Windows Police Pro, can't run mba.. - Page 2

Question

jholland1964 650 Posting Expert

14 Years Ago

Running MBA-M after combofix WILL clean malware - it is not a bad step.
The thing is, it will also alter the contents of any subsequent CFScript as I'll have to cross-check the two logs - I just don't want to have to look at two logs at once and try to figure what has been removed and what still needs to be . . .
Congrats on being a "featured poster, btw....!"
PP :)

Sorry, these things have me so...????....so many of these here hard to keep track of whose log is whose???? Where did you see featured poster?

PhilliePhan 171 Central Scrutinizer

14 Years Ago

Great! :)

Things look good - a few rootkit remnants were removed and the log looks OK to me. Was going to suggest a run of Root Repeal for good measure, but the Panda scan was clean so I think we can forgo that unless you are in the mood for more scanning . . . LOL!

A few things:

-- You can DELETE:
C:\ILLA
C:\KILLBAD
C:\suckmydick
C:\PKBOO

ALSO:
Please navigate to the files in bold below and upload them here for analysis and let me know what you find ---> http://virusscan.jotti.org

c:\documents and settings\All Users\Application Data\icyw.dat
c:\windows\iun6002.exe

Lastly:

Let's remove Combofix and the files/folders it created:

• Click Start > Run
• Type or Copy&Paste Combofix /u into the Run box. (Be sure there is a space between the x and the / if you type it)
• Click OK

This will remove Combofix and it’s components from your machine.
It will also reset your clock, re-hide System and Hidden Files and hide File Extensions.
Last, but certainly not least, doing this will reset System Restore.

Now, I know you're blaming your husband, LOL! (heard that a million times + oh, it's my son home from school for spring break + all the others), so be sure to warn him of the dangers of P2P/Torrents and the like. Maybe threaten to pull his hair out next time...?

Cheers :)
PP

PhilliePhan 171 Central Scrutinizer

14 Years Ago

You have been super awesome.:icon_cheesygrin:

Well . . . . That's what everybody keeps telling me . . . I hope it doesn't go to my head! LOL!

Cheers :)
PP

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Sisaly 0 Newbie Poster · Answer 1 · 2009-09-02T08:52:54+00:00

Here's the MalwareBytes log.

Malwarebytes' Anti-Malware 1.40
Database version: 2728
Windows 5.1.2600 Service Pack 2

9/1/2009 9:51:47 PM
mbam-log-2009-09-01 (21-51-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 171018
Time elapsed: 1 hour(s), 13 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 7
Registry Values Infected: 5
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\huverego.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ririzaki.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19c97a07-5c6d-464d-8765-8d59d54aa792} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{19c97a07-5c6d-464d-8765-8d59d54aa792} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3ee902a-027d-4d77-829b-1697267ddd6c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3cf1638a-499b-4985-b05b-940e200c870b} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cf1638a-499b-4985-b05b-940e200c870b} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmbqvmttap (Rootkit.TDSS) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vamanipetu (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\midalolis (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c3ee902a-027d-4d77-829b-1697267ddd6c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\metotozon (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\huverego.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\huverego.dll -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ririzaki.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\huverego.dll (Trojan.Vundo.H) -> No action taken.
C:\C3\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\C3\NIA\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\15977394\15977394.exe.vir (Rogue.SystemSecurity) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cru629.dat.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kbiwkmbvsmrril.dll.vir (Rootkit.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kbiwkmjklypdur.dll.vir (Rootkit.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nepusenu.dll.vir (Trojan.Vundo.H) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuviloko.exe.vir (Rogue.SystemSecurity) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir (Trojan.KillAV) -> No action taken.
C:\WINDOWS\system32\guderasa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wimavapa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ziperame.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\luliwedo.dll (Trojan.Vundo) -> No action taken.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 2 · 2009-09-02T09:08:05+00:00

Sisaly, you didn't have MBA-M remove the items found. You HAVE to do this. Run it again, when it shows you what is found then click the Remove Selected button.

PhilliePhan 171 Central Scrutinizer Team Colleague · Answer 3 · 2009-09-02T09:09:05+00:00

Here's the MalwareBytes log.

LOL! You let that thing run for over an hour and then you didn't have it remove the baddies? ;) After all they put you through . . . .

Run it again and when the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.

I will check back Wednesday evening EST - there are still a bunch of fixes we need to do manually with combofix. I'll post them for you tomorrow.

-- Hey. . . . Don't rip any more hair out over that "Remove Selected" fail........:cool:

PP

Sisaly 0 Newbie Poster · Answer 4 · 2009-09-02T09:34:29+00:00

Oh ho ho....I removed them after just posted the first log, and it's rescanning. ;)

So far all system operations functioning normally.

BTW: To anyone reading this, I was able to do all this because my infected laptop is networked to my desktop. And my hubby is the one that infected the sucker and his wifey is fixing the problem.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 5 · 2009-09-02T10:05:52+00:00

Oh ho ho....I removed them after just posted the first log, and it's rescanning. ;)
So far all system operations functioning normally.
BTW: To anyone reading this, I was able to do all this because my infected laptop is networked to my desktop. And my hubby is the one that infected the sucker and his wifey is fixing the problem.

LOL...nothing like a sense of humor to keep things under control. That's hilarious Sisaly! :icon_cheesygrin:

Sisaly 0 Newbie Poster · Answer 6 · 2009-09-02T11:32:43+00:00

LOL...nothing like a sense of humor to keep things under control. That's hilarious Sisaly! :icon_cheesygrin:

Well, I noticed all these guys on here saying their gf/wife infected the thing and they are trying to fix it. Just tellin it like it is.

After the second scan of mbam I had one infection. I would say this is case closed, thank goodness. Hubby can watch his precious soccer again....which is how he got Police Pro to begin with.
Phil, let me know if I need to remove or change anything. Thank you very much, repped you.
Here's that log.....

Malwarebytes' Anti-Malware 1.40
Database version: 2728
Windows 5.1.2600 Service Pack 2

9/1/2009 11:29:30 PM
mbam-log-2009-09-01 (23-29-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 170739
Time elapsed: 1 hour(s), 25 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmbqvmttap (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 7 · 2009-09-02T12:12:54+00:00

No, not closed yet. PP for sure has to look at these logs. Especially the combofix log as there may be additional fixes which need to be done with that before the computer can be assured to be clean. This is an especially nasty bug which does have ways of hiding itself all over the computer.
Why not run a full scan with HiJackThis and post that log so the logs will all be here when he gets back tomorrow.
Judy

Sisaly 0 Newbie Poster · Answer 8 · 2009-09-02T15:02:40+00:00

I ran mbam again and am still getting the same log as last time.

Malwarebytes' Anti-Malware 1.40
Database version: 2728
Windows 5.1.2600 Service Pack 2

9/2/2009 3:06:46 AM
mbam-log-2009-09-02 (03-06-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 170910
Time elapsed: 1 hour(s), 8 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmbqvmttap (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I ran HijackThis and am unfamiliar with it. I didn't check any boxes nor fix anything. Here's the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:03 AM, on 9/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Oxigen\bin\Oxigen.exe
C:\Program Files\Oxigen\bin\OxiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [OxigenClientAdmin] "C:\Program Files\Oxigen\bin\Oxigen.exe"
O4 - HKLM\..\Run: [OxigenTrayIcon] C:\Program Files\Oxigen\bin\OxiTray.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: FirePod Control Panel.lnk = C:\Program Files\PreSonus\1394AudioDriver_FirePod\FirePod.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132211267802
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132211256235
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

--
End of file - 8921 bytes

Rik_ 111 Nearly a Posting Maven · Answer 9 · 2009-09-02T15:10:46+00:00

Download the Panda Antirootkit programme.

Unzip it and run the PAVARK.exe file.

Tick the box that says In depth scan and follow the on screen instructions.

DO NOT remove any UNKNOWN ROOTKITS at this stage. Instead, let me know your results in your reply.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 10 · 2009-09-02T15:23:28+00:00

crunchie 990 Most Valuable Poster

14 Years Ago

I think that there are already enough cooks in this pie :).

Sisaly 0 Newbie Poster · Answer 11 · 2009-09-02T15:29:32+00:00

Sisaly 0 Newbie Poster

14 Years Ago

Well, should I run Panda or not?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 12 · 2009-09-02T15:41:10+00:00

PhilliePhan may have something else planned for you to do and running tools in between can upset things :).
Ideally, one person should help out with infections such as these to prevent any confusion happening (from both sides).

Sisaly 0 Newbie Poster · Answer 13 · 2009-09-02T16:03:45+00:00

Thanks crunchie.

I -did- run the Panda and it said no rootkits found.

Will see what PP says tomorrow.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 14 · 2009-09-02T20:06:13+00:00

Sisaly, if you will noted in post #33, PP said the following:

I will check back Wednesday evening EST - there are still a bunch of fixes we need to do manually with combofix. I'll post them for you tomorrow.

Please don't run any other tools until you hear from HIM. The fixes with combofix will be very specific to YOUR computer. Running other cleaners can cause difficulties with the fixes he will post for you. So if others suggest some other cleaner, please IGNORE them. The HiJackThis program is NOT a cleaner but essentially a scanner to give another picture of what may be on the computer for PP to look at now please wait until PP returns before taking any other steps.
Judy

PhilliePhan 171 Central Scrutinizer Team Colleague · Answer 15 · 2009-09-03T05:09:25+00:00

crunchie is right - Once combofix has been run, only the volunteer who requested it be run should post until the matter has been resolved! Everybody else is just getting in the way. (no offense intended to anybody - just speaking the truth)

Please don't run any other tools until you hear from HIM. The fixes with combofix will be very specific to YOUR computer. Running other cleaners can cause difficulties with the fixes he will post for you. So if others suggest some other cleaner, please IGNORE them.

I wish you had listened to your own advice in this post, Judy, LOL!
http://www.daniweb.com/forums/post964794-24.html

I guess, when one is a FEATURED POSTER, one can get away with this . . . . . ;)

@ Sisaly - This is my fault, but I should have mentioned that I would need a Fresh combofix log after the MBA-M scan.

Delete your current combofix and download a fresh copy, run it and post me the log. We are pretty much done, but I want to clean up any "hangers on."

PP :)

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 16 · 2009-09-03T06:00:01+00:00

jholland1964 650 Posting Expert

14 Years Ago

I thought I had. Sorry. It's all yours.:)

PhilliePhan 171 Central Scrutinizer Team Colleague · Answer 17 · 2009-09-03T06:08:42+00:00

I thought I had. Sorry. It's all yours.:)

Running MBA-M after combofix WILL clean malware - it is not a bad step.
The thing is, it will also alter the contents of any subsequent CFScript as I'll have to cross-check the two logs - I just don't want to have to look at two logs at once and try to figure what has been removed and what still needs to be . . .

Congrats on being a "featured poster, btw....!"

PP :)

Sisaly 0 Newbie Poster · Answer 18 · 2009-09-03T07:18:41+00:00

Here's combofix.

ComboFix 09-09-02.02 - Rachel 09/02/2009 19:36.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.191 [GMT -5:00]
Running from: c:\documents and settings\Rachel\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_005989_.tmp.dll
c:\windows\system32\_005990_.tmp.dll
c:\windows\system32\_005991_.tmp.dll
c:\windows\system32\_005992_.tmp.dll
c:\windows\system32\_005999_.tmp.dll
c:\windows\system32\_006000_.tmp.dll
c:\windows\system32\_006001_.tmp.dll
c:\windows\system32\_006002_.tmp.dll
c:\windows\system32\_006004_.tmp.dll
c:\windows\system32\_006005_.tmp.dll
c:\windows\system32\_006008_.tmp.dll
c:\windows\system32\_006009_.tmp.dll
c:\windows\system32\_006011_.tmp.dll
c:\windows\system32\_006012_.tmp.dll
c:\windows\system32\_006013_.tmp.dll
c:\windows\system32\_006015_.tmp.dll
c:\windows\system32\_006018_.tmp.dll
c:\windows\system32\_006019_.tmp.dll
c:\windows\system32\_006023_.tmp.dll
c:\windows\system32\_006024_.tmp.dll
c:\windows\system32\_006026_.tmp.dll
c:\windows\system32\_006029_.tmp.dll
c:\windows\system32\_006031_.tmp.dll
c:\windows\system32\_006032_.tmp.dll
c:\windows\system32\_006033_.tmp.dll
c:\windows\system32\_006034_.tmp.dll
c:\windows\system32\_006035_.tmp.dll
c:\windows\system32\_006038_.tmp.dll
c:\windows\system32\_006039_.tmp.dll
c:\windows\system32\_006040_.tmp.dll
c:\windows\system32\_006041_.tmp.dll
c:\windows\system32\_006042_.tmp.dll
c:\windows\system32\_006047_.tmp.dll
c:\windows\system32\_006049_.tmp.dll
c:\windows\system32\_006050_.tmp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmbqvmttap
-------\Service_kbiwkmbqvmttap

((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-09-02 11:04 . 2009-09-02 11:39 -------- d-----w- c:\windows\system32\scripting
2009-09-02 11:04 . 2009-09-02 11:39 -------- d-----w- c:\windows\l2schemas
2009-09-02 11:04 . 2009-09-02 11:39 -------- d-----w- c:\windows\system32\en
2009-09-02 10:51 . 2003-03-31 19:00 82432 ----a-w- c:\windows\system32\dllcache\msdtcstp.dll
2009-09-02 10:50 . 2003-03-31 19:00 60928 ----a-w- c:\windows\system32\dllcache\ocmanage.dll
2009-09-02 09:43 . 2009-09-02 10:32 -------- d-----w- c:\documents and settings\Rachel\Pavark
2009-09-02 08:53 . 2009-09-02 08:53 -------- d-----w- c:\program files\Trend Micro
2009-09-02 01:34 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 01:34 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 01:33 . 2009-09-02 01:34 -------- d-----w- C:\ILLA
2009-09-01 22:43 . 2009-09-01 22:43 -------- d---a-w- C:\KILLBAD
2009-09-01 02:48 . 2009-09-01 12:21 -------- d-----w- C:\suckmydick
2009-09-01 00:43 . 2009-09-01 00:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-01 00:35 . 2009-09-01 00:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-01 00:18 . 2009-09-01 00:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-08-31 06:48 . 2009-08-31 06:48 -------- d---a-w- C:\PKBOO
2009-08-31 05:55 . 2009-08-31 05:55 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-31 05:25 . 2009-08-31 05:25 -------- d-----w- c:\program files\CCleaner
2009-08-31 03:49 . 2009-08-31 03:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-31 03:07 . 2009-08-31 03:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-31 02:36 . 2009-08-31 02:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-23 00:13 . 2009-08-23 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-08-23 00:12 . 2009-08-23 00:13 -------- d-----w- c:\program files\TVUPlayer
2009-08-20 00:49 . 2009-08-20 00:49 -------- d-----w- c:\documents and settings\Rachel\fontconfig
2009-08-20 00:41 . 2009-08-31 05:00 -------- d-----w- c:\program files\MPlayer for Windows
2009-08-20 00:12 . 2009-08-20 00:12 -------- d-----w- c:\program files\Common Files\NSV
2009-08-15 01:23 . 2009-08-15 01:24 -------- d-----w- C:\REPSPL
2009-08-11 23:55 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-08-08 12:02 . 2009-08-08 12:02 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-08 08:14 . 2009-08-08 08:14 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-08 08:13 . 2009-08-08 08:13 -------- d-----w- c:\program files\MSBuild
2009-08-08 08:13 . 2009-08-08 08:13 -------- d-----w- c:\program files\Reference Assemblies
2009-08-08 08:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-08 08:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-08 08:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-08 08:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-08 08:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-08 08:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-08 08:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-08 08:11 . 2009-08-08 08:12 -------- d-----w- C:\a6934de93bf88e0a3bce6630233dd5
2009-08-08 08:02 . 2009-08-08 08:02 -------- d-----w- c:\program files\MSXML 6.0
2009-08-05 08:01 . 2009-08-05 08:01 56972 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 00:18 . 2009-06-24 01:05 -------- d-----w- c:\program files\McAfee
2009-09-02 07:17 . 2007-12-01 06:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-02 05:35 . 2005-11-18 06:46 73248 ----a-w- c:\documents and settings\Rachel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 03:31 . 2009-06-28 02:44 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-31 02:23 . 2009-08-31 02:23 16669 ----a-w- c:\documents and settings\All Users\Application Data\icyw.dat
2009-08-29 22:13 . 2009-06-24 01:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-15 01:23 . 2009-07-12 13:20 737280 ----a-w- c:\windows\iun6002.exe
2009-08-14 12:33 . 2008-12-27 03:14 -------- d-----w- c:\documents and settings\Rachel\Application Data\uTorrent
2009-08-05 09:11 . 2003-03-31 19:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 03:09 . 2006-02-24 20:09 -------- d-----w- c:\documents and settings\Rachel\Application Data\Apple Computer
2009-07-27 23:35 . 2009-07-27 23:34 -------- d-----w- c:\program files\iTunes
2009-07-27 23:34 . 2006-10-04 16:16 -------- d-----w- c:\program files\iPod
2009-07-27 23:33 . 2007-10-22 19:48 -------- d-----w- c:\program files\Common Files\Apple
2009-07-21 00:31 . 2008-12-13 19:37 -------- d-----w- c:\program files\Veetle
2009-07-20 09:04 . 2009-07-20 09:00 -------- d-----w- c:\program files\Image-Line
2009-07-20 09:04 . 2009-07-20 09:04 -------- d-----w- c:\program files\ASIO4ALL v2
2009-07-17 18:55 . 2003-03-31 19:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 10:00 . 2009-01-31 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-14 04:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 07:46 . 2007-12-01 06:27 -------- d-----w- c:\program files\Google
2009-07-13 07:45 . 2006-06-02 20:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-12 13:19 . 2009-07-12 13:19 -------- d-----w- c:\program files\Replay Converter
2009-07-03 17:09 . 2005-06-18 05:49 915456 ------w- c:\windows\system32\wininet.dll
2009-06-30 00:14 . 2009-06-30 00:14 0 ----a-w- c:\windows\nsreg.dat
2009-06-25 08:44 . 2009-09-02 10:50 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2009-09-02 10:50 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2009-09-02 10:50 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2005-06-15 17:50 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2003-03-31 19:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2003-03-31 19:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-22 11:34 . 2009-09-02 10:50 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2003-03-31 19:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2003-03-31 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2003-03-31 19:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2003-03-31 19:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2009-09-02 10:50 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2005-11-16 18:40 655872 ----a-w- c:\windows\system32\mstscax.dll
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-02_01.15.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-26 00:44 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
- 2007-03-02 19:12 . 2007-01-19 20:15 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2009-09-02 10:50 . 2004-08-04 07:56 24576 c:\windows\system32\userinit.exe
- 2003-03-31 19:00 . 2004-08-04 07:56 24576 c:\windows\system32\userinit.exe
+ 2009-09-02 10:50 . 2004-08-04 07:56 45568 c:\windows\system32\tcpmonui.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 45568 c:\windows\system32\tcpmonui.dll
- 2003-03-31 19:00 . 2004-12-07 19:32 96768 c:\windows\system32\srvsvc.dll
+ 2009-09-02 10:50 . 2004-12-07 19:32 96768 c:\windows\system32\srvsvc.dll
+ 2009-06-28 02:47 . 2007-08-11 01:46 17272 c:\windows\system32\spmsg.dll
- 2009-06-28 02:47 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-09-02 10:50 . 2004-08-04 07:56 50688 c:\windows\system32\smss.exe
- 2003-03-31 19:00 . 2004-08-04 07:56 50688 c:\windows\system32\smss.exe
+ 2009-09-02 10:50 . 2004-08-04 07:56 95744 c:\windows\system32\scardsvr.exe
- 2003-03-31 19:00 . 2004-08-04 07:56 95744 c:\windows\system32\scardsvr.exe
+ 2009-09-02 10:50 . 2004-08-04 07:56 13312 c:\windows\system32\savedump.exe
- 2003-03-31 19:00 . 2004-08-04 07:56 13312 c:\windows\system32\savedump.exe
+ 2009-09-02 10:50 . 2004-08-04 07:56 64000 c:\windows\system32\samlib.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 64000 c:\windows\system32\samlib.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 39936 c:\windows\system32\rshx32.dll
+ 2009-09-02 10:50 . 2004-08-04 07:56 39936 c:\windows\system32\rshx32.dll
+ 2009-09-02 10:56 . 2004-08-04 05:59 37376 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\amdk7.sys
- 2003-03-31 19:00 . 2004-08-04 07:56 58880 c:\windows\system32\rastapi.dll
+ 2009-09-02 10:50 . 2004-08-04 07:56 58880 c:\windows\system32\rastapi.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 61440 c:\windows\system32\rasman.dll
+ 2009-09-02 10:50 . 2004-08-04 07:56 61440 c:\windows\system32\rasman.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 89088 c:\windows\system32\rasauto.dll
+ 2009-09-02 10:50 . 2004-08-04 07:56 89088 c:\windows\system32\rasauto.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 39936 c:\windows\system32\perfctrs.dll
+ 2009-09-02 10:50 . 2004-08-04 07:56 39936 c:\windows\system32\perfctrs.dll
- 2003-03-31 19:00 . 2005-07-26 04:39 37888 c:\windows\system32\olecnv32.dll
+ 2009-09-02 10:50 . 2005-07-26 04:39 37888 c:\windows\system32\olecnv32.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 91136 c:\windows\system32\ntprint.dll
+ 2009-09-02 10:50 . 2004-08-04 07:56 91136 c:\windows\system32\ntprint.dll
+ 2009-09-02 10:50 . 2004-08-04 07:56 76800 c:\windows\system32\nslookup.exe
- 2003-03-31 19:00 . 2004-08-04 07:56 76800 c:\windows\system32\nslookup.exe
- 2007-05-08 22:08 . 2007-05-08 22:08 86728 c:\windows\system32\msxml6r.dll
+ 2009-06-26 00:47 . 2007-05-08 22:08 86728 c:\windows\system32\msxml6r.dll
+ 2009-09-02 10:50 . 2004-08-04 07:56 33792 c:\windows\system32\msgsvc.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 33792 c:\windows\system32\msgsvc.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 14848 c:\windows\system32\mgmtapi.dll
+ 2009-09-02 10:50 . 2004-08-04 07:56 14848 c:\windows\system32\mgmtapi.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 75264 c:\windows\system32\locator.exe
+ 2009-09-02 10:50 . 2004-08-04 07:56 75264 c:\windows\system32\locator.exe
+ 2009-09-02 10:50 . 2004-08-04 07:56 13824 c:\windows\system32\lmhsvc.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 13824 c:\windows\system32\lmhsvc.dll
+ 2009-09-02 10:50 . 2004-08-04 05:59 81280 c:\windows\system32\hal.dll
- 2003-03-31 19:00 . 2004-08-04 05:59 81280 c:\windows\system32\HAL.DLL
+ 2009-09-02 10:50 . 2004-08-04 07:56 42496 c:\windows\system32\ftp.exe
- 2003-03-31 19:00 . 2004-08-04 07:56 42496 c:\windows\system32\ftp.exe
- 2003-03-31 19:00 . 2003-03-31 19:00 25600 c:\windows\system32\format.com
+ 2009-09-02 10:50 . 2003-03-31 19:00 25600 c:\windows\system32\format.com
+ 2009-09-02 10:50 . 2006-06-14 09:00 82944 c:\windows\system32\drivers\wdmaud.sys
- 2002-08-29 02:00 . 2006-06-14 09:00 82944 c:\windows\system32\drivers\wdmaud.sys
- 2003-03-31 19:00 . 2004-08-04 06:04 34560 c:\windows\system32\drivers\wanarp.sys
+ 2009-09-02 10:50 . 2004-08-04 06:04 34560 c:\windows\system32\drivers\wanarp.sys
- 2004-08-04 06:04 . 2004-08-04 06:04 13568 c:\windows\system32\drivers\wacompen.sys
+ 2009-09-02 10:52 . 2004-08-04 06:04 13568 c:\windows\system32\drivers\wacompen.sys
- 2003-03-31 19:00 . 2004-08-04 06:00 52352 c:\windows\system32\drivers\volsnap.sys
+ 2009-09-02 10:50 . 2004-08-04 06:00 52352 c:\windows\system32\drivers\volsnap.sys
- 2003-03-31 19:00 . 2004-08-04 06:07 79744 c:\windows\system32\drivers\videoprt.sys
+ 2009-09-02 10:50 . 2004-08-04 06:07 79744 c:\windows\system32\drivers\videoprt.sys
+ 2009-09-02 10:52 . 2004-08-04 06:07 42240 c:\windows\system32\drivers\viaagp.sys
- 2004-08-04 06:07 . 2004-08-04 06:07 42240 c:\windows\system32\drivers\viaagp.sys
+ 2009-09-02 10:50 . 2004-08-04 06:07 20992 c:\windows\system32\drivers\vga.sys
- 2003-03-31 19:00 . 2004-08-04 06:07 20992 c:\windows\system32\drivers\vga.sys
+ 2009-09-02 10:52 . 2004-08-04 07:56 11325 c:\windows\system32\drivers\vchnt5.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 11325 c:\windows\system32\drivers\vchnt5.dll
- 2004-08-04 06:10 . 2004-08-04 06:10 78464 c:\windows\system32\drivers\usbvideo.sys
+ 2009-09-02 10:52 . 2004-08-04 06:10 78464 c:\windows\system32\drivers\usbvideo.sys
+ 2009-09-02 10:50 . 2004-08-04 06:08 26496 c:\windows\system32\drivers\usbstor.sys
- 2005-11-21 06:32 . 2004-08-04 06:08 26496 c:\windows\system32\drivers\USBSTOR.SYS
+ 2009-09-02 10:50 . 2004-08-04 05:58 15104 c:\windows\system32\drivers\usbscan.sys
- 2008-11-29 02:42 . 2004-08-04 05:58 15104 c:\windows\system32\drivers\usbscan.sys
+ 2009-09-02 10:50 . 2004-08-04 06:01 25856 c:\windows\system32\drivers\usbprint.sys
- 2007-03-03 02:06 . 2004-08-04 06:01 25856 c:\windows\system32\drivers\usbprint.sys
- 2003-03-31 19:00 . 2004-08-04 06:08 17024 c:\windows\system32\drivers\usbohci.sys
+ 2009-09-02 10:50 . 2004-08-04 06:08 17024 c:\windows\system32\drivers\usbohci.sys
+ 2009-09-02 10:50 . 2004-08-04 06:08 16000 c:\windows\system32\drivers\usbintel.sys
- 2002-08-29 01:32 . 2004-08-04 06:08 16000 c:\windows\system32\drivers\usbintel.sys
- 2003-03-31 19:00 . 2004-08-04 06:08 57600 c:\windows\system32\drivers\usbhub.sys
+ 2009-09-02 10:50 . 2004-08-04 06:08 57600 c:\windows\system32\drivers\usbhub.sys
+ 2009-09-02 10:52 . 2004-08-04 06:08 26624 c:\windows\system32\drivers\usbehci.sys
- 2004-08-04 06:08 . 2004-08-04 06:08 26624 c:\windows\system32\drivers\usbehci.sys
+ 2009-09-02 10:50 . 2003-03-31 19:00 23936 c:\windows\system32\drivers\usbcamd2.sys
- 2001-08-17 14:03 . 2003-03-31 19:00 23936 c:\windows\system32\drivers\usbcamd2.sys
- 2001-08-17 14:03 . 2003-03-31 19:00 23808 c:\windows\system32\drivers\usbcamd.sys
+ 2009-09-02 10:50 . 2003-03-31 19:00 23808 c:\windows\system32\drivers\usbcamd.sys
+ 2009-09-02 10:52 . 2004-08-04 06:04 12672 c:\windows\system32\drivers\usb8023x.sys
- 2004-08-04 06:04 . 2004-08-04 06:04 12672 c:\windows\system32\drivers\usb8023x.sys
- 2003-03-31 19:00 . 2004-08-04 06:04 12672 c:\windows\system32\drivers\usb8023.sys
+ 2009-09-02 10:50 . 2004-08-04 06:04 12672 c:\windows\system32\drivers\usb8023.sys
- 2003-03-31 19:00 . 2004-08-04 06:00 66176 c:\windows\system32\drivers\udfs.sys
+ 2009-09-02 10:50 . 2004-08-04 06:00 66176 c:\windows\system32\drivers\udfs.sys
- 2004-08-04 06:07 . 2004-08-04 06:07 44672 c:\windows\system32\drivers\uagp35.sys
+ 2009-09-02 10:52 . 2004-08-04 06:07 44672 c:\windows\system32\drivers\uagp35.sys
- 2002-08-29 01:35 . 2004-08-04 06:03 12416 c:\windows\system32\drivers\tunmp.sys
+ 2009-09-02 10:52 . 2004-08-04 06:03 12416 c:\windows\system32\drivers\tunmp.sys
+ 2009-09-02 10:50 . 2004-08-04 08:01 40840 c:\windows\system32\drivers\termdd.sys
- 2005-11-16 18:40 . 2004-08-04 08:01 40840 c:\windows\system32\drivers\termdd.sys
- 2005-11-16 18:40 . 2004-08-04 08:01 21896 c:\windows\system32\drivers\tdtcp.sys
+ 2009-09-02 10:50 . 2004-08-04 08:01 21896 c:\windows\system32\drivers\tdtcp.sys
- 2005-11-16 18:40 . 2004-08-04 08:01 12040 c:\windows\system32\drivers\tdpipe.sys
+ 2009-09-02 10:50 . 2004-08-04 08:01 12040 c:\windows\system32\drivers\tdpipe.sys
+ 2009-09-02 10:50 . 2004-08-04 06:07 18560 c:\windows\system32\drivers\tdi.sys
- 2003-03-31 19:00 . 2004-08-04 06:07 18560 c:\windows\system32\drivers\tdi.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 14976 c:\windows\system32\drivers\tape.sys
- 2003-03-31 19:00 . 2004-08-04 05:59 14976 c:\windows\system32\drivers\tape.sys
- 2002-08-29 02:01 . 2004-08-04 06:15 60800 c:\windows\system32\drivers\sysaudio.sys
+ 2009-09-02 10:50 . 2004-08-04 06:15 60800 c:\windows\system32\drivers\sysaudio.sys
+ 2009-09-02 10:50 . 2003-03-31 19:00 54272 c:\windows\system32\drivers\swmidi.sys
- 2001-08-17 14:00 . 2003-03-31 19:00 54272 c:\windows\system32\drivers\swmidi.sys
+ 2009-09-02 10:50 . 2004-08-04 06:08 48640 c:\windows\system32\drivers\stream.sys
- 2002-08-29 01:32 . 2004-08-04 06:08 48640 c:\windows\system32\drivers\stream.sys
+ 2009-09-02 10:50 . 2004-08-04 06:06 73472 c:\windows\system32\drivers\sr.sys
- 2005-11-16 18:42 . 2004-08-04 06:06 73472 c:\windows\system32\drivers\sr.sys
+ 2009-09-02 10:50 . 2004-08-04 06:09 25472 c:\windows\system32\drivers\sonydcam.sys
- 2002-08-29 01:33 . 2004-08-04 06:09 25472 c:\windows\system32\drivers\sonydcam.sys
+ 2009-09-02 10:52 . 2004-08-04 06:07 41088 c:\windows\system32\drivers\sisagp.sys
- 2004-08-04 06:07 . 2004-08-04 06:07 41088 c:\windows\system32\drivers\sisagp.sys
- 2003-03-31 19:00 . 2004-08-04 05:59 11392 c:\windows\system32\drivers\sfloppy.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 11392 c:\windows\system32\drivers\sfloppy.sys
- 2004-08-04 05:59 . 2004-08-04 05:59 10240 c:\windows\system32\drivers\sffp_sd.sys
+ 2009-09-02 10:52 . 2004-08-04 05:59 10240 c:\windows\system32\drivers\sffp_sd.sys
+ 2009-09-02 10:52 . 2004-08-04 05:59 11136 c:\windows\system32\drivers\sffdisk.sys
- 2004-08-04 05:59 . 2004-08-04 05:59 11136 c:\windows\system32\drivers\sffdisk.sys
+ 2009-09-02 10:50 . 2004-08-04 06:15 64896 c:\windows\system32\drivers\serial.sys
- 2003-03-31 19:00 . 2004-08-04 06:15 64896 c:\windows\system32\drivers\serial.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 15488 c:\windows\system32\drivers\serenum.sys
- 2003-03-31 19:00 . 2004-08-04 05:59 15488 c:\windows\system32\drivers\serenum.sys
+ 2009-09-02 10:52 . 2004-08-04 06:07 67584 c:\windows\system32\drivers\sdbus.sys
- 2004-08-04 06:07 . 2004-08-04 06:07 67584 c:\windows\system32\drivers\sdbus.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 96256 c:\windows\system32\drivers\scsiport.sys
- 2003-03-31 19:00 . 2004-08-04 05:59 96256 c:\windows\system32\drivers\scsiport.sys
+ 2009-09-02 10:52 . 2004-08-04 06:04 30080 c:\windows\system32\drivers\rndismpx.sys
- 2004-08-04 06:04 . 2004-08-04 06:04 30080 c:\windows\system32\drivers\rndismpx.sys
- 2003-03-31 19:00 . 2004-08-04 06:04 30080 c:\windows\system32\drivers\rndismp.sys
+ 2009-09-02 10:50 . 2004-08-04 06:04 30080 c:\windows\system32\drivers\rndismp.sys
- 2004-08-04 06:10 . 2004-08-04 06:10 59648 c:\windows\system32\drivers\rfcomm.sys
+ 2009-09-02 10:52 . 2004-08-04 06:10 59648 c:\windows\system32\drivers\rfcomm.sys
- 2005-11-16 12:35 . 2004-08-04 05:59 57472 c:\windows\system32\drivers\redbook.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 57472 c:\windows\system32\drivers\redbook.sys
- 2003-03-31 19:00 . 2004-08-04 06:14 48384 c:\windows\system32\drivers\raspptp.sys
+ 2009-09-02 10:50 . 2004-08-04 06:14 48384 c:\windows\system32\drivers\raspptp.sys
+ 2009-09-02 10:50 . 2004-08-04 06:05 41472 c:\windows\system32\drivers\raspppoe.sys
- 2003-03-31 19:00 . 2004-08-04 06:05 41472 c:\windows\system32\drivers\raspppoe.sys
- 2003-03-31 19:00 . 2004-08-04 06:14 51328 c:\windows\system32\drivers\rasl2tp.sys
+ 2009-09-02 10:50 . 2004-08-04 06:14 51328 c:\windows\system32\drivers\rasl2tp.sys
- 2003-03-31 19:00 . 2004-08-04 06:04 69120 c:\windows\system32\drivers\psched.sys
+ 2009-09-02 10:50 . 2004-08-04 06:04 69120 c:\windows\system32\drivers\psched.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 35328 c:\windows\system32\drivers\processr.sys
- 2002-08-29 01:05 . 2004-08-04 05:59 35328 c:\windows\system32\drivers\processr.sys
- 2003-03-31 19:00 . 2004-08-04 05:59 25088 c:\windows\system32\drivers\pciidex.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 25088 c:\windows\system32\drivers\pciidex.sys
- 2003-03-31 19:00 . 2004-08-04 06:07 68224 c:\windows\system32\drivers\pci.sys
+ 2009-09-02 10:50 . 2004-08-04 06:07 68224 c:\windows\system32\drivers\pci.sys
+ 2009-09-02 10:50 . 2003-03-31 19:00 18688 c:\windows\system32\drivers\partmgr.sys
- 2003-03-31 19:00 . 2003-03-31 19:00 18688 c:\windows\system32\drivers\partmgr.sys
- 2002-08-29 01:27 . 2004-08-04 05:59 80128 c:\windows\system32\drivers\parport.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 80128 c:\windows\system32\drivers\parport.sys
- 2002-08-29 01:05 . 2004-08-04 05:59 42496 c:\windows\system32\drivers\p3.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 42496 c:\windows\system32\drivers\p3.sys
- 2008-12-02 10:17 . 2004-08-04 06:10 61056 c:\windows\system32\drivers\ohci1394.sys
+ 2009-09-02 10:50 . 2004-08-04 06:10 61056 c:\windows\system32\drivers\ohci1394.sys
- 2003-03-31 19:00 . 2004-08-04 06:03 88448 c:\windows\system32\drivers\nwlnkipx.sys
+ 2009-09-02 10:50 . 2004-08-04 06:03 88448 c:\windows\system32\drivers\nwlnkipx.sys
+ 2009-09-02 10:50 . 2004-08-04 06:00 30848 c:\windows\system32\drivers\npfs.sys
- 2003-03-31 19:00 . 2004-08-04 06:00 30848 c:\windows\system32\drivers\npfs.sys
- 2003-03-31 19:00 . 2004-08-04 05:59 40320 c:\windows\system32\drivers\nmnt.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 40320 c:\windows\system32\drivers\nmnt.sys
+ 2009-09-02 10:50 . 2004-08-04 05:58 61824 c:\windows\system32\drivers\nic1394.sys
- 2002-08-29 01:33 . 2004-08-04 05:58 61824 c:\windows\system32\drivers\nic1394.sys
+ 2009-09-02 10:50 . 2004-08-04 06:03 34560 c:\windows\system32\drivers\netbios.sys
- 2003-03-31 19:00 . 2004-08-04 06:03 34560 c:\windows\system32\drivers\netbios.sys
- 2003-03-31 19:00 . 2003-03-31 19:00 38016 c:\windows\system32\drivers\ndproxy.sys
+ 2009-09-02 10:50 . 2003-03-31 19:00 38016 c:\windows\system32\drivers\ndproxy.sys
+ 2009-09-02 10:50 . 2004-08-04 06:14 91776 c:\windows\system32\drivers\ndiswan.sys
- 2003-03-31 19:00 . 2004-08-04 06:14 91776 c:\windows\system32\drivers\ndiswan.sys
+ 2009-09-02 10:50 . 2004-08-04 06:03 12928 c:\windows\system32\drivers\ndisuio.sys
- 2002-08-29 01:35 . 2004-08-04 06:03 12928 c:\windows\system32\drivers\ndisuio.sys
+ 2009-09-02 10:52 . 2004-08-04 06:04 12672 c:\windows\system32\drivers\mutohpen.sys
- 2004-08-04 06:04 . 2004-08-04 06:04 12672 c:\windows\system32\drivers\mutohpen.sys
+ 2009-09-02 10:52 . 2004-08-04 06:07 15488 c:\windows\system32\drivers\mssmbios.sys
- 2004-08-04 06:07 . 2004-08-04 06:07 15488 c:\windows\system32\drivers\mssmbios.sys
- 2003-03-31 19:00 . 2004-08-04 06:04 35072 c:\windows\system32\drivers\msgpc.sys
+ 2009-09-02 10:50 . 2004-08-04 06:04 35072 c:\windows\system32\drivers\msgpc.sys
+ 2009-09-02 10:50 . 2004-08-04 06:00 19072 c:\windows\system32\drivers\msfs.sys
- 2003-03-31 19:00 . 2004-08-04 06:00 19072 c:\windows\system32\drivers\msfs.sys
+ 2009-09-02 10:50 . 2004-08-04 05:58 42240 c:\windows\system32\drivers\mountmgr.sys
- 2003-03-31 19:00 . 2004-08-04 05:58 42240 c:\windows\system32\drivers\mountmgr.sys
- 2002-08-29 01:27 . 2004-08-04 05:58 23040 c:\windows\system32\drivers\mouclass.sys
+ 2009-09-02 10:50 . 2004-08-04 05:58 23040 c:\windows\system32\drivers\mouclass.sys
- 2001-08-17 13:57 . 2004-08-04 06:08 30080 c:\windows\system32\drivers\modem.sys
+ 2009-09-02 10:50 . 2004-08-04 06:08 30080 c:\windows\system32\drivers\modem.sys
+ 2009-09-02 10:50 . 2004-08-04 06:07 63744 c:\windows\system32\drivers\mf.sys
- 2001-08-17 13:58 . 2004-08-04 06:07 63744 c:\windows\system32\drivers\mf.sys
- 2003-03-31 19:00 . 2004-08-04 05:58 24576 c:\windows\system32\drivers\kbdclass.sys
+ 2009-09-02 10:50 . 2004-08-04 05:58 24576 c:\windows\system32\drivers\kbdclass.sys
+ 2009-09-02 10:50 . 2003-03-31 19:00 35840 c:\windows\system32\drivers\isapnp.sys
- 2003-03-31 19:00 . 2003-03-31 19:00 35840 c:\windows\system32\drivers\isapnp.sys
+ 2009-09-02 10:50 . 2004-08-04 06:00 11264 c:\windows\system32\drivers\irenum.sys
- 2005-11-16 12:33 . 2004-08-04 06:00 11264 c:\windows\system32\drivers\irenum.sys
+ 2009-09-02 10:50 . 2004-08-04 06:14 74752 c:\windows\system32\drivers\ipsec.sys
- 2003-03-31 19:00 . 2004-08-04 06:14 74752 c:\windows\system32\drivers\ipsec.sys
- 2003-03-31 19:00 . 2004-08-04 06:04 20992 c:\windows\system32\drivers\ipinip.sys
+ 2009-09-02 10:50 . 2004-08-04 06:04 20992 c:\windows\system32\drivers\ipinip.sys
+ 2009-09-02 10:52 . 2004-08-04 06:00 29056 c:\windows\system32\drivers\ip6fw.sys
- 2004-08-04 06:00 . 2004-08-04 06:00 29056 c:\windows\system32\drivers\ip6fw.sys
- 2004-08-04 05:59 . 2004-08-04 05:59 36096 c:\windows\system32\drivers\intelppm.sys
+ 2009-09-02 10:52 . 2004-08-04 05:59 36096 c:\windows\system32\drivers\intelppm.sys
- 2003-03-31 19:00 . 2004-08-04 06:00 41856 c:\windows\system32\drivers\imapi.sys
+ 2009-09-02 10:50 . 2004-08-04 06:00 41856 c:\windows\system32\drivers\imapi.sys
+ 2009-09-02 10:50 . 2004-08-04 06:14 52736 c:\windows\system32\drivers\i8042prt.sys
- 2003-03-31 19:00 . 2004-08-04 06:14 52736 c:\windows\system32\drivers\i8042prt.sys
- 2003-03-31 19:00 . 2004-08-04 06:08 24960 c:\windows\system32\drivers\hidparse.sys
+ 2009-09-02 10:50 . 2004-08-04 06:08 24960 c:\windows\system32\drivers\hidparse.sys
- 2004-08-04 06:08 . 2004-08-04 06:08 15104 c:\windows\system32\drivers\hidir.sys
+ 2009-09-02 10:52 . 2004-08-04 06:08 15104 c:\windows\system32\drivers\hidir.sys
- 2003-03-31 19:00 . 2004-08-04 06:08 36224 c:\windows\system32\drivers\hidclass.sys
+ 2009-09-02 10:50 . 2004-08-04 06:08 36224 c:\windows\system32\drivers\hidclass.sys
- 2004-08-04 06:10 . 2004-08-04 06:10 25600 c:\windows\system32\drivers\hidbth.sys
+ 2009-09-02 10:52 . 2004-08-04 06:10 25600 c:\windows\system32\drivers\hidbth.sys
- 2004-08-04 06:07 . 2004-08-04 06:07 46464 c:\windows\system32\drivers\gagp30kx.sys
+ 2009-09-02 10:52 . 2004-08-04 06:07 46464 c:\windows\system32\drivers\gagp30kx.sys
- 2003-03-31 19:00 . 2004-08-04 05:59 20480 c:\windows\system32\drivers\flpydisk.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 20480 c:\windows\system32\drivers\flpydisk.sys
+ 2009-09-02 10:50 . 2003-03-31 19:00 34944 c:\windows\system32\drivers\fips.sys
- 2003-03-31 19:00 . 2003-03-31 19:00 34944 c:\windows\system32\drivers\fips.sys
- 2003-03-31 19:00 . 2004-08-04 05:59 27392 c:\windows\system32\drivers\fdc.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 27392 c:\windows\system32\drivers\fdc.sys
+ 2009-09-02 10:50 . 2004-08-04 06:00 71040 c:\windows\system32\drivers\dxg.sys
- 2003-03-31 19:00 . 2004-08-04 06:00 71040 c:\windows\system32\drivers\dxg.sys
- 2002-08-29 01:32 . 2004-08-04 06:07 60288 c:\windows\system32\drivers\drmk.sys
+ 2009-09-02 10:50 . 2004-08-04 06:07 60288 c:\windows\system32\drivers\drmk.sys
+ 2009-09-02 10:50 . 2004-08-04 06:07 52864 c:\windows\system32\drivers\dmusic.sys
- 2005-11-16 12:36 . 2004-08-04 06:07 52864 c:\windows\system32\drivers\dmusic.sys
- 2003-03-31 19:00 . 2004-08-04 05:59 14208 c:\windows\system32\drivers\diskdump.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 14208 c:\windows\system32\drivers\diskdump.sys
- 2003-03-31 19:00 . 2004-08-04 05:59 36352 c:\windows\system32\drivers\disk.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 36352 c:\windows\system32\drivers\disk.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 36480 c:\windows\system32\drivers\crusoe.sys
- 2002-08-29 01:05 . 2004-08-04 05:59 36480 c:\windows\system32\drivers\crusoe.sys
+ 2009-09-02 10:50 . 2004-08-04 06:07 14080 c:\windows\system32\drivers\cmbatt.sys
- 2002-08-29 01:09 . 2004-08-04 06:07 14080 c:\windows\system32\drivers\cmbatt.sys
- 2003-03-31 19:00 . 2004-08-04 06:14 49664 c:\windows\system32\drivers\classpnp.sys
+ 2009-09-02 10:50 . 2004-08-04 06:14 49664 c:\windows\system32\drivers\classpnp.sys
- 2004-08-04 07:56 . 2004-08-04 07:56 15423 c:\windows\system32\drivers\ch7xxnt5.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 15423 c:\windows\system32\drivers\ch7xxnt5.dll
- 2003-03-31 19:00 . 2004-08-04 05:59 49536 c:\windows\system32\drivers\cdrom.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 49536 c:\windows\system32\drivers\cdrom.sys
- 2003-03-31 19:00 . 2004-08-04 06:14 63744 c:\windows\system32\drivers\cdfs.sys
+ 2009-09-02 10:50 . 2004-08-04 06:14 63744 c:\windows\system32\drivers\cdfs.sys
+ 2009-09-02 10:52 . 2004-08-04 06:10 18944 c:\windows\system32\drivers\bthusb.sys
- 2004-08-04 06:10 . 2004-08-04 06:10 18944 c:\windows\system32\drivers\bthusb.sys
+ 2009-09-02 10:52 . 2004-08-04 06:10 35456 c:\windows\system32\drivers\bthprint.sys
- 2004-08-04 06:10 . 2004-08-04 06:10 35456 c:\windows\system32\drivers\bthprint.sys
+ 2009-09-02 10:52 . 2004-08-04 06:10 38016 c:\windows\system32\drivers\bthmodem.sys
- 2004-08-04 06:10 . 2004-08-04 06:10 38016 c:\windows\system32\drivers\bthmodem.sys
- 2004-08-04 06:10 . 2004-08-04 06:10 17024 c:\windows\system32\drivers\bthenum.sys
+ 2009-09-02 10:52 . 2004-08-04 06:10 17024 c:\windows\system32\drivers\bthenum.sys
- 2003-03-31 19:00 . 2004-08-04 05:59 71552 c:\windows\system32\drivers\bridge.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 71552 c:\windows\system32\drivers\bridge.sys
+ 2009-09-02 10:50 . 2003-03-31 19:00 14080 c:\windows\system32\drivers\battc.sys
- 2001-08-17 13:57 . 2003-03-31 19:00 14080 c:\windows\system32\drivers\battc.sys
- 2004-08-04 07:56 . 2004-08-04 07:56 17279 c:\windows\system32\drivers\atv10nt5.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 17279 c:\windows\system32\drivers\atv10nt5.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 14143 c:\windows\system32\drivers\atv06nt5.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 14143 c:\windows\system32\drivers\atv06nt5.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 25471 c:\windows\system32\drivers\atv04nt5.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 25471 c:\windows\system32\drivers\atv04nt5.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 11359 c:\windows\system32\drivers\atv02nt5.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 11359 c:\windows\system32\drivers\atv02nt5.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 21183 c:\windows\system32\drivers\atv01nt5.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 21183 c:\windows\system32\drivers\atv01nt5.dll
- 2003-03-31 19:00 . 2004-08-04 05:58 55936 c:\windows\system32\drivers\atmlane.sys
+ 2009-09-02 10:50 . 2004-08-04 05:58 55936 c:\windows\system32\drivers\atmlane.sys
- 2003-03-31 19:00 . 2004-08-04 05:58 59904 c:\windows\system32\drivers\atmarpc.sys
+ 2009-09-02 10:50 . 2004-08-04 05:58 59904 c:\windows\system32\drivers\atmarpc.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 95360 c:\windows\system32\drivers\atapi.sys
- 2003-03-31 19:00 . 2004-08-04 05:59 95360 c:\windows\system32\drivers\atapi.sys
+ 2009-09-02 10:50 . 2004-08-04 06:05 14336 c:\windows\system32\drivers\asyncmac.sys
- 2003-03-31 19:00 . 2004-08-04 06:05 14336 c:\windows\system32\drivers\asyncmac.sys
- 2002-08-29 01:33 . 2004-08-04 05:58 60800 c:\windows\system32\drivers\arp1394.sys
+ 2009-09-02 10:50 . 2004-08-04 05:58 60800 c:\windows\system32\drivers\arp1394.sys
+ 2009-09-02 10:52 . 2004-08-04 05:59 37376 c:\windows\system32\drivers\amdk7.sys
- 2002-08-29 01:05 . 2004-08-04 05:59 37376 c:\windows\system32\drivers\amdk7.sys
+ 2009-09-02 10:50 . 2004-08-04 05:59 36992 c:\windows\system32\drivers\amdk6.sys
- 2002-08-29 01:05 . 2004-08-04 05:59 36992 c:\windows\system32\drivers\amdk6.sys
+ 2009-09-02 10:52 . 2004-08-04 06:07 43008 c:\windows\system32\drivers\amdagp.sys
- 2004-08-04 06:07 . 2004-08-04 06:07 43008 c:\windows\system32\drivers\amdagp.sys
+ 2009-09-02 10:52 . 2004-08-04 06:07 42752 c:\windows\system32\drivers\alim1541.sys
- 2004-08-04 06:07 . 2004-08-04 06:07 42752 c:\windows\system32\drivers\alim1541.sys
- 2004-08-04 06:07 . 2004-08-04 06:07 44928 c:\windows\system32\drivers\agpcpq.sys
+ 2009-09-02 10:52 . 2004-08-04 06:07 44928 c:\windows\system32\drivers\agpcpq.sys
- 2004-08-04 06:07 . 2004-08-04 06:07 42368 c:\windows\system32\drivers\agp440.sys
+ 2009-09-02 10:52 . 2004-08-04 06:07 42368 c:\windows\system32\drivers\agp440.sys
- 2008-12-02 10:17 . 2004-08-04 06:10 53248 c:\windows\system32\drivers\1394bus.sys
+ 2009-09-02 10:50 . 2004-08-04 06:10 53248 c:\windows\system32\drivers\1394bus.sys
+ 2003-03-31 19:00 . 2004-08-04 06:00 71040 c:\windows\system32\drivers\_005963_.tmp.dll
+ 2009-09-02 10:50 . 2006-06-14 09:00 82944 c:\windows\system32\dllcache\wdmaud.sys
- 2006-06-14 09:00 . 2006-06-14 09:00 82944 c:\windows\system32\dllcache\wdmaud.sys
- 2009-06-25 08:44 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2009-09-02 10:50 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
- 2006-12-16 18:43 . 2007-05-16 15:12 85504 c:\windows\system32\dllcache\wabimp.dll
+ 2009-09-02 10:52 . 2007-05-16 15:12 85504 c:\windows\system32\dllcache\wabimp.dll
+ 2009-09-02 10:50 . 2003-03-31 19:00 13312 c:\windows\system32\dllcache\verifier.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 13312 c:\windows\system32\dllcache\verifier.dll
- 2006-10-04 08:48 . 2006-10-04 08:48 50176 c:\windows\system32\dllcache\utilman.exe
+ 2009-09-02 10:50 . 2006-10-04 08:48 50176 c:\windows\system32\dllcache\utilman.exe
- 2005-11-21 06:32 . 2004-08-04 06:08 26496 c:\windows\system32\dllcache\usbstor.sys
+ 2009-09-02 10:50 . 2004-08-04 06:08 26496 c:\windows\system32\dllcache\usbstor.sys
+ 2009-09-02 10:50 . 2004-08-04 05:58 15104 c:\windows\system32\dllcache\usbscan.sys
- 2008-11-29 02:42 . 2004-08-04 05:58 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2009-09-02 10:50 . 2004-08-04 06:01 25856 c:\windows\system32\dllcache\usbprint.sys
- 2007-03-03 02:06 . 2004-08-04 06:01 25856 c:\windows\system32\dllcache\usbprint.sys
- 2006-10-04 13:33 . 2006-10-04 13:33 35840 c:\windows\system32\dllcache\umandlg.dll
+ 2009-09-02 10:50 . 2006-10-04 13:33 35840 c:\windows\system32\dllcache\umandlg.dll
+ 2009-09-02 10:50 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
- 2009-06-12 11:50 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
- 2004-08-04 07:56 . 2004-08-04 07:56 16384 c:\windows\system32\dllcache\tcptsat.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 16384 c:\windows\system32\dllcache\tcptsat.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 32827 c:\windows\system32\dllcache\tcptest.exe
+ 2009-09-02 10:52 . 2004-08-04 07:56 32827 c:\windows\system32\dllcache\tcptest.exe
- 2002-08-29 01:32 . 2004-08-04 06:08 48640 c:\windows\system32\dllcache\stream.sys
+ 2009-09-02 10:50 . 2004-08-04 06:08 48640 c:\windows\system32\dllcache\stream.sys
- 2005-11-16 18:40 . 2003-03-31 19:00 54272 c:\windows\system32\dllcache\stclient.dll
+ 2009-09-02 10:50 . 2003-03-31 19:00 54272 c:\windows\system32\dllcache\stclient.dll
+ 2009-09-02 10:50 . 2003-03-31 19:00 23552 c:\windows\system32\dllcache\sort.exe
- 2003-03-31 19:00 . 2003-03-31 19:00 23552 c:\windows\system32\dllcache\sort.exe
- 2004-08-04 07:56 . 2004-08-04 07:56 16437 c:\windows\system32\dllcache\shtml.exe
+ 2009-09-02 10:52 . 2004-08-04 07:56 16437 c:\windows\system32\dllcache\shtml.exe
- 2004-08-04 07:56 . 2004-08-04 07:56 20536 c:\windows\system32\dllcache\shtml.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 20536 c:\windows\system32\dllcache\shtml.dll
+ 2009-09-02 10:50 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 20:08 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 26624 c:\windows\system32\dllcache\rw330ext.dll
- 2005-11-17 06:38 . 2003-03-31 19:00 26624 c:\windows\system32\dllcache\rw330ext.dll
- 2005-11-17 06:38 . 2003-03-31 19:00 24576 c:\windows\system32\dllcache\rw001ext.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 24576 c:\windows\system32\dllcache\rw001ext.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 90112 c:\windows\system32\dllcache\rsvpsp.dll
+ 2009-09-02 10:50 . 2003-03-31 19:00 90112 c:\windows\system32\dllcache\rsvpsp.dll
+ 2009-09-02 10:50 . 2003-03-31 19:00 16896 c:\windows\system32\dllcache\perfnet.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 16896 c:\windows\system32\dllcache\perfnet.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 18688 c:\windows\system32\dllcache\partmgr.sys
+ 2009-09-02 10:50 . 2003-03-31 19:00 18688 c:\windows\system32\dllcache\partmgr.sys
+ 2009-09-02 10:50 . 2005-07-26 04:39 37888 c:\windows\system32\dllcache\olecnv32.dll
- 2003-03-31 19:00 . 2005-07-26 04:39 37888 c:\windows\system32\dllcache\olecnv32.dll
+ 2009-09-02 10:50 . 2005-07-26 04:39 74752 c:\windows\system32\dllcache\olecli32.dll
- 2003-03-31 19:00 . 2005-07-26 04:39 74752 c:\windows\system32\dllcache\olecli32.dll
+ 2009-09-02 10:50 . 2004-08-04 06:10 61056 c:\windows\system32\dllcache\ohci1394.sys
- 2008-12-02 10:17 . 2004-08-04 06:10 61056 c:\windows\system32\dllcache\ohci1394.sys
+ 2009-09-02 10:50 . 2003-03-31 19:00 13312 c:\windows\system32\dllcache\ntvdmd.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 13312 c:\windows\system32\dllcache\ntvdmd.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 38016 c:\windows\system32\dllcache\ndproxy.sys
+ 2009-09-02 10:50 . 2003-03-31 19:00 38016 c:\windows\system32\dllcache\ndproxy.sys
+ 2009-09-02 10:51 . 2006-10-04 08:48 53760 c:\windows\system32\dllcache\narrator.exe
- 2006-10-04 08:48 . 2006-10-04 08:48 53760 c:\windows\system32\dllcache\narrator.exe
- 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2009-09-02 10:51 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2009-09-02 10:51 . 2003-03-31 19:00 25088 c:\windows\system32\dllcache\mtxlegih.dll
- 2005-11-16 18:40 . 2003-03-31 19:00 25088 c:\windows\system32\dllcache\mtxlegih.dll
+ 2009-09-02 10:51 . 2003-03-31 19:00 20480 c:\windows\system32\dllcache\mtxdm.dll
- 2005-11-16 18:40 . 2003-03-31 19:00 20480 c:\windows\system32\dllcache\mtxdm.dll
+ 2009-09-02 10:51 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2005-11-16 18:42 . 2003-03-31 19:00 28160 c:\windows\system32\dllcache\msoobe.exe
+ 2009-09-02 10:51 . 2003-03-31 19:00 28160 c:\windows\system32\dllcache\msoobe.exe
- 2003-03-31 19:00 . 2005-05-04 20:45 15360 c:\windows\system32\dllcache\msisip.dll
+ 2009-09-02 10:51 . 2005-05-04 20:45 15360 c:\windows\system32\dllcache\msisip.dll
+ 2009-09-02 10:51 . 2005-05-04 20:45 78848 c:\windows\system32\dllcache\msiexec.exe
- 2003-03-31 19:00 . 2005-05-04 20:45 78848 c:\windows\system32\dllcache\msiexec.exe
+ 2009-09-02 10:51 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-09-02 10:51 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
- 2008-06-24 16:23 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 49152 c:\windows\system32\dllcache\mprdim.dll
+ 2009-09-02 10:51 . 2003-03-31 19:00 49152 c:\windows\system32\dllcache\mprdim.dll
+ 2009-09-02 10:51 . 2003-03-31 19:00 18944 c:\windows\system32\dllcache\mimefilt.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 18944 c:\windows\system32\dllcache\mimefilt.dll
- 2007-03-08 15:36 . 2007-03-08 15:36 40960 c:\windows\system32\dllcache\mf3216.dll
+ 2009-09-02 10:51 . 2007-03-08 15:36 40960 c:\windows\system32\dllcache\mf3216.dll
- 2006-10-04 08:48 . 2006-10-04 08:48 72704 c:\windows\system32\dllcache\magnify.exe
+ 2009-09-02 10:51 . 2006-10-04 08:48 72704 c:\windows\system32\dllcache\magnify.exe
+ 2009-09-02 10:50 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
- 2009-06-22 11:34 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
- 2003-03-31 19:00 . 2006-06-01 18:47 27648 c:\windows\system32\dllcache\jgpl400.dll
+ 2009-09-02 10:51 . 2006-06-01 18:47 27648 c:\windows\system32\dllcache\jgpl400.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 20992 c:\windows\system32\dllcache\ipxwan.dll
+ 2009-09-02 10:51 . 2003-03-31 19:00 20992 c:\windows\system32\dllcache\ipxwan.dll
+ 2009-09-02 10:51 . 2006-05-19 12:59 94720 c:\windows\system32\dllcache\iphlpapi.dll
- 2006-05-19 12:59 . 2006-05-19 12:59 94720 c:\windows\system32\dllcache\iphlpapi.dll
+ 2009-09-02 10:51 . 2006-07-21 08:24 72704 c:\windows\system32\dllcache\hlink.dll
- 2004-11-16 21:32 . 2006-07-21 08:24 72704 c:\windows\system32\dllcache\hlink.dll
+ 2009-09-02 10:51 . 2003-03-31 19:00 14848 c:\windows\system32\dllcache\help.exe
- 2003-03-31 19:00 . 2003-03-31 19:00 14848 c:\windows\system32\dllcache\help.exe
- 2004-08-04 07:56 . 2004-08-04 07:56 20538 c:\windows\system32\dllcache\fpremadm.exe
+ 2009-09-02 10:52 . 2004-08-04 07:56 20538 c:\windows\system32\dllcache\fpremadm.exe
- 2004-08-04 07:56 . 2004-08-04 07:56 20541 c:\windows\system32\dllcache\fpexedll.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 20541 c:\windows\system32\dllcache\fpexedll.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 94208 c:\windows\system32\dllcache\fpencode.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 94208 c:\windows\system32\dllcache\fpencode.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 20541 c:\windows\system32\dllcache\fpadmdll.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 20541 c:\windows\system32\dllcache\fpadmdll.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 24632 c:\windows\system32\dllcache\fpadmcgi.exe
+ 2009-09-02 10:52 . 2004-08-04 07:56 24632 c:\windows\system32\dllcache\fpadmcgi.exe
- 2004-08-04 07:56 . 2004-08-04 07:56 15120 c:\windows\system32\dllcache\fp98sadm.exe
+ 2009-09-02 10:52 . 2004-08-04 07:56 15120 c:\windows\system32\dllcache\fp98sadm.exe
- 2004-08-04 07:56 . 2004-08-04 07:56 49212 c:\windows\system32\dllcache\fp4awebs.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 49212 c:\windows\system32\dllcache\fp4awebs.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 32826 c:\windows\system32\dllcache\fp4avss.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 32826 c:\windows\system32\dllcache\fp4avss.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 41020 c:\windows\system32\dllcache\fp4avnb.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 41020 c:\windows\system32\dllcache\fp4avnb.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 49210 c:\windows\system32\dllcache\fp4areg.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 49210 c:\windows\system32\dllcache\fp4areg.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 82035 c:\windows\system32\dllcache\fp4anscp.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 82035 c:\windows\system32\dllcache\fp4anscp.dll
+ 2009-09-02 10:51 . 2009-06-16 14:55 82432 c:\windows\system32\dllcache\fontsub.dll
- 2003-03-31 19:00 . 2009-06-16 14:55 82432 c:\windows\system32\dllcache\fontsub.dll
- 2006-09-14 15:42 . 2006-08-21 09:14 23040 c:\windows\system32\dllcache\fltmc.exe
+ 2009-09-02 10:52 . 2006-08-21 09:14 23040 c:\windows\system32\dllcache\fltmc.exe
- 2006-09-14 15:42 . 2006-08-21 12:21 16896 c:\windows\system32\dllcache\fltlib.dll
+ 2009-09-02 10:52 . 2006-08-21 12:21 16896 c:\windows\system32\dllcache\fltlib.dll
+ 2009-09-02 10:50 . 2003-03-31 19:00 34944 c:\windows\system32\dllcache\fips.sys
- 2003-03-31 19:00 . 2003-03-31 19:00 34944 c:\windows\system32\dllcache\fips.sys
- 2003-03-31 19:00 . 2004-08-04 07:56 55808 c:\windows\system32\dllcache\eventlog.dll
+ 2009-09-02 10:51 . 2004-08-04 07:56 55808 c:\windows\system32\dllcache\eventlog.dll
+ 2009-09-02 10:50 . 2004-08-04 06:07 60288 c:\windows\system32\dllcache\drmk.sys
- 2002-08-29 01:32 . 2004-08-04 06:07 60288 c:\windows\system32\dllcache\drmk.sys
+ 2009-09-02 10:51 . 2008-02-20 05:32 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2008-02-20 05:32 . 2008-02-20 05:32 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 45083 c:\windows\system32\dllcache\dispex.dll
+ 2009-09-02 10:51 . 2003-03-31 19:00 45083 c:\windows\system32\dllcache\dispex.dll
- 2006-12-16 18:43 . 2007-05-16 15:12 86528 c:\windows\system32\dllcache\directdb.dll
+ 2009-09-02 10:52 . 2007-05-16 15:12 86528 c:\windows\system32\dllcache\directdb.dll
- 2005-11-16 18:40 . 2005-07-26 04:39 97792 c:\windows\system32\dllcache\comrepl.dll
+ 2009-09-02 10:51 . 2005-07-26 04:39 97792 c:\windows\system32\dllcache\comrepl.dll
- 2005-11-16 18:40 . 2003-03-31 19:00 25600 c:\windows\system32\dllcache\comaddin.dll
+ 2009-09-02 10:51 . 2003-03-31 19:00 25600 c:\windows\system32\dllcache\comaddin.dll
+ 2009-09-02 10:51 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
- 2009-04-16 23:41 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll
- 2006-06-22 05:06 . 2006-06-22 05:06 69120 c:\windows\system32\dllcache\ciodm.dll
+ 2009-09-02 10:51 . 2006-06-22 05:06 69120 c:\windows\system32\dllcache\ciodm.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 18432 c:\windows\system32\dllcache\cacls.exe
+ 2009-09-02 10:50 . 2003-03-31 19:00 18432 c:\windows\system32\dllcache\cacls.exe
- 2009-06-10 14:21 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-09-02 10:51 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 16439 c:\windows\system32\dllcache\author.exe
+ 2009-09-02 10:52 . 2004-08-04 07:56 16439 c:\windows\system32\dllcache\author.exe
- 2004-08-04 07:56 . 2004-08-04 07:56 20540 c:\windows\system32\dllcache\author.dll
+ 2009-09-02 10:52 . 2004-08-04 07:56 20540 c:\windows\system32\dllcache\author.dll
+ 2009-09-02 10:51 . 2003-03-31 19:00 11264 c:\windows\system32\dllcache\attrib.exe
- 2003-03-31 19:00 . 2003-03-31 19:00 11264 c:\windows\system32\dllcache\attrib.exe
+ 2009-09-02 10:52 . 2003-03-31 19:00 20480 c:\windows\system32\dllcache\agt0c0a.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 20480 c:\windows\system32\dllcache\agt0c0a.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 20992 c:\windows\system32\dllcache\agt0816.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 20992 c:\windows\system32\dllcache\agt0816.dll
- 2005-11-17 06:37 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0804.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0804.dll
- 2005-11-16 12:33 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt041f.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt041f.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt041d.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt041d.dll
- 2005-11-16 12:33 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0419.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0419.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 20480 c:\windows\system32\dllcache\agt0416.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 20480 c:\windows\system32\dllcache\agt0416.dll
- 2005-11-16 12:33 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0415.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0415.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0414.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0414.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 20992 c:\windows\system32\dllcache\agt0413.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 20992 c:\windows\system32\dllcache\agt0413.dll
- 2005-11-17 06:37 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0412.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0412.dll
- 2005-11-17 06:37 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0411.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0411.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 20992 c:\windows\system32\dllcache\agt0410.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 20992 c:\windows\system32\dllcache\agt0410.dll
- 2005-11-16 12:33 . 2003-03-31 19:00 19968 c:\windows\system32\dllcache\agt040e.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19968 c:\windows\system32\dllcache\agt040e.dll
- 2005-11-17 06:37 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt040d.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt040d.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 21504 c:\windows\system32\dllcache\agt040c.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 21504 c:\windows\system32\dllcache\agt040c.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt040b.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt040b.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0409.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0409.dll
- 2005-11-16 12:33 . 2003-03-31 19:00 22016 c:\windows\system32\dllcache\agt0408.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 22016 c:\windows\system32\dllcache\agt0408.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 21504 c:\windows\system32\dllcache\agt0407.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 21504 c:\windows\system32\dllcache\agt0407.dll
- 2003-03-31 19:00 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0406.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0406.dll
- 2005-11-16 12:33 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0405.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0405.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0404.dll
- 2005-11-17 06:37 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0404.dll
- 2005-11-17 06:37 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0401.dll
+ 2009-09-02 10:52 . 2003-03-31 19:00 19456 c:\windows\system32\dllcache\agt0401.dll
+ 2009-09-02 10:52 . 2007-03-09 13:58 57344 c:\windows\system32\dllcache\agentdpv.dll
- 2005-04-22 05:20 . 2007-03-09 13:58 57344 c:\windows\system32\dllcache\agentdpv.dll
- 2006-10-12 14:02 . 2006-10-12 13:54 42496 c:\windows\system32\dllcache\agentdp2.dll
+ 2009-09-02 10:52 . 2006-10-12 13:54 42496 c:\windows\system32\dllcache\agentdp2.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 16439 c:\windows\system32\dllcache\admin.exe
+ 2009-09-02 10:52 . 2004-08-04 07:56 16439 c:\windows\system32\dllcache\admin.exe
+ 2009-09-02 10:52 . 2004-08-04 07:56 20540 c:\windows\system32\dllcache\admin.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 20540 c:\windows\system32\dllcache\admin.dll
- 2008-12-02 10:17 . 2004-08-04 06:10 53248 c:\windows\system32\dllcache\1394bus.sys
+ 2009-09-02 10:50 . 2004-08-04 06:10 53248 c:\windows\system32\dllcache\1394bus.sys
+ 2009-09-02 10:50 . 2004-08-04 07:56 32768 c:\windows\system32\csrsrv.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 32768 c:\windows\system32\csrsrv.dll
+ 2009-09-02 03:05 . 2009-09-03 00:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-11-16 18:46 . 2009-09-02 00:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-11-16 18:46 . 2009-09-03 00:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-11-16 18:46 . 2009-09-03 00:18 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-11-16 18:46 . 2009-09-02 00:21 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2003-03-31 19:00 . 2003-03-31 19:00 18432 c:\windows\system32\cacls.exe
+ 2009-09-02 10:50 . 2003-03-31 19:00 18432 c:\windows\system32\cacls.exe
- 2004-08-04 05:58 . 2004-08-04 05:58 15104 c:\windows\ServicePackFiles\i386\usbscan.sys
+ 2004-08-04 05:58 . 2004-08-04 05:58 15104 c:\windows\ServicePackFiles\i386\usbscan.sys
+ 2009-09-02 10:50 . 2006-06-14 09:00 82944 c:\windows\Driver Cache\i386\wdmaud.sys
- 2006-06-14 09:00 . 2006-06-14 09:00 82944 c:\windows\Driver Cache\i386\wdmaud.sys
+ 2004-08-04 07:56 . 2008-04-14 00:12 7680 c:\windows\system32\spdwnwxp.exe
+ 2009-09-02 10:50 . 2004-08-04 07:56 8192 c:\windows\system32\ntlsapi.dll
- 2003-03-31 19:00 . 2004-08-04 07:56 8192 c:\windows\system32\ntlsapi.dll
+ 2009-09-02 10:50 . 2004-08-04 05:58 4352 c:\windows\system32\drivers\swenum.sys
- 2001-08-17 13:48 . 2004-08-04 05:58 4352 c:\windows\system32\drivers\swenum.sys
- 2005-11-16 12:36 . 2006-06-14 08:47 6400 c:\windows\system32\drivers\splitter.sys
+ 2009-09-02 10:50 . 2006-06-14 08:47 6400 c:\windows\system32\drivers\splitter.sys
- 2004-08-04 06:07 . 2004-08-04 06:07 6016 c:\windows\system32\drivers\smbali.sys
+ 2009-09-02 10:52 . 2004-08-04 06:07 6016 c:\windows\system32\drivers\smbali.sys
+ 2009-09-02 10:52 . 2004-08-04 07:56 3901 c:\windows\system32\drivers\siint5.dll
- 2004-08-04 07:56 . 2004-08-04 07:56 3901 c:\windows\system32\drivers\siint5.dll
+ 2009-09-02 10:50 . 2003-03-31 19:00 9600 c:\wind

Sisaly 0 Newbie Poster · Answer 19 · 2009-09-03T08:46:20+00:00

Thanks so much Phil! I will do as you say. You have been super awesome.:icon_cheesygrin: