Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijackthis logje virus win32/cryptor

None
17 antwoorden
  • Goedemorgen!

    Ik heb al sinds ongeveer een maand last van het win 32 cryptor virus en het wordt steeds erger. Ik heb met verschillende anti virus en anti spyware programma's geprobeerd hem te verwijderen maar zonder resultaat.

    Mijn laptop is heel sloom geworden en ik krijg zelfs met firefox pop ups. Als ik internet explorer start krijg ik een melding van avg:

    multiple threat detection
    1. file name: C:\Windows\system32\gaopdxqcmoteby.dll
    threat name: Virus identified Win32/Cryptor
    Detected on open

    2. file name: C:\Windows\system32\gaopdxqcmoteby.dll
    threat name: Virus identified Win32/Cryptor

    bij de details staat:

    1. Process Name: C:\Program Files\Internet Explorer\iexplore.exe
    Process ID: 5796

    2. Process Name: C:\Program Files\Internet Explorer\iexplore.exe
    Process ID: 2556

    Dan klik ik op remove threats, en dan komt er te staan:
    Do you want to force the threat removal?
    Forced removal can cause system unstability or even crash

    Dan klik ik op yes

    Dan krijg ik dezelfde melding (do you want to force the threat removal) nog een keer en klik ik weer op yes

    en dan krijg ik de melding:

    Some files cannot be healed
    the action was interrupted by user.
    the action was interrupted by user.

    dan klik ik op ok en in het ergste geval loopt mijn laptop dan vast.

    Het is ook vreemd dat ik helemaal niets kan updaten. Ik heb malwarebytes anti malware wel gedraaid maar die kon ik niet updaten en die vond uiteindelijk ook niets.
    AVG kan al een hele tijd niet updaten
    Windows update kan niet updaten
    en ga zo maar door..

    Ik hoop dat jullie me kunnen helpen!

    Alvast bedankt!



    hijack this log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:50:56, on 3-3-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Windows\vVX3000.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Lexmark Z2400 Series\ezprint.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Z2400 Series\ezprint.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
    O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.hanze.nl
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe
    O23 - Service: lxdq_device - - C:\Windows\system32\lxdqcoms.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Windows\
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 7472 bytes
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:71d9871c46]R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = [/b:71d9871c46]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Download [b:71d9871c46]MalwareBytes' Anti-Malware[/color:71d9871c46][/b:71d9871c46] en sla het op je bureaublad op.
    Dubbelklik op [b:71d9871c46]mbam-setup.exe[/b:71d9871c46] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:71d9871c46]
    [*:71d9871c46]Update MalwareBytes' Anti-Malware
    [*:71d9871c46]Start MalwareBytes' Anti-Malware
    [/list:u:71d9871c46]Klik daarna op "[b:71d9871c46]Voltooien[/b:71d9871c46]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:71d9871c46]
    [*:71d9871c46]Zodra het programma gestart is, ga dan naar het tabblad "[b:71d9871c46]Instellingen[/b:71d9871c46]".
    [*:71d9871c46]Vink hier aan: "[b:71d9871c46]Sluit Internet Explorer tijdens verwijdering van malware[/b:71d9871c46]".
    [*:71d9871c46]Ga daarna naar het tabblad "[b:71d9871c46]Scanner[/b:71d9871c46]", kies hier voor "[b:71d9871c46]Snelle Scan[/b:71d9871c46]".
    [*:71d9871c46]Druk vervolgens op "[b:71d9871c46]Scannen[/b:71d9871c46]" om de scan te starten.
    [*:71d9871c46]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:71d9871c46]Wanneer de scan voltooid is, klik op [b:71d9871c46]OK[/b:71d9871c46], daarna "[b:71d9871c46]Bekijk Resultaten[/b:71d9871c46]" om de resultaten te zien.
    [*:71d9871c46]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:71d9871c46]Verwijder geselecteerde[/b:71d9871c46]".
    [*:71d9871c46]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:71d9871c46]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:71d9871c46]Logs[/b:71d9871c46]" tab te klikken in het programma.

    Plaats dit logje


    Download [b:71d9871c46]Combofix[/color:71d9871c46][/b:71d9871c46] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:71d9871c46]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:71d9871c46]download Combofix opnieuw[/b:71d9871c46].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:71d9871c46][/i:71d9871c46][list:71d9871c46][*:71d9871c46]Dubbelklik op [b:71d9871c46]Combofix.exe[/b:71d9871c46] om het te starten.
    [*:71d9871c46][i:71d9871c46]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:71d9871c46]
    [*:71d9871c46]Klik op [b:71d9871c46]OK[/b:71d9871c46] in het "NirCmd" venstertje.
    [*:71d9871c46]Klik na afloop terug op [b:71d9871c46]Ja[/b:71d9871c46] om het scannen op malware te starten.
    [*:71d9871c46]Tijdens het runnen van de fix, [b:71d9871c46]NIET[/b:71d9871c46] in het venster klikken, want dit zal je pc doen vasthangen.
    [*:71d9871c46]Wanneer de fix voltooid is en na herstart, zal de log [b:71d9871c46]Combofix.txt[/b:71d9871c46] openen.[/list:u:71d9871c46]Post dit logje in je volgende antwoord
  • Bedankt voor je reactie!

    Ik heb een snelle scan gedaan met hijack this en het bestand verwijderd.
    Daarna heb ik MalwareBytes' Anti-Malware gestart maar die wou niet updaten. Die heb ik alsnog laten scannen maar heeft niets gevonden.
    Dus toen maar de volgende stap. Combofix gedownload en gedraaid. Daarna moest de laptop opnieuw opgestart worden en was het probleem met de updates verholpen. Ik kon dus weer gewoon updaten! Dus MalwareBytes maar weer gestart, laten updaten en laten scannen.

    Combofix log:
    ComboFix 09-03-02.03 - ineke 2009-03-03 17:17:32.2 - NTFSx86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1043.18.1013.270 [GMT 1:00]
    Gestart vanuit: c:\users\ineke\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    c:\programdata\Microsoft\Windows\Start Menu\Programs\coolplay
    c:\recycler\S-5-9-98-100012474-100015992-100013571-5058.com
    c:\users\ineke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\coolplay
    c:\windows\system32\drivers\gaopdxtqxtixxr.sys
    c:\windows\system32\gaopdxqcmoteby.dll
    D:\Autorun.inf
    d:\recycler\S-5-9-98-100012474-100015992-100013571-5058.com
    G:\Autorun.inf
    g:\recycler\S-5-9-98-100012474-100015992-100013571-5058.com

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_gaopdxserv.sys


    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-03 to 2009-03-03 ))))))))))))))))))))))))))))))
    .

    2009-03-03 17:07 . 2009-03-03 17:07 <DIR> d——– C:\32788R22FWJFW
    2009-03-02 21:37 . 2009-03-02 21:37 <DIR> d——– c:\users\All Users\SUPERAntiSpyware.com
    2009-03-02 21:37 . 2009-03-02 21:37 <DIR> d——– c:\programdata\SUPERAntiSpyware.com
    2009-03-02 21:35 . 2009-03-02 21:35 <DIR> d——– c:\users\ineke\AppData\Roaming\SUPERAntiSpyware.com
    2009-03-02 21:35 . 2009-03-02 21:39 <DIR> d——– c:\program files\SUPERAntiSpyware
    2009-03-02 21:35 . 2009-03-02 21:35 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
    2009-03-02 21:24 . 2009-03-02 21:24 <DIR> d——– c:\users\All Users\NortonInstaller
    2009-03-02 21:24 . 2009-03-02 21:24 <DIR> d——– c:\programdata\NortonInstaller
    2009-02-23 09:57 . 2009-03-03 16:52 <DIR> d——– c:\users\All Users\Lx_cats
    2009-02-23 09:57 . 2009-03-03 16:52 <DIR> d——– c:\programdata\Lx_cats
    2009-02-23 09:56 . 2009-02-23 09:56 <DIR> d——– C:\logs
    2009-02-23 09:51 . 2007-10-10 22:40 348,160 –a—— c:\windows\System32\lxdqcoin.dll
    2009-02-23 09:51 . 2007-10-05 00:27 79,634 –a—— c:\windows\System32\lxdqprpr.chm
    2009-02-23 09:49 . 2009-02-23 09:49 <DIR> d——– c:\users\All Users\Ezprint
    2009-02-23 09:49 . 2009-02-23 09:49 <DIR> d——– c:\programdata\Ezprint
    2009-02-23 09:49 . 2009-02-23 09:49 <DIR> d——– c:\program files\Lexmark Toolbar
    2009-02-23 09:48 . 2009-03-03 17:15 <DIR> d——– c:\program files\Lexmark Z2400 Series
    2009-02-11 08:59 . 2009-02-11 08:59 <DIR> d——– c:\users\All Users\WindowsSearch
    2009-02-11 08:59 . 2009-02-11 08:59 <DIR> d——– c:\programdata\WindowsSearch

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-02 20:26 ——— d—–w c:\program files\Common Files\Symantec Shared
    2009-03-01 17:00 ——— d—–w c:\program files\Norton Security Scan
    2009-02-02 21:58 ——— d—–w c:\users\melle\AppData\Roaming\Malwarebytes
    2009-02-01 19:45 ——— d—–w c:\programdata\avg8
    2009-01-29 11:32 ——— d—–w c:\program files\Common Files\Macrovision Shared
    2009-01-29 11:30 ——— d—–w c:\program files\Common Files\Adobe
    2009-01-29 10:53 8 –sh–r c:\users\All Users\98E369380F.sys
    2009-01-29 10:53 8 –sh–r c:\programdata\98E369380F.sys
    2009-01-29 10:53 2,828 –sha-w c:\users\All Users\KGyGaAvL.sys
    2009-01-29 10:53 2,828 –sha-w c:\programdata\KGyGaAvL.sys
    2009-01-29 09:57 ——— d—–w c:\users\ineke\AppData\Roaming\InstallShield
    2009-01-26 19:23 ——— d—–w c:\users\ineke\AppData\Roaming\LimeWire
    2009-01-20 16:49 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-20 16:49 ——— d—–w c:\program files\LG PC Suite 2
    2009-01-16 02:04 ——— d—–w c:\programdata\Microsoft Help
    2009-01-14 15:11 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-14 15:11 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-01-14 02:04 ——— d—–w c:\program files\Windows Mail
    2009-01-05 22:33 3,751,995 —-a-w c:\windows\System32\GPhotos.scr
    2008-11-12 21:10 47,360 —-a-w c:\users\ineke\AppData\Roaming\pcouffin.sys
    2008-09-22 19:06 174 –sha-w c:\program files\desktop.ini
    2008-10-14 11:14 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-10-14 11:14 32,768 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-10-14 11:14 16,384 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-12_23.34.37.50 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-31 03:32:38 2,154,496 —-a-w c:\windows\AppPatch\AcGenral.dll
    + 2008-11-01 03:44:34 2,154,496 —-a-w c:\windows\AppPatch\AcGenral.dll
    - 2008-06-12 05:28:53 541,696 —-a-w c:\windows\AppPatch\AcLayers.dll
    + 2008-11-01 03:44:34 541,696 —-a-w c:\windows\AppPatch\AcLayers.dll
    - 2008-07-31 03:32:38 460,288 —-a-w c:\windows\AppPatch\AcSpecfc.dll
    + 2008-11-01 03:44:34 460,288 —-a-w c:\windows\AppPatch\AcSpecfc.dll
    - 2008-07-31 03:32:38 173,056 —-a-w c:\windows\AppPatch\AcXtrnal.dll
    + 2008-11-01 03:44:34 173,056 —-a-w c:\windows\AppPatch\AcXtrnal.dll
    - 2008-01-19 07:34:28 52,736 —-a-w c:\windows\AppPatch\iebrshim.dll
    + 2008-11-01 03:44:36 52,736 —-a-w c:\windows\AppPatch\iebrshim.dll
    + 2008-11-18 15:07:28 1,735,808 —-a-w c:\windows\Downloaded Program Files\JordanApplet.dll
    - 2008-01-19 07:33:10 2,927,104 —-a-w c:\windows\explorer.exe
    + 2008-10-29 06:29:41 2,927,104 —-a-w c:\windows\explorer.exe
    - 2008-10-22 18:31:19 86,016 —-a-w c:\windows\inf\infpub.dat
    + 2009-03-03 13:04:03 86,016 —-a-w c:\windows\inf\infpub.dat
    - 2008-10-22 18:31:14 86,016 —-a-w c:\windows\inf\infstor.dat
    + 2009-02-23 08:55:43 86,016 —-a-w c:\windows\inf\infstor.dat
    - 2008-10-22 18:31:18 143,360 —-a-w c:\windows\inf\infstrng.dat
    + 2009-03-03 13:04:03 143,360 —-a-w c:\windows\inf\infstrng.dat
    + 2009-01-29 10:43:46 22,486 —-a-r c:\windows\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\NewShortcut1.73D5A293_D496_4B44_B535_AA8F98088895.exe
    - 2008-10-17 05:37:00 1,165,584 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2009-01-16 02:03:56 1,165,584 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    - 2008-10-17 05:37:03 20,240 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    + 2009-01-16 02:03:59 20,240 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    - 2008-10-17 05:37:00 159,504 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2009-01-16 02:03:56 159,504 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    - 2008-10-17 05:37:01 184,080 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    + 2009-01-16 02:03:56 184,080 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    - 2008-10-17 05:37:02 217,864 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    + 2009-01-16 02:03:58 217,864 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    - 2008-10-17 05:37:03 18,704 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    + 2009-01-16 02:03:59 18,704 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    - 2008-10-17 05:37:04 35,088 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    + 2009-01-16 02:04:00 35,088 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-10-17 05:37:01 845,584 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    + 2009-01-16 02:03:57 845,584 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    - 2008-10-17 05:37:02 922,384 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    + 2009-01-16 02:03:58 922,384 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    - 2008-10-17 05:37:02 272,648 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    + 2009-01-16 02:03:58 272,648 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    - 2008-10-17 05:37:03 888,080 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    + 2009-01-16 02:04:00 888,080 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-10-17 05:37:00 1,172,240 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    + 2009-01-16 02:03:56 1,172,240 —-a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    - 2008-09-13 16:45:09 65,536 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\_27F1BFFE4F60_4177_B95C_DB1C4C8D5EBC.exe
    + 2008-12-15 06:30:39 65,536 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\_27F1BFFE4F60_4177_B95C_DB1C4C8D5EBC.exe
    - 2008-09-13 16:45:09 184,320 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\_6F86C768BA1C_4929_B046_90133E997010.exe
    + 2008-12-15 06:30:38 184,320 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\_6F86C768BA1C_4929_B046_90133E997010.exe
    - 2008-09-13 16:45:09 65,536 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\_E54CF72F3881_4142_9E57_682A12803835.exe
    + 2008-12-15 06:30:39 65,536 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\_E54CF72F3881_4142_9E57_682A12803835.exe
    - 2008-09-13 16:45:09 65,536 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\_F72B5EAC40E4_4D4E_B680_78805D4242E7.exe
    + 2008-12-15 06:30:38 65,536 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\_F72B5EAC40E4_4D4E_B680_78805D4242E7.exe
    - 2008-09-13 16:45:09 17,534 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\gtngstrtd.exe
    + 2008-12-15 06:30:39 17,534 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\gtngstrtd.exe
    - 2008-09-13 16:45:09 4,710 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\Win2Kico.exe
    + 2008-12-15 06:30:38 4,710 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\Win2Kico.exe
    - 2008-09-13 16:45:09 4,710 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\WSBico.exe
    + 2008-12-15 06:30:39 4,710 —-a-r c:\windows\Installer\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}\WSBico.exe
    + 2008-11-29 18:21:43 29,184 —-a-r c:\windows\Installer\{A6FFB28C-D49B-4538-B3A7-9783A5C771DD}\Icon3FADAA191.exe
    + 2009-03-02 20:36:11 34,304 —-a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
    + 1998-10-29 15:45:06 306,688 —-a-w c:\windows\IsUninst.exe
    - 2000-08-31 07:00:00 28,672 —-a-w c:\windows\NIRCMD.exe
    + 2000-08-31 07:00:00 29,696 —-a-w c:\windows\NIRCMD.exe
    - 2008-11-12 22:22:30 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-03-03 16:15:41 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-11-12 22:22:30 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-03-03 16:15:41 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-11-12 22:23:29 262,144 –sha-w c:\windows\ServiceProfiles\LocalService
    tuser.dat
    + 2009-03-03 16:23:30 262,144 –sha-w c:\windows\ServiceProfiles\LocalService
    tuser.dat
    - 2008-09-24 05:06:33 2,556,114 -c–a-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
    + 2008-12-15 20:40:51 2,556,114 -c–a-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
    - 2008-11-12 22:24:56 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService
    tuser.dat
    + 2009-03-03 16:23:24 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService
    tuser.dat
    + 2009-03-03 16:23:24 262,144 —ha-w c:\windows\ServiceProfiles\NetworkService
    tuser.dat.LOG1
    - 2008-07-18 20:08:20 72,256 ——w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
    + 2008-10-16 13:08:00 70,416 ——w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
    + 2008-12-05 21:52:44 114,688 —-a-w c:\windows\System32\Adobe\Director
    p32dsw.dll
    + 2008-12-05 22:01:24 202,168 —-a-w c:\windows\System32\Adobe\Director\SwDir.dll
    + 2008-12-05 22:01:42 67,000 —-a-w c:\windows\System32\Adobe\Director\SwDnld.exe
    + 2008-12-05 21:53:24 499,712 —-a-w c:\windows\System32\Adobe\Shockwave 11\Control.dll
    + 2008-12-05 21:33:38 1,798,144 —-a-w c:\windows\System32\Adobe\Shockwave 11\dirapi.dll
    + 2008-12-05 21:53:28 9,216 —-a-w c:\windows\System32\Adobe\Shockwave 11\DynaPlayer.dll
    + 2008-12-05 21:25:10 703,488 —-a-w c:\windows\System32\Adobe\Shockwave 11\gi.dll
    + 2008-12-05 21:25:12 1,145,896 —-a-w c:\windows\System32\Adobe\Shockwave 11\gt.exe
    + 2008-12-05 21:25:10 52,288 —-a-w c:\windows\System32\Adobe\Shockwave 11\gtapi.dll
    + 2008-12-05 21:29:48 892,928 —-a-w c:\windows\System32\Adobe\Shockwave 11\iml32.dll
    + 2008-11-04 08:41:22 54,656 —-a-w c:\windows\System32\Adobe\Shockwave 11\pccuapi.dll
    + 2008-12-05 21:52:04 266,240 —-a-w c:\windows\System32\Adobe\Shockwave 11\Plugin.dll
    + 2008-12-05 21:53:58 446,464 —-a-w c:\windows\System32\Adobe\Shockwave 11\Proj.dll
    + 2008-11-04 09:23:52 460,216 ——w c:\windows\System32\Adobe\Shockwave 11\SwHelper_1100470.exe
    + 2008-12-05 22:01:06 460,216 —-a-w c:\windows\System32\Adobe\Shockwave 11\SwHelper_1103471.exe
    + 2008-12-05 21:51:48 114,688 —-a-w c:\windows\System32\Adobe\Shockwave 11\SwInit.exe
    + 2008-12-05 21:51:46 94,208 —-a-w c:\windows\System32\Adobe\Shockwave 11\SwMenu.dll
    + 2008-12-05 21:25:10 58,736 —-a-w c:\windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL
    + 1999-06-25 09:55:30 149,504 —-a-w c:\windows\System32\Adobe\Shockwave 11\UNWISE.EXE
    - 2008-07-31 03:32:38 28,160 —-a-w c:\windows\System32\Apphlpdm.dll
    + 2008-11-01 03:44:34 28,672 —-a-w c:\windows\System32\Apphlpdm.dll
    - 2008-11-12 21:57:21 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-03-03 13:08:35 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-11-12 21:57:21 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-03-03 13:08:35 32,768 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-11-12 21:57:21 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-03-03 13:08:35 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-11-12 22:14:54 262,144 —-a-w c:\windows\System32\config\systemprofile
    tuser.dat
    + 2009-03-03 16:10:08 262,144 —-a-w c:\windows\System32\config\systemprofile
    tuser.dat
    + 2009-03-03 16:10:08 262,144 —ha-w c:\windows\System32\config\systemprofile
    tuser.dat.LOG1
    - 2008-01-19 07:33:59 1,645,568 —-a-w c:\windows\System32\connect.dll
    + 2008-10-21 05:25:17 1,645,568 —-a-w c:\windows\System32\connect.dll
    - 2008-05-08 19:21:56 211,968 —-a-w c:\windows\System32\drivers\mrxsmb10.sys
    + 2008-08-27 01:05:41 212,480 —-a-w c:\windows\System32\drivers\mrxsmb10.sys
    - 2008-02-23 02:38:33 43,872 ——w c:\windows\System32\drivers\pxhelp20.sys
    + 2008-07-31 22:17:04 43,872 —-a-w c:\windows\System32\drivers\pxhelp20.sys
    - 2008-08-27 01:06:25 288,768 —-a-w c:\windows\System32\drivers\srv.sys
    + 2008-12-16 02:42:39 288,768 —-a-w c:\windows\System32\drivers\srv.sys
    - 2006-11-02 09:14:58 18,944 —-a-w c:\windows\System32\drivers\usbprint.sys
    + 2008-01-19 06:14:40 18,944 —-a-w c:\windows\System32\drivers\usbprint.sys
    + 2007-10-04 09:39:05 2,338,730 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\arabic\lxdqwavs.exe
    + 2007-10-04 09:39:11 360,734 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\chi_simp\lxdqwavs.exe
    + 2007-10-04 09:39:16 343,502 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\chi_trad\lxdqwavs.exe
    + 2007-10-04 09:39:22 339,419 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\czech\lxdqwavs.exe
    + 2007-10-04 09:39:27 319,267 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\danish\lxdqwavs.exe
    + 2007-10-04 09:39:32 259,780 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\dutch\lxdqwavs.exe
    + 2007-10-04 09:39:38 343,086 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\english\lxdqwavs.exe
    + 2007-10-04 09:39:42 287,077 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\finnish\lxdqwavs.exe
    + 2007-10-04 09:39:47 290,449 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\french\lxdqwavs.exe
    + 2007-10-04 09:39:52 344,868 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\german\lxdqwavs.exe
    + 2007-10-04 09:39:57 381,410 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\greek\lxdqwavs.exe
    + 2007-10-04 09:40:06 1,673,956 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\hebrew\lxdqwavs.exe
    + 2007-10-04 09:40:12 300,317 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\hungaran\lxdqwavs.exe
    + 2007-10-04 09:40:17 333,753 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\italian\lxdqwavs.exe
    + 2007-10-04 09:40:23 733,381 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\japanese\lxdqwavs.exe
    + 2007-10-04 09:40:34 5,819,959 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\korean\lxdqwavs.exe
    + 2007-12-04 13:45:27 115,952 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\lxdqcfgx.exe
    + 2007-10-04 09:40:41 253,952 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\lxdqsk0.dll
    + 2007-10-04 09:40:54 320,248 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common
    orwegan\lxdqwavs.exe
    + 2007-10-04 09:40:59 343,332 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\polish\lxdqwavs.exe
    + 2007-10-04 09:41:05 329,817 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\portbrzl\lxdqwavs.exe
    + 2007-10-04 09:41:11 617,566 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\portibrn\lxdqwavs.exe
    + 2007-10-04 09:41:17 261,795 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\russian\lxdqwavs.exe
    + 2007-10-04 09:41:21 281,671 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\spanish\lxdqwavs.exe
    + 2007-10-04 09:41:26 320,800 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\swedish\lxdqwavs.exe
    + 2007-10-04 09:41:36 2,584,096 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\common\turkish\lxdqwavs.exe
    + 2007-11-27 10:43:39 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\arabic\lxdqcur.dll
    + 2007-11-27 10:37:42 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\arabic\lxdqgrd.dll
    + 2007-11-27 10:43:49 106,496 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\arabic\lxdqinsr.dll
    + 2007-11-27 10:42:53 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\arabic\lxdqjswr.dll
    + 2007-11-27 10:43:04 241,664 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\arabic\lxdqlpar.dll
    + 2007-11-27 10:43:28 155,648 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\arabic\lxdqprpr.dll
    + 2007-11-27 10:43:15 135,168 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\arabic\lxdqpswr.dll
    + 2007-11-27 10:43:58 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\arabic\lxdqupdr.dll
    + 2007-11-27 10:45:58 32,768 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_simp\lxdqcur.dll
    + 2007-11-27 10:37:52 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_simp\lxdqgrd.dll
    + 2007-11-27 10:46:03 86,016 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_simp\lxdqinsr.dll
    + 2007-11-27 10:45:37 139,264 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_simp\lxdqjswr.dll
    + 2007-11-27 10:45:42 184,320 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_simp\lxdqlpar.dll
    + 2007-11-27 10:45:52 122,880 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_simp\lxdqprpr.dll
    + 2007-11-27 10:45:46 94,208 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_simp\lxdqpswr.dll
    + 2007-11-27 10:46:09 86,016 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_simp\lxdqupdr.dll
    + 2007-11-27 10:47:49 32,768 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_trad\lxdqcur.dll
    + 2007-11-27 10:38:03 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_trad\lxdqgrd.dll
    + 2007-11-27 10:47:53 86,016 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_trad\lxdqinsr.dll
    + 2007-11-27 10:47:28 139,264 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_trad\lxdqjswr.dll
    + 2007-11-27 10:47:33 188,416 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_trad\lxdqlpar.dll
    + 2007-11-27 10:47:43 126,976 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_trad\lxdqprpr.dll
    + 2007-11-27 10:47:38 94,208 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_trad\lxdqpswr.dll
    + 2007-11-27 10:47:59 86,016 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\chi_trad\lxdqupdr.dll
    + 2007-11-27 10:49:41 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\czech\lxdqcur.dll
    + 2007-11-27 10:38:14 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\czech\lxdqgrd.dll
    + 2007-11-27 10:49:46 106,496 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\czech\lxdqinsr.dll
    + 2007-11-27 10:49:21 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\czech\lxdqjswr.dll
    + 2007-11-27 10:49:26 245,760 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\czech\lxdqlpar.dll
    + 2007-11-27 10:49:36 159,744 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\czech\lxdqprpr.dll
    + 2007-11-27 10:49:31 143,360 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\czech\lxdqpswr.dll
    + 2007-11-27 10:49:51 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\czech\lxdqupdr.dll
    + 2007-11-27 10:51:32 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\danish\lxdqcur.dll
    + 2007-11-27 10:38:24 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\danish\lxdqgrd.dll
    + 2007-11-27 10:51:36 106,496 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\danish\lxdqinsr.dll
    + 2007-11-27 10:51:11 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\danish\lxdqjswr.dll
    + 2007-11-27 10:51:16 241,664 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\danish\lxdqlpar.dll
    + 2007-11-27 10:51:26 159,744 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\danish\lxdqprpr.dll
    + 2007-11-27 10:51:21 143,360 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\danish\lxdqpswr.dll
    + 2007-11-27 10:51:41 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\danish\lxdqupdr.dll
    + 2007-11-27 10:53:16 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\dutch\lxdqcur.dll
    + 2007-11-27 10:38:34 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\dutch\lxdqgrd.dll
    + 2007-11-27 10:53:21 110,592 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\dutch\lxdqinsr.dll
    + 2007-11-27 10:52:56 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\dutch\lxdqjswr.dll
    + 2007-11-27 10:53:01 245,760 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\dutch\lxdqlpar.dll
    + 2007-11-27 10:53:11 163,840 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\dutch\lxdqprpr.dll
    + 2007-11-27 10:53:06 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\dutch\lxdqpswr.dll
    + 2007-11-27 10:53:26 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\dutch\lxdqupdr.dll
    + 2007-11-20 18:04:03 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\english\lxdqcur.dll
    + 2007-11-20 17:59:51 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\english\lxdqgrd.dll
    + 2007-11-20 18:04:04 106,496 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\english\lxdqinsr.dll
    + 2007-11-20 18:03:46 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\english\lxdqjswr.dll
    + 2007-11-20 18:03:50 237,568 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\english\lxdqlpar.dll
    + 2007-11-20 18:04:01 155,648 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\english\lxdqprpr.dll
    + 2007-11-20 18:03:55 139,264 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\english\lxdqpswr.dll
    + 2007-11-20 18:04:10 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\english\lxdqupdr.dll
    + 2007-11-27 10:55:06 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\finnish\lxdqcur.dll
    + 2007-11-27 10:38:45 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\finnish\lxdqgrd.dll
    + 2007-11-27 10:55:10 106,496 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\finnish\lxdqinsr.dll
    + 2007-11-27 10:54:46 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\finnish\lxdqjswr.dll
    + 2007-11-27 10:54:51 241,664 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\finnish\lxdqlpar.dll
    + 2007-11-27 10:55:00 159,744 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\finnish\lxdqprpr.dll
    + 2007-11-27 10:54:55 143,360 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\finnish\lxdqpswr.dll
    + 2007-11-27 10:55:16 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\finnish\lxdqupdr.dll
    + 2007-11-27 10:56:53 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\french\lxdqcur.dll
    + 2007-11-27 10:38:57 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\french\lxdqgrd.dll
    + 2007-11-27 10:56:58 114,688 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\french\lxdqinsr.dll
    + 2007-11-27 10:56:32 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\french\lxdqjswr.dll
    + 2007-11-27 10:56:37 258,048 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\french\lxdqlpar.dll
    + 2007-11-27 10:56:46 167,936 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\french\lxdqprpr.dll
    + 2007-11-27 10:56:41 155,648 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\french\lxdqpswr.dll
    + 2007-11-27 10:57:04 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\french\lxdqupdr.dll
    + 2007-11-27 10:58:45 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\german\lxdqcur.dll
    + 2007-11-27 10:39:08 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\german\lxdqgrd.dll
    + 2007-11-27 10:58:49 114,688 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\german\lxdqinsr.dll
    + 2007-11-27 10:58:24 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\german\lxdqjswr.dll
    + 2007-11-27 10:58:29 253,952 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\german\lxdqlpar.dll
    + 2007-11-27 10:58:40 163,840 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\german\lxdqprpr.dll
    + 2007-11-27 10:58:34 155,648 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\german\lxdqpswr.dll
    + 2007-11-27 10:58:55 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\german\lxdqupdr.dll
    + 2007-11-27 11:00:35 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\greek\lxdqcur.dll
    + 2007-11-27 10:39:19 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\greek\lxdqgrd.dll
    + 2007-11-27 11:00:41 114,688 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\greek\lxdqinsr.dll
    + 2007-11-27 11:00:11 151,552 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\greek\lxdqjswr.dll
    + 2007-11-27 11:00:18 262,144 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\greek\lxdqlpar.dll
    + 2007-11-27 11:00:30 167,936 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\greek\lxdqprpr.dll
    + 2007-11-27 11:00:24 159,744 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\greek\lxdqpswr.dll
    + 2007-11-27 11:00:47 94,208 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\greek\lxdqupdr.dll
    + 2007-11-27 11:02:47 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hebrew\lxdqcur.dll
    + 2007-11-27 10:39:31 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hebrew\lxdqgrd.dll
    + 2007-11-27 11:02:52 102,400 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hebrew\lxdqinsr.dll
    + 2007-11-27 11:02:15 143,360 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hebrew\lxdqjswr.dll
    + 2007-11-27 11:02:22 229,376 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hebrew\lxdqlpar.dll
    + 2007-11-27 11:02:38 151,552 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hebrew\lxdqprpr.dll
    + 2007-11-27 11:02:30 131,072 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hebrew\lxdqpswr.dll
    + 2007-11-27 11:02:58 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hebrew\lxdqupdr.dll
    + 2007-11-27 11:04:53 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hungaran\lxdqcur.dll
    + 2007-11-27 10:39:41 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hungaran\lxdqgrd.dll
    + 2007-11-27 11:04:57 110,592 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hungaran\lxdqinsr.dll
    + 2007-11-27 11:04:31 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hungaran\lxdqjswr.dll
    + 2007-11-27 11:04:37 249,856 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hungaran\lxdqlpar.dll
    + 2007-11-27 11:04:47 159,744 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hungaran\lxdqprpr.dll
    + 2007-11-27 11:04:42 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hungaran\lxdqpswr.dll
    + 2007-11-27 11:05:03 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\hungaran\lxdqupdr.dll
    + 2007-11-27 11:06:46 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\italian\lxdqcur.dll
    + 2007-11-27 10:39:53 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\italian\lxdqgrd.dll
    + 2007-11-27 11:06:52 110,592 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\italian\lxdqinsr.dll
    + 2007-11-27 11:06:21 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\italian\lxdqjswr.dll
    + 2007-11-27 11:06:27 258,048 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\italian\lxdqlpar.dll
    + 2007-11-27 11:06:39 163,840 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\italian\lxdqprpr.dll
    + 2007-11-27 11:06:33 155,648 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\italian\lxdqpswr.dll
    + 2007-11-27 11:06:57 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\italian\lxdqupdr.dll
    + 2007-11-27 11:08:35 32,768 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\japanese\lxdqcur.dll
    + 2007-11-27 10:40:04 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\japanese\lxdqgrd.dll
    + 2007-11-27 11:08:40 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\japanese\lxdqinsr.dll
    + 2007-11-27 11:08:14 143,360 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\japanese\lxdqjswr.dll
    + 2007-11-27 11:08:19 204,800 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\japanese\lxdqlpar.dll
    + 2007-11-27 11:08:29 131,072 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\japanese\lxdqprpr.dll
    + 2007-11-27 11:08:24 106,496 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\japanese\lxdqpswr.dll
    + 2007-11-27 11:08:45 86,016 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\japanese\lxdqupdr.dll
    + 2007-11-27 11:10:27 32,768 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\korean\lxdqcur.dll
    + 2007-11-27 10:40:15 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\korean\lxdqgrd.dll
    + 2007-11-27 11:10:33 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\korean\lxdqinsr.dll
    + 2007-11-27 11:10:06 139,264 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\korean\lxdqjswr.dll
    + 2007-11-27 11:10:11 200,704 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\korean\lxdqlpar.dll
    + 2007-11-27 11:10:21 131,072 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\korean\lxdqprpr.dll
    + 2007-11-27 11:10:16 106,496 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\korean\lxdqpswr.dll
    + 2007-11-27 11:10:39 86,016 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\korean\lxdqupdr.dll
    + 2007-07-06 22:41:23 45,056 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqbubl.dll
    + 2007-03-26 15:39:35 73,728 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqcats.dll
    + 2007-11-12 14:28:17 77,906 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqcfg.dll
    + 2007-12-04 13:45:08 365,224 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqcfg.exe
    + 2007-10-10 21:40:00 348,160 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqcoin.dll
    + 2007-11-28 23:11:47 851,968 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqcomc.dll
    + 2007-11-28 23:13:22 376,832 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqcomm.dll
    + 2007-12-04 13:45:09 594,600 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqcoms.exe
    + 2007-11-29 17:17:46 335,872 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqcomx.dll
    + 2007-11-20 18:01:15 77,824 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqcu.dll
    + 2007-11-20 18:02:10 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqcub.dll
    + 2007-05-29 15:39:08 589,824 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqdatr.dll
    + 2007-11-28 19:26:04 193,024 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqdr.dll
    + 2007-11-28 19:26:40 115,200 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqdrpp.dll
    + 2007-11-28 19:28:26 148,480 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqdrui.dll
    + 2007-08-14 11:01:54 434,176 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqedf.dll
    + 2007-10-04 09:40:40 983,121 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqgf.dll
    + 2007-11-28 23:12:26 663,552 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqhbn3.dll
    + 2007-11-28 23:09:32 438,272 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqhcp.dll
    + 2007-11-14 06:54:48 1,339,392 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqhpec.dll
    + 2007-01-08 22:33:35 253,952 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqibuf.dll
    + 2007-11-28 23:13:30 339,968 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqiesc.dll
    + 2007-12-04 13:45:10 320,168 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqih.exe
    + 2007-11-28 23:09:17 364,544 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqinpa.dll
    + 2007-11-20 18:01:13 176,128 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqins.dll
    + 2007-11-20 18:02:13 200,704 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqinsb.dll
    + 2007-11-20 18:00:57 196,608 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqjsw.dll
    + 2007-11-20 18:02:17 688,128 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqjswb.dll
    + 2007-12-04 13:45:12 701,096 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqjswx.exe
    + 2007-11-28 23:13:37 569,344 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqlmpm.dll
    + 2006-12-07 11:28:00 126,976 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqlnks.dll
    + 2007-11-20 18:01:10 1,388,544 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqlpa.dll
    + 2007-11-20 18:02:23 3,715,072 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqlpab.dll
    + 2007-11-28 23:19:08 647,168 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqpmui.dll
    + 2007-11-29 17:17:23 544,768 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqppx.dll
    + 2007-11-28 23:10:51 53,248 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqprox.dll
    + 2007-11-20 18:01:05 946,176 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqprp.dll
    + 2007-11-20 18:02:29 4,038,656 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqprpb.dll
    + 2007-11-20 18:01:00 708,608 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqpsw.dll
    + 2007-11-20 18:02:36 1,409,024 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqpswb.dll
    + 2007-12-04 13:45:11 750,248 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqpswx.exe
    + 2007-05-24 17:36:16 802,816 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqptpc.dll
    + 2007-07-25 15:36:50 327,680 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqretv.dll
    + 2007-11-28 23:16:04 1,101,824 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqserv.dll
    + 2007-12-04 13:45:03 98,984 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqserv.exe
    + 2007-07-25 15:36:04 98,304 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqtime.dll
    + 2007-12-04 13:45:06 82,600 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqtime.exe
    + 2007-07-25 15:36:50 364,544 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdquldr.dll
    + 2007-11-20 18:01:15 65,536 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqupd.dll
    + 2007-11-20 18:02:40 126,976 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqupdb.dll
    + 2007-12-04 13:45:05 82,600 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqupld.exe
    + 2007-11-21 15:02:11 114,688 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdquplr.dll
    + 2007-11-28 23:12:07 843,776 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqusb1.dll
    + 2007-11-20 18:00:05 524,288 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqutil.dll
    + 2007-12-04 13:45:04 82,600 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqview.exe
    + 2007-11-28 17:51:49 40,960 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqvs.dll
    + 2007-11-21 15:02:17 57,344 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqwbgc.dll
    + 2007-12-04 13:45:01 139,944 ——w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqwbgw.exe
    + 2007-10-26 12:35:46 122,880 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\lxdqxmlu.dll
    + 2007-11-27 11:12:32 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386
    orwegan\lxdqcur.dll
    + 2007-11-27 10:40:26 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386
    orwegan\lxdqgrd.dll
    + 2007-11-27 11:12:38 106,496 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386
    orwegan\lxdqinsr.dll
    + 2007-11-27 11:12:06 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386
    orwegan\lxdqjswr.dll
    + 2007-11-27 11:12:13 241,664 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386
    orwegan\lxdqlpar.dll
    + 2007-11-27 11:12:25 155,648 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386
    orwegan\lxdqprpr.dll
    + 2007-11-27 11:12:19 139,264 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386
    orwegan\lxdqpswr.dll
    + 2007-11-27 11:12:45 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386
    orwegan\lxdqupdr.dll
    + 2007-11-27 11:15:27 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\polish\lxdqcur.dll
    + 2007-11-27 10:40:37 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\polish\lxdqgrd.dll
    + 2007-11-27 11:15:38 110,592 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\polish\lxdqinsr.dll
    + 2007-11-27 11:14:45 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\polish\lxdqjswr.dll
    + 2007-11-27 11:14:55 249,856 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\polish\lxdqlpar.dll
    + 2007-11-27 11:15:16 163,840 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\polish\lxdqprpr.dll
    + 2007-11-27 11:15:06 151,552 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\polish\lxdqpswr.dll
    + 2007-11-27 11:15:51 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\polish\lxdqupdr.dll
    + 2007-11-27 11:22:17 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portbrzl\lxdqcur.dll
    + 2007-11-27 10:40:58 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portbrzl\lxdqgrd.dll
    + 2007-11-27 11:22:25 110,592 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portbrzl\lxdqinsr.dll
    + 2007-11-27 11:21:40 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portbrzl\lxdqjswr.dll
    + 2007-11-27 11:21:50 253,952 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portbrzl\lxdqlpar.dll
    + 2007-11-27 11:22:07 163,840 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portbrzl\lxdqprpr.dll
    + 2007-11-27 11:21:58 151,552 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portbrzl\lxdqpswr.dll
    + 2007-11-27 11:22:33 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portbrzl\lxdqupdr.dll
    + 2007-11-27 11:18:59 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portibrn\lxdqcur.dll
    + 2007-11-27 10:40:47 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portibrn\lxdqgrd.dll
    + 2007-11-27 11:19:07 110,592 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portibrn\lxdqinsr.dll
    + 2007-11-27 11:18:20 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portibrn\lxdqjswr.dll
    + 2007-11-27 11:18:30 253,952 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portibrn\lxdqlpar.dll
    + 2007-11-27 11:18:50 163,840 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portibrn\lxdqprpr.dll
    + 2007-11-27 11:18:40 151,552 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portibrn\lxdqpswr.dll
    + 2007-11-27 11:19:17 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\portibrn\lxdqupdr.dll
    + 2007-11-27 11:25:01 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\russian\lxdqcur.dll
    + 2007-11-27 10:41:07 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\russian\lxdqgrd.dll
    + 2007-11-27 11:25:09 106,496 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\russian\lxdqinsr.dll
    + 2007-11-27 11:24:25 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\russian\lxdqjswr.dll
    + 2007-11-27 11:24:33 249,856 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\russian\lxdqlpar.dll
    + 2007-11-27 11:24:52 163,840 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\russian\lxdqprpr.dll
    + 2007-11-27 11:24:43 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\russian\lxdqpswr.dll
    + 2007-11-27 11:25:18 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\russian\lxdqupdr.dll
    + 2007-11-27 11:27:32 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\spanish\lxdqcur.dll
    + 2007-11-27 10:41:18 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\spanish\lxdqgrd.dll
    + 2007-11-27 11:27:37 110,592 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\spanish\lxdqinsr.dll
    + 2007-11-27 11:27:05 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\spanish\lxdqjswr.dll
    + 2007-11-27 11:27:12 258,048 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\spanish\lxdqlpar.dll
    + 2007-11-27 11:27:25 163,840 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\spanish\lxdqprpr.dll
    + 2007-11-27 11:27:19 155,648 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\spanish\lxdqpswr.dll
    + 2007-11-27 11:27:44 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\spanish\lxdqupdr.dll
    + 2007-11-27 11:29:43 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\swedish\lxdqcur.dll
    + 2007-11-27 10:41:28 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\swedish\lxdqgrd.dll
    + 2007-11-27 11:29:50 106,496 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\swedish\lxdqinsr.dll
    + 2007-11-27 11:29:16 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\swedish\lxdqjswr.dll
    + 2007-11-27 11:29:22 241,664 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\swedish\lxdqlpar.dll
    + 2007-11-27 11:29:35 155,648 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\swedish\lxdqprpr.dll
    + 2007-11-27 11:29:28 143,360 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\swedish\lxdqpswr.dll
    + 2007-11-27 11:29:58 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\swedish\lxdqupdr.dll
    + 2007-11-27 11:31:54 36,864 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\turkish\lxdqcur.dll
    + 2007-11-27 10:41:36 208,896 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\turkish\lxdqgrd.dll
    + 2007-11-27 11:32:00 106,496 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\turkish\lxdqinsr.dll
    + 2007-11-27 11:31:31 147,456 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\turkish\lxdqjswr.dll
    + 2007-11-27 11:31:37 245,760 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\turkish\lxdqlpar.dll
    + 2007-11-27 11:31:48 155,648 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\turkish\lxdqprpr.dll
    + 2007-11-27 11:31:42 143,360 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\turkish\lxdqpswr.dll
    + 2007-11-27 11:32:06 90,112 —-a-w c:\windows\System32\DriverStore\FileRepository\lxdqprc.inf_d60fac87\i386\turkish\lxdqupdr.dll
    - 2008-10-17 14:27:56 1,722,424 —-a-w c:\windows\System32\FNTCACHE.DAT
    + 2009-01-31 10:14:20 1,730,944 —-a-w c:\windows\System32\FNTCACHE.DAT
    - 2008-07-31 01:13:15 4,240,384 —-a-w c:\windows\System32\GameUXLegacyGDFs.dll
    + 2008-11-01 01:21:40 4,240,384 —-a-w c:\windows\System32\GameUXLegacyGDFs.dll
    - 2008-02-22 04:57:23 295,936 —-a-w c:\windows\System32\gdi32.dll
    + 2008-10-21 05:25:18 296,960 —-a-w c:\windows\System32\gdi32.dll
    - 2008-10-02 03:49:14 6,068,736 —-a-w c:\windows\System32\ieframe.dll
    + 2008-10-16 04:47:29 6,068,736 —-a-w c:\windows\System32\ieframe.dll
    - 2008-10-02 03:49:14 270,336 —-a-w c:\windows\System32\iertutil.dll
    + 2008-10-16 04:47:29 270,336 —-a-w c:\windows\System32\iertutil.dll
    - 2008-10-02 03:49:14 28,160 —-a-w c:\windows\System32\jsproxy.dll
    + 2008-10-16 04:47:30 28,160 —-a-w c:\windows\System32\jsproxy.dll
    - 2008-01-19 07:33:14 94,720 —-a-w c:\windows\System32\logagent.exe
    + 2008-06-23 01:58:43 94,720 —-a-w c:\windows\System32\logagent.exe
    + 2007-11-12 14:28:17 77,906 —-a-w c:\windows\System32\LXDQcfg.dll
    + 2007-12-04 13:45:08 365,224 —-a-w c:\windows\System32\lxdqcfg.exe
    + 2007-11-28 23:11:47 851,968 —-a-w c:\windows\System32\lxdqcomc.dll
    + 2007-11-28 23:13:22 376,832 —-a-w c:\windows\System32\lxdqcomm.dll
    + 2007-12-04 13:45:09 594,600 —-a-w c:\windows\System32\lxdqcoms.exe
    + 2007-11-20 18:01:15 77,824 —-a-w c:\windows\System32\lxdqcu.dll
    + 2007-11-20 18:02:10 90,112 —-a-w c:\windows\System32\lxdqcub.dll
    + 2007-11-27 10:53:16 36,864 —-a-w c:\windows\System32\lxdqcur.dll
    + 2007-10-04 09:40:40 983,121 —-a-w c:\windows\System32\lxdqgf.dll
    + 2007-11-27 10:38:34 208,896 —-a-w c:\windows\System32\lxdqgrd.dll
    + 2007-11-28 23:12:26 663,552 —-a-w c:\windows\System32\lxdqhbn3.dll
    + 2007-11-28 23:09:32 438,272 —-a-w c:\windows\System32\LXDQhcp.dll
    + 2007-11-28 23:13:30 339,968 —-a-w c:\windows\System32\lxdqiesc.dll
    + 2007-12-04 13:45:10 320,168 —-a-w c:\windows\System32\lxdqih.exe
    + 2007-11-28 23:09:17 364,544 —-a-w c:\windows\System32\lxdqinpa.dll
    + 2007-11-20 18:01:13 176,128 —-a-w c:\windows\System32\lxdqins.dll
    + 2007-11-20 18:02:13 200,704 —-a-w c:\windows\System32\lxdqinsb.dll
    + 2007-11-27 10:53:21 110,592 —-a-w c:\windows\System32\lxdqinsr.dll
    + 2007-11-28 23:09:27 348,160 —-a-w c:\windows\System32\LXDQinst.dll
    + 2007-11-27 10:52:56 147,456 —-a-w c:\windows\System32\lxdqjswr.dll
    + 2007-11-28 23:13:37 569,344 —-a-w c:\windows\System32\lxdqlmpm.dll
    + 2007-11-28 23:19:08 647,168 —-a-w c:\windows\System32\lxdqpmui.dll
    + 2007-11-28 23:10:51 53,248 —-a-w c:\windows\System32\lxdqprox.dll
    + 2007-11-28 23:16:04 1,101,824 —-a-w c:\windows\System32\lxdqserv.dll
    + 2007-11-28 23:12:07 843,776 —-a-w c:\windows\System32\lxdqusb1.dll
    + 2007-11-20 18:00:05 524,288 —-a-w c:\windows\System32\lxdqutil.dll
    + 2007-11-28 17:51:49 40,960 —-a-w c:\windows\System32\lxdqvs.dll
    + 2007-11-21 14:39:49 102,400 —-a-w c:\windows\System32\lxdqwupd.dll
    + 2007-12-04 13:45:02 17,064 —-a-w c:\windows\System32\lxdqwupd.exe
    + 2008-12-04 00:03:22 53,248 —-a-w c:\windows\System32\Macromed\Common\SwSupport.dll
    + 2008-12-03 23:59:26 581,632 —-a-w c:\windows\System32\Macromed\Shockwave 10\Control.dll
    + 2008-12-03 23:59:30 1,490,944 —-a-w c:\windows\System32\Macromed\Shockwave 10\dirapiX.dll
    + 2008-12-03 23:59:26 24,576 —-a-w c:\windows\System32\Macromed\Shockwave 10\DynaPlayer.dll
    + 2008-12-03 23:59:30 606,208 —-a-w c:\windows\System32\Macromed\Shockwave 10\iml32X.dll
    + 2008-12-03 23:59:26 339,968 —-a-w c:\windows\System32\Macromed\Shockwave 10\Plugin.dll
    + 2008-12-03 23:59:26 475,136 —-a-w c:\windows\System32\Macromed\Shockwave 10\PluginPing.dll
    + 2008-12-03 23:59:26 180,224 —-a-w c:\windows\System32\Macromed\Shockwave 10\Proj.dll
    + 2008-12-03 23:59:26 77,824 —-a-w c:\windows\System32\Macromed\Shockwave 10\SwInit.exe
    + 2008-12-03 23:59:26 86,016 —-a-w c:\windows\System32\Macromed\Shockwave 10\SwMenuX.dll
    + 2008-12-03 23:59:26 98,304 —-a-w c:\windows\System32\Macromed\Shockwave 10\SwOnce.dll
    - 2008-01-19 07:36:08 2,867,712 —-a-w c:\windows\System32\mf.dll
    + 2008-06-23 01:59:25 2,868,736 —-a-w c:\windows\System32\mf.dll
    - 2008-10-07 19:19:40 16,721,856 —-a-w c:\windows\System32\MRT.exe
    + 2009-01-10 01:35:28 20,853,704 —-a-w c:\windows\System32\MRT.exe
    - 2008-10-02 03:49:15 3,578,880 —-a-w c:\windows\System32\mshtml.dll
    + 2008-12-12 05:52:52 3,578,880 —-a-w c:\windows\System32\mshtml.dll
    - 2008-10-02 03:49:16 671,232 —-a-w c:\windows\System32\mstime.dll
    + 2008-10-16 04:47:32 671,232 —-a-w c:\windows\System32\mstime.dll
    + 2008-11-04 08:35:24 499,712 —-a-w c:\windows\System32\msvcp71.dll
    + 2008-11-04 08:35:24 348,160 —-a-w c:\windows\System32\msvcr71.dll
    - 2008-01-19 07:35:16 1,190,400 —-a-w c:\windows\System32\msxml3.dll
    + 2008-09-05 05:14:05 1,191,936 —-a-w c:\windows\System32\msxml3.dll
    - 2008-01-19 07:35:16 1,332,224 —-a-w c:\windows\System32\msxml6.dll
    + 2008-09-10 03:40:14 1,334,272 —-a-w c:\windows\System32\msxml6.dll
    + 2008-11-16 16:44:00 2,456 —-a-w c:\windows\System32
    etworklist\icons\{6AC0D449-6650-4D46-9261-58149E7B7F51}_24.bin
    + 2008-11-16 16:44:00 4,280 —-a-w c:\windows\System32
    etworklist\icons\{6AC0D449-6650-4D46-9261-58149E7B7F51}_32.bin
    + 2008-11-16 16:44:00 9,560 —-a-w c:\windows\System32
    etworklist\icons\{6AC0D449-6650-4D46-9261-58149E7B7F51}_48.bin
    + 2009-01-20 11:24:34 2,456 —-a-w c:\windows\System32
    etworklist\icons\{BC158F7B-69A4-4A17-843F-4600047D9F05}_24.bin
    + 2009-01-20 11:24:34 4,280 —-a-w c:\windows\System32
    etworklist\icons\{BC158F7B-69A4-4A17-843F-4600047D9F05}_32.bin
    + 2009-01-20 11:24:34 9,560 —-a-w c:\windows\System32
    etworklist\icons\{BC158F7B-69A4-4A17-843F-4600047D9F05}_48.bin
    - 2008-11-12 22:04:42 38,502 —-a-w c:\windows\System32\perfc009.dat
    + 2009-03-02 20:12:20 38,502 —-a-w c:\windows\System32\perfc009.dat
    - 2008-11-12 22:04:42 59,568 —-a-w c:\windows\System32\perfc013.dat
    + 2009-03-02 20:12:20 59,568 —-a-w c:\windows\System32\perfc013.dat
    - 2008-11-12 22:04:42 307,842 —-a-w c:\windows\System32\perfh009.dat
    + 2009-03-02 20:12:20 307,842 —-a-w c:\windows\System32\perfh009.dat
    - 2008-11-12 22:04:42 210,294 —-a-w c:\windows\System32\perfh013.dat
    + 2009-03-02 20:12:20 210,294 —-a-w c:\windows\System32\perfh013.dat
    - 2008-01-19 07:36:04 412,160 —-a-w c:\windows\System32\PhotoMetadataHandler.dll
    + 2008-08-28 03:40:09 425,472 —-a-w c:\windows\System32\PhotoMetadataHandler.dll
    + 2008-12-05 10:52:11 278,528 —-a-w c:\windows\System32\pncrt.dll
    + 2008-12-05 10:52:13 6,656 —-a-w c:\windows\System32\pndx5016.dll
    + 2008-12-05 10:52:13 5,632 —-a-w c:\windows\System32\pndx5032.dll
    - 2008-01-19 07:36:07 272,384 —-a-w c:\windows\System32\PortableDeviceApi.dll
    + 2008-10-22 03:57:30 241,152 —-a-w c:\windows\System32\PortableDeviceApi.dll
    + 2008-12-05 10:52:25 185,920 —-a-w c:\windows\System32\rmoc3260.dll
    - 2008-04-24 04:58:20 11,580,416 —-a-w c:\windows\System32\shell32.dll
    + 2008-11-06 13:14:25 11,580,928 —-a-w c:\windows\System32\shell32.dll
    - 2008-11-12 21:55:28 6,029,312 —-a-w c:\windows\System32\SMI\Store\Machine\schema.dat
    + 2009-01-15 11:41:19 6,291,456 —-a-w c:\windows\System32\SMI\Store\Machine\schema.dat
    + 2007-07-06 22:41:23 45,056 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqbubl.dll
    + 2007-03-26 15:39:35 73,728 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqcats.dll
    + 2007-11-12 14:28:17 77,906 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqcfg.dll
    + 2007-12-04 13:45:27 115,952 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqcfgx.exe
    + 2007-11-29 17:17:46 335,872 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqcomx.dll
    + 2007-11-20 18:01:15 77,824 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqcu.dll
    + 2007-11-20 18:02:10 90,112 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqcub.dll
    + 2007-11-27 10:53:16 36,864 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqcur.dll
    + 2007-05-29 15:39:08 589,824 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqdatr.dll
    + 2007-11-28 19:26:04 193,024 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqdr.dll
    + 2007-11-28 19:28:26 148,480 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqdrui.dll
    + 2007-08-14 11:01:54 434,176 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqedf.dll
    + 2007-10-04 09:40:40 983,121 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqgf.dll
    + 2007-11-28 23:09:32 438,272 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqhcp.dll
    + 2007-11-14 06:54:48 1,339,392 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqhpec.dll
    + 2007-01-08 22:33:35 253,952 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqibuf.dll
    + 2007-11-20 18:01:13 176,128 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqins.dll
    + 2007-11-20 18:02:13 200,704 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqinsb.dll
    + 2007-11-27 10:53:21 110,592 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqinsr.dll
    + 2007-11-20 18:00:57 196,608 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqjsw.dll
    + 2007-11-20 18:02:17 688,128 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqjswb.dll
    + 2007-11-27 10:52:56 147,456 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqjswr.dll
    + 2007-12-04 13:45:12 701,096 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqjswx.exe
    + 2006-12-07 11:28:00 126,976 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqlnks.dll
    + 2007-11-20 18:01:10 1,388,544 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqlpa.dll
    + 2007-11-20 18:02:23 3,715,072 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqlpab.dll
    + 2007-11-27 10:53:01 245,760 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqlpar.dll
    + 2007-11-29 17:17:23 544,768 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqppx.dll
    + 2007-11-20 18:01:05 946,176 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqprp.dll
    + 2007-11-20 18:02:29 4,038,656 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqprpb.dll
    + 2007-11-27 10:53:11 163,840 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqprpr.dll
    + 2007-11-20 18:01:00 708,608 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqpsw.dll
    + 2007-11-20 18:02:36 1,409,024 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqpswb.dll
    + 2007-11-27 10:53:06 147,456 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqpswr.dll
    + 2007-12-04 13:45:11 750,248 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqpswx.exe
    + 2007-05-24 17:36:16 802,816 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqptpc.dll
    + 2007-07-25 15:36:50 327,680 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqretv.dll
    + 2007-12-04 13:45:03 98,984 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqserv.exe
    + 2007-10-04 09:40:41 253,952 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqsk0.dll
    + 2007-07-25 15:36:04 98,304 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqtime.dll
    + 2007-12-04 13:45:06 82,600 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqtime.exe
    + 2007-07-25 15:36:50 364,544 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdquldr.dll
    + 2007-11-20 18:01:15 65,536 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqupd.dll
    + 2007-11-20 18:02:40 126,976 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqupdb.dll
    + 2007-11-27 10:53:26 90,112 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqupdr.dll
    + 2007-12-04 13:45:05 82,600 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqupld.exe
    + 2007-11-21 15:02:11 114,688 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdquplr.dll
    + 2007-11-21 14:47:28 13,312 —-a-w c:\windows\System32\spool\drivers\w32x86\3\LXDQuptr.dll
    + 2007-11-20 18:00:05 524,288 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqutil.dll
    + 2007-12-04 13:45:04 82,600 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqview.exe
    + 2007-10-04 09:39:32 259,780 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqwavs.exe
    + 2007-11-21 15:02:17 57,344 —-a-w c:\windows\System32\spool\drivers\w32x86\3\lxdqwbgc.dll
    + 2007-12-04 13:45:01 139,944 —-a-w c:\windows\System32\spool\drivers
  • Dat paste er dus niet helemaal op:P

    denk zowiezo niet dat dat het juiste combofix logje was..
    hier het onderste deel van de combofix log en dan de Malwarebytes log

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-03 17:23:33
    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden:

    **************************************************************************
    .
    Voltooingstijd: 2009-03-03 17:26:31
    ComboFix-quarantined-files.txt 2009-03-03 16:26:28
    ComboFix2.txt 2008-11-12 22:37:15

    Pre-Run: 3,277,971,456 bytes beschikbaar
    Post-Run: 3,282,935,808 bytes beschikbaar

    1037 — E O F — 2009-01-27 16:24:46

    ———————————————————————

    MalwareBytes' Anti-Malware logje:
    Malwarebytes' Anti-Malware 1.34
    Database versie: 1814
    Windows 6.0.6001 Service Pack 1

    3-3-2009 19:02:19
    mbam-log-2009-03-03 (19-02-19).txt

    Scan type: Volledige Scan (C:\|D:\|)
    Objecten gescand: 164172
    Verstreken tijd: 1 hour(s), 5 minute(s), 2 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 2

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\Windows\System32\gaopdxqcmoteby.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\drivers\gaopdxtqxtixxr.sys (Trojan.Agent) -> Quarantined and deleted successfully.

    —————————————————————————–

    Daarna heb ik Spybot search en destroy gedraaid want die kon ik ineens weer openen (dat kon eerst niet)

    Die vond ook nog 5 problemen die daarna succesvol zijn verholpen.
  • Zou je het ComboFix logje ergens willen uploaden?
    Dit is namelijk niet de volledige.
  • hoe zou ik dat moeten doen?
  • rapidshare.com
  • http:/
    apidshare.com/files/205265375/log_combofix.txt.html

    dat is hem
  • Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten



    Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.


    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

    [b:6107ff12ce]
    Folder::
    C:\32788R22FWJFW
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4345cbb3-cec9-11dc-8049-806e6f6e6963}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4415f15a-9929-11dd-a849-001b386c4cad}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8b7fe79-d950-11dc-94d3-001b386c4cad}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aab13718-cff6-11dc-8254-001b386c4cad}]
    [/b:6107ff12ce][/color:6107ff12ce]

    Sla het kladblokbestand op als CFScript.txt

    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder:

    [img:6107ff12ce]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:6107ff12ce]

    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van de logfile.
  • hier het logje:

    http:/
    apidshare.com/files/205309907/combofixlog2.txt.html
  • Ga naar Virustotal.com
    Upload het volgende bestand door het volgende te kopiëren/plakken (dus niet via "Bladeren…" opzoeken!): [b:5ac3ec41af]c:\users\All Users\98E369380F.sys[/b:5ac3ec41af]
    Wacht totdat het resultaat verschijnt. Post dit mee in je volgende reactie
  • File has already been analysed:
    MD5: 0641a46f1e58529a42ead4573a3a0861
    First received: 03.02.2008 16:02:20 (CET)
    Date: 06.08.2008 22:53:53 (CET) [>268D]
    Results: 0/32
    Permalink: analisis/759ea97c7d6ffd762c121f637e9caa00

    —————————————————————————–
    http://www.virustotal.com/analisis/759ea97c7d6ffd762c121f637e9caa00
  • Zijn er nog problemen aanwezig?
  • volgens mij is alles verholpen :wink:

    bedankt! :D
  • Graag gedaan,
    doe nog even dit:


    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:4d34d00ef0]ComboFix /U[/b:4d34d00ef0] typen en op enter drukken!!)


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt
  • Beste,

    ondertussen ben ik ook geconfronteerd met die Cryptor virus.
    Ik heb ondertussen:
    * met hijackthis het bewuste item verwijderd
    * malwarebytes laten scannen
    * combofix laten scannen
    * ATF cleaner uitgevoerd

    Mijn vraag nu:

    de code die U voorstelt om in CFScript.txt op te slaan en in het bestand ComboFix.exe te slepen, is deze voor iedereen hetzelfde of heeft U de inhoud van die code bepaald adhv de log file die U hebt doorgestuurd gekregen?

    Dank bij voorbaat voor de hulp
  • Ik heb hem bepaald aan de hand van het logje en het verschilt per persoon.
    Net als de HijackThis overigens.
    Het handigste is om een nieuw topic te openen.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.