00 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-12-13 03:29:09 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-11-25 02:43:00 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-12-13 03:29:10 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-11-25 02:42:59 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-12-13 03:29:09 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-11-25 02:42:59 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-13 03:29:08 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 1998-10-30 07:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
+ 1998-10-29 21:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
+ 2007-12-22 21:20:24 238,782 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 1996-02-19 19:19:00 44,544 ----a-w C:\WINDOWS\system\MKWIPE16.DLL
+ 1996-02-19 19:18:18 68,096 ----a-w C:\WINDOWS\system\MKWND16.DLL
+ 1993-05-12 05:00:00 398,416 ----a-w C:\WINDOWS\system\VBRUN300.DLL
+ 1994-09-21 05:00:00 92,208 ----a-w C:\WINDOWS\system\WING.DLL
+ 1994-08-24 05:00:00 188,960 ----a-w C:\WINDOWS\system\WINGDE.DLL
+ 1994-12-06 19:29:06 31,232 ----a-w C:\WINDOWS\system\WWND.DLL
- 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-10 12:00:00 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 02:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-08-10 12:00:00 480,768 ----a-w C:\WINDOWS\system32\audiodev.dll
+ 2006-10-19 02:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2006-03-03 12:26:29 429,056 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 02:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2005-08-04 09:29:52 207,872 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 02:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2007-11-25 16:16:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-30 22:59:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-25 16:16:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-30 22:59:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-25 16:16:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-30 22:59:44 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-10 12:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 02:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2006-03-03 12:26:29 429,056 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 02:47:10 542,720 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2005-08-04 09:29:52 207,872 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 02:47:10 229,376 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2006-03-03 12:26:57 581,632 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 02:47:10 991,744 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2005-10-11 23:39:38 1,863,680 ----a-w C:\WINDOWS\system32\dllcache\ehcm.dll
+ 2006-10-09 21:16:00 1,863,680 ----a-w C:\WINDOWS\system32\dllcache\ehcm.dll
- 2005-10-11 23:32:46 864,256 ----a-w C:\WINDOWS\system32\dllcache\ehepg.dll
+ 2006-10-09 21:07:44 868,352 ----a-w C:\WINDOWS\system32\dllcache\ehepg.dll
- 2004-08-10 18:11:48 269,312 ----a-w C:\WINDOWS\system32\dllcache\ehglid.dll
+ 2006-10-09 21:17:04 328,704 ----a-w C:\WINDOWS\system32\dllcache\ehglid.dll
- 2005-10-11 23:43:18 3,219,456 ----a-w C:\WINDOWS\system32\dllcache\ehshell.exe
+ 2006-10-09 21:19:14 3,223,552 ----a-w C:\WINDOWS\system32\dllcache\ehshell.exe
- 2005-08-06 05:01:58 492,032 ----a-w C:\WINDOWS\system32\dllcache\ehui.dll
+ 2006-10-09 21:16:30 558,592 ----a-w C:\WINDOWS\system32\dllcache\ehui.dll
- 2005-08-06 05:01:54 356,352 ----a-w C:\WINDOWS\system32\dllcache\encdec.dll
+ 2006-10-09 21:12:44 456,192 ----a-w C:\WINDOWS\system32\dllcache\encdec.dll
- 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2005-08-04 09:29:52 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 02:47:14 11,264 ----a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2005-08-04 09:29:52 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 01:03:58 100,864 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-10 12:00:00 310,272 ----a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2004-08-10 12:00:00 384,512 ----a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2004-08-10 12:00:00 240,640 ----a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2004-08-10 12:00:00 356,352 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 02:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-08-10 12:00:00 72,960 ----a-w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\dllcache\mqac.sys
- 2004-08-10 12:00:00 138,240 ----a-w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\dllcache\mqad.dll
- 2004-08-10 12:00:00 47,104 ----a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
- 2004-08-10 12:00:00 16,896 ----a-w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\dllcache\mqise.dll
- 2004-08-10 12:00:00 660,992 ----a-w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\dllcache\mqqm.dll
- 2004-08-10 12:00:00 177,152 ----a-w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\dllcache\mqrt.dll
- 2004-08-10 12:00:00 95,744 ----a-w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\dllcache\mqsec.dll
- 2004-08-10 12:00:00 48,640 ----a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
- 2004-08-10 12:00:00 471,552 ----a-w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\dllcache\mqutil.dll
- 2005-08-04 09:29:52 115,200 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 02:47:16 179,712 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2005-08-04 09:29:52 25,088 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 02:47:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2005-08-04 09:29:52 173,568 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 02:47:16 175,616 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2005-08-04 09:29:52 353,520 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 21:21:50 414,720 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2005-10-11 23:39:32 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
+ 2006-10-09 21:15:52 1,669,632 ----a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
- 2005-08-04 09:29:52 315,904 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 02:47:16 321,536 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2005-08-06 05:01:54 239,104 ----a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
+ 2006-10-09 21:12:14 235,008 ----a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
- 2005-08-04 09:29:52 221,184 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 02:47:18 211,456 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2005-08-06 05:01:54 282,112 ----a-w C:\WINDOWS\system32\dllcache\sbe.dll
+ 2006-10-09 21:12:40 291,840 ----a-w C:\WINDOWS\system32\dllcache\sbe.dll
- 2006-10-02 18:30:10 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-01 23:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-08-10 12:00:00 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2005-08-04 09:29:52 359,936 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 02:47:18 757,248 ----a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2005-08-04 09:29:52 716,288 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 02:47:18 1,117,696 ----a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2005-08-04 09:29:52 29,184 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 02:47:18 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2005-08-04 09:29:52 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 02:47:18 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-08-10 12:00:00 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 02:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2005-08-04 09:29:52 150,016 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 02:47:20 157,184 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2005-08-04 09:29:52 988,672 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 02:47:20 937,984 ----a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2007-04-30 13:20:24 5,537,792 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-10 12:00:00 131,072 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 02:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-08-10 12:00:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 02:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-10 12:00:00 278,528 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 02:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2005-06-24 01:09:49 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 02:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2005-06-24 01:15:30 3,371,008 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 02:47:20 8,231,936 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-08-10 12:00:00 81,920 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 02:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2005-08-04 09:29:52 771,584 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2005-08-04 09:29:52 1,119,744 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2005-08-04 09:29:54 407,552 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 02:47:22 603,648 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2005-08-04 09:29:54 940,544 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 02:47:22 1,329,152 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 04:14:51 2,330,624 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 02:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2005-08-04 09:29:54 826,368 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2005-08-04 09:29:54 1,003,008 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2007-04-28 21:51:02 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-12-22 19:01:22 194,320 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-04-04 19:58:26 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2007-06-28 17:50:52 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
- 2004-08-10 12:00:00 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2005-04-25 17:03:00 20,640 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
+ 2006-10-23 18:26:34 36,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
+ 2006-10-19 02:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2006-03-03 12:33:01 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 01:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 23:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-29 00:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
- 2005-08-04 09:29:52 178,936 ----a-w C:\WINDOWS\system32\drmupgds.exe
+ 2006-10-19 01:00:46 249,856 ----a-w C:\WINDOWS\system32\drmupgds.exe
- 2006-03-03 12:26:57 581,632 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 02:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2005-08-06 05:01:54 356,352 ----a-w C:\WINDOWS\system32\encdec.dll
+ 2006-10-09 21:12:44 456,192 ----a-w C:\WINDOWS\system32\encdec.dll
- 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:55:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2007-10-10 23:55:51 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 10:59:40 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:55:51 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:55:51 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-10-10 23:55:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:55:52 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2007-10-10 23:55:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:55:55 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2007-10-10 23:55:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:55:56 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-06-28 17:51:48 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
- 2005-08-04 09:29:52 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 02:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2005-08-04 09:29:52 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 01:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2007-08-07 18:37:56 53,248 ----a-w C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
+ 2007-08-07 22:20:44 182,248 ----a-w C:\WINDOWS\system32\Macromed\Director\swdir.dll
+ 2007-08-07 22:21:02 55,272 ----a-w C:\WINDOWS\system32\Macromed\Director\SwDnld.exe
+ 2007-11-21 00:04:14 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
- 2007-11-09 04:51:35 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2007-12-28 00:57:29 74,137 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2007-08-07 18:35:56 585,728 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2007-08-07 18:19:40 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
+ 2007-08-07 18:36:32 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2007-08-07 21:52:32 1,113,600 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll
+ 2007-08-07 18:08:48 52,288 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll
+ 2007-08-07 18:17:24 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
+ 2007-08-07 18:35:22 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2007-08-07 18:35:32 483,328 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2007-08-07 18:28:38 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2007-08-07 22:20:28 391,144 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwHelper_1020023.exe
+ 2007-08-07 18:37:56 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2007-08-07 18:35:18 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
+ 2007-08-07 18:37:58 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2007-08-07 18:08:46 50,808 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
+ 1999-06-25 15:55:30 149,504 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
- 2005-08-04 09:29:52 106,496 ----a-w C:\WINDOWS\system32\mfplat.dll
+ 2006-10-19 02:47:14 212,992 ----a-w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-19 02:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-10 12:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 02:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-10 12:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 02:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-10 12:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
- 2004-08-10 12:00:00 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-10 12:00:00 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-10 12:00:00 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-10 12:00:00 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-10 12:00:00 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-10 12:00:00 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-10 12:00:00 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-10 12:00:00 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2006-10-02 20:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:55:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-10-10 23:55:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-20 20:34:42 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 23:42:28 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2005-08-04 09:29:52 115,200 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 02:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2005-08-04 09:29:52 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 02:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2005-08-04 09:29:52 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 02:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:55:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2005-08-04 09:29:52 353,520 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-12-04 21:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:55:59 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2005-10-11 23:39:32 1,669,120 ----a-w C:\WINDOWS\system32\msvidctl.dll
+ 2006-10-09 21:15:52 1,669,632 ----a-w C:\WINDOWS\system32\msvidctl.dll
- 2005-08-04 09:29:52 315,904 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-19 02:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:55:59 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2006-10-19 02:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 02:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 02:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 02:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 02:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2005-08-06 05:01:54 239,104 ----a-w C:\WINDOWS\system32\psisdecd.dll
+ 2006-10-09 21:12:14 235,008 ----a-w C:\WINDOWS\system32\psisdecd.dll
- 2005-08-20 09:17:22 405,504 ----a-w C:\WINDOWS\system32\Px.dll
+ 2006-10-23 18:26:34 452,264 ------w C:\WINDOWS\system32\Px.dll
- 2004-09-27 15:00:00 56,832 ----a-w C:\WINDOWS\system32\pxcpya64.exe
+ 2006-10-23 18:26:34 63,144 ------w C:\WINDOWS\system32\pxcpya64.exe
- 2004-09-27 15:00:00 108,544 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
+ 2006-10-23 18:26:34 114,856 ------w C:\WINDOWS\system32\pxcpyi64.exe
- 2005-08-05 16:01:00 434,176 ----a-w C:\WINDOWS\system32\pxdrv.dll
+ 2006-10-23 18:26:34 472,744 ------w C:\WINDOWS\system32\pxdrv.dll
- 2005-01-12 17:03:00 61,440 ----a-w C:\WINDOWS\system32\pxhpinst.exe
+ 2006-10-23 18:26:34 67,240 ------w C:\WINDOWS\system32\pxhpinst.exe
- 2005-01-12 17:03:00 56,320 ----a-w C:\WINDOWS\system32\pxinsa64.exe
+ 2006-10-23 18:26:34 62,632 ------w C:\WINDOWS\system32\pxinsa64.exe
- 2005-01-12 17:03:00 109,568 ----a-w C:\WINDOWS\system32\pxinsi64.exe
+ 2006-10-23 18:26:34 115,880 ------w C:\WINDOWS\system32\pxinsi64.exe
- 2005-08-20 09:14:48 172,032 ----a-w C:\WINDOWS\system32\PxMas.dll
+ 2006-10-23 18:26:34 181,928 ------w C:\WINDOWS\system32\PxMas.dll
- 2005-08-02 04:07:42 1,191,936 ----a-w C:\WINDOWS\system32\PxSFS.DLL
+ 2006-10-23 18:26:36 1,279,656 ------w C:\WINDOWS\system32\PxSFS.DLL
- 2005-08-20 09:13:30 339,968 ----a-w C:\WINDOWS\system32\PxWave.dll
+ 2006-10-23 18:26:36 345,768 ------w C:\WINDOWS\system32\PxWave.dll
- 2005-08-04 09:29:52 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-19 02:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2005-08-06 05:01:54 282,112 ----a-w C:\WINDOWS\system32\sbe.dll
+ 2006-10-09 21:12:40 291,840 ----a-w C:\WINDOWS\system32\sbe.dll
- 2007-10-08 19:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 22:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-09-06 22:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-25 22:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 13:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-07-18 12:42:22 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:55:59 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2005-08-04 09:29:52 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 02:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2005-08-12 16:00:00 28,672 ----a-w C:\WINDOWS\system32\VXBLOCK.dll
+ 2006-10-23 18:26:36 38,568 ------w C:\WINDOWS\system32\VXBLOCK.dll
- 2005-08-04 09:29:52 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 02:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2005-08-04 09:29:52 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 02:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
- 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:56:00 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 1994-09-21 05:00:00 12,800 ----a-w C:\WINDOWS\system32\Wing32.dll
- 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
- 2005-08-04 09:29:52 359,936 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 02:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2005-08-04 09:29:52 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 02:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2005-08-04 09:29:52 29,184 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 02:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2005-08-04 09:29:52 37,376 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 02:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2005-08-04 09:29:52 344,064 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 02:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2005-08-04 09:29:52 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 02:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
- 2005-08-04 09:29:52 180,224 ----a-w C:\WINDOWS\system32\wmdrmsdk.dll
+ 2006-10-19 02:47:20 535,040 ----a-w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-10 12:00:00 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 02:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2005-08-04 09:29:52 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 02:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2005-08-04 09:29:52 988,672 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 02:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 13:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-10 12:00:00 131,072 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 02:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-10 12:00:00 278,528 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 02:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 02:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2004-08-10 12:00:00 1,582,080 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 02:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2005-06-24 01:15:30 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 02:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 02:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 02:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-10 12:00:00 81,920 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 02:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-08-10 12:00:00 174,080 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 02:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2005-08-04 09:29:52 771,584 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2005-08-04 09:29:52 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2005-08-04 09:29:54 407,552 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 02:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2005-08-04 09:29:54 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 02:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2005-08-04 09:29:54 1,216,000 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2005-08-04 09:29:54 1,512,448 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 04:14:51 2,330,624 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 02:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 02:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2005-08-04 09:29:54 826,368 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2005-08-04 09:29:54 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 02:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 02:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 02:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 02:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2006-03-03 12:33:09 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 02:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2006-03-03 12:32:57 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 02:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2006-03-03 12:33:00 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 02:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2006-03-03 12:33:00 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 02:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 02:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 01:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 02:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 02:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2006-03-03 12:33:10 329,728 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 02:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-29 01:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 23:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 23:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 23:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 23:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2006-12-02 03:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 03:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 03:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 03:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 05:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 05:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 05:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51 715888]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 17:13 3810544]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2007-12-03 15:39 1260296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 03:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 13:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 13:10 114688]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35 49152]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41 1605740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 09:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 07:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\marci\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-12-01 09:42:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 09:23:26]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-17 09:03:02]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-01-26 15:00:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-11-02 11:47 120056 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 13:34:44 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-12-30 17:07:08 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 08:46:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
Completion time: 2008-01-01 8:47:35
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 13:47:31
C:\qoobox\ComboFix2.txt 2007-11-27 02:24:04
C:\qoobox\ComboFix3.txt 2007-11-25 17:26:59
.
2007-12-13 04:09:44 --- E O F ---

momtworugrats Jan 1st, 2008 1:16 pm
Re: Win32 generic host
 
can the temp folder in the doc/local settings be safely deleted?

crunchie Jan 2nd, 2008 6:28 am
Re: Win32 generic host
 
Quote:
Originally Posted by momtworugrats (Post 501796)
can the temp folder in the doc/local settings be safely deleted?
Just the contents :).

crunchie Jan 2nd, 2008 6:39 am
Re: Win32 generic host
 
Did you run combofix more than once? Looks like you did.

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

==

How are things?


All times are GMT -4. The time now is 5:04 am.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC