Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups


  • This topic is locked This topic is locked
11 replies to this topic

#1 peazer21

peazer21

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 01 November 2006 - 10:38 PM

I am having an issue with ads poping up when new IE pages are opened. this has become very intrusive. I am running prevx1, have scanned with both spybot and adware and nothing is being found...

any help would be greatly appreciated...here is the hijack log...

Logfile of HijackThis v1.99.1
Scan saved at 10:35:20 PM, on 11/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Katelyn Pease\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {13589181-4F0D-4553-B9F8-B4B72172C139} - (no file)
O2 - BHO: (no name) - {1EFB172F-9234-2D95-8556-6C5579F27A3A} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {F0F7BBFF-734B-0AE9-4356-56F008CB38E0} - C:\WINDOWS\System32\zjxpi.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Mvfkjjgt] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.net:8080/java/cr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161996115921
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.14.17/ttinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb19.pogo.com/game/deluxe/insa...aploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://peoplesoft.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: dnsras - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:50 AM

Posted 03 November 2006 - 11:55 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 peazer21

peazer21
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 05 November 2006 - 08:37 PM

Buckeye_Sam,

thank you very much for helping me out...this is my daughter's computer and I am frustrated every time I sit down...:thumbsup:

Katelyn Pease - 06-11-05 20:26:37.37 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Katelyn Pease\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))


2006-10-28 18:41 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2006-10-27 20:27 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2006-10-27 19:54 9,216 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
2006-10-27 19:54 891,711 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys
2006-10-27 19:54 755,200 --a------ C:\WINDOWS\SYSTEM32\ir50_32.dll
2006-10-27 19:54 504,832 --a------ C:\WINDOWS\SYSTEM32\msftedit.dll
2006-10-27 19:54 5,632 --a------ C:\WINDOWS\SYSTEM32\hccoin.dll
2006-10-27 19:54 403,456 --a------ C:\WINDOWS\SYSTEM32\winbrand.dll
2006-10-27 19:54 384,512 --a------ C:\WINDOWS\SYSTEM32\mp4sdmod.dll
2006-10-27 19:54 361,984 --a------ C:\WINDOWS\SYSTEM32\qmgr.dll
2006-10-27 19:54 338,432 --------- C:\WINDOWS\SYSTEM32\ir41_qcx.dll
2006-10-27 19:54 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2006-10-27 19:54 32,512 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\amdk7.sys
2006-10-27 19:54 316,040 --a------ C:\WINDOWS\SYSTEM32\mp43dmod.dll
2006-10-27 19:54 3,584 --a------ C:\WINDOWS\SYSTEM32\dsprpres.dll
2006-10-27 19:54 3,494,303 --a------ C:\WINDOWS\SYSTEM32\nv4_disp.dll
2006-10-27 19:54 29,056 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\agpcpq.sys
2006-10-27 19:54 27,648 --a------ C:\WINDOWS\SYSTEM32\pidgen.dll
2006-10-27 19:54 27,648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys
2006-10-27 19:54 27,648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\alim1541.sys
2006-10-27 19:54 27,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys
2006-10-27 19:54 26,112 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys
2006-10-27 19:54 25,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
2006-10-27 19:54 25,216 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
2006-10-27 19:54 218,112 --a------ C:\WINDOWS\SYSTEM32\sbe.dll
2006-10-27 19:54 200,192 --------- C:\WINDOWS\SYSTEM32\ir50_qc.dll
2006-10-27 19:54 187,904 --a------ C:\WINDOWS\SYSTEM32\xpsp1res.dll
2006-10-27 19:54 183,808 --------- C:\WINDOWS\SYSTEM32\ir50_qcx.dll
2006-10-27 19:54 18,944 --a------ C:\WINDOWS\SYSTEM32\encapi.dll
2006-10-27 19:54 172,032 --a------ C:\WINDOWS\SYSTEM32\mssap.dll
2006-10-27 19:54 155,648 --a------ C:\WINDOWS\SYSTEM32\encdec.dll
2006-10-27 19:54 120,320 --------- C:\WINDOWS\SYSTEM32\ir41_qc.dll
2006-10-27 19:54 115,200 --a------ C:\WINDOWS\SYSTEM32\dpcdll.dll
2006-10-27 19:54 110,080 --a------ C:\WINDOWS\SYSTEM32\sbeio.dll
2006-10-27 19:54 1,675,264 --a------ C:\WINDOWS\SYSTEM32\dxdiagn.dll
2006-10-27 19:54 1,634,304 --a------ C:\WINDOWS\SYSTEM32\d3d9.dll
2006-10-27 19:53 7,680 --------- C:\WINDOWS\SYSTEM32\bitsprx2.dll
2006-10-27 19:53 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx3.dll
2006-10-27 19:52 995,384 --a------ C:\WINDOWS\SYSTEM32\mfc42u.dll
2006-10-27 19:52 995,383 --a------ C:\WINDOWS\SYSTEM32\mfc42.dll
2006-10-27 19:52 991,232 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2006-10-27 19:52 99,840 --a------ C:\WINDOWS\SYSTEM32\iexpress.exe
2006-10-27 19:52 98,816 --a------ C:\WINDOWS\SYSTEM32\dmstyle.dll
2006-10-27 19:52 98,816 --a------ C:\WINDOWS\SYSTEM32\clipbrd.exe
2006-10-27 19:52 98,304 --a------ C:\WINDOWS\SYSTEM32\actxprxy.dll
2006-10-27 19:52 937,984 --a------ C:\WINDOWS\SYSTEM32\dxdiag.exe
2006-10-27 19:52 92,224 --a------ C:\WINDOWS\SYSTEM32\krnl386.exe
2006-10-27 19:52 92,160 --a------ C:\WINDOWS\SYSTEM32\cscdll.dll
2006-10-27 19:52 91,648 --a------ C:\WINDOWS\SYSTEM32\loadperf.dll
2006-10-27 19:52 91,648 --a------ C:\WINDOWS\SYSTEM32\ahui.exe
2006-10-27 19:52 91,136 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-10-27 19:52 9,728 --a------ C:\WINDOWS\SYSTEM32\gpkrsrc.dll
2006-10-27 19:52 9,216 --a------ C:\WINDOWS\SYSTEM32\icaapi.dll
2006-10-27 19:52 9,216 --a------ C:\WINDOWS\SYSTEM32\dumprep.exe
2006-10-27 19:52 85,504 --a------ C:\WINDOWS\SYSTEM32\catsrvps.dll
2006-10-27 19:52 84,992 --a------ C:\WINDOWS\SYSTEM32\dskquota.dll
2006-10-27 19:52 82,432 --a------ C:\WINDOWS\SYSTEM32\fldrclnr.dll
2006-10-27 19:52 80,896 --a------ C:\WINDOWS\SYSTEM32\dpvsetup.exe
2006-10-27 19:52 80,384 --a------ C:\WINDOWS\SYSTEM32\mciavi32.dll
2006-10-27 19:52 80,384 --a------ C:\WINDOWS\SYSTEM32\cabview.dll
2006-10-27 19:52 8,832 --a------ C:\WINDOWS\SYSTEM32\framebuf.dll
2006-10-27 19:52 8,704 --a------ C:\WINDOWS\SYSTEM32\lprhelp.dll
2006-10-27 19:52 8,192 --a------ C:\WINDOWS\SYSTEM32\igmpagnt.dll
2006-10-27 19:52 8,192 --a------ C:\WINDOWS\SYSTEM32\d3d8thk.dll
2006-10-27 19:52 8,192 --a------ C:\WINDOWS\SYSTEM32\autolfn.exe
2006-10-27 19:52 797,184 --a------ C:\WINDOWS\SYSTEM32\d3dim700.dll
2006-10-27 19:52 792,064 --a------ C:\WINDOWS\SYSTEM32\comres.dll
2006-10-27 19:52 79,360 --a------ C:\WINDOWS\SYSTEM32\makecab.exe
2006-10-27 19:52 79,360 --a------ C:\WINDOWS\SYSTEM32\diantz.exe
2006-10-27 19:52 77,824 --a------ C:\WINDOWS\SYSTEM32\isign32.dll
2006-10-27 19:52 77,824 --a------ C:\WINDOWS\SYSTEM32\dpmodemx.dll
2006-10-27 19:52 77,824 --a------ C:\WINDOWS\SYSTEM32\asycfilt.dll
2006-10-27 19:52 76,800 --a------ C:\WINDOWS\SYSTEM32\dpwsockx.dll
2006-10-27 19:52 76,800 --a------ C:\WINDOWS\SYSTEM32\dmscript.dll
2006-10-27 19:52 76,288 --a------ C:\WINDOWS\SYSTEM32\dfrgfat.exe
2006-10-27 19:52 76,288 --a------ C:\WINDOWS\SYSTEM32\avifil32.dll
2006-10-27 19:52 74,810 --a------ C:\WINDOWS\SYSTEM32\atl.dll
2006-10-27 19:52 73,728 --a------ C:\WINDOWS\SYSTEM32\ils.dll
2006-10-27 19:52 723,968 --a------ C:\WINDOWS\SYSTEM32\dpnet.dll
2006-10-27 19:52 71,680 --a------ C:\WINDOWS\SYSTEM32\browsewm.dll
2006-10-27 19:52 70,656 --a------ C:\WINDOWS\SYSTEM32\defrag.exe
2006-10-27 19:52 70,144 --a------ C:\WINDOWS\SYSTEM32\cryptdlg.dll
2006-10-27 19:52 7,680 --a------ C:\WINDOWS\SYSTEM32\dciman32.dll
2006-10-27 19:52 7,040 --a------ C:\WINDOWS\SYSTEM32\kd1394.dll
2006-10-27 19:52 69,632 --a------ C:\WINDOWS\SYSTEM32\icwdial.dll
2006-10-27 19:52 68,096 --a------ C:\WINDOWS\SYSTEM32\inetpp.dll
2006-10-27 19:52 68,096 --a------ C:\WINDOWS\SYSTEM32\dpnhupnp.dll
2006-10-27 19:52 67,584 --a------ C:\WINDOWS\SYSTEM32\magnify.exe
2006-10-27 19:52 66,560 --a------ C:\WINDOWS\SYSTEM32\faultrep.dll
2006-10-27 19:52 64,512 --a------ C:\WINDOWS\SYSTEM32\ciodm.dll
2006-10-27 19:52 64,512 --a------ C:\WINDOWS\SYSTEM32\amstream.dll
2006-10-27 19:52 62,976 --a------ C:\WINDOWS\SYSTEM32\browselc.dll
2006-10-27 19:52 62,464 --a------ C:\WINDOWS\SYSTEM32\colbact.dll
2006-10-27 19:52 62,464 --a------ C:\WINDOWS\SYSTEM32\adsmsext.dll
2006-10-27 19:52 61,440 --a------ C:\WINDOWS\SYSTEM32\icwphbk.dll
2006-10-27 19:52 61,440 --a------ C:\WINDOWS\SYSTEM32\dbnetlib.dll
2006-10-27 19:52 61,440 --a------ C:\WINDOWS\SYSTEM32\cleanmgr.exe
2006-10-27 19:52 602,624 --a------ C:\WINDOWS\SYSTEM32\dx7vb.dll
2006-10-27 19:52 6,656 --a------ C:\WINDOWS\SYSTEM32\batt.dll
2006-10-27 19:52 596,480 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-10-27 19:52 593,408 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2006-10-27 19:52 59,904 --a------ C:\WINDOWS\SYSTEM32\cabinet.dll
2006-10-27 19:52 59,392 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-10-27 19:52 585,344 --a------ C:\WINDOWS\SYSTEM32\i81xdnt5.dll
2006-10-27 19:52 581,632 --a------ C:\WINDOWS\SYSTEM32\catsrvut.dll
2006-10-27 19:52 58,368 --a------ C:\WINDOWS\SYSTEM32\dmcompos.dll
2006-10-27 19:52 57,856 --a------ C:\WINDOWS\SYSTEM32\licwmi.dll
2006-10-27 19:52 57,344 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-10-27 19:52 558,592 --a------ C:\WINDOWS\SYSTEM32\autofmt.exe
2006-10-27 19:52 55,296 --a------ C:\WINDOWS\SYSTEM32\digest.dll
2006-10-27 19:52 544,256 --a------ C:\WINDOWS\SYSTEM32\crypt32.dll
2006-10-27 19:52 54,784 --a------ C:\WINDOWS\SYSTEM32\cmstp.exe
2006-10-27 19:52 54,272 --a------ C:\WINDOWS\SYSTEM32\clusapi.dll
2006-10-27 19:52 53,840 --a------ C:\WINDOWS\SYSTEM32\dosx.exe
2006-10-27 19:52 53,760 --a------ C:\WINDOWS\SYSTEM32\cryptsvc.dll
2006-10-27 19:52 53,760 --a------ C:\WINDOWS\SYSTEM32\authz.dll
2006-10-27 19:52 53,248 --a------ C:\WINDOWS\SYSTEM32\cryptnet.dll
2006-10-27 19:52 51,712 --a------ C:\WINDOWS\SYSTEM32\ipconfig.exe
2006-10-27 19:52 51,712 --a------ C:\WINDOWS\SYSTEM32\dataclen.dll
2006-10-27 19:52 504,320 --a------ C:\WINDOWS\SYSTEM32\logonui.exe
2006-10-27 19:52 50,688 --a------ C:\WINDOWS\SYSTEM32\dmutil.dll
2006-10-27 19:52 5,120 --a------ C:\WINDOWS\SYSTEM32\cisvc.exe
2006-10-27 19:52 499,200 --a------ C:\WINDOWS\SYSTEM32\comuid.dll
2006-10-27 19:52 498,205 --a------ C:\WINDOWS\SYSTEM32\dxmasf.dll
2006-10-27 19:52 497,152 --a------ C:\WINDOWS\SYSTEM32\clbcatq.dll
2006-10-27 19:52 491,520 --a------ C:\WINDOWS\SYSTEM32\dsdmoprp.dll
2006-10-27 19:52 49,664 --a------ C:\WINDOWS\SYSTEM32\ixsso.dll
2006-10-27 19:52 49,152 --a------ C:\WINDOWS\SYSTEM32\eventlog.dll
2006-10-27 19:52 49,152 --a------ C:\WINDOWS\SYSTEM32\browser.dll
2006-10-27 19:52 489,984 --a------ C:\WINDOWS\SYSTEM32\dbghelp.dll
2006-10-27 19:52 48,640 --a------ C:\WINDOWS\SYSTEM32\cryptext.dll
2006-10-27 19:52 477,696 --a------ C:\WINDOWS\SYSTEM32\cryptui.dll
2006-10-27 19:52 47,616 --a------ C:\WINDOWS\SYSTEM32\inetres.dll
2006-10-27 19:52 47,616 --a------ C:\WINDOWS\SYSTEM32\basesrv.dll
2006-10-27 19:52 47,104 --a------ C:\WINDOWS\SYSTEM32\dssec.dll
2006-10-27 19:52 46,592 --a------ C:\WINDOWS\twain_32.dll
2006-10-27 19:52 45,632 --a------ C:\WINDOWS\SYSTEM32\cliconfg.exe
2006-10-27 19:52 45,568 --a------ C:\WINDOWS\SYSTEM32\iyuv_32.dll
2006-10-27 19:52 45,568 --a------ C:\WINDOWS\SYSTEM32\docprop2.dll
2006-10-27 19:52 45,568 --a------ C:\WINDOWS\SYSTEM32\cnbjmon.dll
2006-10-27 19:52 45,056 --a------ C:\WINDOWS\SYSTEM32\camocx.dll
2006-10-27 19:52 44,032 --a------ C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2006-10-27 19:52 439,808 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2006-10-27 19:52 436,736 --a------ C:\WINDOWS\SYSTEM32\certmgr.dll
2006-10-27 19:52 41,984 --a------ C:\WINDOWS\SYSTEM32\alg.exe
2006-10-27 19:52 41,472 --a------ C:\WINDOWS\SYSTEM32\cmdl32.exe
2006-10-27 19:52 40,960 --a------ C:\WINDOWS\SYSTEM32\extrac32.exe
2006-10-27 19:52 4,096 --a------ C:\WINDOWS\SYSTEM32\ksuser.dll
2006-10-27 19:52 4,096 --a------ C:\WINDOWS\SYSTEM32\actmovie.exe
2006-10-27 19:52 39,936 --a------ C:\WINDOWS\SYSTEM32\htui.dll
2006-10-27 19:52 381,952 --a------ C:\WINDOWS\SYSTEM32\dpvoice.dll
2006-10-27 19:52 381,440 --a------ C:\WINDOWS\SYSTEM32\lmrt.dll
2006-10-27 19:52 380,957 --a------ C:\WINDOWS\SYSTEM32\expsrv.dll
2006-10-27 19:52 38,912 --a------ C:\WINDOWS\SYSTEM32\hhsetup.dll
2006-10-27 19:52 38,912 --a------ C:\WINDOWS\SYSTEM32\audiosrv.dll
2006-10-27 19:52 38,400 --a------ C:\WINDOWS\SYSTEM32\grpconv.exe
2006-10-27 19:52 367,616 --a------ C:\WINDOWS\SYSTEM32\licdll.dll
2006-10-27 19:52 364,544 --a------ C:\WINDOWS\SYSTEM32\ipsmsnap.dll
2006-10-27 19:52 361,472 --a------ C:\WINDOWS\SYSTEM32\fontext.dll
2006-10-27 19:52 36,922 --a------ C:\WINDOWS\SYSTEM32\imeshare.dll
2006-10-27 19:52 36,864 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll
2006-10-27 19:52 36,352 --a------ C:\WINDOWS\SYSTEM32\cmutil.dll
2006-10-27 19:52 355,328 --a------ C:\WINDOWS\SYSTEM32\dsound.dll
2006-10-27 19:52 35,840 --a------ C:\WINDOWS\SYSTEM32\cmmon32.exe
2006-10-27 19:52 35,328 --a------ C:\WINDOWS\SYSTEM32\dfrgsnap.dll
2006-10-27 19:52 34,304 --a------ C:\WINDOWS\SYSTEM32\mciqtz32.dll
2006-10-27 19:52 334,848 --a------ C:\WINDOWS\SYSTEM32\ipsecsnp.dll
2006-10-27 19:52 33,280 --a------ C:\WINDOWS\SYSTEM32\dmloader.dll
2006-10-27 19:52 324,608 --a------ C:\WINDOWS\SYSTEM32\cmdial32.dll
2006-10-27 19:52 323,072 --a------ C:\WINDOWS\SYSTEM32\filemgmt.dll
2006-10-27 19:52 32,768 --a------ C:\WINDOWS\SYSTEM32\dpnhpast.dll
2006-10-27 19:52 32,768 --a------ C:\WINDOWS\SYSTEM32\cfgbkend.dll
2006-10-27 19:52 318,464 --a------ C:\WINDOWS\SYSTEM32\ippromon.dll
2006-10-27 19:52 315,904 --a------ C:\WINDOWS\SYSTEM32\hnetwiz.dll
2006-10-27 19:52 307,712 --a------ C:\WINDOWS\SYSTEM32\cscui.dll
2006-10-27 19:52 30,720 --a------ C:\WINDOWS\SYSTEM32\clipsrv.exe
2006-10-27 19:52 30,208 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-27 19:52 3,072 --a------ C:\WINDOWS\SYSTEM32\icmp.dll
2006-10-27 19:52 3,072 --a------ C:\WINDOWS\SYSTEM32\dpnlobby.dll
2006-10-27 19:52 3,072 --a------ C:\WINDOWS\SYSTEM32\dpnaddr.dll
2006-10-27 19:52 294,912 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-10-27 19:52 29,184 --a------ C:\WINDOWS\SYSTEM32\cryptdll.dll
2006-10-27 19:52 285,184 --a------ C:\WINDOWS\SYSTEM32\kerberos.dll
2006-10-27 19:52 284,160 --a------ C:\WINDOWS\SYSTEM32\ddraw.dll
2006-10-27 19:52 28,672 --a------ C:\WINDOWS\SYSTEM32\isrdbg32.dll
2006-10-27 19:52 28,672 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-10-27 19:52 28,672 --a------ C:\WINDOWS\SYSTEM32\dbnmpntw.dll
2006-10-27 19:52 28,160 --a------ C:\WINDOWS\SYSTEM32\dplaysvr.exe
2006-10-27 19:52 272,768 --a------ C:\WINDOWS\SYSTEM32\atmfd.dll
2006-10-27 19:52 27,136 --a------ C:\WINDOWS\SYSTEM32\dmband.dll
2006-10-27 19:52 27,136 --a------ C:\WINDOWS\SYSTEM32\ddeshare.exe
2006-10-27 19:52 27,136 --a------ C:\WINDOWS\SYSTEM32\batmeter.dll
2006-10-27 19:52 27,136 --a------ C:\WINDOWS\SYSTEM32\atmlib.dll
2006-10-27 19:52 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-10-27 19:52 266,240 --a------ C:\WINDOWS\SYSTEM32\inetcfg.dll
2006-10-27 19:52 263,680 --a------ C:\WINDOWS\SYSTEM32\duser.dll
2006-10-27 19:52 263,168 --a------ C:\WINDOWS\SYSTEM32\devmgr.dll
2006-10-27 19:52 260,608 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2006-10-27 19:52 25,600 --a------ C:\WINDOWS\SYSTEM32\dfsshlex.dll
2006-10-27 19:52 25,088 --a------ C:\WINDOWS\SYSTEM32\findstr.exe
2006-10-27 19:52 240,640 --a------ C:\WINDOWS\SYSTEM32\hnetcfg.dll
2006-10-27 19:52 24,576 --a------ C:\WINDOWS\SYSTEM32\dbmsrpcn.dll
2006-10-27 19:52 24,576 --a------ C:\WINDOWS\SYSTEM32\conime.exe
2006-10-27 19:52 24,064 --a------ C:\WINDOWS\SYSTEM32\ddrawex.dll
2006-10-27 19:52 239,616 --a------ C:\WINDOWS\SYSTEM32\adsnt.dll
2006-10-27 19:52 238,592 --a------ C:\WINDOWS\SYSTEM32\compatui.dll
2006-10-27 19:52 237,056 --a------ C:\WINDOWS\SYSTEM32\icm32.dll
2006-10-27 19:52 23,040 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-10-27 19:52 227,840 --a------ C:\WINDOWS\SYSTEM32\dsquery.dll
2006-10-27 19:52 227,328 --a------ C:\WINDOWS\SYSTEM32\es.dll
2006-10-27 19:52 222,208 --a------ C:\WINDOWS\SYSTEM32\compstui.dll
2006-10-27 19:52 220,672 --a------ C:\WINDOWS\SYSTEM32\catsrv.dll
2006-10-27 19:52 22,528 --a------ C:\WINDOWS\SYSTEM32\hid.dll
2006-10-27 19:52 22,528 --a------ C:\WINDOWS\SYSTEM32\at.exe
2006-10-27 19:52 22,016 --a------ C:\WINDOWS\SYSTEM32\mciwave.dll
2006-10-27 19:52 22,016 --a------ C:\WINDOWS\SYSTEM32\ipxroute.exe
2006-10-27 19:52 22,016 --a------ C:\WINDOWS\SYSTEM32\davclnt.dll
2006-10-27 19:52 219,648 --a------ C:\WINDOWS\SYSTEM32\logon.scr
2006-10-27 19:52 217,600 --a------ C:\WINDOWS\SYSTEM32\dplayx.dll
2006-10-27 19:52 21,504 --a------ C:\WINDOWS\SYSTEM32\dmserver.dll
2006-10-27 19:52 204,800 --a------ C:\WINDOWS\SYSTEM32\dmadmin.exe
2006-10-27 19:52 204,288 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-10-27 19:52 202,752 --a------ C:\WINDOWS\SYSTEM32\localsec.dll
2006-10-27 19:52 20,992 --a------ C:\WINDOWS\SYSTEM32\mciseq.dll
2006-10-27 19:52 2,025,984 --a------ C:\WINDOWS\SYSTEM32\cdosys.dll
2006-10-27 19:52 19,968 --a------ C:\WINDOWS\SYSTEM32\dpvacm.dll
2006-10-27 19:52 19,456 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-27 19:52 19,456 --a------ C:\WINDOWS\SYSTEM32\fontview.exe
2006-10-27 19:52 19,456 --a------ C:\WINDOWS\SYSTEM32\ersvc.dll
2006-10-27 19:52 186,880 --a------ C:\WINDOWS\SYSTEM32\dsdmo.dll
2006-10-27 19:52 186,880 --a------ C:\WINDOWS\SYSTEM32\certcli.dll
2006-10-27 19:52 184,320 --a------ C:\WINDOWS\SYSTEM32\dmdskmgr.dll
2006-10-27 19:52 181,760 --a------ C:\WINDOWS\SYSTEM32\activeds.dll
2006-10-27 19:52 180,224 --a------ C:\WINDOWS\SYSTEM32\dwwin.exe
2006-10-27 19:52 18,944 --a------ C:\WINDOWS\SYSTEM32\lpk.dll
2006-10-27 19:52 18,432 --a------ C:\WINDOWS\SYSTEM32\feclient.dll
2006-10-27 19:52 18,432 --a------ C:\WINDOWS\SYSTEM32\dswave.dll
2006-10-27 19:52 179,200 --a------ C:\WINDOWS\SYSTEM32\accwiz.exe
2006-10-27 19:52 178,688 --a------ C:\WINDOWS\SYSTEM32\eudcedit.exe
2006-10-27 19:52 174,592 --a------ C:\WINDOWS\SYSTEM32\cmprops.dll
2006-10-27 19:52 171,520 --a------ C:\WINDOWS\SYSTEM32\dmime.dll
2006-10-27 19:52 168,960 --a------ C:\WINDOWS\SYSTEM32\dinput8.dll
2006-10-27 19:52 165,376 --a------ C:\WINDOWS\SYSTEM32\els.dll
2006-10-27 19:52 162,816 --a------ C:\WINDOWS\SYSTEM32\adsldp.dll
2006-10-27 19:52 16,896 --a------ C:\WINDOWS\SYSTEM32\dpnsvr.exe
2006-10-27 19:52 16,896 --a------ C:\WINDOWS\SYSTEM32\cfgmgr32.dll
2006-10-27 19:52 16,384 --a------ C:\WINDOWS\SYSTEM32\linkinfo.dll
2006-10-27 19:52 16,384 --a------ C:\WINDOWS\SYSTEM32\ds32gt.dll
2006-10-27 19:52 159,744 --a------ C:\WINDOWS\SYSTEM32\ipsecsvc.dll
2006-10-27 19:52 158,720 --a------ C:\WINDOWS\SYSTEM32\credui.dll
2006-10-27 19:52 151,552 --a------ C:\WINDOWS\SYSTEM32\dinput.dll
2006-10-27 19:52 15,872 --a------ C:\WINDOWS\SYSTEM32\dvdupgrd.exe
2006-10-27 19:52 15,872 --a------ C:\WINDOWS\SYSTEM32\alrsvc.dll
2006-10-27 19:52 146,432 --a------ C:\WINDOWS\SYSTEM32\keymgr.dll
2006-10-27 19:52 145,920 --a------ C:\WINDOWS\SYSTEM32\diskpart.exe
2006-10-27 19:52 144,896 --a------ C:\WINDOWS\SYSTEM32\initpki.dll
2006-10-27 19:52 143,872 --a------ C:\WINDOWS\SYSTEM32\itircl.dll
2006-10-27 19:52 14,877 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-27 19:52 14,848 --a------ C:\WINDOWS\SYSTEM32\bidispl.dll
2006-10-27 19:52 14,336 --a------ C:\WINDOWS\SYSTEM32\inetppui.dll
2006-10-27 19:52 14,336 --a------ C:\WINDOWS\SYSTEM32\dmremote.exe
2006-10-27 19:52 139,776 --a------ C:\WINDOWS\SYSTEM32\adsldpc.dll
2006-10-27 19:52 137,216 --a------ C:\WINDOWS\SYSTEM32\hotplug.dll
2006-10-27 19:52 135,680 --a------ C:\WINDOWS\SYSTEM32\dsprop.dll
2006-10-27 19:52 134,144 --a------ C:\WINDOWS\regedit.exe
2006-10-27 19:52 132,608 --a------ C:\WINDOWS\SYSTEM32\devenum.dll
2006-10-27 19:52 13,312 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2006-10-27 19:52 128,000 --a------ C:\WINDOWS\SYSTEM32\itss.dll
2006-10-27 19:52 127,552 --a------ C:\WINDOWS\SYSTEM32\cliconfg.dll
2006-10-27 19:52 126,976 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-10-27 19:52 125,952 --a------ C:\WINDOWS\SYSTEM32\ifmon.dll
2006-10-27 19:52 124,928 --a------ C:\WINDOWS\SYSTEM32\dssenh.dll
2006-10-27 19:52 123,904 --a------ C:\WINDOWS\SYSTEM32\imapi.exe
2006-10-27 19:52 12,800 --a------ C:\WINDOWS\SYSTEM32\mcastmib.dll
2006-10-27 19:52 12,288 --a------ C:\WINDOWS\SYSTEM32\cmcfg32.dll
2006-10-27 19:52 116,736 --a------ C:\WINDOWS\SYSTEM32\glu32.dll
2006-10-27 19:52 116,736 --a------ C:\WINDOWS\SYSTEM32\dmusic.dll
2006-10-27 19:52 116,224 --a------ C:\WINDOWS\SYSTEM32\iasrad.dll
2006-10-27 19:52 115,712 --a------ C:\WINDOWS\SYSTEM32\apphelp.dll
2006-10-27 19:52 114,176 --a------ C:\WINDOWS\SYSTEM32\input.dll
2006-10-27 19:52 113,152 --a------ C:\WINDOWS\SYSTEM32\idq.dll
2006-10-27 19:52 113,152 --a------ C:\WINDOWS\SYSTEM32\dfrgui.dll
2006-10-27 19:52 112,128 --a------ C:\WINDOWS\SYSTEM32\dpvvox.dll
2006-10-27 19:52 110,592 --a------ C:\WINDOWS\SYSTEM32\iccvid.dll
2006-10-27 19:52 110,080 --a------ C:\WINDOWS\SYSTEM32\clbcatex.dll
2006-10-27 19:52 11,776 --a------ C:\WINDOWS\SYSTEM32\lsass.exe
2006-10-27 19:52 11,776 --a------ C:\WINDOWS\SYSTEM32\drprov.dll
2006-10-27 19:52 108,544 --a------ C:\WINDOWS\SYSTEM32\mdminst.dll
2006-10-27 19:52 107,008 --a------ C:\WINDOWS\SYSTEM32\aclui.dll
2006-10-27 19:52 106,496 --a------ C:\WINDOWS\SYSTEM32\dsuiext.dll
2006-10-27 19:52 103,936 --a------ C:\WINDOWS\SYSTEM32\imm32.dll
2006-10-27 19:52 103,424 --a------ C:\WINDOWS\SYSTEM32\dgnet.dll
2006-10-27 19:52 102,450 --a------ C:\WINDOWS\SYSTEM32\cscript.exe
2006-10-27 19:52 100,864 --a------ C:\WINDOWS\SYSTEM32\dmsynth.dll
2006-10-27 19:52 10,752 --a------ C:\WINDOWS\hh.exe
2006-10-27 19:52 10,240 --a------ C:\WINDOWS\SYSTEM32\localui.dll
2006-10-27 19:52 10,240 --a------ C:\WINDOWS\SYSTEM32\atmadm.exe
2006-10-27 19:52 1,294,336 --a------ C:\WINDOWS\SYSTEM32\dsound3d.dll
2006-10-27 19:52 1,189,888 --a------ C:\WINDOWS\SYSTEM32\dx8vb.dll
2006-10-27 19:52 1,179,136 --a------ C:\WINDOWS\SYSTEM32\comsvcs.dll
2006-10-27 19:52 1,177,600 --a------ C:\WINDOWS\SYSTEM32\d3d8.dll
2006-10-27 19:52 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-10-27 19:51 98,304 --a------ C:\WINDOWS\SYSTEM32\polstore.dll
2006-10-27 19:51 98,304 --a------ C:\WINDOWS\SYSTEM32\oleprn.dll
2006-10-27 19:51 98,304 --a------ C:\WINDOWS\SYSTEM32\odbccp32.dll
2006-10-27 19:51 974,336 --a------ C:\WINDOWS\SYSTEM32\msdtctm.dll
2006-10-27 19:51 971,264 --a------ C:\WINDOWS\SYSTEM32\msgina.dll
2006-10-27 19:51 97,280 --a------ C:\WINDOWS\SYSTEM32\txflog.dll
2006-10-27 19:51 96,256 --a------ C:\WINDOWS\SYSTEM32\rcbdyctl.dll
2006-10-27 19:51 95,744 --a------ C:\WINDOWS\SYSTEM32\nlhtml.dll
2006-10-27 19:51 93,184 --a------ C:\WINDOWS\SYSTEM32\winscard.dll
2006-10-27 19:51 91,136 --a------ C:\WINDOWS\SYSTEM32\rastls.dll
2006-10-27 19:51 91,136 --a------ C:\WINDOWS\SYSTEM32\msoert2.dll
2006-10-27 19:51 90,112 --a------ C:\WINDOWS\SYSTEM32\odbcint.dll
2006-10-27 19:51 9,728 --a------ C:\WINDOWS\SYSTEM32\regsvr32.exe
2006-10-27 19:51 9,728 --a------ C:\WINDOWS\SYSTEM32\mstinit.exe
2006-10-27 19:51 89,600 --a------ C:\WINDOWS\SYSTEM32\slbiop.dll
2006-10-27 19:51 88,064 --a------ C:\WINDOWS\SYSTEM32\tscfgwmi.dll
2006-10-27 19:51 88,064 --a------ C:\WINDOWS\SYSTEM32\mydocs.dll
2006-10-27 19:51 87,552 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-27 19:51 87,304 --a------ C:\WINDOWS\SYSTEM32\rdpdd.dll
2006-10-27 19:51 86,528 --a------ C:\WINDOWS\SYSTEM32\wlnotify.dll
2006-10-27 19:51 86,016 --a------ C:\WINDOWS\SYSTEM32\xactsrv.dll
2006-10-27 19:51 857,600 --a------ C:\WINDOWS\SYSTEM32\netplwiz.dll
2006-10-27 19:51 831,519 --a------ C:\WINDOWS\SYSTEM32\mswdat10.dll
2006-10-27 19:51 83,456 --a------ C:\WINDOWS\SYSTEM32\mtxoci.dll
2006-10-27 19:51 829,952 --a------ C:\WINDOWS\SYSTEM32\tapi3.dll
2006-10-27 19:51 82,944 --a------ C:\WINDOWS\SYSTEM32\smlogsvc.exe
2006-10-27 19:51 82,944 --a------ C:\WINDOWS\SYSTEM32\psbase.dll
2006-10-27 19:51 81,920 --a------ C:\WINDOWS\SYSTEM32\trkwks.dll
2006-10-27 19:51 80,128 --a------ C:\WINDOWS\SYSTEM32\msapsspc.dll
2006-10-27 19:51 8,456 --a------ C:\WINDOWS\SYSTEM32\tsddd.dll
2006-10-27 19:51 8,192 --a------ C:\WINDOWS\SYSTEM32\scrnsave.scr
2006-10-27 19:51 79,360 --a------ C:\WINDOWS\SYSTEM32\mprapi.dll
2006-10-27 19:51 774,144 --a------ C:\WINDOWS\SYSTEM32\mmc.exe
2006-10-27 19:51 762,368 --a------ C:\WINDOWS\SYSTEM32\winntbbu.dll
2006-10-27 19:51 75,912 --a------ C:\WINDOWS\SYSTEM32\rdpwsx.dll
2006-10-27 19:51 74,752 --a------ C:\WINDOWS\SYSTEM32\netui0.dll
2006-10-27 19:51 74,240 --a------ C:\WINDOWS\SYSTEM32\rtcshare.exe
2006-10-27 19:51 733,184 --a------ C:\WINDOWS\SYSTEM32\qedwipes.dll
2006-10-27 19:51 72,192 --a------ C:\WINDOWS\SYSTEM32\telnet.exe
2006-10-27 19:51 71,168 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2006-10-27 19:51 71,168 --a------ C:\WINDOWS\SYSTEM32\sdbinst.exe
2006-10-27 19:51 700,928 --a------ C:\WINDOWS\SYSTEM32\sxs.dll
2006-10-27 19:51 70,656 --a------ C:\WINDOWS\SYSTEM32\wiascr.dll
2006-10-27 19:51 699,392 --a------ C:\WINDOWS\SYSTEM32\msxml2.dll
2006-10-27 19:51 69,632 --a------ C:\WINDOWS\SYSTEM32\shrpubw.exe
2006-10-27 19:51 69,120 --a------ C:\WINDOWS\SYSTEM32\unimdmat.dll
2006-10-27 19:51 686,080 --a------ C:\WINDOWS\SYSTEM32\opengl32.dll
2006-10-27 19:51 68,928 --a------ C:\WINDOWS\SYSTEM32\mmsystem.dll
2006-10-27 19:51 68,608 --a------ C:\WINDOWS\SYSTEM32\mscms.dll
2006-10-27 19:51 67,584 --a------ C:\WINDOWS\SYSTEM32\msctfp.dll
2006-10-27 19:51 67,072 --a------ C:\WINDOWS\SYSTEM32\usbui.dll
2006-10-27 19:51 67,072 --a------ C:\WINDOWS\SYSTEM32\msacm32.dll
2006-10-27 19:51 667,648 --a------ C:\WINDOWS\SYSTEM32\ss3dfo.scr
2006-10-27 19:51 667,136 --a------ C:\WINDOWS\SYSTEM32\userenv.dll
2006-10-27 19:51 66,560 --a------ C:\WINDOWS\SYSTEM32\spoolss.dll
2006-10-27 19:51 66,560 --a------ C:\WINDOWS\SYSTEM32\scarddlg.dll
2006-10-27 19:51 66,560 --a------ C:\WINDOWS\SYSTEM32\mmcbase.dll
2006-10-27 19:51 66,048 --a------ C:\WINDOWS\SYSTEM32\sigverif.exe
2006-10-27 19:51 66,048 --a------ C:\WINDOWS\SYSTEM32\notepad.exe
2006-10-27 19:51 66,048 --a------ C:\WINDOWS\SYSTEM32\msw3prt.dll
2006-10-27 19:51 66,048 --a------ C:\WINDOWS\notepad.exe
2006-10-27 19:51 65,585 --a------ C:\WINDOWS\SYSTEM32\wshext.dll
2006-10-27 19:51 65,536 --a------ C:\WINDOWS\SYSTEM32\msconf.dll
2006-10-27 19:51 65,024 --a------ C:\WINDOWS\SYSTEM32\msvcrt40.dll
2006-10-27 19:51 64,512 --a------ C:\WINDOWS\SYSTEM32\ntdsapi.dll
2006-10-27 19:51 64,512 --a------ C:\WINDOWS\SYSTEM32\mtxclu.dll
2006-10-27 19:51 64,000 --a------ C:\WINDOWS\SYSTEM32\webclnt.dll
2006-10-27 19:51 638,976 --a------ C:\WINDOWS\SYSTEM32\sstext3d.scr
2006-10-27 19:51 63,488 --a------ C:\WINDOWS\SYSTEM32\srclient.dll
2006-10-27 19:51 62,976 --a------ C:\WINDOWS\SYSTEM32\shgina.dll
2006-10-27 19:51 614,431 --a------ C:\WINDOWS\SYSTEM32\mswstr10.dll
2006-10-27 19:51 61,952 --a------ C:\WINDOWS\SYSTEM32\sti.dll
2006-10-27 19:51 61,952 --a------ C:\WINDOWS\SYSTEM32\rdshost.exe
2006-10-27 19:51 61,952 --a------ C:\WINDOWS\SYSTEM32\osuninst.dll
2006-10-27 19:51 61,440 --a------ C:\WINDOWS\SYSTEM32\odbccu32.dll
2006-10-27 19:51 61,440 --a------ C:\WINDOWS\SYSTEM32\odbccr32.dll
2006-10-27 19:51 60,416 --a------ C:\WINDOWS\SYSTEM32\wextract.exe
2006-10-27 19:51 60,416 --a------ C:\WINDOWS\SYSTEM32\shimeng.dll
2006-10-27 19:51 6,144 --a------ C:\WINDOWS\SYSTEM32\sensapi.dll
2006-10-27 19:51 6,144 --a------ C:\WINDOWS\SYSTEM32\msdtc.exe
2006-10-27 19:51 598,016 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2006-10-27 19:51 584,192 --a------ C:\WINDOWS\SYSTEM32\netcfgx.dll
2006-10-27 19:51 58,880 --a------ C:\WINDOWS\SYSTEM32\pautoenr.dll
2006-10-27 19:51 578,560 --a------ C:\WINDOWS\SYSTEM32\autoconv.exe
2006-10-27 19:51 577,024 --a------ C:\WINDOWS\SYSTEM32\mlang.dll
2006-10-27 19:51 57,856 --a------ C:\WINDOWS\SYSTEM32\raschap.dll
2006-10-27 19:51 569,344 --a------ C:\WINDOWS\SYSTEM32\sspipes.scr
2006-10-27 19:51 568,832 --a------ C:\WINDOWS\SYSTEM32\wiashext.dll
2006-10-27 19:51 565,760 --a------ C:\WINDOWS\SYSTEM32\autochk.exe
2006-10-27 19:51 561,152 --a------ C:\WINDOWS\SYSTEM32\user32.dll
2006-10-27 19:51 56,832 --a------ C:\WINDOWS\SYSTEM32\wzcdlg.dll
2006-10-27 19:51 56,320 --a------ C:\WINDOWS\SYSTEM32\remotepg.dll
2006-10-27 19:51 56,320 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-27 19:51 56,320 --a------ C:\WINDOWS\SYSTEM32\miglibnt.dll
2006-10-27 19:51 558,080 --a------ C:\WINDOWS\SYSTEM32\advapi32.dll
2006-10-27 19:51 552,989 --a------ C:\WINDOWS\SYSTEM32\msrepl40.dll
2006-10-27 19:51 55,808 --a------ C:\WINDOWS\SYSTEM32\mpr.dll
2006-10-27 19:51 548,864 --a------ C:\WINDOWS\SYSTEM32\shdoclc.dll
2006-10-27 19:51 54,784 --a------ C:\WINDOWS\SYSTEM32\resutils.dll
2006-10-27 19:51 54,784 --a------ C:\WINDOWS\SYSTEM32\msdtclog.dll
2006-10-27 19:51 54,272 --a------ C:\WINDOWS\SYSTEM32\rasphone.exe
2006-10-27 19:51 535,552 --a------ C:\WINDOWS\SYSTEM32\rpcrt4.dll
2006-10-27 19:51 534,016 --a------ C:\WINDOWS\SYSTEM32\spider.exe
2006-10-27 19:51 53,279 --a------ C:\WINDOWS\SYSTEM32\odbcji32.dll
2006-10-27 19:51 53,279 --a------ C:\WINDOWS\SYSTEM32\msjter40.dll
2006-10-27 19:51 53,248 --a------ C:\WINDOWS\SYSTEM32\spoolsv.exe
2006-10-27 19:51 53,248 --a------ C:\WINDOWS\SYSTEM32\servdeps.dll
2006-10-27 19:51 53,248 --a------ C:\WINDOWS\SYSTEM32\sendmail.dll
2006-10-27 19:51 53,248 --a------ C:\WINDOWS\SYSTEM32\packager.exe
2006-10-27 19:51 53,248 --a------ C:\WINDOWS\SYSTEM32\odbcconf.exe
2006-10-27 19:51 52,224 --a------ C:\WINDOWS\SYSTEM32\secur32.dll
2006-10-27 19:51 512,029 --a------ C:\WINDOWS\SYSTEM32\msexch40.dll
2006-10-27 19:51 51,712 --a------ C:\WINDOWS\SYSTEM32\synceng.dll
2006-10-27 19:51 51,712 --a------ C:\WINDOWS\SYSTEM32\regsvc.dll
2006-10-27 19:51 51,712 --a------ C:\WINDOWS\SYSTEM32\msasn1.dll
2006-10-27 19:51 51,200 --a------ C:\WINDOWS\SYSTEM32\narrator.exe
2006-10-27 19:51 50,688 --a------ C:\WINDOWS\SYSTEM32\msvcirt.dll
2006-10-27 19:51 5,632 --a------ C:\WINDOWS\SYSTEM32\wmi.dll
2006-10-27 19:51 5,632 --a------ C:\WINDOWS\SYSTEM32\security.dll
2006-10-27 19:51 5,120 --a------ C:\WINDOWS\SYSTEM32\msidle.dll
2006-10-27 19:51 495,376 --a------ C:\WINDOWS\SYSTEM32\msxml.dll
2006-10-27 19:51 49,664 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll
2006-10-27 19:51 49,152 --a------ C:\WINDOWS\SYSTEM32\npptools.dll
2006-10-27 19:51 483,328 --a------ C:\WINDOWS\SYSTEM32\winlogon.exe
2006-10-27 19:51 48,640 --a------ C:\WINDOWS\SYSTEM32\vdmredir.dll
2006-10-27 19:51 48,128 --a------ C:\WINDOWS\SYSTEM32\winsta.dll
2006-10-27 19:51 48,128 --a------ C:\WINDOWS\SYSTEM32\reg.exe
2006-10-27 19:51 479,261 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-10-27 19:51 47,616 --a------ C:\WINDOWS\SYSTEM32\utilman.exe
2006-10-27 19:51 47,104 --a------ C:\WINDOWS\SYSTEM32\wstdecod.dll
2006-10-27 19:51 460,288 --a------ C:\WINDOWS\SYSTEM32\ntmsmgr.dll
2006-10-27 19:51 46,592 --a------ C:\WINDOWS\SYSTEM32\wdigest.dll
2006-10-27 19:51 46,592 --a------ C:\WINDOWS\SYSTEM32\mmcshext.dll
2006-10-27 19:51 45,056 --a------ C:\WINDOWS\SYSTEM32\proquota.exe
2006-10-27 19:51 45,056 --a------ C:\WINDOWS\SYSTEM32\msprivs.dll
2006-10-27 19:51 449,536 --a------ C:\WINDOWS\SYSTEM32\wiadefui.dll
2006-10-27 19:51 449,024 --a------ C:\WINDOWS\SYSTEM32\qdvd.dll
2006-10-27 19:51 44,032 --a------ C:\WINDOWS\SYSTEM32\regapi.dll
2006-10-27 19:51 44,032 --a------ C:\WINDOWS\SYSTEM32\rdpclip.exe
2006-10-27 19:51 44,032 --a------ C:\WINDOWS\SYSTEM32\msident.dll
2006-10-27 19:51 43,008 --a------ C:\WINDOWS\SYSTEM32\ssmypics.scr
2006-10-27 19:51 43,008 --a------ C:\WINDOWS\SYSTEM32\ssdpsrv.dll
2006-10-27 19:51 423,424 --a------ C:\WINDOWS\SYSTEM32\riched20.dll
2006-10-27 19:51 421,919 --a------ C:\WINDOWS\SYSTEM32\msrd2x40.dll
2006-10-27 19:51 420,864 --a------ C:\WINDOWS\SYSTEM32\shimgvw.dll
2006-10-27 19:51 42,496 --a------ C:\WINDOWS\SYSTEM32\ncobjapi.dll
2006-10-27 19:51 414,720 --a------ C:\WINDOWS\SYSTEM32\wiaacmgr.exe
2006-10-27 19:51 409,088 --a------ C:\WINDOWS\SYSTEM32\vssapi.dll
2006-10-27 19:51 401,462 --a------ C:\WINDOWS\SYSTEM32\msvcp60.dll
2006-10-27 19:51 40,960 --a------ C:\WINDOWS\SYSTEM32\tscupgrd.exe
2006-10-27 19:51 40,960 --a------ C:\WINDOWS\SYSTEM32\safrslv.dll
2006-10-27 19:51 40,448 --a------ C:\WINDOWS\SYSTEM32\tcpmon.dll
2006-10-27 19:51 4,608 --a------ C:\WINDOWS\SYSTEM32\msimg32.dll
2006-10-27 19:51 4,126 --a------ C:\WINDOWS\SYSTEM32\msdxmlc.dll
2006-10-27 19:51 4,096 --a------ C:\WINDOWS\SYSTEM32\winver.exe
2006-10-27 19:51 4,096 --a------ C:\WINDOWS\SYSTEM32\sfc.dll
2006-10-27 19:51 4,096 --a------ C:\WINDOWS\SYSTEM32\nddeapir.exe
2006-10-27 19:51 399,360 --a------ C:\WINDOWS\SYSTEM32\netlogon.dll
2006-10-27 19:51 392,704 --a------ C:\WINDOWS\SYSTEM32\ntmssvc.dll
2006-10-27 19:51 39,936 --a------ C:\WINDOWS\SYSTEM32\rtutils.dll
2006-10-27 19:51 39,424 --a------ C:\WINDOWS\SYSTEM32\safrcdlg.dll
2006-10-27 19:51 39,424 --a------ C:\WINDOWS\SYSTEM32\net.exe
2006-10-27 19:51 388,608 --a------ C:\WINDOWS\SYSTEM32\mstsc.exe
2006-10-27 19:51 387,584 --a------ C:\WINDOWS\SYSTEM32\regwizc.dll
2006-10-27 19:51 385,024 --a------ C:\WINDOWS\SYSTEM32\sqlsrv32.dll
2006-10-27 19:51 384,000 --a------ C:\WINDOWS\SYSTEM32\themeui.dll
2006-10-27 19:51 38,912 --a------ C:\WINDOWS\SYSTEM32\wsnmp32.dll
2006-10-27 19:51 38,400 --a------ C:\WINDOWS\SYSTEM32\ntmsapi.dll
2006-10-27 19:51 38,400 --a------ C:\WINDOWS\SYSTEM32\ntlanman.dll
2006-10-27 19:51 375,808 --a------ C:\WINDOWS\SYSTEM32\cmd.exe
2006-10-27 19:51 37,888 --a------ C:\WINDOWS\SYSTEM32\pstorec.dll
2006-10-27 19:51 368,640 --a------ C:\WINDOWS\SYSTEM32\msdtcprx.dll
2006-10-27 19:51 364,544 --a------ C:\WINDOWS\SYSTEM32\ssflwbox.scr
2006-10-27 19:51 36,864 --a------ C:\WINDOWS\SYSTEM32\mscpxl32.dll
2006-10-27 19:51 36,352 --a------ C:\WINDOWS\SYSTEM32\sens.dll
2006-10-27 19:51 354,816 --a------ C:\WINDOWS\SYSTEM32\psisdecd.dll
2006-10-27 19:51 348,189 --a------ C:\WINDOWS\SYSTEM32\msxbde40.dll
2006-10-27 19:51 348,189 --a------ C:\WINDOWS\SYSTEM32\mspbde40.dll
2006-10-27 19:51 346,624 --a------ C:\WINDOWS\SYSTEM32\tourstart.exe
2006-10-27 19:51 343,552 --a------ C:\WINDOWS\SYSTEM32\termmgr.dll
2006-10-27 19:51 34,304 --a------ C:\WINDOWS\SYSTEM32\rcimlby.exe
2006-10-27 19:51 339,968 --a------ C:\WINDOWS\SYSTEM32\mspaint.exe
2006-10-27 19:51 339,456 --a------ C:\WINDOWS\SYSTEM32\usp10.dll
2006-10-27 19:51 334,848 --a------ C:\WINDOWS\SYSTEM32\smlogcfg.dll
2006-10-27 19:51 33,280 --a------ C:\WINDOWS\SYSTEM32\shmgrate.exe
2006-10-27 19:51 33,280 --a------ C:\WINDOWS\SYSTEM32\racpldlg.dll
2006-10-27 19:51 326,656 --a------ C:\WINDOWS\SYSTEM32\netsetup.exe
2006-10-27 19:51 324,096 --a------ C:\WINDOWS\SYSTEM32\mswebdvd.dll
2006-10-27 19:51 323,072 --a------ C:\WINDOWS\SYSTEM32\msvcrt.dll
2006-10-27 19:51 32,768 --a------ C:\WINDOWS\SYSTEM32\mnmsrvc.exe
2006-10-27 19:51 32,768 --------- C:\WINDOWS\SYSTEM32\odbcad32.exe
2006-10-27 19:51 32,256 --a------ C:\WINDOWS\SYSTEM32\umandlg.dll
2006-10-27 19:51 32,256 --a------ C:\WINDOWS\SYSTEM32\perfproc.dll
2006-10-27 19:51 32,256 --a------ C:\WINDOWS\SYSTEM32\mnmdd.dll
2006-10-27 19:51 319,760 --a------ C:\WINDOWS\SYSTEM32\msnsspc.dll
2006-10-27 19:51 319,517 --a------ C:\WINDOWS\SYSTEM32\msexcl40.dll
2006-10-27 19:51 316,928 --a------ C:\WINDOWS\SYSTEM32\zipfldr.dll
2006-10-27 19:51 316,416 --a------ C:\WINDOWS\SYSTEM32\wiaservc.dll
2006-10-27 19:51 315,423 --a------ C:\WINDOWS\SYSTEM32\msrd3x40.dll
2006-10-27 19:51 311,808 --a------ C:\WINDOWS\SYSTEM32\qdv.dll
2006-10-27 19:51 31,744 --a------ C:\WINDOWS\SYSTEM32\rundll32.exe
2006-10-27 19:51 31,744 --a------ C:\WINDOWS\SYSTEM32\pid.dll
2006-10-27 19:51 31,232 --a------ C:\WINDOWS\SYSTEM32\wpabaln.exe
2006-10-27 19:51 30,749 --a------ C:\WINDOWS\SYSTEM32\vbajet32.dll
2006-10-27 19:51 30,720 --a------ C:\WINDOWS\SYSTEM32\netstat.exe
2006-10-27 19:51 3,584 --a------ C:\WINDOWS\SYSTEM32\msafd.dll
2006-10-27 19:51 3,338 --a------ C:\WINDOWS\SYSTEM32\redir.exe
2006-10-27 19:51 297,984 --a------ C:\WINDOWS\SYSTEM32\scesrv.dll
2006-10-27 19:51 296,448 --a------ C:\WINDOWS\SYSTEM32\wmstream.dll
2006-10-27 19:51 29,696 --a------ C:\WINDOWS\SYSTEM32\rtipxmib.dll
2006-10-27 19:51 29,184 --a------ C:\WINDOWS\SYSTEM32\wpnpinst.exe
2006-10-27 19:51 29,184 --a------ C:\WINDOWS\SYSTEM32\winipsec.dll
2006-10-27 19:51 28,721 --a------ C:\WINDOWS\SYSTEM32\wshcon.dll
2006-10-27 19:51 28,672 --a------ C:\WINDOWS\SYSTEM32\sethc.exe
2006-10-27 19:51 28,672 --a------ C:\WINDOWS\SYSTEM32\profmap.dll
2006-10-27 19:51 28,160 --a------ C:\WINDOWS\SYSTEM32\xcopy.exe
2006-10-27 19:51 278,016 --a------ C:\WINDOWS\SYSTEM32\winsrv.dll
2006-10-27 19:51 276,992 --a------ C:\WINDOWS\SYSTEM32\rpcss.dll
2006-10-27 19:51 276,480 --a------ C:\WINDOWS\SYSTEM32\slbcsp.dll
2006-10-27 19:51 275,456 --a------ C:\WINDOWS\SYSTEM32\vssvc.exe
2006-10-27 19:51 271,360 --a------ C:\WINDOWS\SYSTEM32\objsel.dll
2006-10-27 19:51 270,365 --a------ C:\WINDOWS\SYSTEM32\odbcjt32.dll
2006-10-27 19:51 27,136 --a------ C:\WINDOWS\SYSTEM32\ssdpapi.dll
2006-10-27 19:51 27,136 --a------ C:\WINDOWS\SYSTEM32\sendcmsg.dll
2006-10-27 19:51 27,136 --a------ C:\WINDOWS\SYSTEM32\mspatcha.dll
2006-10-27 19:51 266,752 --a------ C:\WINDOWS\SYSTEM32\msctf.dll
2006-10-27 19:51 264,704 --a------ C:\WINDOWS\SYSTEM32\wzcsvc.dll
2006-10-27 19:51 26,624 --a------ C:\WINDOWS\SYSTEM32\safrdm.dll
2006-10-27 19:51 258,077 --a------ C:\WINDOWS\SYSTEM32\mstext40.dll
2006-10-27 19:51 258,048 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-10-27 19:51 257,536 --a------ C:\WINDOWS\SYSTEM32\oakley.dll
2006-10-27 19:51 257,024 --a------ C:\WINDOWS\SYSTEM32\qcap.dll
2006-10-27 19:51 254,976 --a------ C:\WINDOWS\SYSTEM32\pdh.dll
2006-10-27 19:51 251,904 --a------ C:\WINDOWS\SYSTEM32\strmdll.dll
2006-10-27 19:51 250,368 --a------ C:\WINDOWS\SYSTEM32\mstask.dll
2006-10-27 19:51 25,600 --a------ C:\WINDOWS\SYSTEM32\pstorsvc.dll
2006-10-27 19:51 245,760 --a------ C:\WINDOWS\SYSTEM32\wow32.dll
2006-10-27 19:51 241,693 --a------ C:\WINDOWS\SYSTEM32\msjtes40.dll
2006-10-27 19:51 241,664 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-10-27 19:51 24,576 --a------ C:\WINDOWS\SYSTEM32\odbcbcp.dll
2006-10-27 19:51 24,576 --a------ C:\WINDOWS\SYSTEM32\nmmkcert.dll
2006-10-27 19:51 24,064 --a------ C:\WINDOWS\SYSTEM32\skeys.exe
2006-10-27 19:51 24,064 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-27 19:51 238,592 --a------ C:\WINDOWS\SYSTEM32\tapisrv.dll
2006-10-27 19:51 238,080 --a------ C:\WINDOWS\SYSTEM32\newdev.dll
2006-10-27 19:51 231,424 --a------ C:\WINDOWS\SYSTEM32\upnpui.dll
2006-10-27 19:51 230,400 --a------ C:\WINDOWS\SYSTEM32\netui1.dll
2006-10-27 19:51 230,400 --a------ C:\WINDOWS\SYSTEM32\msieftp.dll
2006-10-27 19:51 23,552 --a------ C:\WINDOWS\SYSTEM32\wzcsapi.dll
2006-10-27 19:51 23,552 --a------ C:\WINDOWS\SYSTEM32\perfdisk.dll
2006-10-27 19:51 23,040 --a------ C:\WINDOWS\SYSTEM32\vdmdbg.dll
2006-10-27 19:51 23,040 --a------ C:\WINDOWS\SYSTEM32\shscrap.dll
2006-10-27 19:51 23,040 --a------ C:\WINDOWS\SYSTEM32\perfos.dll
2006-10-27 19:51 229,376 --a------ C:\WINDOWS\SYSTEM32\msoeacct.dll
2006-10-27 19:51 228,352 --a------ C:\WINDOWS\SYSTEM32\mswsock.dll
2006-10-27 19:51 226,816 --a------ C:\WINDOWS\SYSTEM32\srrstr.dll
2006-10-27 19:51 22,528 --a------ C:\WINDOWS\SYSTEM32\slayerxp.dll
2006-10-27 19:51 22,528 --a------ C:\WINDOWS\SYSTEM32\shfolder.dll
2006-10-27 19:51 22,528 --a------ C:\WINDOWS\SYSTEM32\mslbui.dll
2006-10-27 19:51 22,016 --a------ C:\WINDOWS\SYSTEM32\udhisapi.dll
2006-10-27 19:51 213,023 --a------ C:\WINDOWS\SYSTEM32\msltus40.dll
2006-10-27 19:51 212,480 --a------ C:\WINDOWS\SYSTEM32\osk.exe
2006-10-27 19:51 210,944 --a------ C:\WINDOWS\SYSTEM32\moricons.dll
2006-10-27 19:51 21,504 --a------ C:\WINDOWS\SYSTEM32\wsock32.dll
2006-10-27 19:51 205,824 --a------ C:\WINDOWS\SYSTEM32\progman.exe
2006-10-27 19:51 204,800 --a------ C:\WINDOWS\SYSTEM32\odbc32.dll
2006-10-27 19:51 203,264 --a------ C:\WINDOWS\SYSTEM32\uxtheme.dll
2006-10-27 19:51 200,192 --a------ C:\WINDOWS\SYSTEM32\termsrv.dll
2006-10-27 19:51 20,992 --a------ C:\WINDOWS\SYSTEM32\setup.exe
2006-10-27 19:51 20,992 --a------ C:\WINDOWS\SYSTEM32\seclogon.dll
2006-10-27 19:51 20,992 --a------ C:\WINDOWS\SYSTEM32\mfcsubs.dll
2006-10-27 19:51 20,554 --a------ C:\WINDOWS\SYSTEM32\odtext32.dll
2006-10-27 19:51 20,554 --a------ C:\WINDOWS\SYSTEM32\oddbse32.dll
2006-10-27 19:51 20,553 --a------ C:\WINDOWS\SYSTEM32\odpdx32.dll
2006-10-27 19:51 20,553 --a------ C:\WINDOWS\SYSTEM32\odfox32.dll
2006-10-27 19:51 20,553 --a------ C:\WINDOWS\SYSTEM32\odexl32.dll
2006-10-27 19:51 20,480 --a------ C:\WINDOWS\SYSTEM32\stimon.exe
2006-10-27 19:51 20,480 --a------ C:\WINDOWS\SYSTEM32\msorc32r.dll
2006-10-27 19:51 196,096 --a------ C:\WINDOWS\SYSTEM32\mobsync.dll
2006-10-27 19:51 193,536 --a------ C:\WINDOWS\SYSTEM32\rasppp.dll
2006-10-27 19:51 19,968 --a------ C:\WINDOWS\SYSTEM32\rcp.exe
2006-10-27 19:51 19,456 --a------ C:\WINDOWS\SYSTEM32\ssmarque.scr
2006-10-27 19:51 183,296 --a------ C:\WINDOWS\SYSTEM32\syncui.dll
2006-10-27 19:51 182,784 --a------ C:\WINDOWS\SYSTEM32\msutb.dll
2006-10-27 19:51 180,800 --a------ C:\WINDOWS\SYSTEM32\sqlunirl.dll
2006-10-27 19:51 18,944 --a------ C:\WINDOWS\SYSTEM32\ws2help.dll
2006-10-27 19:51 18,944 --a------ C:\WINDOWS\SYSTEM32\ssbezier.scr
2006-10-27 19:51 18,432 --a------ C:\WINDOWS\SYSTEM32\sclgntfy.dll
2006-10-27 19:51 18,432 --a------ C:\WINDOWS\SYSTEM32\rsmps.dll
2006-10-27 19:51 18,432 --a------ C:\WINDOWS\SYSTEM32\qprocess.exe
2006-10-27 19:51 174,592 --a------ C:\WINDOWS\SYSTEM32\scecli.dll
2006-10-27 19:51 172,664 --a------ C:\WINDOWS\SYSTEM32\xenroll.dll
2006-10-27 19:51 172,032 --a------ C:\WINDOWS\SYSTEM32\snmpsnap.dll
2006-10-27 19:51 171,520 --a------ C:\WINDOWS\SYSTEM32\winmm.dll
2006-10-27 19:51 171,008 --a------ C:\WINDOWS\SYSTEM32\sccsccp.dll
2006-10-27 19:51 17,920 --a------ C:\WINDOWS\SYSTEM32\shutdown.exe
2006-10-27 19:51 17,920 --a------ C:\WINDOWS\SYSTEM32\midimap.dll
2006-10-27 19:51 17,408 --a------ C:\WINDOWS\SYSTEM32\wtsapi32.dll
2006-10-27 19:51 17,408 --a------ C:\WINDOWS\SYSTEM32\wshtcpip.dll
2006-10-27 19:51 17,408 --a------ C:\WINDOWS\SYSTEM32\ssmyst.scr
2006-10-27 19:51 17,408 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2006-10-27 19:51 17,408 --a------ C:\WINDOWS\SYSTEM32\psapi.dll
2006-10-27 19:51 168,448 --a------ C:\WINDOWS\SYSTEM32\wldap32.dll
2006-10-27 19:51 166,912 --a------ C:\WINDOWS\SYSTEM32\wintrust.dll
2006-10-27 19:51 166,912 --a------ C:\WINDOWS\SYSTEM32\photowiz.dll
2006-10-27 19:51 165,888 --a------ C:\WINDOWS\SYSTEM32\ntmsdba.dll
2006-10-27 19:51 165,376 --a------ C:\WINDOWS\SYSTEM32\w32time.dll
2006-10-27 19:51 165,376 --a------ C:\WINDOWS\SYSTEM32\tapi32.dll
2006-10-27 19:51 164,864 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll
2006-10-27 19:51 16,896 --a------ C:\WINDOWS\SYSTEM32\snmpapi.dll
2006-10-27 19:51 16,896 --a------ C:\WINDOWS\SYSTEM32\msyuv.dll
2006-10-27 19:51 16,384 --a------ C:\WINDOWS\SYSTEM32\watchdog.sys
2006-10-27 19:51 16,384 --a------ C:\WINDOWS\SYSTEM32\version.dll
2006-10-27 19:51 16,384 --a------ C:\WINDOWS\SYSTEM32\ups.exe
2006-10-27 19:51 16,384 --a------ C:\WINDOWS\SYSTEM32\ping.exe
2006-10-27 19:51 16,384 --a------ C:\WINDOWS\SYSTEM32\odbc32gt.dll
2006-10-27 19:51 16,384 --a------ C:\WINDOWS\SYSTEM32\nddenb32.dll
2006-10-27 19:51 16,384 --a------ C:\WINDOWS\SYSTEM32\mmfutil.dll
2006-10-27 19:51 159,232 --a------ C:\WINDOWS\SYSTEM32\schedsvc.dll
2006-10-27 19:51 158,720 --a------ C:\WINDOWS\SYSTEM32\srsvc.dll
2006-10-27 19:51 155,675 --a------ C:\WINDOWS\SYSTEM32\scrobj.dll
2006-10-27 19:51 154,624 --a------ C:\WINDOWS\SYSTEM32\netman.dll
2006-10-27 19:51 151,583 --a------ C:\WINDOWS\SYSTEM32\msjint40.dll
2006-10-27 19:51 150,528 --a------ C:\WINDOWS\SYSTEM32\msdtcuiu.dll
2006-10-27 19:51 15,360 --a------ C:\WINDOWS\SYSTEM32\nddeapi.dll
2006-10-27 19:51 147,483 --a------ C:\WINDOWS\SYSTEM32\scrrun.dll
2006-10-27 19:51 147,456 --a------ C:\WINDOWS\SYSTEM32\odbctrac.dll
2006-10-27 19:51 145,408 --a------ C:\WINDOWS\SYSTEM32\modemui.dll
2006-10-27 19:51 143,872 --a------ C:\WINDOWS\SYSTEM32\msimtf.dll
2006-10-27 19:51 14,848 --a------ C:\WINDOWS\SYSTEM32\winrnr.dll
2006-10-27 19:51 14,848 --a------ C:\WINDOWS\SYSTEM32\usbmon.dll
2006-10-27 19:51 14,848 --a------ C:\WINDOWS\SYSTEM32\upnpcont.exe
2006-10-27 19:51 14,848 --a------ C:\WINDOWS\SYSTEM32\rdpsnd.dll
2006-10-27 19:51 14,848 --a------ C:\WINDOWS\SYSTEM32\powrprof.dll
2006-10-27 19:51 14,336 --a------ C:\WINDOWS\SYSTEM32\perfmon.exe
2006-10-27 19:51 137,216 --a------ C:\WINDOWS\SYSTEM32\ntshrui.dll
2006-10-27 19:51 135,680 --a------ C:\WINDOWS\SYSTEM32\rdchost.dll
2006-10-27 19:51 135,680 --a------ C:\WINDOWS\SYSTEM32\mobsync.exe
2006-10-27 19:51 134,656 --a------ C:\WINDOWS\SYSTEM32\netid.dll
2006-10-27 19:51 133,632 --a------ C:\WINDOWS\SYSTEM32\rsaenh.dll
2006-10-27 19:51 133,120 --a------ C:\WINDOWS\SYSTEM32\sfc_os.dll
2006-10-27 19:51 131,072 --a------ C:\WINDOWS\SYSTEM32\msorcl32.dll
2006-10-27 19:51 130,560 --a------ C:\WINDOWS\SYSTEM32\sti_ci.dll
2006-10-27 19:51 13,824 --a------ C:\WINDOWS\SYSTEM32\uniplat.dll
2006-10-27 19:51 13,824 --a------ C:\WINDOWS\SYSTEM32\rassapi.dll
2006-10-27 19:51 13,312 --a------ C:\WINDOWS\SYSTEM32\tcpmib.dll
2006-10-27 19:51 13,312 --a------ C:\WINDOWS\SYSTEM32\ssstars.scr
2006-10-27 19:51 13,312 --a------ C:\WINDOWS\SYSTEM32\rsh.exe
2006-10-27 19:51 13,312 --a------ C:\WINDOWS\SYSTEM32\msdmo.dll
2006-10-27 19:51 128,512 --a------ C:\WINDOWS\SYSTEM32\taskmgr.exe
2006-10-27 19:51 126,976 --a------ C:\WINDOWS\SYSTEM32\msdart.dll
2006-10-27 19:51 125,440 --a------ C:\WINDOWS\SYSTEM32\shmedia.dll
2006-10-27 19:51 124,928 --a------ C:\WINDOWS\SYSTEM32\webvw.dll
2006-10-27 19:51 124,416 --a------ C:\WINDOWS\SYSTEM32\sndrec32.exe
2006-10-27 19:51 122,880 --a------ C:\WINDOWS\SYSTEM32\odbcconf.dll
2006-10-27 19:51 120,320 --a------ C:\WINDOWS\SYSTEM32\upnp.dll
2006-10-27 19:51 12,800 --a------ C:\WINDOWS\SYSTEM32\svchost.exe
2006-10-27 19:51 12,800 --a------ C:\WINDOWS\SYSTEM32\runonce.exe
2006-10-27 19:51 12,800 --a------ C:\WINDOWS\SYSTEM32\pjlmon.dll
2006-10-27 19:51 12,288 --a------ C:\WINDOWS\SYSTEM32\rdsaddin.exe
2006-10-27 19:51 12,288 --a------ C:\WINDOWS\SYSTEM32\odbcp32r.dll
2006-10-27 19:51 12,288 --a------ C:\WINDOWS\SYSTEM32\mscpx32r.dll
2006-10-27 19:51 119,808 --a------ C:\WINDOWS\SYSTEM32\wiadss.dll
2006-10-27 19:51 118,834 --a------ C:\WINDOWS\SYSTEM32\wscript.exe
2006-10-27 19:51 118,784 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe.dll
2006-10-27 19:51 117,760 --a------ C:\WINDOWS\SYSTEM32\stobject.dll
2006-10-27 19:51 116,736 --a------ C:\WINDOWS\SYSTEM32\shsvcs.dll
2006-10-27 19:51 116,736 --a------ C:\WINDOWS\SYSTEM32\mplay32.exe
2006-10-27 19:51 115,200 --a------ C:\WINDOWS\SYSTEM32\net1.exe
2006-10-27 19:51 113,664 --a------ C:\WINDOWS\SYSTEM32\msvfw32.dll
2006-10-27 19:51 112,128 --a------ C:\WINDOWS\SYSTEM32\ntmarta.dll
2006-10-27 19:51 111,104 --a------ C:\WINDOWS\SYSTEM32\umpnpmgr.dll
2006-10-27 19:51 11,776 --a------ C:\WINDOWS\SYSTEM32\xolehlp.dll
2006-10-27 19:51 11,776 --a------ C:\WINDOWS\SYSTEM32\sigtab.dll
2006-10-27 19:51 11,776 --a------ C:\WINDOWS\SYSTEM32\rexec.exe
2006-10-27 19:51 109,568 --a------ C:\WINDOWS\SYSTEM32\offfilt.dll
2006-10-27 19:51 107,008 --a------ C:\WINDOWS\SYSTEM32\netdde.exe
2006-10-27 19:51 106,496 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-27 19:51 106,496 --a------ C:\WINDOWS\SYSTEM32\olepro32.dll
2006-10-27 19:51 104,448 --a------ C:\WINDOWS\SYSTEM32\wiavideo.dll
2006-10-27 19:51 103,936 --a------ C:\WINDOWS\SYSTEM32\sysocmgr.exe
2006-10-27 19:51 103,936 --a------ C:\WINDOWS\SYSTEM32\mstlsapi.dll
2006-10-27 19:51 10,752 --a------ C:\WINDOWS\SYSTEM32\tracert.exe
2006-10-27 19:51 10,752 --a------ C:\WINDOWS\SYSTEM32\netrap.dll
2006-10-27 19:51 10,240 --a------ C:\WINDOWS\SYSTEM32\wshrm.dll
2006-10-27 19:51 10,240 --a------ C:\WINDOWS\SYSTEM32\msrle32.dll
2006-10-27 19:51 1,798,144 --a------ C:\WINDOWS\SYSTEM32\qedit.dll
2006-10-27 19:51 1,622,528 --a------ C:\WINDOWS\SYSTEM32\netshell.dll
2006-10-27 19:51 1,507,356 --a------ C:\WINDOWS\SYSTEM32\msjet40.dll
2006-10-27 19:51 1,350,144 --a------ C:\WINDOWS\SYSTEM32\query.dll
2006-10-27 19:51 1,230,336 --a------ C:\WINDOWS\SYSTEM32\msvidctl.dll
2006-10-27 19:51 1,227,776 --a------ C:\WINDOWS\SYSTEM32\quartz.dll
2006-10-27 19:51 1,190,400 --a------ C:\WINDOWS\SYSTEM32\ole32.dll
2006-10-27 19:51 1,157,632 --a------ C:\WINDOWS\SYSTEM32\sfcfiles.dll
2006-10-27 19:51 1,128,960 --a------ C:\WINDOWS\SYSTEM32\mmcndmgr.dll
2006-10-27 19:50 938,496 --a------ C:\WINDOWS\SYSTEM32\syssetup.dll
2006-10-27 19:50 932,864 --a------ C:\WINDOWS\SYSTEM32\setupapi.dll
2006-10-27 19:50 93,184 --a------ C:\WINDOWS\SYSTEM32\scardsvr.exe
2006-10-27 19:50 90,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\scsiport.sys
2006-10-27 19:50 87,552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ndiswan.sys
2006-10-27 19:50 87,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
2006-10-27 19:50 84,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys
2006-10-27 19:50 83,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nabtsfec.sys
2006-10-27 19:50 82,944 --a------ C:\WINDOWS\SYSTEM32\rasauto.dll
2006-10-27 19:50 802,304 --------- C:\WINDOWS\SYSTEM32\dxmrtp.dll
2006-10-27 19:50 80,896 --a------ C:\WINDOWS\SYSTEM32\ntprint.dll
2006-10-27 19:50 79,872 --a------ C:\WINDOWS\SYSTEM32\srvsvc.dll
2006-10-27 19:50 79,744 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ksecdd.sys
2006-10-27 19:50 79,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ipnat.sys
2006-10-27 19:50 780,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dmboot.sys
2006-10-27 19:50 77,440 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys
2006-10-27 19:50 76,032 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\parport.sys
2006-10-27 19:50 74,368 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys
2006-10-27 19:50 71,680 --a------ C:\WINDOWS\SYSTEM32\nslookup.exe
2006-10-27 19:50 70,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\videoprt.sys
2006-10-27 19:50 7,680 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\i2omgmt.sys
2006-10-27 19:50 7,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mskssrv.sys
2006-10-27 19:50 69,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sr.sys
2006-10-27 19:50 681,984 --a------ C:\WINDOWS\SYSTEM32\lsasrv.dll
2006-10-27 19:50 68,992 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dxg.sys
2006-10-27 19:50 68,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bridge.sys
2006-10-27 19:50 68,608 --a------ C:\WINDOWS\SYSTEM32\locator.exe
2006-10-27 19:50 66,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\psched.sys
2006-10-27 19:50 654,336 --a------ C:\WINDOWS\SYSTEM32\ntdll.dll
2006-10-27 19:50 64,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\udfs.sys
2006-10-27 19:50 631,808 --a------ C:\WINDOWS\SYSTEM32\rasdlg.dll
2006-10-27 19:50 62,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pci.sys
2006-10-27 19:50 62,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys
2006-10-27 19:50 62,208 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys
2006-10-27 19:50 6,656 --a------ C:\WINDOWS\SYSTEM32\ntlsapi.dll
2006-10-27 19:50 59,648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdfs.sys
2006-10-27 19:50 57,984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nic1394.sys
2006-10-27 19:50 57,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\drmk.sys
2006-10-27 19:50 57,344 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\arp1394.sys
2006-10-27 19:50 57,216 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\atmarpc.sys
2006-10-27 19:50 569,344 --a------ C:\WINDOWS\SYSTEM32\oleaut32.dll
2006-10-27 19:50 561,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ntfs.sys
2006-10-27 19:50 561,664 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-10-27 19:50 56,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys
2006-10-27 19:50 56,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys
2006-10-27 19:50 56,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2006-10-27 19:50 55,808 --a------ C:\WINDOWS\SYSTEM32\rasman.dll
2006-10-27 19:50 55,680 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ohci1394.sys
2006-10-27 19:50 548,352 --------- C:\WINDOWS\SYSTEM32\rtcdll.dll
2006-10-27 19:50 54,784 --a------ C:\WINDOWS\SYSTEM32\samlib.dll
2006-10-27 19:50 54,272 --a------ C:\WINDOWS\SYSTEM32\rastapi.dll
2006-10-27 19:50 53,888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\a

#4 peazer21

peazer21
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 06 November 2006 - 05:40 PM

Buckeye_Sam,

one additional note...the popups seem to be intelligent, by this I mean that if I am searching for something the popup will typically have something to do with what I'm searching or if I type a site address I will get something that is similiar...like visiting a school web site might bring up Phenox online classes...

hope that helps....

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:50 AM

Posted 06 November 2006 - 06:50 PM

It looks like the Combofix log was cut off. I'll need to see the rest of it. You can either edit out everything that shows up on 2006-10-27, which looks like a big Windows update. Or just post it in separate posts.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 peazer21

peazer21
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 07 November 2006 - 09:00 PM

here is the rest...the update must have been me trying to update to XP SP2...which didn't work because of file locks...I'm hoping to be able to fix this issue then work on the upgrade as this is not supported...

thanks

2006-10-27 19:50 53,888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\atmlane.sys
2006-10-27 19:50 53,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys
2006-10-27 19:50 522,240 --a------ C:\WINDOWS\SYSTEM32\printui.dll
2006-10-27 19:50 52,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys
2006-10-27 19:50 51,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\i8042prt.sys
2006-10-27 19:50 50,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\1394bus.sys
2006-10-27 19:50 50,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2006-10-27 19:50 5,888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2006-10-27 19:50 5,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mstee.sys
2006-10-27 19:50 5,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mspclock.sys
2006-10-27 19:50 493,056 --a------ C:\WINDOWS\SYSTEM32\hypertrm.dll
2006-10-27 19:50 49,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\volsnap.sys
2006-10-27 19:50 48,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rasl2tp.sys
2006-10-27 19:50 47,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys
2006-10-27 19:50 47,104 --------- C:\WINDOWS\SYSTEM32\mspmspsv.dll
2006-10-27 19:50 46,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\classpnp.sys
2006-10-27 19:50 46,208 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\raspptp.sys
2006-10-27 19:50 46,080 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys
2006-10-27 19:50 45,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\stream.sys
2006-10-27 19:50 45,568 --a------ C:\WINDOWS\SYSTEM32\smss.exe
2006-10-27 19:50 44,928 --------- C:\WINDOWS\SYSTEM32\DRIVERS\watv03nt.sys
2006-10-27 19:50 433,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys
2006-10-27 19:50 411,136 --a------ C:\WINDOWS\SYSTEM32\samsrv.dll
2006-10-27 19:50 40,960 --a------ C:\WINDOWS\SYSTEM32\tcpmonui.dll
2006-10-27 19:50 40,448 --a------ C:\WINDOWS\SYSTEM32\ftp.exe
2006-10-27 19:50 4,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\viaide.sys
2006-10-27 19:50 4,736 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\intelide.sys
2006-10-27 19:50 4,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mspqm.sys
2006-10-27 19:50 4,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\swenum.sys
2006-10-27 19:50 396,288 --a------ C:\WINDOWS\SYSTEM32\ntvdm.exe
2006-10-27 19:50 39,808 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\imapi.sys
2006-10-27 19:50 38,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\raspppoe.sys
2006-10-27 19:50 38,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys
2006-10-27 19:50 38,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2006-10-27 19:50 37,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\p3.sys
2006-10-27 19:50 37,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mountmgr.sys
2006-10-27 19:50 37,376 --a------ C:\WINDOWS\SYSTEM32\perfctrs.dll
2006-10-27 19:50 36,352 --a------ C:\WINDOWS\SYSTEM32\rshx32.dll
2006-10-27 19:50 36,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys
2006-10-27 19:50 340,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
2006-10-27 19:50 34,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidclass.sys
2006-10-27 19:50 33,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msgpc.sys
2006-10-27 19:50 33,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys
2006-10-27 19:50 33,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wanarp.sys
2006-10-27 19:50 33,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\netbios.sys
2006-10-27 19:50 321,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys
2006-10-27 19:50 32,256 --a------ C:\WINDOWS\SYSTEM32\msgsvc.dll
2006-10-27 19:50 32,000 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\amdk6.sys
2006-10-27 19:50 31,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\crusoe.sys
2006-10-27 19:50 31,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys
2006-10-27 19:50 302,080 --a------ C:\WINDOWS\SYSTEM32\untfs.dll
2006-10-27 19:50 30,592 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys
2006-10-27 19:50 295,936 --a------ C:\WINDOWS\SYSTEM32\localspl.dll
2006-10-27 19:50 29,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\npfs.sys
2006-10-27 19:50 29,440 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys
2006-10-27 19:50 29,184 --a------ C:\WINDOWS\SYSTEM32\csrsrv.dll
2006-10-27 19:50 28,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\modem.sys
2006-10-27 19:50 28,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2006-10-27 19:50 27,648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rndismp.sys
2006-10-27 19:50 268,800 --a------ C:\WINDOWS\SYSTEM32\ulib.dll
2006-10-27 19:50 26,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\fdc.sys
2006-10-27 19:50 258,048 --a------ C:\WINDOWS\SYSTEM32\comdlg32.dll
2006-10-27 19:50 24,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2006-10-27 19:50 24,448 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonydcam.sys
2006-10-27 19:50 23,680 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys
2006-10-27 19:50 23,680 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pciidex.sys
2006-10-27 19:50 23,680 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidparse.sys
2006-10-27 19:50 23,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdclass.sys
2006-10-27 19:50 22,016 --a------ C:\WINDOWS\SYSTEM32\userinit.exe
2006-10-27 19:50 22,016 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouclass.sys
2006-10-27 19:50 217,088 --a------ C:\WINDOWS\SYSTEM32\rasapi32.dll
2006-10-27 19:50 21,760 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys
2006-10-27 19:50 205,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys
2006-10-27 19:50 20,232 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tdtcp.sys
2006-10-27 19:50 2,816 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys
2006-10-27 19:50 2,040,832 --a------ C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2006-10-27 19:50 19,712 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\vga.sys
2006-10-27 19:50 19,712 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\flpydisk.sys
2006-10-27 19:50 19,584 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ipinip.sys
2006-10-27 19:50 19,456 --a------ C:\WINDOWS\SYSTEM32\savedump.exe
2006-10-27 19:50 19,456 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys
2006-10-27 19:50 19,328 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys
2006-10-27 19:50 182,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys
2006-10-27 19:50 18,688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys
2006-10-27 19:50 18,688 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wstcodec.sys
2006-10-27 19:50 18,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfs.sys
2006-10-27 19:50 179,328 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\acpi.sys
2006-10-27 19:50 173,312 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mrxdav.sys
2006-10-27 19:50 17,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\i2omp.sys
2006-10-27 19:50 167,552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys
2006-10-27 19:50 166,656 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys
2006-10-27 19:50 16,384 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ccdecode.sys
2006-10-27 19:50 16,256 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tdi.sys
2006-10-27 19:50 159,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys
2006-10-27 19:50 15,232 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbintel.sys
2006-10-27 19:50 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mpe.sys
2006-10-27 19:50 149,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys
2006-10-27 19:50 146,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dmio.sys
2006-10-27 19:50 145,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\fastfat.sys
2006-10-27 19:50 142,208 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys
2006-10-27 19:50 14,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\streamip.sys
2006-10-27 19:50 14,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\serenum.sys
2006-10-27 19:50 14,366 --------- C:\WINDOWS\SYSTEM32\asfsipc.dll
2006-10-27 19:50 14,208 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2006-10-27 19:50 138,752 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbport.sys
2006-10-27 19:50 138,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys
2006-10-27 19:50 137,088 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\update.sys
2006-10-27 19:50 136,704 --a------ C:\WINDOWS\SYSTEM32\schannel.dll
2006-10-27 19:50 134,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys
2006-10-27 19:50 133,632 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-27 19:50 131,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
2006-10-27 19:50 130,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ks.sys
2006-10-27 19:50 13,824 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tape.sys
2006-10-27 19:50 13,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\asyncmac.sys
2006-10-27 19:50 13,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\diskdump.sys
2006-10-27 19:50 129,024 --a------ C:\WINDOWS\SYSTEM32\sessmgr.exe
2006-10-27 19:50 126,976 --a------ C:\WINDOWS\SYSTEM32\imagehlp.dll
2006-10-27 19:50 12,800 --a------ C:\WINDOWS\SYSTEM32\mgmtapi.dll
2006-10-27 19:50 12,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys
2006-10-27 19:50 12,288 --a------ C:\WINDOWS\SYSTEM32\lmhsvc.dll
2006-10-27 19:50 12,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys
2006-10-27 19:50 12,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys
2006-10-27 19:50 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys
2006-10-27 19:50 12,032 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys
2006-10-27 19:50 119,808 --a------ C:\WINDOWS\SYSTEM32\wkssvc.dll
2006-10-27 19:50 116,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpwd.sys
2006-10-27 19:50 115,712 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pcmcia.sys
2006-10-27 19:50 115,512 --------- C:\WINDOWS\SYSTEM32\iuctl.dll
2006-10-27 19:50 11,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\bdasup.sys
2006-10-27 19:50 11,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tdpipe.sys
2006-10-27 19:50 11,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys
2006-10-27 19:50 108,544 --a------ C:\WINDOWS\SYSTEM32\msv1_0.dll
2006-10-27 19:50 104,064 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mup.sys
2006-10-27 19:50 102,400 --a------ C:\WINDOWS\SYSTEM32\win32spl.dll
2006-10-27 19:50 101,376 --a------ C:\WINDOWS\SYSTEM32\services.exe
2006-10-27 19:50 10,880 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\slip.sys
2006-10-27 19:50 10,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sfloppy.sys
2006-10-27 19:50 10,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2006-10-27 19:50 10,112 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ndisip.sys
2006-10-27 19:50 1,955,840 --a------ C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2006-10-27 19:50 1,799,552 --a------ C:\WINDOWS\SYSTEM32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-05 20:28 -------- d-------- C:\Program Files\Prevx1
2006-11-05 20:04 -------- d-------- C:\Program Files\AIM95
2006-11-02 18:29 -------- d-------- C:\Program Files\Internet Explorer
2006-11-01 22:26 -------- d-------- C:\Program Files\InterMute
2006-10-27 20:29 -------- d-------- C:\Program Files\Windows NT
2006-10-27 20:29 -------- d-------- C:\Program Files\Windows Media Player
2006-10-27 20:29 -------- d-------- C:\Program Files\Outlook Express
2006-10-27 20:29 -------- d-------- C:\Program Files\NetMeeting
2006-10-27 20:29 -------- d-------- C:\Program Files\Movie Maker
2006-10-27 20:29 -------- d-------- C:\Program Files\Messenger
2006-10-27 20:28 -------- d-------- C:\Program Files\Common Files\System
2006-10-20 15:03 7552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxcom.sys
2006-10-20 15:03 272256 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxfsf.sys
2006-10-20 15:03 18560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxtdi.sys
2006-10-20 15:03 11648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxscrmbl.sys
2006-10-20 15:03 100864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PxEmu.sys
2006-10-19 06:06 -------- d-------- C:\Program Files\Spyware Doctor
2006-10-17 17:54 -------- d-------- C:\Program Files\Google
2006-09-21 18:50 -------- d-a------ C:\Program Files\Common Files
2006-09-21 18:50 -------- d-------- C:\Program Files\HP
2006-09-21 18:50 -------- d-------- C:\Program Files\Common Files\HP
2006-09-16 19:25 51072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhlayer.sys
2006-09-13 00:09 1110528 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-09-05 19:47 -------- d-------- C:\Program Files\Common Files\aol
2006-09-05 19:45 30592 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhfile.sys
2006-09-05 19:42 -------- d-------- C:\Program Files\AOL
2006-09-05 18:37 -------- d-------- C:\Program Files\MsnMusic
2006-08-31 10:57 21840 --a----t- C:\WINDOWS\SYSTEM32\SIntfNT.dll
2006-08-31 10:57 17212 --a----t- C:\WINDOWS\SYSTEM32\SIntf32.dll
2006-08-31 10:57 12067 --a----t- C:\WINDOWS\SYSTEM32\SIntf16.dll
2006-08-25 04:14 595968 --a------ C:\WINDOWS\SYSTEM32\xpsp2res.dll
2006-08-16 07:14 95232 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll
2006-08-16 07:14 70656 --a------ C:\WINDOWS\SYSTEM32\ws2_32.dll
2006-08-16 07:14 54272 --a------ C:\WINDOWS\SYSTEM32\ipv6mon.dll
2006-08-16 07:14 31232 --a------ C:\WINDOWS\SYSTEM32\inetmib1.dll
2006-08-16 07:14 13312 --a------ C:\WINDOWS\SYSTEM32\wship6.dll
2006-08-16 04:42 159232 --a------ C:\WINDOWS\SYSTEM32\xpob2res.dll
2006-08-16 04:28 48640 --a------ C:\WINDOWS\SYSTEM32\ipv6.exe
2006-08-16 04:27 83456 --a------ C:\WINDOWS\SYSTEM32\netsh.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Mvfkjjgt"="C:\\WINDOWS\\System32\\?hkntfs.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"AIM"="C:\\Program Files\\AIM95\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"RegistryMechanic"=""
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"seride"="C:\\WINDOWS\\System32\\seride.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dnsras

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 1.job

Completion time: 06-11-05 20:28:53.89
C:\ComboFix.txt ... 06-11-05 20:28

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:50 AM

Posted 08 November 2006 - 08:59 AM

Let's get some more info on a suspicious file in your log.
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:



    C:\WINDOWS\System32\seride.exe


  • Click on the submit button
  • Please post the results in your next reply.
=============



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 peazer21

peazer21
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 11 November 2006 - 05:37 PM

Here are the results of the scans...thanks again.

Jotti's scan
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

Kaspersky Scan Part 1 - there is over 2 million characters and the posting only allows 102k. I copied the first part of the txt...the rest are document directory files...is there a way to e-mail the file?


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 25, 2006 5:10:45 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/11/2006
Kaspersky Anti-Virus database records: 240626
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 106957
Number of viruses found: 18
Number of infected objects: 39 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:22:54

Infected Object Name / Virus Name / Last Action
C:\a.bat Infected: Trojan.BAT.Netstop.t skipped
C:\Documents and Settings\All Users\Application Data\Intuit\Setup\IPPS_Federal_Report.csv Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Intuit\TurboTax\TY05\TurboTax Deluxe 2005\Setup\FormsAvail.xml Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Intuit\TurboTax\TY05\TurboTax Deluxe 2005\Setup\IPPS_Federal_Report.csv Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05d386fa86acdcfb65d4e562ee016f44_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc38a491ac5ef82dfbf1a13bb5d15485_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prevx\Local.dat Object is locked skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\toolbar.dll Infected: not-a-virus:AdWare.Win32.WebSearch.o skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~1417.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~2149.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~280090.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~324841.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~338001.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~424879.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~438152.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~438398.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~438763.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~450062.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~554553.tmp Infected: not-a-virus:AdWare.Win32.Wintol.c skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~617505.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~636158.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~663451.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~689.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~729989.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~744762.tmp Infected: not-a-virus:AdWare.Win32.Wintol.c skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~763263.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~918722.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~946529.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Katelyn Pease\Application Data\Aim\duhrgtet\CheerinChick399\cert8.db Object is locked skipped
C:\Documents and Settings\Katelyn Pease\Application Data\Aim\duhrgtet\CheerinChick399\key3.db Object is locked skipped
C:\Documents and Settings\Katelyn Pease\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Katelyn Pease\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Katelyn Pease\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Katelyn Pease\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Katelyn Pease\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Katelyn Pease\Local Settings\History\History.IE5\MSHist012006110820061109\index.dat Object is locked skipped
C:\Documents and Settings\Katelyn Pease\Local Settings\History\History.IE5\MSHist012006112520061126\index.dat Object is locked skipped
C:\Documents and Settings\Katelyn Pease\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Katelyn Pease\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Katelyn Pease\Local Settings\Temporary Internet Files\Content.IE5\MJKJYF25\popup[1].php Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Katelyn Pease\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Katelyn Pease\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Katelyn Pease\socks.exe Infected: Trojan.Win32.Crypt.d skipped
C:\Documents and Settings\Katelyn Pease\A Infected: Trojan-Proxy.Win32.Ranky.gen skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:50 AM

Posted 12 November 2006 - 09:39 PM

Much of what is listed in the file is not needed. You can edit out anything that ends in "Object is locked skipped"
Then just post the parts of the log that show infected objects.



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 peazer21

peazer21
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 16 November 2006 - 11:08 PM

this took a while :thumbsup:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 25, 2006 5:10:45 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/11/2006
Kaspersky Anti-Virus database records: 240626
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 106957
Number of viruses found: 18
Number of infected objects: 39 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:22:54

Infected Object Name / Virus Name / Last Action
C:\a.bat Infected: Trojan.BAT.Netstop.t skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\toolbar.dll Infected: not-a-virus:AdWare.Win32.WebSearch.o skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~1417.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~2149.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~280090.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~324841.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~338001.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~424879.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~438152.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~438398.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~438763.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~450062.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~554553.tmp Infected: not-a-virus:AdWare.Win32.Wintol.c skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~617505.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~636158.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~663451.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~689.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~729989.tmp Infected: not-a-virus:AdWare.Win32.Wintol.d skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~744762.tmp Infected: not-a-virus:AdWare.Win32.Wintol.c skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~763263.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~918722.tmp Infected: not-a-virus:AdWare.Win32.Wintol.l skipped
C:\Documents and Settings\Charlotte Pease\Local Settings\Temp\~946529.tmp Infected: not-a-virus:AdWare.Win32.Wintol.j skipped
C:\WINDOWS\SYSTEM32\zjxpi.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\WINDOWS\SYSTEM32\сhkntfs.exe Infected: Trojan.Win32.Scapur.i skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:50 AM

Posted 17 November 2006 - 09:01 AM

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Delete Temp Files
    • Click Tools -> Delete Temp Files
    • Place a check mark in all locations that aren't greyed out. By default they should already be checked.
    • Click Delete Selected Temp Files
  • Once that completes, select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\a.bat
    C:\WINDOWS\SYSTEM32\zjxpi.dll
    C:\WINDOWS\SYSTEM32\сhkntfs.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
Also post a new hijackthis log.
Are you still getting popups?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:50 AM

Posted 02 December 2006 - 08:08 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users