Results 1 to 4 of 4

Thread: Trojan? Virus?

  1. #1
    Member
    Join Date
    Nov 2007
    Posts
    2
    Points
    0

    Default Trojan? Virus?

    First of all I would like to say that I don't know all that much about computers. I apologize in advance for how long this is and offer great thanks to anyone who helps.

    Okay I've been having issues with my computer for a while. I've used various programs such as Norton, Macaffe, Spybot, Ad-aware, and AVG and all keep finding different things. I was okay until recently.

    My internet started to get slow, and still is. I've had a few popups but they come up as unloaded pages because they're on the blocked list for spybot. I was using IE6. It got really slow and started to act funny. If a page was loading and I went into another application, like itunes, as soon as the page loaded it would appear on top of the other application. It never did that before. Also, when I would close out of IE my screen would flicker for a second to just my background and then everything would reappear, although it would take a few seconds for the start toolbar to return, or it wouldn't return. Also my security and privacy settings keep getting set to the lowest settings each time I close out of IE. If I change them they just go right back.

    Here's what I've done:

    1. I upgraded to IE7. It claims to be more secure so that was just a long shot. I'm now using Firefox all the time. I still have the security going to the weakest setting after I close it out.

    Now with firefox I'm still extremely slow on the internet. Also, I can't use aol.com or facebook. Neither page will load.

    2. I've run all my programs for finding the spyware etc. I run them in safemode.

    Pandascan and the other free online one won't work. They won't load in firefox and then they won't run in IE either.

    Symantec- Iím using a free basic version of it that I got through my school. It never seems to find anything. In the past it had found a few things though. But that was back in November. Lately Iíve been getting a message from it saying the autoprotect had been disabled. I tried to turn it back on, but it wouldnít let me. The program itself wonít let me turn it off and thereís no way to turn it back on.

    Ad-aware- all it would find is various tracking cookies. Although, in the past it had found trojan vundo and conhook. It doesn't find them anymore, but I suspect they might still be there.

    Spybot- spybot always find virtumonde and virtumonde.ddc (not entirely sure about the last one) It always claims to fix it, but when I reboot and use spybot again it finds the same stuff. I tried a virtumonde fixer that I downloaded from symantec, but it says it can't find virtumonde on my computer.

    AVG finds different trojans each time and deletes/quaranteens them.
    It has found Trojan.Susear.a
    Downloader.Agent.ert
    Downloader.Agent.gwh

    in my BHO list it finds one valid one, the spybot one, and then it has three others that it doesn't have any information about. They are:
    opnlkjg.dll
    stdeohwo.dll
    awwtq.dll

    If I hit remove objects will it remove them from my computer?

    It also finds a running process that it knows nothing about on the autostart. I tried to stop it with MSconfig but it didn't work. The process is:
    Bmb73c1402 windows\system32\pmwxvsj.dll

    I'm going to try stopping it with AVG and seeing if that works.

    Here's my Hijack this results.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 4:36:17 PM, on 1/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\NWTRAY.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Susan Grunewald\Desktop\New Folder\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lafayette.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {684D6A49-A6AB-4784-BD7D-2B62937EDEC1} - C:\WINDOWS\system32\awvtq.dll
    O2 - BHO: {ec7edb17-73dd-019a-8ad4-dbad1949961c} - {c1699491-dabd-4da8-a910-dd3771bde7ce} - C:\WINDOWS\system32\stdeohwo.dll
    O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\opnlkjg.dll
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [BMb73c1402] Rundll32.exe "C:\WINDOWS\system32\pmwxvsji.dll",s
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: opnlkjg - C:\WINDOWS\SYSTEM32\opnlkjg.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    --
    End of file - 3316 bytes


    The online analysis said some things might be suspicious, but I didn't know what to check off for it to fix.

    Sorry for all that and thanks again.

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Download Superantispyware.

    http://www.superantispyware.com/

    Once downloaded and installed update the definitions
    and then run a full system scan quarantine what it finds!

    * Double-click SUPERAntiSypware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

    http://www.superantispyware.com/definitions.html

    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.

    THEN ...

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

    Please remember to post :-


    1. SUPERAntiSpyware Scan Log
    2. C:\ComboFix.txt
    3. a new hijackthis log.( run after everything else)

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member
    Join Date
    Nov 2007
    Posts
    2
    Points
    0

    Default

    This seemed to work really well, especially the superantispyware. Thanks for all of your help so far.

    Spyware log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/14/2008 at 08:09 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3379
    Trace Rules Database Version: 1373

    Scan type : Complete Scan
    Total Scan Time : 00:42:56

    Memory items scanned : 322
    Memory threats detected : 2
    Registry items scanned : 5637
    Registry threats detected : 18
    File items scanned : 35732
    File threats detected : 15

    Unclassified.Unknown Origin
    C:\WINDOWS\SYSTEM32\OPNLKJG.DLL
    C:\WINDOWS\SYSTEM32\OPNLKJG.DLL
    HKLM\Software\Classes\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}
    HKCR\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}
    HKCR\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}\InprocServer32
    HKCR\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1759A31-E627-4758-9562-6899DF36C9C2}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E1759A31-E627-4758-9562-6899DF36C9C2}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\opnlkjg
    HKCR\CLSID\{E1759A31-E627-4758-9562-6899DF36C9C2}

    Unclassified.Unknown Origin/System
    C:\WINDOWS\SYSTEM32\AWVTQ.DLL
    C:\WINDOWS\SYSTEM32\AWVTQ.DLL

    Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{86D8CA98-F813-4538-A2A3-B2F997D9CB3B}
    HKCR\CLSID\{86D8CA98-F813-4538-A2A3-B2F997D9CB3B}
    HKCR\CLSID\{86D8CA98-F813-4538-A2A3-B2F997D9CB3B}\InprocServer32
    HKCR\CLSID\{86D8CA98-F813-4538-A2A3-B2F997D9CB3B}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86D8CA98-F813-4538-A2A3-B2F997D9CB3B}

    Adware.Vundo-Variant/Small-A
    HKLM\Software\Classes\CLSID\{c1699491-dabd-4da8-a910-dd3771bde7ce}
    HKCR\CLSID\{C1699491-DABD-4DA8-A910-DD3771BDE7CE}
    HKCR\CLSID\{C1699491-DABD-4DA8-A910-DD3771BDE7CE}\InprocServer32
    HKCR\CLSID\{C1699491-DABD-4DA8-A910-DD3771BDE7CE}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\STDEOHWO.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c1699491-dabd-4da8-a910-dd3771bde7ce}
    C:\WINDOWS\SYSTEM32\BGXMANFH.DLL
    C:\WINDOWS\SYSTEM32\BYBGPBLK.DLL
    C:\WINDOWS\SYSTEM32\EMFAEKTM.DLL
    C:\WINDOWS\SYSTEM32\EOXGXVQW.DLL
    C:\WINDOWS\SYSTEM32\GUELNIEU.DLL
    C:\WINDOWS\SYSTEM32\WIHEQYJY.DLL
    C:\WINDOWS\SYSTEM32\YGQDYTVO.DLL

    Adware.Tracking Cookie
    C:\Documents and Settings\Susan Grunewald\Cookies\susan_grunewald@statse.webtrendslive[1].txt
    C:\Documents and Settings\Susan Grunewald\Cookies\susan_grunewald@server.iad.liveperson[2].txt
    C:\Documents and Settings\Susan Grunewald\Cookies\susan_grunewald@pandasoftware.112.2o7[1].txt

    MyWay Search Assistant Computers
    C:\DOCUMENTS AND SETTINGS\SUSAN GRUNEWALD\DESKTOP\NEW FOLDER\BACKUPS\BACKUP-20071021-160844-406.DLL

    Trojan.Downloader-Gen/SnapSNet
    C:\DOCUMENTS AND SETTINGS\SUSAN GRUNEWALD\LOCAL SETTINGS\TEMP\SNAPSNET.EXE




    Combofix log:
    ComboFix 08-01-09.2 - Susan Grunewald 2008-01-14 20:40:08.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.216 [GMT -5:00]
    Running from: C:\Documents and Settings\Susan Grunewald\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\Temp\abW9
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\bprefsta.dll
    C:\WINDOWS\system32\eljghtag.ini
    C:\WINDOWS\system32\hfnamxgb.ini
    C:\WINDOWS\system32\klbpgbyb.ini
    C:\WINDOWS\system32\kycdrykg.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\nieyijhc.dll
    C:\WINDOWS\system32\ovtydqgy.ini
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\pmwxvsji.dll
    C:\WINDOWS\system32\qtvwa.ini
    C:\WINDOWS\system32\qtvwa.ini2
    C:\WINDOWS\system32\rMa01yy
    C:\WINDOWS\system32\rMa02yy
    C:\WINDOWS\system32\ttjekpdp.dll
    C:\WINDOWS\system32\xaqqduke.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE


    ((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
    .

    2008-01-14 19:24 . 2008-01-14 19:24 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-01-14 19:23 . 2008-01-14 20:38 d-------- C:\Program Files\SUPERAntiSpyware
    2008-01-14 19:23 . 2008-01-14 19:23 d-------- C:\Documents and Settings\Susan Grunewald\Application Data\SUPERAntiSpyware.com
    2008-01-14 16:59 . 2008-01-14 17:05 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-14 16:58 . 2008-01-14 19:23 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-14 16:18 . 2008-01-14 16:22 d-------- C:\Documents and Settings\Susan Grunewald\.housecall6.6
    2008-01-14 16:17 . 2008-01-14 16:27 d-------- C:\WINDOWS\system32\ActiveScan
    2008-01-14 16:17 . 2008-01-14 16:17 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2008-01-14 16:17 . 2008-01-14 16:17 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-01-14 16:17 . 2008-01-14 16:17 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2008-01-13 16:58 . 2008-01-13 16:58 d-------- C:\Documents and Settings\Susan Grunewald\Application Data\Grisoft
    2008-01-13 16:58 . 2008-01-13 16:58 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-13 16:58 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-13 09:35 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-01-13 09:35 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-01-13 09:35 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-01-13 09:35 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-01-13 09:35 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-01-13 09:35 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-01-13 09:35 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-01-13 09:35 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-01-13 09:35 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-01-11 09:33 . 2008-01-14 16:45 15,592 --a------ C:\WINDOWS\BMb73c1402.xml
    2008-01-11 09:33 . 2008-01-14 15:52 22 --a------ C:\WINDOWS\pskt.ini
    2008-01-09 17:48 . 2008-01-11 12:03 d-------- C:\Program Files\Dot1XCfg
    2008-01-09 15:50 . 2008-01-09 15:50 d-------- C:\WINDOWS\system32\edcA01
    2008-01-09 15:50 . 2008-01-09 15:50 d-------- C:\Temp\Ryuan1
    2007-12-26 14:11 . 2007-12-26 14:11 d-------- C:\Program Files\ABBYY FineReader 6.0
    2007-12-26 14:11 . 2007-12-26 14:11 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
    2007-12-26 14:08 . 2007-12-26 14:08 d-------- C:\Program Files\Lexmark 1200 Series
    2007-12-26 14:08 . 2006-03-14 13:59 996,256 --a------ C:\WINDOWS\system32\LXCZLPA.HLP

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-14 21:59 --------- d-----w C:\Program Files\Lavasoft
    2008-01-14 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-14 18:34 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
    2008-01-13 22:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-13 22:45 --------- d-----w C:\Program Files\Notation
    2008-01-13 22:43 --------- d-----w C:\Documents and Settings\Susan Grunewald\Application Data\Lavasoft
    2007-12-30 22:06 --------- d-----w C:\Program Files\LucasArts
    2007-11-30 14:40 --------- d-----w C:\Program Files\Symantec AntiVirus
    2007-11-29 22:47 --------- d-----w C:\Program Files\Mafia
    2007-11-18 18:09 --------- d-----w C:\Program Files\ScummVM
    2006-12-01 23:08 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    .

    ((((((((((((((((((((((((((((( snapshot_2007-11-14_13.22.53.06 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
    + 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
    + 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
    + 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
    + 2006-08-24 13:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
    + 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
    + 2008-01-15 01:39:45 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-15 01:39:45 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-15 01:39:45 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-15 01:39:45 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-15 01:39:45 4,947,968 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-15 01:39:46 409,600 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2004-08-04 10:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
    + 2004-08-04 10:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
    + 2004-08-04 10:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
    + 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
    + 2007-10-11 05:57:30 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
    + 2007-10-11 05:57:30 205,824 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
    + 2007-10-11 05:57:30 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
    + 2004-08-04 10:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
    + 2004-08-04 10:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
    + 2004-08-04 10:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
    + 2004-08-04 10:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
    + 2004-08-04 10:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
    + 2004-08-04 10:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
    + 2007-10-10 10:48:23 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
    + 2004-08-04 10:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
    + 2007-10-11 05:57:31 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
    + 2004-08-04 10:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
    + 2004-08-04 10:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
    + 2004-08-04 10:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
    + 2004-08-04 10:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
    + 2007-10-11 05:57:31 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
    + 2007-11-14 07:26:56 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
    + 2007-10-11 05:57:31 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
    + 2004-08-04 10:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
    + 2004-08-04 10:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
    + 2007-10-30 09:55:21 3,065,856 -c--a-w C:\WINDOWS\ie7\mshtml.dll
    + 2007-10-11 05:57:36 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
    + 2004-08-04 10:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
    + 2004-08-04 10:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
    + 2007-10-11 05:57:36 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
    + 2007-10-11 05:57:37 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
    + 2004-08-04 10:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
    + 2007-10-11 05:57:37 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
    + 2007-08-13 23:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
    + 2007-08-13 23:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
    + 2006-09-06 22:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
    + 2006-09-06 22:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
    + 2004-08-04 10:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
    + 2007-10-11 05:57:40 617,984 -c--a-w C:\WINDOWS\ie7\urlmon.dll
    + 2004-08-04 10:00:00 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
    + 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
    + 2004-08-04 10:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
    + 2007-10-11 05:57:41 666,112 -c--a-w C:\WINDOWS\ie7\wininet.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
    + 2007-08-13 23:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
    + 2007-08-13 23:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
    + 2007-08-13 23:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll.000
    + 2007-08-13 23:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
    + 2007-08-13 23:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
    + 2007-08-13 23:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
    + 2007-08-13 23:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
    + 2007-08-13 23:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe.000
    + 2007-08-13 23:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
    + 2007-08-13 23:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll.000
    + 2007-08-13 23:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
    + 2007-08-13 23:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll.000
    + 2007-08-13 22:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
    + 2007-08-13 22:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll.000
    + 2007-02-12 21:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
    + 2007-07-11 17:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
    + 2007-08-13 23:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
    + 2007-08-13 23:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll.000
    + 2007-08-13 23:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
    + 2007-08-13 23:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
    + 2007-08-13 23:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll.000
    + 2007-08-13 23:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
    + 2007-08-13 23:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
    + 2007-08-13 23:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
    + 2007-08-13 23:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe.000
    + 2007-08-13 23:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
    + 2007-08-13 23:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
    + 2007-08-13 23:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
    + 2007-08-13 23:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
    + 2007-08-13 23:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
    + 2007-08-13 23:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
    + 2007-08-13 23:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
    + 2007-08-13 23:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
    + 2007-08-13 23:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll.000
    + 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
    + 2007-06-30 20:22:56 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
    + 2007-08-13 23:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
    + 2007-08-13 23:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll.000
    + 2007-08-13 23:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
    + 2007-08-13 23:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
    + 2007-08-13 23:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll.000
    + 2007-08-13 23:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
    + 2008-01-15 00:24:05 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
    + 2008-01-15 00:24:05 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2008-01-15 00:24:05 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    + 2007-12-26 19:11:29 45,056 ----a-r C:\WINDOWS\Installer\{D1696920-9794-4BBC-8A30-7A88763DE5A2}\_BB86BFE89996_4EB5_B387_B4EF975DFF29.exe
    - 2007-11-11 05:32:48 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
    + 2008-01-14 21:59:26 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
    - 2007-11-11 05:32:49 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
    + 2008-01-14 21:59:26 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
    - 2007-11-11 05:32:48 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
    + 2008-01-14 21:59:26 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
    - 2007-11-11 05:32:49 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
    + 2008-01-14 21:59:26 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
    - 2007-11-07 23:23:07 102,400 ----a-r C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe
    + 2007-11-27 19:45:08 102,400 ----a-r C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe
    + 2006-06-03 11:40:49 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
    + 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
    - 2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
    + 2000-08-31 13:00:00 51,200 ----a-w C:\WINDOWS\NirCmd.exe
    + 2007-03-29 14:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
    + 2006-10-05 21:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
    + 2005-06-03 19:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
    + 2003-08-01 16:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
    + 2005-05-20 18:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
    + 2007-11-12 14:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll
    + 2006-02-16 23:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
    + 2005-10-25 23:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
    + 2007-11-26 16:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
    + 2004-05-04 20:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
    + 2006-07-14 18:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
    + 2006-04-10 15:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
    + 2006-02-14 18:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
    + 2006-02-16 23:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
    + 2006-10-05 21:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
    + 2007-06-04 16:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll
    + 2006-06-30 19:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
    + 2004-02-04 19:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
    + 2007-10-30 15:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll
    + 2006-08-01 18:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
    + 2007-11-21 15:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
    + 2007-10-31 18:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
    + 2006-08-17 16:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
    + 2006-09-04 16:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
    + 2006-08-18 13:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
    + 2007-03-26 19:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
    + 2006-08-09 15:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
    + 2006-07-19 15:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
    + 2006-01-20 21:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
    + 2006-05-17 14:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
    + 2006-08-16 15:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
    + 2006-06-30 19:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
    + 2006-08-17 19:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
    + 2006-08-08 18:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
    + 2006-08-18 13:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
    + 2006-08-18 13:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
    + 2007-10-18 14:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll
    + 2007-11-23 19:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll
    + 2007-10-18 14:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll
    + 2007-10-30 16:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll
    + 2007-08-22 13:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll
    + 2007-11-12 20:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll
    + 2007-08-22 13:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll
    + 2007-08-22 13:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll
    + 2007-10-04 20:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll
    + 2007-10-23 16:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll
    + 2007-05-24 16:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll
    + 2007-04-18 22:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
    + 2007-01-22 19:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
    + 2007-06-08 14:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys
    + 2007-06-05 15:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys
    + 1997-09-18 11:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
    + 2006-02-28 22:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
    + 2007-09-17 14:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll
    - 2004-08-04 10:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
    + 2007-08-13 23:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
    - 2004-08-04 10:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
    + 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    + 2006-08-02 17:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
    - 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
    + 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
    - 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2007-10-11 05:57:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
    - 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
    + 2007-10-11 05:57:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
    + 2007-08-13 23:39:20 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
    + 2007-10-10 23:55:51 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    - 2007-08-22 12:55:28 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    + 2007-10-11 05:57:29 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    - 2007-08-22 12:55:29 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2007-10-11 05:57:29 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2007-08-13 23:42:54 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
    - 2004-09-15 17:28:08 28,672 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
    + 2007-08-13 23:54:10 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
    - 2007-08-22 12:55:30 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
    + 2007-10-11 05:57:30 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
    - 2007-08-22 12:55:30 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2007-08-13 23:35:46 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2007-08-22 12:55:31 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2007-10-10 23:55:51 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2007-08-22 12:55:31 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2007-10-10 23:55:51 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2007-08-13 23:18:02 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
    + 2007-10-10 10:59:40 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    + 2007-10-10 23:55:51 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    + 2007-10-10 23:55:51 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    + 2007-10-10 05:46:55 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    + 2007-10-10 23:55:52 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    - 2007-08-21 10:19:39 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2007-08-13 23:44:02 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2007-08-13 23:45:18 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
    - 2007-08-22 12:55:32 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2007-08-13 23:54:10 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2007-10-10 23:55:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    + 2007-08-13 23:39:12 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
    + 2007-10-10 10:59:52 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    + 2007-08-13 23:36:06 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
    - 2007-08-22 12:55:32 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2007-08-13 23:39:02 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    - 2006-05-18 05:24:25 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2007-08-13 23:38:04 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
    - 2007-08-22 12:55:32 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2007-10-10 23:55:56 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2007-08-13 23:44:18 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
    - 2006-08-17 12:28:27 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
    + 2007-11-07 09:26:56 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
    + 2007-08-13 23:32:30 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
    - 2007-08-22 12:55:36 3,064,832 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2007-10-31 10:12:30 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2007-08-22 12:55:37 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2007-10-10 23:55:58 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2007-08-13 23:01:12 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
    + 2007-08-13 23:54:10 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
    - 2007-08-22 12:55:37 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2007-10-10 23:55:58 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2007-08-22 12:55:38 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2007-10-10 23:55:59 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2007-10-10 23:55:59 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    - 2007-08-22 12:55:38 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2007-08-13 23:36:12 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2007-10-29 22:43:03 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    - 2007-08-22 12:55:40 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    + 2007-10-11 05:57:39 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    - 2006-12-19 21:52:18 8,453,632 ------w C:\WINDOWS\system32\dllcache\shell32.dll
    + 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    - 2007-08-22 12:55:41 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2007-10-11 05:57:40 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    - 2006-04-20 11:51:50 359,808 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
    + 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
    + 2007-10-10 23:55:59 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    - 2007-08-22 12:55:43 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2007-10-10 23:56:00 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2004-08-04 02:58:46 15,104 ----a-w C:\WINDOWS\system32\dllcache\usbscan.sys
    + 2004-08-04 03:58:46 15,104 ----a-w C:\WINDOWS\system32\dllcache\usbscan.sys
    + 2007-08-13 23:54:10 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
    - 2007-06-26 15:13:22 851,968 ------w C:\WINDOWS\system32\dllcache\vgx.dll
    + 2007-07-12 23:31:54 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
    + 2007-10-10 23:56:00 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    + 2001-08-18 03:36:34 87,040 ----a-w C:\WINDOWS\system32\dllcache\wiafbdrv.dll
    - 2007-08-22 12:55:44 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2007-10-10 23:56:00 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    - 2006-10-19 02:47:18 222,208 ----a-w C:\WINDOWS\system32\dllcache\WMASF.dll
    + 2007-10-27 22:40:30 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    - 2005-08-10 22:11:36 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    + 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    - 2004-08-04 02:58:46 15,104 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys
    + 2004-08-04 03:58:46 15,104 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys
    - 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2007-08-13 23:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2007-10-10 23:55:51 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
    - 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2007-10-10 23:55:51 132,608 ------w C:\WINDOWS\system32\extmgr.dll
    + 2007-10-10 23:55:51 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    + 2006-06-29 13:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
    - 2004-08-04 10:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
    + 2007-10-10 10:59:40 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
    - 2004-08-04 10:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
    + 2007-10-10 23:55:51 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
    - 2004-08-04 10:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
    + 2007-10-10 23:55:51 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
    - 2004-08-04 10:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
    + 2007-10-10 05:46:55 161,792 ------w C:\WINDOWS\system32\ieakui.dll
    + 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
    + 2007-10-10 23:55:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    - 2004-08-04 10:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
    + 2007-10-10 23:55:52 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
    - 2004-08-04 10:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
    + 2007-08-13 23:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
    + 2007-10-10 23:55:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
    - 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
    + 2007-08-13 23:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
    - 2004-08-04 10:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
    + 2007-10-10 23:55:55 44,544 ------w C:\WINDOWS\system32\iernonce.dll
    + 2007-10-10 23:55:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    - 2004-08-04 10:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
    + 2007-08-13 23:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
    + 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
    + 2007-08-13 23:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
    - 2004-08-04 10:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
    + 2007-08-13 23:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
    - 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2007-08-13 23:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2001-01-19 07:50:20 40,960 ----a-w C:\WINDOWS\system32\INSTMON.EXE
    - 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2007-08-13 23:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
    - 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2007-10-10 23:55:56 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
    + 2004-05-24 18:26:00 198,144 ----a-w C:\WINDOWS\system32\LEX2KUSB.DLL
    + 2004-05-24 18:22:46 147,456 ----a-w C:\WINDOWS\system32\LEXBCE.DLL
    + 2004-05-24 18:23:38 311,296 ----a-w C:\WINDOWS\system32\LEXBCES.EXE
    + 2004-05-24 18:42:12 200,704 ----a-w C:\WINDOWS\system32\LEXLMPM.DLL
    + 2004-05-24 18:21:26 201,216 ----a-w C:\WINDOWS\system32\LEXP2P32.DLL
    + 2004-05-24 18:33:16 155,648 ----a-w C:\WINDOWS\system32\LEXPING.EXE
    + 2004-05-24 18:22:06 174,592 ----a-w C:\WINDOWS\system32\LEXPPS.EXE
    - 2004-08-04 10:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
    + 2007-08-13 23:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
    - 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
    + 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
    - 2007-04-13 19:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
    + 2008-01-14 22:03:27 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    + 2006-03-16 07:42:14 57,344 ----a-w C:\WINDOWS\system32\lxczcinf.dll
    + 2006-03-16 07:42:10 49,152 ----a-w C:\WINDOWS\system32\lxczcoin.dll
    + 2006-03-16 07:15:20 69,632 ----a-w C:\WINDOWS\system32\LXCZCU.DLL
    + 2006-03-16 07:07:16 90,112 ----a-w C:\WINDOWS\system32\LXCZCUR.DLL
    + 2006-01-12 04:32:48 983,107 ----a-w C:\WINDOWS\system32\LXCZGF.DLL
    + 2006-03-16 07:06:02 454,656 ----a-w C:\WINDOWS\system32\LXCZJSWR.DLL
    + 2006-03-16 06:54:44 73,728 ----a-w C:\WINDOWS\system32\lxczpwr.dll
    + 2006-03-16 07:42:12 69,632 ----a-w C:\WINDOWS\system32\lxczscin.dll
    + 2006-03-16 06:58:30 352,256 ----a-w C:\WINDOWS\system32\LXCZUTIL.DLL
    + 2002-11-13 07:40:22 40,960 ----a-w C:\WINDOWS\system32\lxczvs.dll
    - 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2007-10-10 23:55:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    + 2007-10-10 23:55:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    + 2007-08-13 23:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
    - 2004-08-04 10:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
    + 2007-08-13 23:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
    - 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2007-10-31 10:12:30 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2007-10-10 23:55:58 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
    - 2004-08-04 10:00:00 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
    + 2007-08-13 23:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
    - 2004-08-04 10:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
    + 2007-08-13 23:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
    - 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2007-10-10 23:55:58 193,024 ------w C:\WINDOWS\system32\msrating.dll
    - 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2007-10-10 23:55:59 671,232 ------w C:\WINDOWS\system32\mstime.dll
    + 2006-06-28 22:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
    + 2006-06-29 13:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
    - 2004-08-04 10:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
    + 2007-10-10 23:55:59 102,400 ------w C:\WINDOWS\system32\occache.dll
    - 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2007-08-13 23:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
    + 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
    - 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
    + 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
    - 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
    + 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
    - 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 1996-09-01 02:19:58 73,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HLP256.DLL
    + 2001-01-19 07:50:20 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\INSTMON.EXE
    + 2004-05-24 18:26:00 198,144 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LEX2KUSB.DLL
    + 2004-05-24 18:22:46 147,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXBCE.DLL
    + 2004-05-24 18:23:38 311,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXBCES.EXE
    + 2000-02-09 00:35:42 170,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lexdrvin.exe
    + 2006-03-16 07:37:20 430,080 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXEDF.DLL
    + 2002-05-09 06:25:40 24,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lexgo.EXE
    + 2004-05-24 18:42:12 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lexlmpm.dll
    + 2004-05-24 18:21:26 201,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXP2P32.DLL
    + 2004-05-24 18:33:16 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXPING.EXE
    + 2004-05-24 18:22:06 174,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXPPS.EXE
    + 2006-03-16 07:42:14 57,344 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxczcinf.dll
    + 2006-03-13 14:54:02 1,449,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZCLR1.DLL
    + 2006-03-13 14:54:04 1,449,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZCLR2.DLL
    + 2006-03-13 14:54:04 1,449,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZCLR3.DLL
    + 2006-03-13 14:54:04 344,064 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZCLR4.DLL
    + 2006-03-13 14:54:04 344,064 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZCLR5.DLL
    + 2006-03-13 14:54:04 634,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZCLR6.DLL
    + 2006-03-16 07:42:10 49,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxczcoin.dll
    + 2006-03-16 07:15:20 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZCU.DLL
    + 2006-03-16 07:07:16 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZCUR.DLL
    + 2006-03-16 07:39:12 87,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZDR5C.DLL
    + 2006-03-13 14:45:56 208,896 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZFC5C.DLL
    + 2006-01-12 04:32:48 983,107 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZGF.DLL
    + 2006-03-13 14:46:44 466,944 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZICUR.DLL
    + 2006-03-16 06:59:12 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZJSW.DLL
    + 2006-03-16 07:06:02 454,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZJSWR.DLL
    + 2006-01-17 07:45:24 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZJSWX.EXE
    + 2006-03-16 07:07:34 819,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZLPA.DLL
    + 2006-03-16 07:06:38 4,685,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZLPAR.DLL
    + 2006-01-19 04:33:38 78,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZPP5C.DLL
    + 2006-03-16 07:14:16 450,560 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZPRP.DLL
    + 2006-03-16 07:07:08 2,015,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZPRPR.DLL
    + 2006-03-16 07:09:36 307,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZPSW.DLL
    + 2006-03-16 07:06:54 655,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZPSWR.DLL
    + 2006-01-17 02:26:06 118,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZPSWX.EXE
    + 2006-03-16 06:54:44 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxczpwr.dll
    + 2002-04-23 07:29:04 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxczsk0.dll
    + 2001-04-20 06:48:38 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxczsk1.dll
    + 2001-03-28 06:57:02 245,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxczsk2.dll
    + 2006-03-16 07:40:10 859,136 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZSTRN.DLL
    + 2006-03-16 07:39:38 49,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUI5C.DLL
    + 2006-03-16 07:41:40 101,376 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUN5C.EXE
    + 2006-03-16 07:50:36 49,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUNRS.DLL
    + 2006-03-16 07:14:54 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUPD.DLL
    + 2006-03-16 07:07:26 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUPDR.DLL
    + 2006-03-16 06:58:30 352,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUTIL.DLL
    + 2002-11-13 07:40:22 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxczvs.dll
    + 2006-03-16 07:41:26 53,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxczweb.exe
    + 1998-10-06 14:12:54 152,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ptzipw32.dll
    + 2002-07-30 16:00:00 311,612 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\WAVS.EXE
    + 1996-09-01 02:19:58 73,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\HLP256.DLL
    + 2001-01-19 07:50:20 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\INSTMON.EXE
    + 2004-05-24 18:26:00 198,144 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LEX2KUSB.DLL
    + 2004-05-24 18:22:46 147,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LEXBCE.DLL
    + 2004-05-24 18:23:38 311,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LEXBCES.EXE
    + 2000-02-09 00:35:42 170,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lexdrvin.exe
    + 2006-03-16 07:37:20 430,080 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lexedf.dll
    + 2002-05-09 06:25:40 24,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lexgo.EXE
    + 2004-05-24 18:42:12 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lexlmpm.dll
    + 2004-05-24 18:21:26 201,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LEXP2P32.DLL
    + 2004-05-24 18:33:16 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LEXPING.EXE
    + 2004-05-24 18:22:06 174,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LEXPPS.EXE
    + 2006-03-16 07:42:14 57,344 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lxczcinf.dll
    + 2006-03-13 14:54:02 1,449,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZCLR1.DLL
    + 2006-03-13 14:54:04 1,449,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZCLR2.DLL
    + 2006-03-13 14:54:04 1,449,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZCLR3.DLL
    + 2006-03-13 14:54:04 344,064 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZCLR4.DLL
    + 2006-03-13 14:54:04 344,064 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZCLR5.DLL
    + 2006-03-13 14:54:04 634,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZCLR6.DLL
    + 2006-03-16 07:42:10 49,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lxczcoin.dll
    + 2006-03-16 07:15:20 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZCU.DLL
    + 2006-03-16 07:07:16 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZCUR.DLL
    + 2006-03-16 07:39:12 87,040 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZDR5C.DLL
    + 2006-03-13 14:45:56 208,896 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZFC5C.DLL
    + 2006-01-12 04:32:48 983,107 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZGF.DLL
    + 2006-03-13 14:46:44 466,944 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZICUR.DLL
    + 2006-03-16 06:59:12 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZJSW.DLL
    + 2006-03-16 07:06:02 454,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZJSWR.DLL
    + 2006-01-17 07:45:24 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZJSWX.EXE
    + 2006-03-16 07:07:34 819,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZLPA.DLL
    + 2006-03-16 07:06:38 4,685,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZLPAR.DLL
    + 2006-01-19 04:33:38 78,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZPP5C.DLL
    + 2006-03-16 07:14:16 450,560 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZPRP.DLL
    + 2006-03-16 07:07:08 2,015,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZPRPR.DLL
    + 2006-03-16 07:09:36 307,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZPSW.DLL
    + 2006-03-16 07:06:54 655,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZPSWR.DLL
    + 2006-01-17 02:26:06 118,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZPSWX.EXE
    + 2006-03-16 06:54:44 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lxczpwr.dll
    + 2002-04-23 07:29:04 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lxczsk0.dll
    + 2001-04-20 06:48:38 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lxczsk1.dll
    + 2001-03-28 06:57:02 245,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lxczsk2.dll
    + 2006-03-16 07:40:10 859,136 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZSTRN.DLL
    + 2006-03-16 07:39:38 49,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZUI5C.DLL
    + 2006-03-16 07:41:40 101,376 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZUN5C.EXE
    + 2006-03-16 07:50:36 49,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZUNRS.DLL
    + 2006-03-16 07:14:54 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZUPD.DLL
    + 2006-03-16 07:07:26 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZUPDR.DLL
    + 2006-03-16 06:58:30 352,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZUTIL.DLL
    + 2002-11-13 07:40:22 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lxczvs.dll
    + 2006-03-16 07:41:26 53,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lxczweb.exe
    + 1998-10-06 14:12:54 152,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\ptzipw32.dll
    + 2002-07-30 16:00:00 311,612 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\WAVS.EXE
    + 2006-01-19 04:33:38 78,336 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL
    - 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
    + 2000-08-31 13:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
    - 2006-11-29 22:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
    + 2000-08-31 13:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
    - 2006-12-01 10:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
    + 2000-08-31 13:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
    - 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    + 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
    - 2004-08-04 10:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
    + 2007-10-10 23:55:59 105,984 ----a-w C:\WINDOWS\system32\url.dll
    - 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2004-08-04 10:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
    + 2007-08-13 23:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
    - 2004-08-04 10:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
    + 2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
    - 2004-08-04 10:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
    + 2007-10-10 23:56:00 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
    + 2001-08-18 03:36:34 87,040 ----a-w C:\WINDOWS\system32\wiafbdrv.dll
    + 2007-08-13 23:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
    - 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    - 2006-10-19 02:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
    + 2007-10-27 22:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    + 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
    - 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2003-03-25 23:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
    - 1997-05-12 21:53:00 314,368 ----a-w C:\WINDOWS\uninst.exe
    + 1997-05-12 22:53:00 314,368 ----a-w C:\WINDOWS\uninst.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ----a-r 176,128 2005-10-07 18:13:38 C:\Program Files\Apoint\bak\Apoint.exe
    ----a-r 176,128 2005-10-07 18:13:38 C:\Program Files\Apoint\Apoint.exe

    ----a-w 49,152 2004-11-11 21:14:38 C:\Program Files\Brother\Brmfl04g\bak\BrStDvPt.exe

    ----a-w 864,256 2004-11-12 02:00:04 C:\Program Files\Brother\ControlCenter2\bak\brctrcen.exe

    ----a-w 50,736 2006-09-26 00:52:48 C:\Program Files\Common Files\AOL\1187549251\ee\bak\AOLSoftware.exe

    ----a-r 71,216 2006-10-23 12:50:37 C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe

    ----a-w 81,920 2004-07-27 21:50:18 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

    ----a-w 221,184 2004-07-27 21:50:42 C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

    ----a-w 180,269 2005-08-12 18:37:54 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

    ----a-r 155,648 2003-10-14 14:22:30 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe

    ----a-w 52,896 2006-07-19 23:26:04 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
    ----a-w 52,896 2006-07-20 00:26:04 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    ----a-w 53,248 2005-02-23 21:19:56 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

    ----a-w 290,816 2004-04-12 01:15:14 C:\Program Files\Dell\Media Experience\bak\PCMService.exe

    ----a-w 606,208 2005-03-04 16:26:08 C:\Program Files\Dell\QuickSet\bak\quickset.exe

    ----a-w 460,784 2007-03-15 15:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

    ----a-w 49,152 2005-09-24 04:08:54 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe

    ----a-w 385,024 2004-10-30 19:59:54 C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe

    ----a-w 267,064 2007-09-26 18:42:04 C:\Program Files\iTunes\bak\iTunesHelper.exe
    ----a-w 267,048 2007-11-02 23:36:42 C:\Program Files\iTunes\iTunesHelper.exe

    ----a-w 32,881 2003-11-19 22:48:14 C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe

    ----a-w 11,776 2005-03-12 11:25:00 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe

    ----a-w 286,720 2007-06-29 10:24:52 C:\Program Files\QuickTime\bak\qttask.exe
    ----a-w 286,720 2007-10-20 01:16:26 C:\Program Files\QuickTime\QTTask.exe

    ----a-w 40,960 2004-04-14 19:04:12 C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe

    ----a-w 57,393 2004-04-14 18:46:50 C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe

    ----a-w 125,168 2006-09-28 00:33:44 C:\Program Files\Symantec AntiVirus\bak\VPTray.exe
    ----a-w 125,168 2006-09-28 01:33:44 C:\Program Files\Symantec AntiVirus\VPTray.exe

    ----a-w 126,976 2005-02-15 20:02:56 C:\WINDOWS\system32\bak\hkcmd.exe

    ----a-w 155,648 2005-02-15 20:02:58 C:\WINDOWS\system32\bak\igfxtray.exe

    ----a-w 127,035 2004-12-06 06:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NWTRAY"="NWTRAY.EXE" [2002-03-12 10:37 28672 C:\WINDOWS\system32\nwtray.exe]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13 176128]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 05:00 158208]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "CompatibleRUPSecurity"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Susan Grunewald^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
    path=C:\Documents and Settings\Susan Grunewald\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
    backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Susan Grunewald^Start Menu^Programs^Startup^Office Startup.lnk]
    path=C:\Documents and Settings\Susan Grunewald\Start Menu\Programs\Startup\Office Startup.lnk
    backup=C:\WINDOWS\pss\Office Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    -ra------ 2005-10-07 13:13 176128 C:\Program Files\Apoint\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b40f279e]
    C:\WINDOWS\system32\bybgpblk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb73c1402]
    C:\WINDOWS\system32\pmwxvsji.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    --a------ 2006-07-19 19:26 52896 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-11-02 18:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
    --a------ 2006-03-16 02:07 57344 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    --a------ 2007-11-13 15:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    --a------ 2006-09-27 20:33 125168 C:\PROGRA~1\SYMANT~1\VPTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WLANKEEPER"=2 (0x2)
    "WANMiniportService"=2 (0x2)
    "SPBBCSvc"=2 (0x2)
    "SavRoam"=2 (0x2)
    "S24EventMonitor"=2 (0x2)
    "RegSrvc"=2 (0x2)
    "Pml Driver HPZ12"=2 (0x2)
    "NICCONFIGSVC"=2 (0x2)
    "IDriverT"=3 (0x3)
    "gusvc"=2 (0x2)
    "EvtEng"=2 (0x2)
    "DSBrokerService"=3 (0x3)
    "cusrvc"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "aawservice"=2 (0x2)
    "HP Status Server"=3 (0x3)
    "HP Port Resolver"=3 (0x3)
    "SymWSC"=2 (0x2)
    "Symantec AntiVirus"=2 (0x2)
    "SNDSrvc"=3 (0x3)
    "DefWatch"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "LexBceS"=2 (0x2)
    "iPod Service"=3 (0x3)

    S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
    S3 nenum13E;nenum13E;C:\DOCUME~1\SUSANG~1\LOCALS~1\Temp\nenum13E.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0144e26-771a-11db-99d7-00038a000015}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-04 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
    - C:\Program Files\AdwareAlert\AdwareAlert.ex
    - C:\Program Files\AdwareAlert
    "2007-12-05 22:44:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-14 20:47:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-14 20:49:45 - machine was rebooted [Susan Grunewald]
    ComboFix-quarantined-files.txt 2008-01-15 01:49:40
    ComboFix2.txt 2007-11-14 18:23:58
    ComboFix3.txt 2007-11-13 18:14:59
    .
    2008-01-14 20:51:00 --- E O F ---




    Hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 8:51:11 PM, on 1/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\NWTRAY.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Susan Grunewald\Desktop\New Folder\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lafayette.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\P

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi


    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:
    File::
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\bybgpblk.dll 
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b40f279e] 
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb73c1402] 
    
    DirLook::
    C:\WINDOWS\system32\edcA01 
    C:\Temp\Ryuan1
    Save this as "CFScript.txt"

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -