Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security Cleanup » Always get redirected after clicking link in google
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean Rules ·Site IMs ·VundoFix ·Zlob/Smitfraud ·MonaRonaDona
HJT Log »
« HJT LOG - PC sends out massive random emails, locks up!  

bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL

4 edits

Re: Always get redirected after clicking link in google

1. Delete Combofix.exe from your Desktop.
Download it again from my original links.

Then create a new CFScript.txt file. Your log above shows that the CFScript.txt file you created above was empty.
The contents of that log should match exactly the Code box contents.
Then drag and drop CFScript.txt onto Combofix again to run it, just as pictured.

2. Please double-click OTMoveIt2.exe to run the utility.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window.
IMPORTANT -- Paste only into the bottom input panel (under the Yellow bar), The top panel will not help you.
Right-click and choose Paste.

Click the red Moveit button.
This will not be quick. I am asking it to scan your entire Drive C twice.
When it has finished, use your mouse and do a Copy/Paste of the large right-hand panel that shows Results.
Save your Clipboard contents in a new Notepad file, as we will want to review these results later.
Close OTMoveIt2 when it has finished.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

3. Eset NOD32 scanner
Go here to run an online scannner from ESET: »www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is also Checked.
• Click Scan.
• Wait for the scan to finish.
• :!: Re-enable your Anvirisus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. We will need this later.

Post back to the Forum the contents of C:\Combofix.txt, and the ESET log results: C:\Program Files\EsetOnlineScanner\log.txt.
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

permalink · 2008-04-19 20:16:06 · Print · Reply to this

Siko
Premium
join:2006-11-27
Mechanicsburg, PA
clubs:
·Dish Network
·Verizon Online DSL

Re: Always get redirected after clicking link in google

I'm just going to make my ComboFix Log 3 pages long.. 65k limit..

ComboFix 08-04-20.1 - Murlin Wei 2008-04-20 14:39:17.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1158 [GMT -4:00]
Running from: C:\Users\Murlin Wei\Desktop\ComboFix.exe
Command switches used :: C:\Users\Murlin Wei\Desktop\CFscript.txt

FILE ::
C:\Windows\System32\entrnd.exe
C:\Windows\Temp\~osCD95.tmp\ossproxy.exe
C:\Windows\Temp\~osCD95.tmp\ossproxy.exe.rvt
.

((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.

2008-04-18 18:53 . 2008-04-18 18:53 d-------- C:\Windows\BirdsEyeView
2008-04-18 16:42 . 2008-04-18 16:42 d--hs---- C:\Windows\ftpcache
2008-04-18 15:11 . 2008-04-18 15:11 66,936 --ahs---- C:\Windows\dlinfo_0.drv
2008-04-18 15:10 . 2008-04-18 15:10 86,528 --a------ C:\Windows\bnetunin.exe
2008-04-18 15:10 . 2008-04-18 15:10 61,440 --a------ C:\Windows\diabunin.exe
2008-04-16 20:23 . 2008-04-16 20:23 d-------- C:\Program Files\FSFDT
2008-04-16 18:35 . 2008-04-16 18:35 d-------- C:\Program Files\Sun
2008-04-16 17:59 . 2008-04-16 18:00 d-------- C:\Users\Murlin Wei\.SunDownloadManager
2008-04-16 16:38 . 2008-04-16 16:39 d-------- C:\Fs Sky World 2004
2008-04-16 16:29 . 2008-04-16 16:29 d-------- C:\Program Files\TrueGrass
2008-04-14 20:56 . 2008-04-14 20:56 d-------- C:\Program Files\Lovett Software
2008-04-14 20:48 . 2008-04-15 20:56 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{ef70cd4c-0a82-11dd-8ed8-0019211aa092}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 20:48 . 2008-04-20 14:41 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{ef70cd4c-0a82-11dd-8ed8-0019211aa092}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 20:48 . 2008-04-15 20:56 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{ef70cd4e-0a82-11dd-8ed8-0019211aa092}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 20:48 . 2008-04-20 14:41 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{ef70cd4e-0a82-11dd-8ed8-0019211aa092}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 20:48 . 2008-04-15 20:56 524,288 --ahs---- C:\Users\Murlin Wei\NTUSER.DAT{ef70cd50-0a82-11dd-8ed8-0019211aa092}.TMContainer00000000000000000002.regtrans-ms
2008-04-14 20:48 . 2008-04-20 14:41 524,288 --ahs---- C:\Users\Murlin Wei\NTUSER.DAT{ef70cd50-0a82-11dd-8ed8-0019211aa092}.TMContainer00000000000000000001.regtrans-ms
2008-04-14 20:48 . 2008-04-20 14:41 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{ef70cd4c-0a82-11dd-8ed8-0019211aa092}.TM.blf
2008-04-14 20:48 . 2008-04-20 14:41 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{ef70cd4e-0a82-11dd-8ed8-0019211aa092}.TM.blf
2008-04-14 20:48 . 2008-04-20 14:41 65,536 --ahs---- C:\Users\Murlin Wei\NTUSER.DAT{ef70cd50-0a82-11dd-8ed8-0019211aa092}.TM.blf
2008-04-14 20:33 . 2008-04-14 20:40 d-------- C:\Windows\$regcmp$
2008-04-14 20:22 . 2008-04-14 20:22 d-------- C:\Program Files\Raxco
2008-04-14 17:31 . 2008-04-14 17:31 d-------- C:\Users\Murlin Wei\AppData\Roaming\Ashampoo
2008-04-14 17:29 . 2008-04-14 17:29 d-------- C:\Users\All Users\ashampoo
2008-04-14 17:29 . 2008-04-14 17:29 d-------- C:\ProgramData\ashampoo
2008-04-14 17:29 . 2008-04-14 17:29 d-------- C:\Program Files\vso
2008-04-14 17:29 . 2008-04-14 17:29 d-------- C:\Program Files\Ashampoo
2008-04-13 18:34 . 2008-04-16 20:07 d-------- C:\Program Files\AI Traffic Mover
2008-04-12 21:36 . 2008-04-12 21:36 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-04-12 21:36 . 2008-04-12 21:36 d-------- C:\Program Files\Registry Clean Expert
2008-04-12 21:24 . 2008-04-12 21:24 45 --a------ C:\Windows\System32\initdebug.nfo
2008-04-12 21:20 . 2008-04-12 21:20 d-------- C:\Program Files\VS Revo Group
2008-04-12 15:45 . 1999-01-12 10:55 192,272 --a------ C:\Windows\System32\MCI32.OCX
2008-04-12 15:31 . 2008-04-12 15:31 73,216 --a------ C:\Windows\ST6UNST.EXE
2008-04-11 20:43 . 2008-04-11 20:44 d-------- C:\Users\Murlin Wei\AppData\Roaming\SecondLife
2008-04-10 22:04 . 2008-04-10 22:04 d-------- C:\Program Files\SAS
2008-04-08 21:06 . 2008-04-08 21:12 d-------- C:\Program Files\Folding@Home
2008-04-08 21:06 . 2002-04-18 18:50 73,728 --a------ C:\Windows\System32\GkSui18.EXE
2008-04-08 21:06 . 2002-01-16 03:27 69,632 --a------ C:\Windows\System32\Copy of GkSui18.EXE
2008-04-08 16:54 . 2008-02-21 22:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-08 16:54 . 2008-02-22 01:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-08 16:53 . 2008-02-29 00:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-06 19:44 . 2008-04-06 19:44 d-------- C:\Users\Murlin Wei\AppData\Roaming\Malwarebytes
2008-04-06 19:44 . 2008-04-06 19:44 d-------- C:\Users\All Users\Malwarebytes
2008-04-06 19:44 . 2008-04-06 19:44 d-------- C:\ProgramData\Malwarebytes
2008-04-06 19:31 . 2008-04-06 19:31 d-------- C:\_OTMoveIt
2008-04-06 19:10 . 2008-04-06 19:10 d-------- C:\Program Files\Azureus
2008-04-06 10:00 . 2008-04-12 19:07 d-------- C:\Users\Murlin Wei\AppData\Roaming\Azureus
2008-04-06 10:00 . 2008-04-06 10:00 d-------- C:\Users\All Users\Azureus
2008-04-06 10:00 . 2008-04-06 10:00 d-------- C:\ProgramData\Azureus
2008-04-06 08:03 . 2008-04-18 15:45 178 --a------ C:\megaScenery.ini
2008-04-05 19:34 . 2008-04-06 08:06 d-------- C:\Users\Murlin Wei\AppData\Roaming\AVG7
2008-04-05 19:33 . 2008-04-05 19:33 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-04-05 14:50 . 2008-04-12 21:31 d-------- C:\Program Files\COMODO
2008-04-05 14:45 . 2008-04-06 08:06 d-------- C:\Users\All Users\Avg7
2008-04-05 14:45 . 2008-04-06 08:06 d-------- C:\ProgramData\Avg7
2008-04-05 09:07 . 2007-02-22 22:19 172,032 --a------ C:\Windows\System32\igfxres.dll
2008-04-05 09:03 . 2008-04-05 09:03 d-------- C:\Intel
2008-04-05 09:03 . 2006-12-13 03:17 3,276,800 --a------ C:\Windows\System32\igfxress.dll
2008-04-05 09:03 . 2006-12-13 03:16 212,992 --a------ C:\Windows\System32\igfxdev.dll
2008-04-05 09:03 . 2007-02-22 23:44 204,800 --a------ C:\Windows\System32\igfxCoIn_v1214.dll
2008-04-05 09:03 . 2006-12-13 03:16 196,608 --a------ C:\Windows\System32\igfxsrvc.exe
2008-04-05 09:03 . 2006-12-13 03:16 155,648 --a------ C:\Windows\System32\igfxpph.dll
2008-04-04 21:01 . 2008-04-04 21:01 d-------- C:\Users\Murlin Wei\AppData\Roaming\Apple Computer
2008-04-04 21:01 . 2008-04-04 21:01 d-------- C:\Users\All Users\Apple Computer
2008-04-04 21:01 . 2008-04-04 21:01 d-------- C:\ProgramData\Apple Computer
2008-04-04 21:01 . 2008-04-04 21:01 d-------- C:\Program Files\QuickTime
2008-04-04 21:01 . 2008-04-04 21:01 d-------- C:\Program Files\iPod
2008-04-04 21:01 . 2008-04-20 06:55 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-04 21:01 . 2008-04-04 21:01 1,409 --a------ C:\Windows\QTFont.for
2008-04-04 21:00 . 2008-04-04 21:00 d-------- C:\Users\All Users\Apple
2008-04-04 21:00 . 2008-04-04 21:00 d-------- C:\ProgramData\Apple
2008-04-04 21:00 . 2008-04-04 21:00 d-------- C:\Program Files\Common Files\Apple
2008-04-04 21:00 . 2008-04-04 21:00 d-------- C:\Program Files\Apple Software Update
2008-04-04 20:39 . 2008-04-04 20:39 d-------- C:\Program Files\Real
2008-04-04 20:39 . 2008-04-04 20:39 d-------- C:\Program Files\Common Files\xing shared
2008-04-04 20:39 . 2008-04-04 20:39 d-------- C:\Program Files\Common Files\Real
2008-04-04 15:31 . 2008-04-04 15:31 d-------- C:\Users\Murlin Wei\AppData\Roaming\Microsoft Game Studios
2008-04-02 19:26 . 2008-04-02 19:26 41,296 --a------ C:\Windows\System32\xfcodec.dll
2008-03-31 17:00 . 2008-03-31 17:00 d-------- C:\Users\Murlin Wei\AppData\Roaming\InstallShield
2008-03-29 17:45 . 2008-03-29 17:45 d-------- C:\Program Files\Ken Salter
2008-03-29 16:23 . 2008-03-29 16:23 d-------- C:\Users\Murlin Wei\AppData\Roaming\Ethereal
2008-03-29 16:21 . 2008-03-29 16:21 d-------- C:\Temp
2008-03-29 16:21 . 2008-03-29 16:21 d-------- C:\Program Files\Ethereal
2008-03-29 16:21 . 2008-03-29 16:21 d-------- C:\Program Files\AirSnare
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-03-27 18:33 . 2008-03-27 18:33 1,024 --a------ C:\Windows\utraffic1.lic
2008-03-26 16:50 . 2008-03-26 16:50 1,107 --a------ C:\Windows\mozver.dat
2008-03-25 18:20 . 2008-03-25 18:20 d-------- C:\Windows\System32\Adobe
2008-03-24 21:04 . 2008-03-24 21:04 d-------- C:\Program Files\7-Zip
2008-03-23 20:33 . 2008-03-23 20:33 2,048 --a------ C:\Windows\atr72-500.lic
2008-03-23 18:44 . 2008-03-23 18:44 d-------- C:\Program Files\Dragonfly
2008-03-23 07:47 . 2008-04-14 20:15 d-------- C:\Windows\Lhsp
2008-03-22 16:27 . 2008-03-22 16:27 d-------- C:\Program Files\XviD
2008-03-22 16:26 . 2008-03-25 16:58 d-------- C:\Program Files\Common Files\GC Install
2008-03-22 14:57 . 2008-04-20 14:30 d-------- C:\Users\Murlin Wei\AppData\Roaming\SiteAdvisor
2008-03-22 14:57 . 2008-03-22 14:57 d-------- C:\Users\All Users\SiteAdvisor
2008-03-22 14:57 . 2008-03-22 14:57 d-------- C:\Users\All Users\McAfee
2008-03-22 14:57 . 2008-03-22 14:57 d-------- C:\ProgramData\SiteAdvisor
2008-03-22 14:57 . 2008-03-22 14:57 d-------- C:\ProgramData\McAfee
2008-03-22 14:20 . 2008-04-12 21:32 d-------- C:\Users\All Users\Adobe
2008-03-22 13:55 . 1997-11-19 15:49 303,616 --a------ C:\Windows\IsUninst.exe
2008-03-22 13:54 . 2008-03-22 13:54 2,048 --a------ C:\Windows\dfa36.lic
2008-03-22 07:49 . 2008-03-22 07:51 3,675 --a------ C:\Windows\aitt.ini
2008-03-21 16:29 . 2008-03-21 16:37 d-------- C:\Users\All Users\Lavasoft
2008-03-21 16:29 . 2008-03-21 16:37 d-------- C:\ProgramData\Lavasoft
2008-03-21 15:51 . 2008-03-21 15:51 d-------- C:\Users\Murlin Wei\AppData\Roaming\Grisoft
2008-03-21 15:51 . 2007-05-30 08:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-21 09:49 . 2008-04-05 08:59 d-------- C:\Program Files\Realtek
2008-03-21 09:49 . 2006-09-12 00:34 499,712 --a------ C:\Windows\RtlExUpd.dll
2008-03-20 15:40 . 2008-03-20 15:40 d-------- C:\Users\Murlin Wei\{aa0d5936-10b8-4d4e-b491-2ffd51f2ccbe}
2008-03-20 15:15 . 2008-03-20 15:15 dr-h----- C:\MSOCache
permalink · 2008-04-21 15:13:52 · Print · Reply to this

Siko
Premium
join:2006-11-27
Mechanicsburg, PA
clubs:
·Dish Network
·Verizon Online DSL

Re: Always get redirected after clicking link in google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 15:41 737,280 ----a-w C:\Windows\iun6002.exe
2008-04-20 10:46 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\uTorrent
2008-04-19 18:51 --------- d---a-w C:\ProgramData\TEMP
2008-04-19 15:17 --------- d-----w C:\ProgramData\Xfire
2008-04-18 22:22 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\Xfire
2008-04-18 21:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 20:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-16 22:35 --------- d-----w C:\Program Files\Java
2008-04-15 00:18 --------- d-----w C:\Program Files\SwiftSwitch
2008-04-13 22:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 18:44 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-08 21:22 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 19:32 --------- d-----w C:\Program Files\Xfire
2008-04-07 22:27 179,034,213 ----a-w C:\Windows\DUMP449a.tmp
2008-04-06 17:17 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-05 23:33 --------- d-----w C:\ProgramData\Grisoft
2008-04-05 12:59 319,984 ----a-w C:\Windows\DIFxAPI.dll
2008-04-04 22:16 --------- d-----w C:\ProgramData\eMule
2008-03-30 22:54 --------- d-----w C:\Program Files\IEPro
2008-03-29 20:21 --------- d-----w C:\Program Files\WinPcap
2008-03-29 17:25 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\Winamp
2008-03-23 19:04 1,392,304 ----a-w C:\Windows\System32\AutoPartNt.exe
2008-03-23 19:01 114,048 ----a-w C:\Windows\system32\drivers\snapman.sys
2008-03-23 19:01 --------- d-----w C:\Program Files\Common Files\Acronis
2008-03-23 19:01 --------- d-----w C:\Program Files\Acronis
2008-03-22 18:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-22 16:54 --------- d-----w C:\Program Files\FS Real Time
2008-03-21 20:33 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-03-20 01:20 174 --sha-w C:\Program Files\desktop.ini
2008-03-20 01:15 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-20 01:15 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-20 01:15 --------- d-----w C:\Program Files\Windows Defender
2008-03-20 01:15 --------- d-----w C:\Program Files\Windows Calendar
2008-03-20 01:05 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-20 01:05 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-20 00:17 --------- d-----w C:\Program Files\Microsoft Games
2008-03-19 00:26 155,648 ----a-w C:\Windows\System32\libssl32.dll
2008-03-18 22:32 286,720 ----a-w C:\Windows\iun506.exe
2008-03-17 19:34 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\eMule
2008-03-16 18:03 --------- d-----w C:\ProgramData\Ubisoft
2008-03-16 18:03 --------- d-----w C:\Program Files\Microsoft Speech SDK 5.1
2008-03-16 18:03 --------- d-----w C:\Program Files\IL2 Sturmovik
2008-03-16 18:03 --------- d-----w C:\Program Files\IL-2 Sturmovik Forgotten Battles
2008-03-15 11:21 176,937 ----a-w C:\Windows\Sky Environment Ultra FS9 Uninstaller.exe
2008-03-13 20:36 --------- d-----w C:\Program Files\Bevelstone Production
2008-03-13 19:11 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-13 19:09 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-13 00:41 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-12 20:48 --------- d-----w C:\Program Files\DocPad
2008-03-12 20:48 --------- d-----w C:\Program Files\Common Files\System-G
2008-03-09 22:11 --------- d-----w C:\Program Files\Trend Micro
2008-03-06 21:25 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\NPLUTO Corporation
2008-03-05 21:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 21:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 21:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 20:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 20:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-03-02 19:32 --------- d-----w C:\ProgramData\SwiftSwitch
2008-03-02 16:09 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\Ventrilo
2008-03-02 12:12 --------- d-----w C:\Program Files\FSFlyingSchool
2008-03-02 02:32 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\HiFi
2008-03-01 19:37 --------- d-----w C:\Program Files\FOC 2003
2008-02-29 20:20 --------- d-----w C:\Program Files\Runtime Software
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 00:23 --------- d-----w C:\Program Files\Recuva
2008-02-28 23:43 1,910 ----a-w C:\Windows\System32\tmp.reg
2008-02-28 21:55 --------- d-----w C:\Users\Murlin Wei\AppData\Roaming\SUPERAntiSpyware.com
2008-02-28 21:55 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-02-28 15:45 230,152 ----a-w C:\Windows\System32\PDBoot.exe
2008-02-27 00:10 --------- d-----w C:\Program Files\RegSeeker
2008-02-26 23:34 --------- d-----w C:\Program Files\Shockwave 3D Lights Redux for FS9
2008-02-24 12:35 --------- d-----w C:\Program Files\DivX
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 02:45 --------- d-----w C:\Program Files\SquawkBox3
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-19 01:58 316,768 ----a-w C:\Windows\System32\sayax.dll
2008-02-17 18:10 202,149 ----a-w C:\Windows\Water Details FS 2004 Uninstaller.exe
2008-02-11 15:55 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1437.dll
2008-02-11 15:34 29,932 ----a-w C:\Windows\System32\igmedcompkrn.bin
2008-02-11 15:34 2,215,364 ----a-w C:\Windows\System32\igklg400.bin
2008-02-11 15:34 1,971,732 ----a-w C:\Windows\System32\igklg450.bin
2008-02-10 17:11 543 ----a-w C:\Program Files\INSTALL.LOG
2008-02-06 04:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll
2008-01-29 16:02 107,368 ----a-w C:\Windows\System32\GEARAspi.dll
1998-09-25 18:16 270,848 ----a-w C:\Program Files\UNWISE.EXE
2008-01-18 00:12 90 --sh--w C:\Windows\cnerolf.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-06_19.39.55.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 19:32:08 98,678 ----a-w C:\Windows\.jagex_cache_32\loginapplet\cache-1965029828.dat
+ 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
+ 2008-04-18 22:53:25 472,064 ----a-w C:\Windows\BirdsEyeView\uninstall.exe
+ 2008-01-05 11:23:07 2,048 ----a-w C:\Windows\Boot\DVD\PCAT\etfsboot.com
- 2008-04-06 23:37:39 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-20 18:42:37 67,584 --s-a-w C:\Windows\bootstat.dat
- 2007-05-08 22:01:12 208,896 ----a-w C:\Windows\CMDLIC.DLL
+ 2007-05-08 21:01:12 208,896 ----a-w C:\Windows\CMDLIC.DLL
- 2008-01-14 20:40:30 925,696 ----a-w C:\Windows\Downloaded Program Files\ijjistarter2.exe
+ 2008-04-16 01:03:16 925,696 ----a-w C:\Windows\Downloaded Program Files\ijjistarter2.exe
- 2008-03-20 01:13:36 665,600 ----a-w C:\Windows\inf\drvindex.dat
+ 2008-04-08 21:22:53 665,600 ----a-w C:\Windows\inf\drvindex.dat
- 2008-04-05 23:54:01 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-04-08 21:22:56 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-04-05 23:54:01 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-04-08 21:22:56 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-04-05 23:54:01 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-04-08 21:22:53 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-04-09 20:09:11 2,816 ----a-r C:\Windows\Installer\{1B588991-22A6-408B-88C2-1DC9769C59A3}\controlPanelIcon.exe
- 2008-03-08 01:41:14 7,406 ----a-r C:\Windows\Installer\{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}\ARPPRODUCTICON.exe
+ 2008-04-15 00:22:32 7,406 ----a-r C:\Windows\Installer\{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}\ARPPRODUCTICON.exe
- 2008-03-08 01:41:14 7,406 ----a-r C:\Windows\Installer\{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}\DesktopStartPD9_2B6EC03E6FA04D7C9CCE1B03819AB613.exe
+ 2008-04-15 00:22:32 7,406 ----a-r C:\Windows\Installer\{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}\DesktopStartPD9_2B6EC03E6FA04D7C9CCE1B03819AB613.exe
- 2008-03-08 01:41:14 7,406 ----a-r C:\Windows\Installer\{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}\MenuStartPD9_2B6EC03E6FA04D7C9CCE1B03819AB613.exe
+ 2008-04-15 00:22:32 7,406 ----a-r C:\Windows\Installer\{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}\MenuStartPD9_2B6EC03E6FA04D7C9CCE1B03819AB613.exe
- 2008-03-20 19:17:17 12,288 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-08 21:02:15 12,288 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-20 19:17:17 135,168 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-08 21:02:15 135,168 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-20 19:17:17 11,264 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-08 21:02:15 11,264 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-20 19:17:17 27,136 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-08 21:02:15 27,136 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-20 19:17:17 4,096 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-08 21:02:15 4,096 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-20 19:17:17 794,624 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-08 21:02:15 794,624 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-20 19:17:17 249,856 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-08 21:02:15 249,856 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-20 19:17:17 23,040 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-08 21:02:16 23,040 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-20 19:17:17 286,720 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-08 21:02:15 286,720 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-20 19:17:17 409,600 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-08 21:02:15 409,600 ----a-r C:\Windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-09 19:16:08 2,816 ----a-r C:\Windows\Installer\{98297A57-368B-4FC3-A236-5BDEBB0C3702}\controlPanelIcon.exe
+ 2008-03-16 18:03:51 2,238 ----a-r C:\Windows\Installer\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}\coffee.exe
+ 2008-03-16 18:03:51 2,238 ----a-r C:\Windows\Installer\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}\dictpad.exe
+ 2008-03-16 18:03:51 2,238 ----a-r C:\Windows\Installer\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}\simpledict.exe
+ 2008-03-16 18:03:51 2,238 ----a-r C:\Windows\Installer\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}\simpletelephony.exe
+ 2008-03-16 18:03:51 2,238 ----a-r C:\Windows\Installer\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}\talkback.exe
- 2008-03-22 18:20:25 295,606 ----a-r C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2008-04-13 01:32:56 295,606 ----a-r C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2008-04-09 19:14:53 2,816 ----a-r C:\Windows\Installer\{EEDEB067-83FC-42AE-9BD5-62116F63D9F1}\controlPanelIcon.exe
+ 2008-01-19 07:31:57 2,560 ----a-w C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2006-11-02 12:36:02 2,560 ----a-w C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
+ 2006-11-02 08:12:29 2,048 ----a-w C:\Windows\MSAgent\AgtUI.dll
- 2008-03-01 23:55:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-16 22:35:17 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-01 23:55:07 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-16 22:35:17 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-06 23:17:13 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-20 17:55:29 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-01 23:55:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-16 22:35:17 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-06 23:37:49 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-20 18:42:55 151,552 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-04-06 23:33:53 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-20 18:38:38 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-06 23:37:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-20 18:42:55 151,552 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 1999-01-12 14:55:34 71,680 ----a-w C:\Windows\ST5UNST.EXE
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\system\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\system\mouse.drv
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\system\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\system\vga.drv
+ 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\System32\acprgwiz.dll
+ 2006-11-02 12:35:57 2,048 ----a-w C:\Windows\System32\asferror.dll
- 2008-01-19 07:44:08 986,680 ----a-w C:\Windows\System32\Boot\winload.exe
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\System32\Boot\winload.exe
- 2008-01-19 07:44:06 926,776 ----a-w C:\Windows\System32\Boot\winresume.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\System32\Boot\winresume.exe
+ 2008-01-19 05:27:25 2,560 ----a-w C:\Windows\System32\bootstr.dll
+ 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\System32\bridgeres.dll
- 2008-04-05 18:57:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-16 21:58:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-05 18:57:03 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-16 21:58:10 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-05 18:57:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-16 21:58:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-06 23:34:10 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-04-20 18:39:11 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-19 05:49:54 2,048 ----a-w C:\Windows\System32\dmdskres2.dll
- 2008-01-10 03:00:04 68,624 ----a-r C:\Windows\System32\drivers\DefragFS.sys
+ 2008-01-10 02:00:04 68,624 ----a-r C:\Windows\System32\drivers\DefragFS.sys
+ 2006-11-02 08:27:54 2,048 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnca001.inf_92fbd03f\I386\CNBPGR02.DLL
+ 2006-11-02 09:41:10 2,560 ----a-w C:\Windows\System32\DriverStore\FileRepository\prndc001.inf_79bb12be\I386\DICONRES.DLL
+ 2006-09-18 21:40:29 1,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE11.DAT
+ 2006-09-18 21:40:29 1,778 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE12.DAT
+ 2006-09-18 21:40:29 1,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE16.DAT
+ 2006-09-18 21:40:29 1,992 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE2J.DAT
+ 2006-09-18 21:40:29 1,948 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE2K.DAT
+ 2006-09-18 21:40:29 2,128 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE2M.DAT
+ 2006-09-18 21:40:29 2,398 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3N.DAT
+ 2006-09-18 21:40:29 1,976 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3O.DAT
+ 2006-09-18 21:40:29 1,764 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3P.DAT
+ 2006-09-18 21:40:29 2,398 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3Q.DAT
+ 2006-09-18 21:40:29 2,618 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3T.DAT
+ 2006-09-18 21:40:29 2,188 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE3V.DAT
+ 2006-09-18 21:40:29 2,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE4A.DAT
+ 2006-09-18 21:40:29 2,632 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE4D.DAT
+ 2006-09-18 21:40:30 2,496 ----a-w C:\Windows\System32\DriverStore\FileRepository\prnep001.inf_f0a9a372\I386\EPNDDE4S.DAT
- 2008-04-02 01:30:13 1,622,616 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-04-08 21:24:47 1,622,616 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2007-11-21 18:47:42 81,920 ----a-w C:\Windows\System32\frapsvid.dll
+ 2008-01-14 12:15:42 81,920 ----a-w C:\Windows\System32\frapsvid.dll
+ 1996-04-03 19:33:26 5,248 ----a-w C:\Windows\System32\giveio.sys
+ 2006-11-02 09:39:39 2,048 ----a-w C:\Windows\System32\iologmsg.dll
- 2008-02-22 05:23:35 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-03-25 05:28:39 135,168 ----a-w C:\Windows\System32\java.exe
- 2008-02-22 05:23:39 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-03-25 05:28:43 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2008-02-22 06:33:32 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-03-25 06:37:01 139,264 ----a-w C:\Windows\System32\javaws.exe
- 2008-01-19 07:34:35 28,160 ----a-w C:\Windows\System32\jsproxy.dll
+ 2008-02-22 04:58:23 28,160 ----a-w C:\Windows\System32\jsproxy.dll
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\System32\keyboard.drv
+ 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\System32\lltdres.dll
+ 2006-11-02 12:35:51 2,048 ----a-w C:\Windows\System32\mferror.dll
- 2008-01-19 07:36:55 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
+ 2008-02-22 05:01:41 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\System32\mouse.drv
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\Windows\System32\mrt.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\Windows\System32\mrt.exe
- 2008-01-19 07:34:59 3,578,368 ----a-w C:\Windows\System32\mshtml.dll
+ 2008-02-22 04:59:30 3,578,368 ----a-w C:\Windows\System32\mshtml.dll
+ 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\System32\msimsg.dll
+ 2006-11-02 07:18:28 2,048 ----a-w C:\Windows\System32\msprivs.dll
- 2008-01-19 07:35:13 671,232 ----a-w C:\Windows\System32\mstime.dll
+ 2008-02-22 04:59:51 671,232 ----a-w C:\Windows\System32\mstime.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\System32\msxml3r.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\System32\msxml6r.dll
+ 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\System32\neth.dll
+ 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\System32\netmsg.dll
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\bench_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\house_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\System32\networklist\icons\StockIcons\office_24.bin
+ 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\System32\normaliz.dll
+ 2006-11-02 07:08:53 2,048 ----a-w C:\Windows\System32\oleaccrc.dll
- 2008-04-06 18:06:50 108,178 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-19 18:47:06 108,178 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-06 18:06:50 629,252 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-19 18:47:06 629,252 ----a-w C:\Windows\System32\perfh009.dat
+ 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\System32\redir.exe
+ 2006-11-02 09:43:00 2,560 ----a-w C:\Windows\System32\rnr20.dll
+ 2006-11-02 12:34:48 2,048 ----a-w C:\Windows\System32\SampleRes.dll
- 2002-11-21 00:09:00 24,576 ----a-w C:\Windows\System32\SmartSubClass.dll
+ 2002-11-20 22:09:00 24,576 ----a-w C:\Windows\System32\SmartSubClass.dll
- 2008-04-04 19:42:55 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-04-17 01:03:47 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\System32\sound.drv
+ 2005-06-15 14:55:53 4,096 ----a-w C:\Windows\System32\speedfan.sys
+ 2006-11-02 06:58:59 2,048 ----a-w C:\Windows\System32\tzres.dll
- 2008-01-19 07:36:46 1,165,824 ----a-w C:\Windows\System32\urlmon.dll
+ 2008-02-22 05:01:33 1,166,336 ----a-w C:\Windows\System32\urlmon.dll
+ 1999-01-12 14:55:36 29,696 ----a-w C:\Windows\System32\VB5StKit.dll
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\System32\vga.drv
+ 1999-12-07 10:00:00 162,064 ----a-w C:\Windows\System32\vtext.dll
+ 2006-11-02 07:15:27 2,048 ----a-w C:\Windows\System32\wbem\WmiApRes.dll
- 2008-04-06 18:04:09 8,110 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2738104663-2755392700-2221383480-1000_UserData.bin
+ 2008-04-08 19:34:09 8,516 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2738104663-2755392700-2221383480-1000_UserData.bin
- 2008-04-06 18:04:08 59,130 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-08 19:34:08 59,504 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-06 18:04:06 28,992 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-12 23:11:21 31,128 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\System32\WINSOCK.DLL
+ 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\System32\WINSPOOL.EXE
+ 2006-11-02 12:35:54 2,048 ----a-w C:\Windows\System32\wmerror.dll
+ 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\System32\WOWDEB.EXE
+ 2008-01-19 05:39:36 1,536 ----a-w C:\Windows\System32\WsmCl.dll
+ 1999-12-07 10:00:00 193,808 ----a-w C:\Windows\System32\xlisten.dll
+ 1999-12-07 10:00:00 184,080 ----a-w C:\Windows\System32\xvoice.dll
- 2007-11-26 15:38:46 238,848 ----a-w C:\Windows\UNBOC.EXE
+ 2007-11-26 14:38:46 238,848 ----a-w C:\Windows\UNBOC.EXE
- 2008-04-04 19:24:04 106,963,463 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-04-16 21:57:54 118,101,081 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\AcRes.dll
+ 2008-02-12 23:38:30 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16633_none_0a1e8a9df53b7ab4\AcRes.dll
+ 2008-02-12 23:38:30 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20762_none_0a86b75b0e7254fa\AcRes.dll
+ 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18000_none_0c223829f24c6bcd\AcRes.dll
+ 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6000.16386_none_92936507ab8702dd\acprgwiz.dll
+ 2006-11-02 07:11:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6001.18000_none_94ca2703a87213b1\acprgwiz.dll
+ 2008-02-21 04:43:34 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16643_none_a9bce801f5c7b8c8\advpack.dll
+ 2008-02-22 04:48:31 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20777_none_aa2a16310efa11c1\advpack.dll
+ 2006-11-02 08:12:29 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-agent0409_31bf3856ad364e35_6.0.6000.16386_none_cba6dc9d9ccc4898\AgtUI.dll
+ 2006-11-02 06:56:11 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-strings_31bf3856ad364e35_6.0.6000.16386_none_f64b4db1100349a8\bootstr.dll
+ 2008-01-19 05:27:25 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-strings_31bf3856ad364e35_6.0.6001.18000_none_f8820fad0cee5a7c\bootstr.dll
+ 2008-02-29 06:53:29 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\setbcdlocale.dll
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winresume.exe
+ 2008-02-29 06:37:41 46,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\setbcdlocale.dll
+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe
+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winresume.exe
+ 2008-01-05 11:23:07 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..onment-dvd-etfsboot_31bf3856ad364e35_6.0.6001.18000_none_827be8b16a696de9\etfsboot.com
+ 2008-02-29 06:51:24 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.16646_none_61bfda98f6d6f5d5\kd1394.dll
+ 2008-02-29 06:54:17 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.20782_none_621a368c1018a007\kd1394.dll
+ 2008-02-29 07:14:21 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.18027_none_63bcb960f3ec683b\kd1394.dll
+ 2008-02-29 06:57:07 19,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6001.22125_none_644455980d0bd557\kd1394.dll
+ 2008-02-14 23:19:24 944,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe
+ 2008-02-12 23:40:30 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winresume.exe
+ 2008-02-14 23:13:10 944,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe
+ 2008-02-12 23:40:30 905,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winresume.exe
+ 2008-02-29 07:11:54 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe
+ 2008-02-29 07:11:56 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winresume.exe
+ 2008-02-29 07:02:42 988,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe
+ 2008-02-29 07:02:41 927,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winresume.exe
+ 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6000.16386_none_1525f574c2807ea3\netmsg.dll
+ 2006-11-02 09:41:17 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6001.18000_none_175cb770bf6b8f77\netmsg.dll
+ 2008-02-19 05:10:22 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.16642_none_9e68737c07b7f5c7\ci.dll
+ 2008-02-19 04:54:56 620,088 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.20775_none_9ed4a16120eb3569\ci.dll
+ 2008-02-22 05:05:52 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18023_none_a065524404cd682d\ci.dll
+ 2008-02-22 04:57:25 615,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.22120_none_a0ebee311dedbbf2\ci.dll
+ 2006-11-02 12:36:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6000.16386_none_b442caae9d1904a7\dfsrres.dll
+ 2006-11-02 12:36:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\dfsrres.dll
+ 2008-01-19 05:49:54 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6001.18000_none_0197b5b76fbd3f60\dmdskres2.dll
+ 2008-02-21 04:43:35 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16643_none_57702c844c48b643\gdi32.dll
+ 2008-02-22 04:49:18 296,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20777_none_57dd5ab3657b0f3c\gdi32.dll
+ 2008-02-22 04:57:23 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\gdi32.dll
+ 2008-02-22 04:48:18 295,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22120_none_59f2a6ef627f6317\gdi32.dll
+ 2008-02-21 04:43:38 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16643_none_ebb7f1b116609ec7\pngfilt.dll
+ 2008-02-22 04:51:42 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20777_none_ec251fe02f92f7c0\pngfilt.dll
+ 2008-02-21 04:43:41 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16643_none_b2d49a63d9c1162b\urlmon.dll
+ 2008-02-22 04:52:08 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20777_none_b341c892f2f36f24\urlmon.dll
+ 2008-02-22 05:01:33 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18023_none_b4d078e1d6d76f3a\urlmon.dll
+ 2008-02-22 04:52:15 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22120_none_b55714ceeff7c2ff\urlmon.dll
+ 2008-02-29 06:34:50 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.16646_none_ebb5eec692f230bc\f3ahvoas.dll
+ 2008-02-29 06:30:51 7,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_6.0.6000.20782_none_ec104ab9ac33daee\f3ahvoas.dll
+ 2008-02-21 04:43:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16643_none_deb7292c7f69d59a\mstime.dll
+ 2008-02-22 04:50:37 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20777_none_df24575b989c2e93\mstime.dll
+ 2008-02-22 04:59:51 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18023_none_e0b307aa7c802ea9\mstime.dll
+ 2008-02-22 04:50:26 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22120_none_e139a39795a0826e\mstime.dll
+ 2008-02-29 06:35:17 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.16646_none_dafbedd9168fe683\kbd106n.dll
+ 2008-02-29 06:31:23 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_6.0.6000.20782_none_db5649cc2fd190b5\kbd106n.dll
+ 2006-11-02 06:58:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16386_none_1310947a0ca7000f\tzres.dll
+ 2008-01-11 21:27:36 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16589_none_131399240ca44662\tzres.dll
+ 2008-01-11 21:27:36 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20712_none_13e1e543258f6e5b\tzres.dll
+ 2006-11-02 06:58:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18000_none_15475676099210e3\tzres.dll
+ 2008-02-21 04:43:36 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\jsproxy.dll
+ 2008-02-21 04:43:42 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
+ 2008-02-21 04:43:42 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\WininetPlugin.dll
+ 2008-02-22 04:49:41 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\jsproxy.dll
+ 2008-02-22 04:52:15 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
+ 2008-02-22 04:52:15 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\WininetPlugin.dll
+ 2008-02-22 04:58:23 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\jsproxy.dll
+ 2008-02-22 05:01:41 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
+ 2008-02-22 05:01:41 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\WininetPlugin.dll
+ 2008-02-22 04:49:22 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\jsproxy.dll
+ 2008-02-22 04:52:21 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
+ 2008-02-22 04:52:21 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\WininetPlugin.dll
+ 2008-02-12 23:36:10 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dat
+ 2008-02-21 04:43:35 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16643_none_f98398df6eb5b711\ieapfltr.dll
+ 2008-02-12 23:36:10 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dat
+ 2008-02-22 04:49:22 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20777_none_f9f0c70e87e8100a\ieapfltr.dll
+ 2008-02-21 04:43:35 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtmsft.dll
+ 2008-02-21 04:43:35 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16643_none_95b7d197849b3d3f\dxtrans.dll
+ 2008-02-22 04:49:00 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtmsft.dll
+ 2008-02-22 04:49:00 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20777_none_9624ffc69dcd9638\dxtrans.dll
+ 2008-02-21 04:43:36 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16643_none_461a6bef465befcc\mshtmled.dll
+ 2008-02-22 04:50:17 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20777_none_46879a1e5f8e48c5\mshtmled.dll
+ 2008-02-21 04:43:36 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll
+ 2008-02-22 04:50:17 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll
+ 2008-02-22 04:59:30 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll
+ 2008-02-22 04:50:05 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll
+ 2008-02-21 04:43:35 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16643_none_588d01ee673531fd\icardie.dll
+ 2008-02-22 04:49:21 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20777_none_58fa301d80678af6\icardie.dll
+ 2008-02-21 04:43:03 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\ieUnatt.exe
+ 2008-02-21 04:43:03 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
+ 2008-02-22 02:43:50 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\ieUnatt.exe
+ 2008-02-22 02:44:11 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
+ 2008-02-21 04:43:03 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\ie4uinit.exe
+ 2008-02-21 04:43:36 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iernonce.dll
+ 2008-02-21 04:43:36 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16643_none_c3c237ac61707446\iesetup.dll
+ 2008-02-22 02:43:42 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\ie4uinit.exe
+ 2008-02-22 04:49:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iernonce.dll
+ 2008-02-22 04:49:24 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20777_none_c42f65db7aa2cd3f\iesetup.dll
+ 2008-02-21 04:43:35 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16643_none_29e74e1c682049a3\iebrshim.dll
+ 2008-02-22 04:49:22 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20777_none_2a547c4b8152a29c\iebrshim.dll
+ 2008-02-21 04:43:35 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieframe.dll
+ 2008-02-21 04:43:36 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16643_none_6293ef27b1163421\ieui.dll
+ 2008-02-22 04:49:24 6,067,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieframe.dll
+ 2008-02-22 04:49:24 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20777_none_63011d56ca488d1a\ieui.dll
+ 2008-02-21 04:43:03 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16643_none_e68d5ba694998859\ieinstal.exe
+ 2008-02-22 02:44:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20777_none_e6fa89d5adcbe152\ieinstal.exe
+ 2008-02-21 04:43:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16643_none_0b3590c2d714480b\ieuser.exe
+ 2008-02-22 02:44:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20777_none_0ba2bef1f046a104\ieuser.exe
+ 2006-11-02 12:36:24 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6000.16386_none_7eea120bb51aecf6\iismui.dll
+ 2006-11-02 12:36:24 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.0.6001.18000_none_8120d407b205fdca\iismui.dll
+ 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6000.16386_none_0143bc2fb699ae2d\msimsg.dll
+ 2006-11-02 07:15:56 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e2bb384bf01\msimsg.dll
+ 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6000.16386_none_e773a28cdcd5ef62\normaliz.dll
+ 2006-11-02 08:33:06 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6001.18000_none_e9aa6488d9c10036\normaliz.dll
+ 2006-11-02 09:39:39 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iologgingdll_31bf3856ad364e35_6.0.6000.16386_none_b4a74430ff7bd85d\iologmsg.dll
+ 2006-11-02 07:18:28 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs_31bf3856ad364e35_6.0.6000.16386_none_09e22f167e7ac9b3\msprivs.dll
+ 2006-11-02 12:35:51 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16386_none_9a286d400fd699af\mferror.dll
+ 2006-11-02 12:35:51 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18000_none_9c5f2f3c0cc1aa83\mferror.dll
+ 2006-11-02 12:35:57 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.16386_none_a57f2ea4437cfc78\asferror.dll
+ 2008-01-12 00:33:31 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.16585_none_a57e3226437ddd6f\asferror.dll
+ 2008-01-12 00:33:31 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6000.20708_none_a66151155c57e6dd\asferror.dll
+ 2006-11-02 12:35:57 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmasf_31bf3856ad364e35_6.0.6001.18000_none_a7b5f0a040680d4c\asferror.dll
+ 2006-11-02 12:35:54 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmerror_31bf3856ad364e35_6.0.6000.16386_none_351e30f1ba0b5cbe\wmerror.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16386_none_86377e9e99eb1168\msxml3r.dll
+ 2008-01-12 00:35:37 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16500_none_8688000e99af9424\msxml3r.dll
+ 2008-01-12 00:35:37 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20613_none_8709cdcbb2d29be4\msxml3r.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18000_none_886e409a96d6223c\msxml3r.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16386_none_86373a4699eb5e4b\msxml6r.dll
+ 2008-01-12 00:32:03 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16472_none_863e0af099e6da25\msxml6r.dll
+ 2008-01-12 00:32:03 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20582_none_86bcd7cfb30c95e0\msxml6r.dll
+ 2006-11-02 09:41:09 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18000_none_886dfc4296d66f1f\msxml6r.dll
+ 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6000.16386_none_4ffb8f84758bff07\neth.dll
+ 2006-11-02 09:41:16 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6001.18000_none_5232518072770fdb\neth.dll
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\bench_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\house_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\office_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\bench_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\house_24.bin
+ 2006-09-19 11:41:49 2,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\office_24.bin
+ 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6000.16386_none_05b32edf092a8853\bridgeres.dll
+ 2006-11-02 07:38:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6001.18000_none_07e9f0db06159927\bridgeres.dll
+ 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6000.16386_none_cf1f3538fd925a7b\lltdres.dll
+ 2006-11-02 07:38:59 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6001.18000_none_d155f734fa7d6b4f\lltdres.dll
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\mouse.drv
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\vga.drv
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\mouse.drv
+ 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\redir.exe
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\vga.drv
+ 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
+ 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSPOOL.EXE
+ 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WOWDEB.EXE
+ 2006-11-02 07:10:15 2,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\keyboard.drv
+ 2006-11-02 07:10:18 2,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\mouse.drv
+ 2006-11-02 07:10:00 2,842 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\redir.exe
+ 2006-11-02 07:10:16 1,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\sound.drv
+ 2006-11-02 07:10:17 2,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\vga.drv
+ 2006-11-02 07:10:22 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
+ 2006-11-02 07:10:18 2,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSPOOL.EXE
+ 2006-11-02 07:10:27 2,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WOWDEB.EXE
+ 2008-03-17 22:43:16 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16660_none_f060fbf66e8469dc\OESpamFilter.dat
+ 2008-03-17 22:16:50 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20801_none_f12c7a798770787e\OESpamFilter.dat
+ 2008-03-17 22:18:52 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18040_none_f25cda746b9ac2eb\OESpamFilter.dat
+ 2008-03-17 22:17:41 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22144_none_f2ea786784b4c811\OESpamFilter.dat
+ 2006-11-02 07:08:53 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oleaccrc_31bf3856ad364e35_6.0.6000.16386_none_76f32d528a780cf2\oleaccrc.dll
+ 2006-11-02 12:34:48 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-photosamples_31bf3856ad364e35_6.0.6000.16386_none_95425ac284e42b43\SampleRes.dll
+ 2008-02-29 06:38:54 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\rstrui.exe
+ 2008-02-29 06:39:13 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srclient.dll
+ 2008-02-29 06:39:13 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srcore.dll
+ 2008-02-29 06:38:59 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.16646_none_44d4534db6337506\srdelayed.exe
+ 2008-02-29 04:05:40 313,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\rstrui.exe
+ 2008-02-29 06:33:44 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srclient.dll
+ 2008-02-29 06:33:44 371,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srcore.dll
+ 2008-02-29 04:05:32 16,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6000.20782_none_452eaf40cf751f38\srdelayed.exe
+ 2008-02-29 04:12:59 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\rstrui.exe
+ 2008-02-29 06:53:38 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srclient.dll
+ 2008-02-29 06:53:39 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srcore.dll
+ 2008-02-29 04:12:53 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.18027_none_46d13215b348e76c\srdelayed.exe
+ 2008-02-29 04:06:52 318,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\rstrui.exe
+ 2008-02-29 06:37:51 40,960 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srclient.dll
+ 2008-02-29 06:37:51 378,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srcore.dll
+ 2008-02-29 04:06:46 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.0.6001.22125_none_4758ce4ccc685488\srdelayed.exe
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penchs.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\pencht.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penjpn.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penkor.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penusa.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\pipres.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\skchobj.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\skchui.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penchs.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pencht.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penjpn.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penkor.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\penusa.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\pipres.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\skchobj.dll
+ 2006-11-02 07:39:56 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6001.18000_none_41f1cbcb89954931\skchui.dll
+ 2006-11-02 12:35:47 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6000.16386_none_3d7550f9c9692474\IPSEventLogMsg.dll
+ 2006-11-02 12:35:47 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.0.6001.18000_none_3fac12f5c6543548\IPSEventLogMsg.dll
+ 2006-11-02 12:35:47 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tabletpc-pentraining_31bf3856ad364e35_6.0.6000.16386_none_dfb8647a7b1e856b\PTRes.dll
+ 2006-11-02 12:35:43 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tabletpc-touchtraining_31bf3856ad364e35_6.0.6000.16386_none_c41ca1245ce8094b\TTRes.dll
+ 2008-01-19 05:39:36 1,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.0.6001.18000_none_ca65755fad07cc55\WsmCl.dll
+ 2008-02-29 04:16:38 2,027,008 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
+ 2008-02-29 04:14:24 2,028,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
+ 2008-02-29 04:21:49 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
+ 2008-02-29 04:15:56 2,032,128 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
+ 2006-11-02 09:43:00 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.0.6000.16386_none_e12e74ad149badfc\rnr20.dll
+ 2006-11-02 09:43:00 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.0.6001.18000_none_e36536a91186bed0\rnr20.dll
+ 2006-11-02 07:15:27 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6000.16386_none_b71d411922ad8f1f\WmiApRes.dll
+ 2006-11-02 07:15:27 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\WmiApRes.dll
+ 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smierrsm.dll
+ 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smierrsy.dll
+ 2006-11-02 12:35:25 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6000.16386_none_a884bc8dc9d4ada2\smimsgif.dll
+ 2008-01-19 05:39:14 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6001.18000_none_aabb7e89c6bfbe76\smierrsm.dll
+ 2008-01-19 05:39:16 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6001.18000_none_aabb7e89c6bfbe76\smierrsy.dll
+ 2008-01-19 05:39:17 2,048 ----a-w C:\Windows\winsxs\x86_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.0.6001.18000_none_aabb7e89c6bfbe76\smimsgif.dll
+ 2006-11-02 12:36:03 2,560 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6000.16386_none_76336ee89b768fbf\ServiceModelEvents.dll
+ 2008-01-19 07:31:57 2,560 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6001.18000_none_786a30e49861a093\ServiceModelEvents.dll
+ 2006-11-02 12:36:02 2,560 ----a-w C:\Windows\winsxs\x86_wcf-m_sm_ins_rc_dll_31bf3856ad364e35_6.0.6000.16386_none_c6c5835b4cd99252\ServiceModelInstallRC.dll
.
-- Snapshot reset to current date --
.
permalink · 2008-04-21 15:14:24 · Print · Reply to this

Siko
Premium
join:2006-11-27
Mechanicsburg, PA
clubs:
·Dish Network
·Verizon Online DSL

1 edit

Re: Always get redirected after clicking link in google

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 03:38 1008184]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-13 03:17 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-13 03:19 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-13 03:17 81920]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 08:47 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-04 20:39 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-05 19:33 219136]

C:\Users\Murlin Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-02 19:25:58 2987856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-04-05 19:33 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Users^Murlin Wei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Users\Murlin Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Murlin Wei^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI (RC1).lnk]
path=C:\Users\Murlin Wei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI (RC1).lnk
backup=C:\Windows\pss\Secunia PSI (RC1).lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-02-16 19:49 149024 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-02-16 19:57 1945960 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 12:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2006-12-13 03:19 106496 C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2006-12-13 03:17 98304 C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 H:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-12-13 03:17 81920 C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 20:05 200704 H:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rapget]
E:\Flight Simulator Software\rapget140\rapget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-12-01 00:37 4186112 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-04-06 13:17 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-04 20:39 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-02-16 19:45 1169776 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-19 03:36 2153472 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 03:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2738104663-2755392700-2221383480-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{61455193-5548-4882-BB4F-1FFC86E41172}C:\\ijji\\english\\u_skid.exe"= UDP:C:\ijji\english\u_skid.exe:
"UDP Query User{6099BF92-BFC5-416D-AEC6-DA00AFB25A65}C:\\ijji\\english\\u_skid.exe"= TCP:C:\ijji\english\u_skid.exe:
"TCP Query User{7E27783F-27CC-4E95-8A1E-47091E0453EF}K:\\program files\\driftcity\\driftcity.exe"= UDP:K:\program files\driftcity\driftcity.exe:DriftCity
"UDP Query User{68C2CEBB-F1D1-4589-A707-19610F1F7E77}K:\\program files\\driftcity\\driftcity.exe"= TCP:K:\program files\driftcity\driftcity.exe:DriftCity
"TCP Query User{FE38E010-F2C0-4967-83FD-96B25A3F5B30}C:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:C:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{19A69707-47F5-4ED8-A3D4-D983B5833183}C:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:C:\ijji\english\u_sf\soldierfront.exe:soldierfront
"TCP Query User{B66503DB-7D5D-4DE9-9921-A25C9F1EA5AB}H:\\program files\\driftcity\\driftcity.exe"= UDP:H:\program files\driftcity\driftcity.exe:DriftCity
"UDP Query User{14612DD0-8A9C-44A2-9B51-5491B5A88018}H:\\program files\\driftcity\\driftcity.exe"= TCP:H:\program files\driftcity\driftcity.exe:DriftCity
"TCP Query User{A8D6E0B6-86C5-4D81-9FDF-F0378CD75F37}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{5DC64609-489B-4CCD-8BDC-DA888571FCC7}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{17C23B69-DBF2-487A-A532-7D9ABF255A9E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{94906B86-E338-4979-ADE4-B4200BD59672}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{30964450-8A26-40BA-A03B-E0D17BDCC6BB}G:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:G:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"UDP Query User{426ADF18-258D-442E-B866-DE3813E88673}G:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:G:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"{0E586831-FC73-45B0-9F08-096BF0D40C38}"= UDP:80:80
"{34AD0E95-78FA-44A3-A14A-4A598E511536}"= TCP:80:80
"{28CEFC0F-00A3-4EAB-9D8B-9D64D7265705}"= UDP:6112:6112
"{991C1B7E-6DA8-49BB-9C14-B6C74730B50A}"= TCP:6112:6112
"{8A3679AF-CD19-4CE2-A038-9DE3E3E5A34B}"= UDP:54789:54789
"{8C63877E-7C19-4DA5-B287-AA6D0F8CFC28}"= TCP:54789:54789
"TCP Query User{58038DE4-2BB8-41E1-8189-030A5E823718}H:\\nexon\\maplestory\\patcher.exe"= UDP:H:\nexon\maplestory\patcher.exe:Patcher MFC ?? ????
"UDP Query User{41D9A998-FD0B-4C1B-A90E-B0F2BED2BFC4}H:\\nexon\\maplestory\\patcher.exe"= TCP:H:\nexon\maplestory\patcher.exe:Patcher MFC ?? ????
"TCP Query User{57B550CD-25EA-460B-AE48-681C32F87C39}H:\\nexon\\maplestory\\maplestory.exe"= UDP:H:\nexon\maplestory\maplestory.exe:MapleStory
"UDP Query User{609320D2-5ECE-4286-8362-B486263DA9E3}H:\\nexon\\maplestory\\maplestory.exe"= TCP:H:\nexon\maplestory\maplestory.exe:MapleStory
"TCP Query User{83AB73F7-1946-4300-A08C-DB73E9369C8F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{48ACEBD7-DC97-4FF2-BB6F-704618FB53B2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"1c9b3cdd-3bce-43a9-881b-5fb372fe469c"=
"TCP Query User{6A3FA9AA-E952-4D4D-8FD7-FC7ED8BD727F}H:\\program files\\america's army\\system\\armyops.exe"= UDP:H:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{BEB13D38-D94C-4F4C-9245-7E48245BFA1D}H:\\program files\\america's army\\system\\armyops.exe"= TCP:H:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{50F33169-380A-49AF-81BE-7C6E8C8C2451}C:\\windows\\system32\\dpnsvr.exe"= UDP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{DF0B00AF-395E-4FA4-B850-2BD9EF20F7ED}C:\\windows\\system32\\dpnsvr.exe"= TCP:C:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{5021BF18-01CD-4258-97B4-0C63DB4C1B7E}C:\\program files\\fsfdt\\control panel\\fsfdtcp.exe"= UDP:C:\program files\fsfdt\control panel\fsfdtcp.exe:FSFDT Control Panel
"UDP Query User{3DB1FC88-0596-4F01-A186-E39F227CE84D}C:\\program files\\fsfdt\\control panel\\fsfdtcp.exe"= TCP:C:\program files\fsfdt\control panel\fsfdtcp.exe:FSFDT Control Panel
"TCP Query User{1AB14382-F73F-48C9-B315-3EE9B8CB2694}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{17CAEFA6-0C1E-42AC-978B-C4A6CBAAC66B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"eb8b0e56-37ab-4db7-9f9e-1a1d6608d4e0"= %ProgramFiles%\FSFDT\FSInn UI\FSInnUI.exe:FSINN
"UDP Query User{D86A64A0-98DB-45F2-B30E-9C99810EA427}C:\\program files\\fsfdt\\fwinn\\fwinn.exe"= C:\program files\fsfdt\fwinn\fwinn.exe:FSInn Application
"TCP Query User{F3FF54FA-890C-4280-937A-E4B25DFDC64A}C:\\program files\\fsfdt\\fwinn\\fwinn.exe"= C:\program files\fsfdt\fwinn\fwinn.exe:FSInn Application
"5d038ed9-b69c-43ca-9e9d-361f03d7074d"= %ProgramFiles%\FSFDT\Control Panel\FSFDTCP.exe:FSUDCP
"09c2c1b0-5d17-4e76-8c53-65f0895ca6d1"= UDP:3782|LPort=3290|LPort=3783|LPort=6809:SQ
"3a769932-0d65-4226-8f87-9af21c6399fa"= TCP:3782|LPort=3290|LPort=3783|LPort=6809:SQ1
"7bda4004-dec1-4e68-ae03-4b18dca28327"= TCP:32062:FSINN
"TCP Query User{7BA25555-49F6-4C6F-A3BE-B1091A7CD7E6}C:\\program files\\swiftswitch\\swiftswitch.exe"= UDP:C:\program files\swiftswitch\swiftswitch.exe:Utility for RuneScape
"UDP Query User{F3D3B80D-3F35-4E98-BAE6-FFC8C8B398CB}C:\\program files\\swiftswitch\\swiftswitch.exe"= TCP:C:\program files\swiftswitch\swiftswitch.exe:Utility for RuneScape
"TCP Query User{2E3A70D7-0AC2-4254-B11B-0A2EC31E6D05}H:\\program files\\dragonfly\\special force\\specialforce.exe"= UDP:H:\program files\dragonfly\special force\specialforce.exe:SpecialForce
"UDP Query User{6137764F-CAE8-4517-AF49-6CB2607C5DB8}H:\\program files\\dragonfly\\special force\\specialforce.exe"= TCP:H:\program files\dragonfly\special force\specialforce.exe:SpecialForce
"TCP Query User{0D1EF090-833B-4967-9D45-EAF64C49861F}C:\\ijji\\english\\gunz\\gunz.exe"= UDP:C:\ijji\english\gunz\gunz.exe:Gunz
"UDP Query User{560CD26A-B4D8-4DD6-9AF8-BA438C3E071D}C:\\ijji\\english\\gunz\\gunz.exe"= TCP:C:\ijji\english\gunz\gunz.exe:Gunz
"TCP Query User{63EC054C-903B-40D8-A36F-D2F80B55FF3D}C:\\users\\murlin wei\\desktop\\fshost32\\fshost32.exe"= UDP:C:\users\murlin wei\desktop\fshost32\fshost32.exe:fshost32.exe
"UDP Query User{D8E76696-D62C-4EBD-8A08-5450B40122C9}C:\\users\\murlin wei\\desktop\\fshost32\\fshost32.exe"= TCP:C:\users\murlin wei\desktop\fshost32\fshost32.exe:fshost32.exe
"TCP Query User{854A4DB3-1DFB-4B87-A7E0-AEA6B9C0074B}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{A36A3890-68AE-4E2D-BC3B-FDAC339499B3}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{2D0919A8-6553-4CDF-A595-A46EF1D2F4D3}C:\\program files\\dragonfly\\special force\\specialforce.exe"= UDP:C:\program files\dragonfly\special force\specialforce.exe:specialforce
"UDP Query User{BC4A08A4-5B7E-4662-810F-1D9F1662B2AC}C:\\program files\\dragonfly\\special force\\specialforce.exe"= TCP:C:\program files\dragonfly\special force\specialforce.exe:specialforce
"{607558EF-6597-4863-8D25-F007069A2EC9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{46E5FDB3-D48D-4321-B224-C365CF959155}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9B21F62D-DF09-44A2-BD05-BC7EEE8742C9}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{68F77BA3-1444-44C8-AC53-D586A7FD787C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{48866029-02D4-420C-AF33-2058433DC7D9}"= UDP:H:\Program Files\iTunes\iTunes.exe:iTunes
"{AB169B2B-5F22-47D8-B596-C06720D2E476}"= TCP:H:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{37AFDF7F-9FEF-441B-B24D-75F2E325B8C7}H:\\program files\\azureus\\azureus.exe"= UDP:H:\program files\azureus\azureus.exe:Azureus
"UDP Query User{2414528D-9012-4CCF-B04D-4D7AC667B755}H:\\program files\\azureus\\azureus.exe"= TCP:H:\program files\azureus\azureus.exe:Azureus
"TCP Query User{9225565D-E33E-467E-9533-ED9B2675E3C6}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{9F98D73A-65DD-4D0E-B968-DC1D3C6EBAA6}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{BC712732-FEB9-4EDA-8C73-9FC226F9DB1A}H:\\program files\\counter-strike source\\hl2.exe"= UDP:H:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{57A7C5E6-CBE4-4652-AFEF-DCFD72CBE342}H:\\program files\\counter-strike source\\hl2.exe"= TCP:H:\program files\counter-strike source\hl2.exe:hl2
"TCP Query User{1DB411BF-E55D-4961-A89F-4494677D10B3}H:\\program files\\secondlife\\slvoice.exe"= UDP:H:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{27A63D2C-CAAE-42C6-A3F5-87CC36F583D3}H:\\program files\\secondlife\\slvoice.exe"= TCP:H:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{71DB6B6F-9435-4ED3-A6DB-D8EBC799C9E1}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{AD20223A-2548-4E8F-A6E3-8E0542F0F9A5}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer

R2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 16:22]
R2 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe" [2008-02-28 10:44]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 HPFXBULK;HPFXBULK;C:\Windows\system32\drivers\hpfxbulk.sys [2007-06-20 03:21]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-13 04:32]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 15:22]
R3 rxpvbus;Reality XP Avionics Bus Driver;C:\Windows\system32\DRIVERS\rxpvbus.sys [2005-11-04 09:35]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [2007-02-22 19:53]
S3 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe" [2008-02-29 14:08]
S3 PD91VMDefrag;PD91VMDefrag;"C:\Program Files\Raxco\PerfectDisk\PD91VMDefrag.exe" [2008-02-29 10:44]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2008-02-19 04:24]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 03:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\Setup\rsrc\autorun.exe
\shell\dinstall\command - I:\Directx\dxsetup.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-04-20 14:43:01
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Raxco\PerfectDisk\PD91AgentS1.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
.
**************************************************************************
.
Completion time: 2008-04-20 14:45:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 18:45:13
ComboFix2.txt 2008-04-08 19:33:44
ComboFix3.txt 2008-04-06 23:40:34

Pre-Run: 20,521,390,080 bytes free
Post-Run: 20,575,760,384 bytes free

846 --- E O F --- 2008-04-17 19:16:34
permalink · 2008-04-21 15:14:38 · Print · Reply to this

Siko
Premium
join:2006-11-27
Mechanicsburg, PA
clubs:
·Dish Network
·Verizon Online DSL

Re: Always get redirected after clicking link in google

Thanks for scanning through that, now here is my ESET log, it didn't find anything.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3041 (20080419)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=f94ebf675e76f444bc9bef3e67f7aa40
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-04-21 02:01:17
# local_time=2008-04-20 10:01:17 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.0.6001 NT Service Pack 1
# scanned=931132
# found=0
# scan_time=6361
permalink · 2008-04-21 15:15:26 · Print · Reply to this
Forums » Up and Running » Security » Security CleanupHJT Log »
« HJT LOG - PC sends out massive random emails, locks up!  

Tuesday, 08-Dec 17:21:16 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [191] Sprint Sued For Distracted Driving Death
· [81] 3G Network Test Says AT&T Is Tops
· [71] Mediacom Unveils 105 Mbps Pricing
· [49] The Future Of Wi-Fi Is Bright
· [49] Sprint Poised For A Turnaround?
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [42] Microwaving Your Innards Is Not 'Extreme'
· [39] Verizon LTE: 5-12 Mbps Downstream
· [35] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [17] Verizon Settles With NJ Over Misleading FiOS Marketing
Most people now reading
· Servers UP!!! [World of Warcraft]
· World of Warcraft Client Patch 3.3 (12-8-2009) [World of Warcraft]
· Triumph Emblems [World of Warcraft]
· World of Warcraft Client Patch 3.3.0 (12-08-2009) [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· 3.3 Out today [World of Warcraft]
· Google chief: Only miscreants worry about net privacy [Security]
· Holmes on Homes and HGTV in General [Home Repair & Improvement]
· Account Hacked With Authenticator [World of Warcraft]
· [TIVO] Problems with TIVO/CableCard in WNY (No Encrypted Channel [Verizon FIOS TV]