Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recent Infestation Of Multiple Trojans/viruses


  • This topic is locked This topic is locked
10 replies to this topic

#1 JonMonster

JonMonster

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 05 November 2006 - 01:41 PM

I recently noticed poor system perfomance and freezing/crashing. Then I was notified by my ISP that my email was being shut down because of mass-mailings. I ran several antivirus, spyware and adware removal programs, and removed 7 trojans, 6 viruses, a mailing worm and too many spyware/adware to count. My performance has improved and scans all seem to be coming up clean now. I want to make *absolutley sure* that everything is gone; as some of the viruses were pretty serious, keystroke capturers and such. Any help would be greatly appreciated!
Here is my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 12:29:36 PM, on 11/5/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Proxyconn\PxUi.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Administrator.D5BZ9Y11\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system32\1.tmp
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PxClient.exe] "C:\Program Files\Proxyconn\PxUi.exe" /Automation
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:17 PM

Posted 05 November 2006 - 05:42 PM

We can help you, but first you need to help us.
Any reason why your windows isn't up to date? You don't have even ServicePack1 installed!
Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems.
Please visit http://www.microsoft.com/windowsxp/downloa...p1/network.mspx and update to Service Pack 1. Without this update, you're wide open to re-infection, and we're both just wasting our time.
When your system is clean afterwards, then update to SP2, because updating to SP2 CAN cause problems as long as you are infected.

#3 JonMonster

JonMonster
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 05 November 2006 - 08:04 PM

Ok, I have installed SP1 and rescanned for viruses. Here is my new log. As far as why it wasn't updated, I'm really at a loss. I have Automatic Updates set to ON, I guess I assumed it was updating as needed...Not a good idea on my part :thumbsup:
My scans are coming up clean, is it ok to install sp2 now?
Thanks for your help.
----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:53:00 PM, on 11/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Proxyconn\PxUi.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Administrator.D5BZ9Y11\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PxClient.exe] "C:\Program Files\Proxyconn\PxUi.exe" /Automation
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:17 PM

Posted 06 November 2006 - 04:03 AM

I would advise holding off installing SP2 until we are sure the system is clean.

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Select a target to scan: Click on "My Computer"
7. When the scan is complete choose to save the results as "Save as Text"

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Also post the Kaspersky log.

David

#5 JonMonster

JonMonster
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 06 November 2006 - 08:49 PM

ComboFix log:
Martin Ballard - 06-11-06 18:50:20.75 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Martin Ballard\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-06 to 2006-11-06 ))))))))))))))))))))))))))))))))))


2006-11-06 18:18 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2006-11-05 20:46 98,304 --a------ C:\WINDOWS\SYSTEM32\nvudisp.exe
2006-11-05 20:46 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-11-05 20:46 313,856 --a------ C:\WINDOWS\SYSTEM32\dx3j.dll
2006-11-05 20:46 171,280 --a------ C:\WINDOWS\SYSTEM32\jit.dll
2006-11-05 20:46 139,536 --a------ C:\WINDOWS\SYSTEM32\javaee.dll
2006-11-05 20:45 947,472 --a------ C:\WINDOWS\SYSTEM32\msjava.dll
2006-11-05 20:45 63,248 --a------ C:\WINDOWS\SYSTEM32\javaprxy.dll
2006-11-05 20:45 49,424 --a------ C:\WINDOWS\SYSTEM32\clspack.exe
2006-11-05 20:45 404,752 --a------ C:\WINDOWS\SYSTEM32\javart.dll
2006-11-05 20:45 286,992 --a------ C:\WINDOWS\SYSTEM32\vmhelper.dll
2006-11-05 20:45 21,264 --a------ C:\WINDOWS\SYSTEM32\msjdbc10.dll
2006-11-05 20:45 187,152 --a------ C:\WINDOWS\SYSTEM32\javacypt.dll
2006-11-05 20:45 172,304 --a------ C:\WINDOWS\SYSTEM32\jview.exe
2006-11-05 20:45 171,792 --a------ C:\WINDOWS\SYSTEM32\wjview.exe
2006-11-05 20:45 154,384 --a------ C:\WINDOWS\SYSTEM32\msawt.dll
2006-11-05 20:45 15,120 --a------ C:\WINDOWS\SYSTEM32\jdbgmgr.exe
2006-11-05 20:45 113 --a------ C:\WINDOWS\SYSTEM32\zonedon.reg
2006-11-05 20:45 113 --a------ C:\WINDOWS\SYSTEM32\zonedoff.reg
2006-11-05 20:39 991,232 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2006-11-05 17:20 9,216 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
2006-11-05 17:20 86,528 --a------ C:\WINDOWS\SYSTEM32\wlnotify.dll
2006-11-05 17:20 86,016 --a------ C:\WINDOWS\SYSTEM32\xactsrv.dll
2006-11-05 17:20 77,824 --a------ C:\WINDOWS\SYSTEM32\wmpstub.exe
2006-11-05 17:20 77,824 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-11-05 17:20 60,416 --a------ C:\WINDOWS\SYSTEM32\wextract.exe
2006-11-05 17:20 56,832 --a------ C:\WINDOWS\SYSTEM32\wzcdlg.dll
2006-11-05 17:20 51,200 --a------ C:\WINDOWS\SYSTEM32\wmerrenu.dll
2006-11-05 17:20 48,128 --a------ C:\WINDOWS\SYSTEM32\winsta.dll
2006-11-05 17:20 446,464 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe.dll
2006-11-05 17:20 38,912 --a------ C:\WINDOWS\SYSTEM32\wsnmp32.dll
2006-11-05 17:20 316,416 --a------ C:\WINDOWS\SYSTEM32\wiaservc.dll
2006-11-05 17:20 311,327 --a------ C:\WINDOWS\SYSTEM32\wmv8dmod.dll
2006-11-05 17:20 296,448 --a------ C:\WINDOWS\SYSTEM32\wmstream.dll
2006-11-05 17:20 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-11-05 17:20 264,704 --a------ C:\WINDOWS\SYSTEM32\wzcsvc.dll
2006-11-05 17:20 253,952 --a------ C:\WINDOWS\SYSTEM32\wmpcd.dll
2006-11-05 17:20 247,808 --a------ C:\WINDOWS\SYSTEM32\wow32.dll
2006-11-05 17:20 23,552 --a------ C:\WINDOWS\SYSTEM32\wzcsapi.dll
2006-11-05 17:20 171,520 --a------ C:\WINDOWS\SYSTEM32\winmm.dll
2006-11-05 17:20 171,008 --a------ C:\WINDOWS\SYSTEM32\sccsccp.dll
2006-11-05 17:20 17,408 --a------ C:\WINDOWS\SYSTEM32\wtsapi32.dll
2006-11-05 17:20 168,448 --a------ C:\WINDOWS\SYSTEM32\wldap32.dll
2006-11-05 17:20 124,928 --a------ C:\WINDOWS\SYSTEM32\webvw.dll
2006-11-05 17:20 119,808 --a------ C:\WINDOWS\SYSTEM32\wiadss.dll
2006-11-05 17:20 118,784 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe.dll
2006-11-05 17:20 1,998,848 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-11-05 17:20 1,425,680 --a------ C:\WINDOWS\SYSTEM32\wmpui.dll
2006-11-05 17:20 1,298,432 --a------ C:\WINDOWS\SYSTEM32\wmpcore.dll
2006-11-05 17:19 88,064 --a------ C:\WINDOWS\SYSTEM32\tscfgwmi.dll
2006-11-05 17:19 82,944 --a------ C:\WINDOWS\SYSTEM32\smlogsvc.exe
2006-11-05 17:19 81,920 --a------ C:\WINDOWS\SYSTEM32\trkwks.dll
2006-11-05 17:19 72,192 --a------ C:\WINDOWS\SYSTEM32\telnet.exe
2006-11-05 17:19 71,168 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2006-11-05 17:19 667,648 --a------ C:\WINDOWS\SYSTEM32\ss3dfo.scr
2006-11-05 17:19 66,560 --a------ C:\WINDOWS\SYSTEM32\spoolss.dll
2006-11-05 17:19 66,048 --a------ C:\WINDOWS\SYSTEM32\sigverif.exe
2006-11-05 17:19 638,976 --a------ C:\WINDOWS\SYSTEM32\sstext3d.scr
2006-11-05 17:19 63,488 --a------ C:\WINDOWS\SYSTEM32\srclient.dll
2006-11-05 17:19 62,976 --a------ C:\WINDOWS\SYSTEM32\shgina.dll
2006-11-05 17:19 61,952 --a------ C:\WINDOWS\SYSTEM32\sti.dll
2006-11-05 17:19 60,416 --a------ C:\WINDOWS\SYSTEM32\shimeng.dll
2006-11-05 17:19 569,344 --a------ C:\WINDOWS\SYSTEM32\sspipes.scr
2006-11-05 17:19 534,016 --a------ C:\WINDOWS\SYSTEM32\spider.exe
2006-11-05 17:19 5,504 --------- C:\WINDOWS\SYSTEM32\DRIVERS\smbali.sys
2006-11-05 17:19 48,640 --a------ C:\WINDOWS\SYSTEM32\vdmredir.dll
2006-11-05 17:19 479,261 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-11-05 17:19 47,616 --a------ C:\WINDOWS\SYSTEM32\utilman.exe
2006-11-05 17:19 43,008 --a------ C:\WINDOWS\SYSTEM32\ssdpsrv.dll
2006-11-05 17:19 420,864 --a------ C:\WINDOWS\SYSTEM32\shimgvw.dll
2006-11-05 17:19 409,088 --a------ C:\WINDOWS\SYSTEM32\vssapi.dll
2006-11-05 17:19 40,960 --a------ C:\WINDOWS\SYSTEM32\tscupgrd.exe
2006-11-05 17:19 385,024 --a------ C:\WINDOWS\SYSTEM32\sqlsrv32.dll
2006-11-05 17:19 384,000 --a------ C:\WINDOWS\SYSTEM32\themeui.dll
2006-11-05 17:19 364,544 --a------ C:\WINDOWS\SYSTEM32\ssflwbox.scr
2006-11-05 17:19 339,456 --a------ C:\WINDOWS\SYSTEM32\usp10.dll
2006-11-05 17:19 334,848 --a------ C:\WINDOWS\SYSTEM32\smlogcfg.dll
2006-11-05 17:19 33,280 --a------ C:\WINDOWS\SYSTEM32\shmgrate.exe
2006-11-05 17:19 32,256 --a------ C:\WINDOWS\SYSTEM32\umandlg.dll
2006-11-05 17:19 27,136 --a------ C:\WINDOWS\SYSTEM32\ssdpapi.dll
2006-11-05 17:19 258,048 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-11-05 17:19 251,904 --a------ C:\WINDOWS\SYSTEM32\strmdll.dll
2006-11-05 17:19 24,064 --a------ C:\WINDOWS\SYSTEM32\skeys.exe
2006-11-05 17:19 231,424 --a------ C:\WINDOWS\SYSTEM32\upnpui.dll
2006-11-05 17:19 22,528 --a------ C:\WINDOWS\SYSTEM32\slayerxp.dll
2006-11-05 17:19 22,528 --a------ C:\WINDOWS\SYSTEM32\shfolder.dll
2006-11-05 17:19 22,016 --a------ C:\WINDOWS\SYSTEM32\udhisapi.dll
2006-11-05 17:19 203,264 --a------ C:\WINDOWS\SYSTEM32\uxtheme.dll
2006-11-05 17:19 200,192 --a------ C:\WINDOWS\SYSTEM32\termsrv.dll
2006-11-05 17:19 19,456 --a------ C:\WINDOWS\SYSTEM32\ssmarque.scr
2006-11-05 17:19 18,944 --a------ C:\WINDOWS\SYSTEM32\ssbezier.scr
2006-11-05 17:19 17,408 --a------ C:\WINDOWS\SYSTEM32\ssmyst.scr
2006-11-05 17:19 165,376 --a------ C:\WINDOWS\SYSTEM32\w32time.dll
2006-11-05 17:19 165,376 --a------ C:\WINDOWS\SYSTEM32\tapi32.dll
2006-11-05 17:19 164,864 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll
2006-11-05 17:19 16,896 --a------ C:\WINDOWS\SYSTEM32\snmpapi.dll
2006-11-05 17:19 16,384 --a------ C:\WINDOWS\SYSTEM32\watchdog.sys
2006-11-05 17:19 16,384 --a------ C:\WINDOWS\SYSTEM32\ups.exe
2006-11-05 17:19 158,720 --a------ C:\WINDOWS\SYSTEM32\srsvc.dll
2006-11-05 17:19 130,560 --a------ C:\WINDOWS\SYSTEM32\sti_ci.dll
2006-11-05 17:19 13,312 --a------ C:\WINDOWS\SYSTEM32\ssstars.scr
2006-11-05 17:19 128,512 --a------ C:\WINDOWS\SYSTEM32\taskmgr.exe
2006-11-05 17:19 120,320 --a------ C:\WINDOWS\SYSTEM32\upnp.dll
2006-11-05 17:19 117,760 --a------ C:\WINDOWS\SYSTEM32\stobject.dll
2006-11-05 17:19 11,776 --a------ C:\WINDOWS\SYSTEM32\sigtab.dll
2006-11-05 17:19 106,496 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-11-05 17:19 10,752 --a------ C:\WINDOWS\SYSTEM32\tracert.exe
2006-11-05 17:18 98,304 --a------ C:\WINDOWS\SYSTEM32\oleprn.dll
2006-11-05 17:18 94,208 --a------ C:\WINDOWS\SYSTEM32\odbccp32.dll
2006-11-05 17:18 91,136 --a------ C:\WINDOWS\SYSTEM32\rastls.dll
2006-11-05 17:18 87,304 --a------ C:\WINDOWS\SYSTEM32\rdpdd.dll
2006-11-05 17:18 82,944 --a------ C:\WINDOWS\SYSTEM32\psbase.dll
2006-11-05 17:18 8,192 --a------ C:\WINDOWS\SYSTEM32\scrnsave.scr
2006-11-05 17:18 75,912 --a------ C:\WINDOWS\SYSTEM32\rdpwsx.dll
2006-11-05 17:18 74,240 --a------ C:\WINDOWS\SYSTEM32\rtcshare.exe
2006-11-05 17:18 71,168 --a------ C:\WINDOWS\SYSTEM32\sdbinst.exe
2006-11-05 17:18 686,080 --a------ C:\WINDOWS\SYSTEM32\opengl32.dll
2006-11-05 17:18 61,440 --a------ C:\WINDOWS\SYSTEM32\odbccu32.dll
2006-11-05 17:18 61,440 --a------ C:\WINDOWS\SYSTEM32\odbccr32.dll
2006-11-05 17:18 6,144 --a------ C:\WINDOWS\SYSTEM32\sensapi.dll
2006-11-05 17:18 58,880 --a------ C:\WINDOWS\SYSTEM32\pautoenr.dll
2006-11-05 17:18 57,856 --a------ C:\WINDOWS\SYSTEM32\raschap.dll
2006-11-05 17:18 56,320 --a------ C:\WINDOWS\SYSTEM32\remotepg.dll
2006-11-05 17:18 53,248 --a------ C:\WINDOWS\SYSTEM32\packager.exe
2006-11-05 17:18 53,248 --a------ C:\WINDOWS\SYSTEM32\odbcconf.exe
2006-11-05 17:18 52,224 --a------ C:\WINDOWS\SYSTEM32\secur32.dll
2006-11-05 17:18 511,488 --a------ C:\WINDOWS\SYSTEM32\qedit.dll
2006-11-05 17:18 48,128 --a------ C:\WINDOWS\SYSTEM32\reg.exe
2006-11-05 17:18 44,032 --a------ C:\WINDOWS\SYSTEM32\regapi.dll
2006-11-05 17:18 44,032 --a------ C:\WINDOWS\SYSTEM32\rdpclip.exe
2006-11-05 17:18 423,424 --a------ C:\WINDOWS\SYSTEM32\riched20.dll
2006-11-05 17:18 36,352 --a------ C:\WINDOWS\SYSTEM32\sens.dll
2006-11-05 17:18 357,376 --a------ C:\WINDOWS\SYSTEM32\qdvd.dll
2006-11-05 17:18 34,304 --a------ C:\WINDOWS\SYSTEM32\rcimlby.exe
2006-11-05 17:18 32,768 --a------ C:\WINDOWS\SYSTEM32\odbcad32.exe
2006-11-05 17:18 31,744 --a------ C:\WINDOWS\SYSTEM32\pid.dll
2006-11-05 17:18 3,338 --a------ C:\WINDOWS\SYSTEM32\redir.exe
2006-11-05 17:18 297,984 --a------ C:\WINDOWS\SYSTEM32\scesrv.dll
2006-11-05 17:18 254,976 --a------ C:\WINDOWS\SYSTEM32\pdh.dll
2006-11-05 17:18 24,576 --a------ C:\WINDOWS\SYSTEM32\odbcbcp.dll
2006-11-05 17:18 212,480 --a------ C:\WINDOWS\SYSTEM32\osk.exe
2006-11-05 17:18 200,704 --a------ C:\WINDOWS\SYSTEM32\odbc32.dll
2006-11-05 17:18 20,992 --a------ C:\WINDOWS\SYSTEM32\setup.exe
2006-11-05 17:18 193,536 --a------ C:\WINDOWS\SYSTEM32\rasppp.dll
2006-11-05 17:18 184,832 --a------ C:\WINDOWS\SYSTEM32\qcap.dll
2006-11-05 17:18 174,592 --a------ C:\WINDOWS\SYSTEM32\scecli.dll
2006-11-05 17:18 17,408 --a------ C:\WINDOWS\SYSTEM32\psapi.dll
2006-11-05 17:18 16,384 --a------ C:\WINDOWS\SYSTEM32\ping.exe
2006-11-05 17:18 16,384 --a------ C:\WINDOWS\SYSTEM32\odbc32gt.dll
2006-11-05 17:18 159,232 --a------ C:\WINDOWS\SYSTEM32\schedsvc.dll
2006-11-05 17:18 147,456 --a------ C:\WINDOWS\SYSTEM32\odbctrac.dll
2006-11-05 17:18 14,848 --a------ C:\WINDOWS\SYSTEM32\rdpsnd.dll
2006-11-05 17:18 137,216 --a------ C:\WINDOWS\SYSTEM32\ntshrui.dll
2006-11-05 17:18 135,680 --a------ C:\WINDOWS\SYSTEM32\rdchost.dll
2006-11-05 17:18 134,144 --a------ C:\WINDOWS\regedit.exe
2006-11-05 17:18 133,632 --a------ C:\WINDOWS\SYSTEM32\rsaenh.dll
2006-11-05 17:18 133,120 --a------ C:\WINDOWS\SYSTEM32\sfc_os.dll
2006-11-05 17:18 13,824 --a------ C:\WINDOWS\SYSTEM32\rassapi.dll
2006-11-05 17:18 122,880 --a------ C:\WINDOWS\SYSTEM32\odbcconf.dll
2006-11-05 17:18 12,800 --a------ C:\WINDOWS\SYSTEM32\runonce.exe
2006-11-05 17:18 12,288 --a------ C:\WINDOWS\SYSTEM32\rdsaddin.exe
2006-11-05 17:18 12,288 --a------ C:\WINDOWS\SYSTEM32\odbcp32r.dll
2006-11-05 17:18 109,568 --a------ C:\WINDOWS\SYSTEM32\offfilt.dll
2006-11-05 17:18 1,350,144 --a------ C:\WINDOWS\SYSTEM32\query.dll
2006-11-05 17:18 1,157,632 --a------ C:\WINDOWS\SYSTEM32\sfcfiles.dll
2006-11-05 17:17 95,744 --a------ C:\WINDOWS\SYSTEM32\nlhtml.dll
2006-11-05 17:17 921,475 --------- C:\WINDOWS\SYSTEM32\ati3d2ag.dll
2006-11-05 17:17 844,675 --------- C:\WINDOWS\SYSTEM32\ati3d1ag.dll
2006-11-05 17:17 63,663 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinrvxx.sys
2006-11-05 17:17 6,912 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hidir.sys
2006-11-05 17:17 56,591 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinbtxx.sys
2006-11-05 17:17 504,832 --------- C:\WINDOWS\SYSTEM32\msftedit.dll
2006-11-05 17:17 49,152 --a------ C:\WINDOWS\SYSTEM32\npptools.dll
2006-11-05 17:17 450,176 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
2006-11-05 17:17 403,456 --------- C:\WINDOWS\SYSTEM32\winbrand.dll
2006-11-05 17:17 392,704 --a------ C:\WINDOWS\SYSTEM32\ntmssvc.dll
2006-11-05 17:17 38,400 --a------ C:\WINDOWS\SYSTEM32\ntmsapi.dll
2006-11-05 17:17 38,400 --a------ C:\WINDOWS\SYSTEM32\ntlanman.dll
2006-11-05 17:17 377,984 --------- C:\WINDOWS\SYSTEM32\ati2dvaa.dll
2006-11-05 17:17 36,463 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atintuxx.sys
2006-11-05 17:17 34,735 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinxsxx.sys
2006-11-05 17:17 33,808 --a------ C:\WINDOWS\SYSTEM32\ntio.sys
2006-11-05 17:17 327,040 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys
2006-11-05 17:17 30,671 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinraxx.sys
2006-11-05 17:17 3,584 --------- C:\WINDOWS\SYSTEM32\dsprpres.dll
2006-11-05 17:17 29,455 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinxbxx.sys
2006-11-05 17:17 26,367 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinsnxx.sys
2006-11-05 17:17 24,576 --a------ C:\WINDOWS\SYSTEM32\nmmkcert.dll
2006-11-05 17:17 238,080 --a------ C:\WINDOWS\SYSTEM32\newdev.dll
2006-11-05 17:17 218,112 --------- C:\WINDOWS\SYSTEM32\sbe.dll
2006-11-05 17:17 21,343 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinttxx.sys
2006-11-05 17:17 202,496 --------- C:\WINDOWS\SYSTEM32\ati2dvag.dll
2006-11-05 17:17 187,904 --------- C:\WINDOWS\SYSTEM32\xpsp1res.dll
2006-11-05 17:17 18,944 --------- C:\WINDOWS\SYSTEM32\faxpatch.exe
2006-11-05 17:17 172,032 --------- C:\WINDOWS\SYSTEM32\mssap.dll
2006-11-05 17:17 165,888 --a------ C:\WINDOWS\SYSTEM32\ntmsdba.dll
2006-11-05 17:17 155,648 --------- C:\WINDOWS\SYSTEM32\encdec.dll
2006-11-05 17:17 13,056 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wacompen.sys
2006-11-05 17:17 12,288 --------- C:\WINDOWS\SYSTEM32\encapi.dll
2006-11-05 17:17 12,047 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinpdxx.sys
2006-11-05 17:17 112,128 --a------ C:\WINDOWS\SYSTEM32\ntmarta.dll
2006-11-05 17:17 110,080 --------- C:\WINDOWS\SYSTEM32\sbeio.dll
2006-11-05 17:17 11,904 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mutohpen.sys
2006-11-05 17:17 11,615 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinmdxx.sys
2006-11-05 17:17 1,677,312 --------- C:\WINDOWS\SYSTEM32\wmvcore2.dll
2006-11-05 17:16 91,136 --a------ C:\WINDOWS\SYSTEM32\MSOERT2.DLL
2006-11-05 17:16 9,728 --a------ C:\WINDOWS\SYSTEM32\mstinit.exe
2006-11-05 17:16 857,600 --a------ C:\WINDOWS\SYSTEM32\netplwiz.dll
2006-11-05 17:16 78,848 --a------ C:\WINDOWS\SYSTEM32\msiexec.exe
2006-11-05 17:16 699,392 --a------ C:\WINDOWS\SYSTEM32\msxml2.dll
2006-11-05 17:16 598,016 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2006-11-05 17:16 584,192 --a------ C:\WINDOWS\SYSTEM32\netcfgx.dll
2006-11-05 17:16 56,320 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-11-05 17:16 552,991 --a------ C:\WINDOWS\SYSTEM32\msrepl40.dll
2006-11-05 17:16 421,919 --a------ C:\WINDOWS\SYSTEM32\msrd2x40.dll
2006-11-05 17:16 42,496 --a------ C:\WINDOWS\SYSTEM32\ncobjapi.dll
2006-11-05 17:16 4,608 --a------ C:\WINDOWS\SYSTEM32\msimg32.dll
2006-11-05 17:16 399,360 --a------ C:\WINDOWS\SYSTEM32\netlogon.dll
2006-11-05 17:16 39,424 --a------ C:\WINDOWS\SYSTEM32\net.exe
2006-11-05 17:16 388,608 --a------ C:\WINDOWS\SYSTEM32\mstsc.exe
2006-11-05 17:16 368,710 --a------ C:\WINDOWS\SYSTEM32\msisam11.dll
2006-11-05 17:16 348,195 --a------ C:\WINDOWS\SYSTEM32\msjetoledb40.dll
2006-11-05 17:16 348,191 --a------ C:\WINDOWS\SYSTEM32\mspbde40.dll
2006-11-05 17:16 344,095 --a------ C:\WINDOWS\SYSTEM32\msxbde40.dll
2006-11-05 17:16 339,968 --a------ C:\WINDOWS\SYSTEM32\mspaint.exe
2006-11-05 17:16 326,656 --a------ C:\WINDOWS\SYSTEM32\netsetup.exe
2006-11-05 17:16 323,072 --a------ C:\WINDOWS\SYSTEM32\msvcrt.dll
2006-11-05 17:16 319,760 --a------ C:\WINDOWS\SYSTEM32\msnsspc.dll
2006-11-05 17:16 271,360 --a------ C:\WINDOWS\SYSTEM32\msihnd.dll
2006-11-05 17:16 253,983 --a------ C:\WINDOWS\SYSTEM32\mstext40.dll
2006-11-05 17:16 250,368 --a------ C:\WINDOWS\SYSTEM32\mstask.dll
2006-11-05 17:16 245,760 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-11-05 17:16 241,725 --a------ C:\WINDOWS\SYSTEM32\msuni11.dll
2006-11-05 17:16 241,695 --a------ C:\WINDOWS\SYSTEM32\msjtes40.dll
2006-11-05 17:16 230,400 --a------ C:\WINDOWS\SYSTEM32\msieftp.dll
2006-11-05 17:16 229,376 --a------ C:\WINDOWS\SYSTEM32\MSOEACCT.DLL
2006-11-05 17:16 22,528 --a------ C:\WINDOWS\SYSTEM32\mslbui.dll
2006-11-05 17:16 213,023 --a------ C:\WINDOWS\SYSTEM32\msltus40.dll
2006-11-05 17:16 2,890,240 --a------ C:\WINDOWS\SYSTEM32\msi.dll
2006-11-05 17:16 192,512 --a------ C:\WINDOWS\SYSTEM32\mswebdvd.dll
2006-11-05 17:16 182,784 --a------ C:\WINDOWS\SYSTEM32\msutb.dll
2006-11-05 17:16 175,104 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-11-05 17:16 16,384 --a------ C:\WINDOWS\SYSTEM32\nddenb32.dll
2006-11-05 17:16 143,872 --a------ C:\WINDOWS\SYSTEM32\msimtf.dll
2006-11-05 17:16 131,072 --a------ C:\WINDOWS\SYSTEM32\msorcl32.dll
2006-11-05 17:16 115,200 --a------ C:\WINDOWS\SYSTEM32\net1.exe
2006-11-05 17:16 113,664 --a------ C:\WINDOWS\SYSTEM32\msvfw32.dll
2006-11-05 17:16 105,984 --a------ C:\WINDOWS\SYSTEM32\netdde.exe
2006-11-05 17:16 10,240 --a------ C:\WINDOWS\SYSTEM32\msrle32.dll
2006-11-05 17:16 1,622,528 --a------ C:\WINDOWS\SYSTEM32\netshell.dll
2006-11-05 17:16 1,503,262 --a------ C:\WINDOWS\SYSTEM32\msjet40.dll
2006-11-05 17:16 1,220,608 --a------ C:\WINDOWS\SYSTEM32\msvidctl.dll
2006-11-05 17:15 91,648 --------- C:\WINDOWS\SYSTEM32\iuctl.dll
2006-11-05 17:15 9,216 --a------ C:\WINDOWS\SYSTEM32\icaapi.dll
2006-11-05 17:15 8,832 --a------ C:\WINDOWS\SYSTEM32\framebuf.dll
2006-11-05 17:15 73,728 --a------ C:\WINDOWS\SYSTEM32\ils.dll
2006-11-05 17:15 7,040 --a------ C:\WINDOWS\SYSTEM32\kd1394.dll
2006-11-05 17:15 68,608 --a------ C:\WINDOWS\SYSTEM32\mscms.dll
2006-11-05 17:15 67,584 --a------ C:\WINDOWS\SYSTEM32\msctfp.dll
2006-11-05 17:15 65,536 --a------ C:\WINDOWS\SYSTEM32\msconf.dll
2006-11-05 17:15 596,480 --a------ C:\WINDOWS\SYSTEM32\INETCOMM.DLL
2006-11-05 17:15 59,392 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-11-05 17:15 57,856 --a------ C:\WINDOWS\SYSTEM32\licwmi.dll
2006-11-05 17:15 512,031 --a------ C:\WINDOWS\SYSTEM32\msexch40.dll
2006-11-05 17:15 51,712 --a------ C:\WINDOWS\SYSTEM32\ipconfig.exe
2006-11-05 17:15 504,320 --a------ C:\WINDOWS\SYSTEM32\logonui.exe
2006-11-05 17:15 49,664 --a------ C:\WINDOWS\SYSTEM32\ixsso.dll
2006-11-05 17:15 4,126 --a------ C:\WINDOWS\SYSTEM32\msdxmlc.dll
2006-11-05 17:15 381,440 --a------ C:\WINDOWS\SYSTEM32\lmrt.dll
2006-11-05 17:15 36,922 --a------ C:\WINDOWS\SYSTEM32\imeshare.dll
2006-11-05 17:15 32,256 --a------ C:\WINDOWS\SYSTEM32\mnmdd.dll
2006-11-05 17:15 319,519 --a------ C:\WINDOWS\SYSTEM32\msexcl40.dll
2006-11-05 17:15 318,464 --a------ C:\WINDOWS\SYSTEM32\ippromon.dll
2006-11-05 17:15 30,208 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-11-05 17:15 294,912 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-11-05 17:15 28,672 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-11-05 17:15 27,648 --a------ C:\WINDOWS\SYSTEM32\pidgen.dll
2006-11-05 17:15 266,752 --a------ C:\WINDOWS\SYSTEM32\msctf.dll
2006-11-05 17:15 240,640 --a------ C:\WINDOWS\SYSTEM32\hnetcfg.dll
2006-11-05 17:15 237,056 --a------ C:\WINDOWS\SYSTEM32\icm32.dll
2006-11-05 17:15 219,648 --a------ C:\WINDOWS\SYSTEM32\logon.scr
2006-11-05 17:15 210,944 --a------ C:\WINDOWS\SYSTEM32\moricons.dll
2006-11-05 17:15 204,288 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-11-05 17:15 196,096 --a------ C:\WINDOWS\SYSTEM32\mobsync.dll
2006-11-05 17:15 19,456 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-11-05 17:15 163,840 --a------ C:\WINDOWS\SYSTEM32\mindex.dll
2006-11-05 17:15 126,976 --a------ C:\WINDOWS\SYSTEM32\msdart.dll
2006-11-05 17:15 126,976 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-11-05 17:15 123,904 --a------ C:\WINDOWS\SYSTEM32\imapi.exe
2006-11-05 17:15 12,288 --a------ C:\WINDOWS\SYSTEM32\mscpx32r.dll
2006-11-05 17:15 116,736 --a------ C:\WINDOWS\SYSTEM32\mplay32.exe
2006-11-05 17:15 115,200 --a------ C:\WINDOWS\SYSTEM32\dpcdll.dll
2006-11-05 17:15 114,176 --a------ C:\WINDOWS\SYSTEM32\input.dll
2006-11-05 17:15 113,152 --a------ C:\WINDOWS\SYSTEM32\idq.dll
2006-11-05 17:15 103,936 --a------ C:\WINDOWS\SYSTEM32\imm32.dll
2006-11-05 17:15 10,240 --a------ C:\WINDOWS\SYSTEM32\localui.dll
2006-11-05 17:15 1,128,960 --a------ C:\WINDOWS\SYSTEM32\mmcndmgr.dll
2006-11-05 17:14 98,816 --a------ C:\WINDOWS\SYSTEM32\clipbrd.exe
2006-11-05 17:14 94,720 --a------ C:\WINDOWS\SYSTEM32\dmusic.dll
2006-11-05 17:14 91,648 --a------ C:\WINDOWS\SYSTEM32\ahui.exe
2006-11-05 17:14 91,136 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-11-05 17:14 9,216 --a------ C:\WINDOWS\SYSTEM32\dumprep.exe
2006-11-05 17:14 802,304 --a------ C:\WINDOWS\SYSTEM32\dxmrtp.dll
2006-11-05 17:14 8,192 --a------ C:\WINDOWS\SYSTEM32\autolfn.exe
2006-11-05 17:14 786,432 --a------ C:\WINDOWS\SYSTEM32\dxdiag.exe
2006-11-05 17:14 77,312 --a------ C:\WINDOWS\SYSTEM32\dmscript.dll
2006-11-05 17:14 76,288 --a------ C:\WINDOWS\SYSTEM32\dfrgfat.exe
2006-11-05 17:14 76,288 --a------ C:\WINDOWS\SYSTEM32\avifil32.dll
2006-11-05 17:14 74,810 --a------ C:\WINDOWS\SYSTEM32\atl.dll
2006-11-05 17:14 71,680 --a------ C:\WINDOWS\SYSTEM32\browsewm.dll
2006-11-05 17:14 70,656 --a------ C:\WINDOWS\SYSTEM32\defrag.exe
2006-11-05 17:14 70,144 --a------ C:\WINDOWS\SYSTEM32\cryptdlg.dll
2006-11-05 17:14 66,560 --a------ C:\WINDOWS\SYSTEM32\faultrep.dll
2006-11-05 17:14 64,512 --a------ C:\WINDOWS\SYSTEM32\ciodm.dll
2006-11-05 17:14 62,976 --a------ C:\WINDOWS\SYSTEM32\browselc.dll
2006-11-05 17:14 62,464 --a------ C:\WINDOWS\SYSTEM32\adsmsext.dll
2006-11-05 17:14 61,440 --a------ C:\WINDOWS\SYSTEM32\dbnetlib.dll
2006-11-05 17:14 6,656 --a------ C:\WINDOWS\SYSTEM32\batt.dll
2006-11-05 17:14 59,904 --a------ C:\WINDOWS\SYSTEM32\cabinet.dll
2006-11-05 17:14 58,368 --a------ C:\WINDOWS\SYSTEM32\dpvsetup.exe
2006-11-05 17:14 57,344 --a------ C:\WINDOWS\SYSTEM32\dmcompos.dll
2006-11-05 17:14 56,320 --a------ C:\WINDOWS\SYSTEM32\dpnhupnp.dll
2006-11-05 17:14 55,296 --a------ C:\WINDOWS\SYSTEM32\digest.dll
2006-11-05 17:14 54,272 --a------ C:\WINDOWS\SYSTEM32\clusapi.dll
2006-11-05 17:14 53,248 --a------ C:\WINDOWS\SYSTEM32\cryptsvc.dll
2006-11-05 17:14 5,120 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-11-05 17:14 498,205 --a------ C:\WINDOWS\SYSTEM32\dxmasf.dll
2006-11-05 17:14 49,664 --a------ C:\WINDOWS\SYSTEM32\dpwsockx.dll
2006-11-05 17:14 49,152 --a------ C:\WINDOWS\SYSTEM32\eventlog.dll
2006-11-05 17:14 49,152 --a------ C:\WINDOWS\SYSTEM32\browser.dll
2006-11-05 17:14 489,984 --a------ C:\WINDOWS\SYSTEM32\dbghelp.dll
2006-11-05 17:14 471,040 --a------ C:\WINDOWS\SYSTEM32\cryptui.dll
2006-11-05 17:14 45,568 --a------ C:\WINDOWS\SYSTEM32\docprop2.dll
2006-11-05 17:14 41,984 --a------ C:\WINDOWS\SYSTEM32\alg.exe
2006-11-05 17:14 41,472 --a------ C:\WINDOWS\SYSTEM32\cmdl32.exe
2006-11-05 17:14 380,445 --a------ C:\WINDOWS\SYSTEM32\expsrv.dll
2006-11-05 17:14 38,912 --a------ C:\WINDOWS\SYSTEM32\audiosrv.dll
2006-11-05 17:14 35,328 --a------ C:\WINDOWS\SYSTEM32\dfrgsnap.dll
2006-11-05 17:14 324,608 --a------ C:\WINDOWS\SYSTEM32\cmdial32.dll
2006-11-05 17:14 32,768 --a------ C:\WINDOWS\SYSTEM32\cfgbkend.dll
2006-11-05 17:14 32,512 --------- C:\WINDOWS\SYSTEM32\DRIVERS\amdk7.sys
2006-11-05 17:14 31,744 --a------ C:\WINDOWS\SYSTEM32\dmloader.dll
2006-11-05 17:14 307,712 --a------ C:\WINDOWS\SYSTEM32\cscui.dll
2006-11-05 17:14 29,696 --a------ C:\WINDOWS\SYSTEM32\dpnhpast.dll
2006-11-05 17:14 28,672 --a------ C:\WINDOWS\SYSTEM32\dbnmpntw.dll
2006-11-05 17:14 263,680 --a------ C:\WINDOWS\SYSTEM32\duser.dll
2006-11-05 17:14 263,168 --a------ C:\WINDOWS\SYSTEM32\devmgr.dll
2006-11-05 17:14 26,112 --a------ C:\WINDOWS\SYSTEM32\dmband.dll
2006-11-05 17:14 253,440 --a------ C:\WINDOWS\SYSTEM32\ddraw.dll
2006-11-05 17:14 25,600 --a------ C:\WINDOWS\SYSTEM32\dfsshlex.dll
2006-11-05 17:14 24,576 --a------ C:\WINDOWS\SYSTEM32\dbmsvinn.dll
2006-11-05 17:14 24,576 --a------ C:\WINDOWS\SYSTEM32\dbmsrpcn.dll
2006-11-05 17:14 24,576 --a------ C:\WINDOWS\SYSTEM32\conime.exe
2006-11-05 17:14 239,616 --a------ C:\WINDOWS\SYSTEM32\adsnt.dll
2006-11-05 17:14 238,592 --a------ C:\WINDOWS\SYSTEM32\compatui.dll
2006-11-05 17:14 227,840 --a------ C:\WINDOWS\SYSTEM32\dsquery.dll
2006-11-05 17:14 22,528 --a------ C:\WINDOWS\SYSTEM32\at.exe
2006-11-05 17:14 206,336 --a------ C:\WINDOWS\SYSTEM32\dpvoice.dll
2006-11-05 17:14 20,480 --a------ C:\WINDOWS\SYSTEM32\dbmsadsn.dll
2006-11-05 17:14 19,456 --a------ C:\WINDOWS\SYSTEM32\fontview.exe
2006-11-05 17:14 19,456 --a------ C:\WINDOWS\SYSTEM32\ersvc.dll
2006-11-05 17:14 186,880 --a------ C:\WINDOWS\SYSTEM32\certcli.dll
2006-11-05 17:14 180,224 --a------ C:\WINDOWS\SYSTEM32\dwwin.exe
2006-11-05 17:14 179,712 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-11-05 17:14 178,688 --a------ C:\WINDOWS\SYSTEM32\eudcedit.exe
2006-11-05 17:14 172,544 --a------ C:\WINDOWS\SYSTEM32\dmime.dll
2006-11-05 17:14 168,960 --a------ C:\WINDOWS\SYSTEM32\dinput8.dll
2006-11-05 17:14 165,376 --a------ C:\WINDOWS\SYSTEM32\els.dll
2006-11-05 17:14 162,816 --a------ C:\WINDOWS\SYSTEM32\adsldp.dll
2006-11-05 17:14 16,384 --a------ C:\WINDOWS\SYSTEM32\ds32gt.dll
2006-11-05 17:14 158,720 --a------ C:\WINDOWS\SYSTEM32\credui.dll
2006-11-05 17:14 156,672 --a------ C:\WINDOWS\SYSTEM32\dpnet.dll
2006-11-05 17:14 151,552 --a------ C:\WINDOWS\SYSTEM32\dinput.dll
2006-11-05 17:14 14,366 --------- C:\WINDOWS\SYSTEM32\asfsipc.dll
2006-11-05 17:14 139,776 --a------ C:\WINDOWS\SYSTEM32\adsldpc.dll
2006-11-05 17:14 135,680 --a------ C:\WINDOWS\SYSTEM32\dsprop.dll
2006-11-05 17:14 13,312 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2006-11-05 17:14 124,928 --a------ C:\WINDOWS\SYSTEM32\dssenh.dll
2006-11-05 17:14 115,712 --a------ C:\WINDOWS\SYSTEM32\apphelp.dll
2006-11-05 17:14 113,152 --a------ C:\WINDOWS\SYSTEM32\dfrgui.dll
2006-11-05 17:14 110,080 --a------ C:\WINDOWS\SYSTEM32\dmstyle.dll
2006-11-05 17:14 103,424 --a------ C:\WINDOWS\SYSTEM32\dgnet.dll
2006-11-05 17:14 1,180,672 --a------ C:\WINDOWS\SYSTEM32\d3d8.dll
2006-11-05 17:14 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-11-05 17:12 42,537 --a------ C:\WINDOWS\SYSTEM32\keyboard.sys
2006-11-05 17:12 401,462 --a------ C:\WINDOWS\SYSTEM32\msvcp60.dll
2006-11-05 17:12 169,984 --a------ C:\WINDOWS\SYSTEM32\sccbase.dll
2006-11-05 11:14 997,888 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
2006-11-05 11:14 892,416 --a------ C:\WINDOWS\SYSTEM32\wmspdmoe.dll
2006-11-05 11:14 755,200 --a------ C:\WINDOWS\SYSTEM32\ir50_32.dll
2006-11-05 11:14 7,680 --------- C:\WINDOWS\SYSTEM32\bitsprx2.dll
2006-11-05 11:14 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx3.dll
2006-11-05 11:14 5,120 --a------ C:\WINDOWS\SYSTEM32\hccoin.dll
2006-11-05 11:14 486,536 --a------ C:\WINDOWS\SYSTEM32\wmspdmod.dll
2006-11-05 11:14 384,512 --a------ C:\WINDOWS\SYSTEM32\mp4sdmod.dll
2006-11-05 11:14 361,984 --a------ C:\WINDOWS\SYSTEM32\qmgr.dll
2006-11-05 11:14 338,432 --a------ C:\WINDOWS\SYSTEM32\ir41_qcx.dll
2006-11-05 11:14 331,776 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2006-11-05 11:14 316,040 --a------ C:\WINDOWS\SYSTEM32\mp43dmod.dll
2006-11-05 11:14 29,056 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\agpcpq.sys
2006-11-05 11:14 27,648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys
2006-11-05 11:14 27,648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\alim1541.sys
2006-11-05 11:14 27,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys
2006-11-05 11:14 26,112 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys
2006-11-05 11:14 25,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
2006-11-05 11:14 200,192 --a------ C:\WINDOWS\SYSTEM32\ir50_qc.dll
2006-11-05 11:14 19,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
2006-11-05 11:14 183,808 --a------ C:\WINDOWS\SYSTEM32\ir50_qcx.dll
2006-11-05 11:14 143,360 --a------ C:\WINDOWS\SYSTEM32\wmidx.dll
2006-11-05 11:14 120,320 --a------ C:\WINDOWS\SYSTEM32\ir41_qc.dll
2006-11-05 11:14 1,111,040 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
2006-11-05 11:13 995,384 --a------ C:\WINDOWS\SYSTEM32\mfc42u.dll
2006-11-05 11:13 995,383 --------- C:\WINDOWS\SYSTEM32\mfc42.dll
2006-11-05 11:13 99,840 --a------ C:\WINDOWS\SYSTEM32\iexpress.exe
2006-11-05 11:13 99,840 --a------ C:\WINDOWS\SYSTEM32\dmsynth.dll
2006-11-05 11:13 981,504 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-11-05 11:13 98,304 --a------ C:\WINDOWS\SYSTEM32\actxprxy.dll
2006-11-05 11:13 971,264 --a------ C:\WINDOWS\SYSTEM32\msgina.dll
2006-11-05 11:13 96,256 --a------ C:\WINDOWS\SYSTEM32\rcbdyctl.dll
2006-11-05 11:13 93,184 --a------ C:\WINDOWS\SYSTEM32\winscard.dll
2006-11-05 11:13 92,160 --a------ C:\WINDOWS\SYSTEM32\krnl386.exe
2006-11-05 11:13 91,648 --a------ C:\WINDOWS\SYSTEM32\loadperf.dll
2006-11-05 11:13 90,112 --a------ C:\WINDOWS\SYSTEM32\odbcint.dll
2006-11-05 11:13 9,728 --a------ C:\WINDOWS\SYSTEM32\gpkrsrc.dll
2006-11-05 11:13 9,728 --------- C:\WINDOWS\SYSTEM32\regsvr32.exe
2006-11-05 11:13 89,600 --a------ C:\WINDOWS\SYSTEM32\slbiop.dll
2006-11-05 11:13 884,736 --a------ C:\WINDOWS\SYSTEM32\msimsg.dll
2006-11-05 11:13 88,064 --a------ C:\WINDOWS\SYSTEM32\mydocs.dll
2006-11-05 11:13 87,552 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-11-05 11:13 85,504 --a------ C:\WINDOWS\SYSTEM32\catsrvps.dll
2006-11-05 11:13 84,992 --a------ C:\WINDOWS\SYSTEM32\dskquota.dll
2006-11-05 11:13 831,562 --a------ C:\WINDOWS\SYSTEM32\mswdat10.dll
2006-11-05 11:13 829,952 --a------ C:\WINDOWS\SYSTEM32\tapi3.dll
2006-11-05 11:13 82,432 --a------ C:\WINDOWS\SYSTEM32\drmstor.dll
2006-11-05 11:13 816,264 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-11-05 11:13 81,408 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-11-05 11:13 80,384 --a------ C:\WINDOWS\SYSTEM32\mciavi32.dll
2006-11-05 11:13 80,384 --a------ C:\WINDOWS\SYSTEM32\cabview.dll
2006-11-05 11:13 80,128 --a------ C:\WINDOWS\SYSTEM32\msapsspc.dll
2006-11-05 11:13 8,704 --a------ C:\WINDOWS\SYSTEM32\lprhelp.dll
2006-11-05 11:13 8,456 --a------ C:\WINDOWS\SYSTEM32\tsddd.dll
2006-11-05 11:13 8,192 --a------ C:\WINDOWS\SYSTEM32\igmpagnt.dll
2006-11-05 11:13 8,192 --a------ C:\WINDOWS\SYSTEM32\d3d8thk.dll
2006-11-05 11:13 792,064 --a------ C:\WINDOWS\SYSTEM32\comres.dll
2006-11-05 11:13 791,040 --a------ C:\WINDOWS\SYSTEM32\d3dim700.dll
2006-11-05 11:13 79,360 --a------ C:\WINDOWS\SYSTEM32\mprapi.dll
2006-11-05 11:13 79,360 --a------ C:\WINDOWS\SYSTEM32\makecab.exe
2006-11-05 11:13 79,360 --a------ C:\WINDOWS\SYSTEM32\diantz.exe
2006-11-05 11:13 774,144 --a------ C:\WINDOWS\SYSTEM32\mmc.exe
2006-11-05 11:13 77,824 --a------ C:\WINDOWS\SYSTEM32\isign32.dll
2006-11-05 11:13 77,824 --------- C:\WINDOWS\SYSTEM32\asycfilt.dll
2006-11-05 11:13 762,368 --a------ C:\WINDOWS\SYSTEM32\winntbbu.dll
2006-11-05 11:13 760,968 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-11-05 11:13 74,752 --a------ C:\WINDOWS\SYSTEM32\netui0.dll
2006-11-05 11:13 734,208 --a------ C:\WINDOWS\SYSTEM32\qedwipes.dll
2006-11-05 11:13 71,680 --a------ C:\WINDOWS\SYSTEM32\nslookup.exe
2006-11-05 11:13 70,656 --a------ C:\WINDOWS\SYSTEM32\wiascr.dll
2006-11-05 11:13 7,680 --a------ C:\WINDOWS\SYSTEM32\dciman32.dll
2006-11-05 11:13 69,632 --a------ C:\WINDOWS\SYSTEM32\shrpubw.exe
2006-11-05 11:13 69,632 --a------ C:\WINDOWS\SYSTEM32\icwdial.dll
2006-11-05 11:13 69,120 --a------ C:\WINDOWS\SYSTEM32\unimdmat.dll
2006-11-05 11:13 681,984 --a------ C:\WINDOWS\SYSTEM32\lsasrv.dll
2006-11-05 11:13 68,928 --a------ C:\WINDOWS\SYSTEM32\mmsystem.dll
2006-11-05 11:13 68,096 --a------ C:\WINDOWS\SYSTEM32\locator.exe
2006-11-05 11:13 68,096 --a------ C:\WINDOWS\SYSTEM32\inetpp.dll
2006-11-05 11:13 678,912 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-11-05 11:13 670,208 --a------ C:\WINDOWS\SYSTEM32\wmadmoe.dll
2006-11-05 11:13 67,584 --a------ C:\WINDOWS\SYSTEM32\magnify.exe
2006-11-05 11:13 67,072 --a------ C:\WINDOWS\SYSTEM32\usbui.dll
2006-11-05 11:13 67,072 --a------ C:\WINDOWS\SYSTEM32\msacm32.dll
2006-11-05 11:13 667,136 --a------ C:\WINDOWS\SYSTEM32\userenv.dll
2006-11-05 11:13 66,560 --a------ C:\WINDOWS\SYSTEM32\scarddlg.dll
2006-11-05 11:13 66,560 --a------ C:\WINDOWS\SYSTEM32\mmcbase.dll
2006-11-05 11:13 66,560 --a------ C:\WINDOWS\SYSTEM32\dsdmoprp.dll
2006-11-05 11:13 66,048 --a------ C:\WINDOWS\SYSTEM32\notepad.exe
2006-11-05 11:13 66,048 --a------ C:\WINDOWS\SYSTEM32\msw3prt.dll
2006-11-05 11:13 66,048 --a------ C:\WINDOWS\notepad.exe
2006-11-05 11:13 654,336 --a------ C:\WINDOWS\SYSTEM32\ntdll.dll
2006-11-05 11:13 65,585 --a------ C:\WINDOWS\SYSTEM32\wshext.dll
2006-11-05 11:13 65,024 --a------ C:\WINDOWS\SYSTEM32\msvcrt40.dll
2006-11-05 11:13 64,512 --a------ C:\WINDOWS\SYSTEM32\ntdsapi.dll
2006-11-05 11:13 63,488 --a------ C:\WINDOWS\SYSTEM32\amstream.dll
2006-11-05 11:13 614,474 --a------ C:\WINDOWS\SYSTEM32\mswstr10.dll
2006-11-05 11:13 61,952 --a------ C:\WINDOWS\SYSTEM32\rdshost.exe
2006-11-05 11:13 61,952 --a------ C:\WINDOWS\SYSTEM32\osuninst.dll
2006-11-05 11:13 61,440 --a------ C:\WINDOWS\SYSTEM32\icwphbk.dll
2006-11-05 11:13 61,440 --a------ C:\WINDOWS\SYSTEM32\cleanmgr.exe
2006-11-05 11:13 6,656 --a------ C:\WINDOWS\SYSTEM32\laprxy.dll
2006-11-05 11:13 6,144 --a------ C:\WINDOWS\SYSTEM32\msdtc.exe
2006-11-05 11:13 595,456 --a------ C:\WINDOWS\SYSTEM32\dx7vb.dll
2006-11-05 11:13 585,344 --a------ C:\WINDOWS\SYSTEM32\i81xdnt5.dll
2006-11-05 11:13 578,560 --a------ C:\WINDOWS\SYSTEM32\autoconv.exe
2006-11-05 11:13 577,024 --a------ C:\WINDOWS\SYSTEM32\mlang.dll
2006-11-05 11:13 57,344 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-11-05 11:13 568,832 --a------ C:\WINDOWS\SYSTEM32\wiashext.dll
2006-11-05 11:13 565,760 --a------ C:\WINDOWS\SYSTEM32\autochk.exe
2006-11-05 11:13 561,664 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-11-05 11:13 561,152 --a------ C:\WINDOWS\SYSTEM32\user32.dll
2006-11-05 11:13 56,320 --a------ C:\WINDOWS\SYSTEM32\miglibnt.dll
2006-11-05 11:13 558,592 --a------ C:\WINDOWS\SYSTEM32\autofmt.exe
2006-11-05 11:13 558,080 --a------ C:\WINDOWS\SYSTEM32\advapi32.dll
2006-11-05 11:13 55,808 --a------ C:\WINDOWS\SYSTEM32\mpr.dll
2006-11-05 11:13 548,864 --a------ C:\WINDOWS\SYSTEM32\shdoclc.dll
2006-11-05 11:13 544,256 --a------ C:\WINDOWS\SYSTEM32\crypt32.dll
2006-11-05 11:13 54,784 --a------ C:\WINDOWS\SYSTEM32\resutils.dll
2006-11-05 11:13 54,784 --a------ C:\WINDOWS\SYSTEM32\msdtclog.dll
2006-11-05 11:13 54,784 --a------ C:\WINDOWS\SYSTEM32\cmstp.exe
2006-11-05 11:13 54,272 --a------ C:\WINDOWS\SYSTEM32\rasphone.exe
2006-11-05 11:13 53,840 --a------ C:\WINDOWS\SYSTEM32\dosx.exe
2006-11-05 11:13 53,322 --a------ C:\WINDOWS\SYSTEM32\msjter40.dll
2006-11-05 11:13 53,279 --a------ C:\WINDOWS\SYSTEM32\odbcji32.dll
2006-11-05 11:13 53,248 --a------ C:\WINDOWS\SYSTEM32\servdeps.dll
2006-11-05 11:13 53,248 --a------ C:\WINDOWS\SYSTEM32\sendmail.dll
2006-11-05 11:13 53,248 --a------ C:\WINDOWS\SYSTEM32\cryptnet.dll
2006-11-05 11:13 516,608 --a------ C:\WINDOWS\SYSTEM32\winlogon.exe
2006-11-05 11:13 51,712 --a------ C:\WINDOWS\SYSTEM32\synceng.dll
2006-11-05 11:13 51,712 --a------ C:\WINDOWS\SYSTEM32\regsvc.dll
2006-11-05 11:13 51,712 --a------ C:\WINDOWS\SYSTEM32\msasn1.dll
2006-11-05 11:13 51,712 --a------ C:\WINDOWS\SYSTEM32\devenum.dll
2006-11-05 11:13 51,712 --a------ C:\WINDOWS\SYSTEM32\dataclen.dll
2006-11-05 11:13 51,200 --a------ C:\WINDOWS\SYSTEM32\narrator.exe
2006-11-05 11:13 50,688 --a------ C:\WINDOWS\SYSTEM32\msvcirt.dll
2006-11-05 11:13 50,688 --a------ C:\WINDOWS\SYSTEM32\dmutil.dll
2006-11-05 11:13 5,632 --a------ C:\WINDOWS\SYSTEM32\wmi.dll
2006-11-05 11:13 5,632 --a------ C:\WINDOWS\SYSTEM32\security.dll
2006-11-05 11:13 5,120 --a------ C:\WINDOWS\SYSTEM32\msidle.dll
2006-11-05 11:13 5,120 --a------ C:\WINDOWS\SYSTEM32\cisvc.exe
2006-11-05 11:13 495,376 --a------ C:\WINDOWS\SYSTEM32\msxml.dll
2006-11-05 11:13 48,640 --a------ C:\WINDOWS\SYSTEM32\cryptext.dll
2006-11-05 11:13 47,616 --a------ C:\WINDOWS\SYSTEM32\INETRES.DLL
2006-11-05 11:13 47,104 --a------ C:\WINDOWS\SYSTEM32\dssec.dll
2006-11-05 11:13 460,288 --a------ C:\WINDOWS\SYSTEM32\ntmsmgr.dll
2006-11-05 11:13 46,592 --a------ C:\WINDOWS\twain_32.dll
2006-11-05 11:13 46,592 --a------ C:\WINDOWS\SYSTEM32\wdigest.dll
2006-11-05 11:13 46,592 --a------ C:\WINDOWS\SYSTEM32\mmcshext.dll
2006-11-05 11:13 46,080 --a------ C:\WINDOWS\SYSTEM32\wstdecod.dll
2006-11-05 11:13 45,632 --a------ C:\WINDOWS\SYSTEM32\cliconfg.exe
2006-11-05 11:13 45,568 --a------ C:\WINDOWS\SYSTEM32\iyuv_32.dll
2006-11-05 11:13 45,568 --a------ C:\WINDOWS\SYSTEM32\cnbjmon.dll
2006-11-05 11:13 45,056 --a------ C:\WINDOWS\SYSTEM32\proquota.exe
2006-11-05 11:13 45,056 --a------ C:\WINDOWS\SYSTEM32\msprivs.dll
2006-11-05 11:13 45,056 --a------ C:\WINDOWS\SYSTEM32\camocx.dll
2006-11-05 11:13 449,536 --a------ C:\WINDOWS\SYSTEM32\wiadefui.dll
2006-11-05 11:13 44,032 --a------ C:\WINDOWS\SYSTEM32\MSIDENT.DLL
2006-11-05 11:13 44,032 --a------ C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2006-11-05 11:13 44,032 --a------ C:\WINDOWS\SYSTEM32\basesrv.dll
2006-11-05 11:13 436,736 --a------ C:\WINDOWS\SYSTEM32\certmgr.dll
2006-11-05 11:13 43,008 --a------ C:\WINDOWS\SYSTEM32\ssmypics.scr
2006-11-05 11:13 414,720 --a------ C:\WINDOWS\SYSTEM32\wiaacmgr.exe
2006-11-05 11:13 410,248 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-11-05 11:13 40,960 --a------ C:\WINDOWS\SYSTEM32\safrslv.dll
2006-11-05 11:13 40,960 --a------ C:\WINDOWS\SYSTEM32\extrac32.exe
2006-11-05 11:13 40,448 --a------ C:\WINDOWS\SYSTEM32\tcpmon.dll
2006-11-05 11:13 40,448 --a------ C:\WINDOWS\SYSTEM32\ftp.exe
2006-11-05 11:13 4,096 --a------ C:\WINDOWS\SYSTEM32\winver.exe
2006-11-05 11:13 4,096 --a------ C:\WINDOWS\SYSTEM32\sfc.dll
2006-11-05 11:13 4,096 --a------ C:\WINDOWS\SYSTEM32\nddeapir.exe
2006-11-05 11:13 4,096 --a------ C:\WINDOWS\SYSTEM32\ksuser.dll
2006-11-05 11:13 4,096 --a------ C:\WINDOWS\SYSTEM32\actmovie.exe
2006-11-05 11:13 39,936 --a------ C:\WINDOWS\SYSTEM32\rtutils.dll
2006-11-05 11:13 39,936 --a------ C:\WINDOWS\SYSTEM32\htui.dll
2006-11-05 11:13 39,424 --a------ C:\WINDOWS\SYSTEM32\safrcdlg.dll
2006-11-05 11:13 387,584 --a------ C:\WINDOWS\SYSTEM32\regwizc.dll
2006-11-05 11:13 38,400 --a------ C:\WINDOWS\SYSTEM32\dpnlobby.dll
2006-11-05 11:13 375,808 --a------ C:\WINDOWS\SYSTEM32\cmd.exe
2006-11-05 11:13 37,888 --a------ C:\WINDOWS\SYSTEM32\pstorec.dll
2006-11-05 11:13 37,888 --a------ C:\WINDOWS\SYSTEM32\grpconv.exe
2006-11-05 11:13 361,472 --a------ C:\WINDOWS\SYSTEM32\fontext.dll
2006-11-05 11:13 36,864 --a------ C:\WINDOWS\SYSTEM32\mscpxl32.dll
2006-11-05 11:13 36,352 --a------ C:\WINDOWS\SYSTEM32\cmutil.dll
2006-11-05 11:13 35,840 --a------ C:\WINDOWS\SYSTEM32\cmmon32.exe
2006-11-05 11:13 35,632 --a------ C:\WINDOWS\SYSTEM32\ntio411.sys
2006-11-05 11:13 35,392 --a------ C:\WINDOWS\SYSTEM32\ntio412.sys
2006-11-05 11:13 346,624 --a------ C:\WINDOWS\SYSTEM32\tourstart.exe
2006-11-05 11:13 343,552 --a------ C:\WINDOWS\SYSTEM32\termmgr.dll
2006-11-05 11:13 34,528 --a------ C:\WINDOWS\SYSTEM32\ntio804.sys
2006-11-05 11:13 34,528 --a------ C:\WINDOWS\SYSTEM32\ntio404.sys
2006-11-05 11:13 34,304 --a------ C:\WINDOWS\SYSTEM32\msgsvc.dll
2006-11-05 11:13 338,944 --a------ C:\WINDOWS\SYSTEM32\dsound.dll
2006-11-05 11:13 33,280 --a------ C:\WINDOWS\SYSTEM32\racpldlg.dll
2006-11-05 11:13 33,280 --a------ C:\WINDOWS\SYSTEM32\mciqtz32.dll
2006-11-05 11:13 323,072 --a------ C:\WINDOWS\SYSTEM32\filemgmt.dll
2006-11-05 11:13 32,768 --a------ C:\WINDOWS\SYSTEM32\mnmsrvc.exe
2006-11-05 11:13 32,256 --a------ C:\WINDOWS\SYSTEM32\perfproc.dll
2006-11-05 11:13 315,904 --a------ C:\WINDOWS\SYSTEM32\hnetwiz.dll
2006-11-05 11:13 315,466 --a------ C:\WINDOWS\SYSTEM32\msrd3x40.dll
2006-11-05 11:13 31,744 --a------ C:\WINDOWS\SYSTEM32\rundll32.exe
2006-11-05 11:13 31,232 --a------ C:\WINDOWS\SYSTEM32\wpabaln.exe
2006-11-05 11:13 301,712 --a------ C:\WINDOWS\SYSTEM32\drmclien.dll
2006-11-05 11:13 30,992 --a------ C:\WINDOWS\SYSTEM32\vbajet32.dll
2006-11-05 11:13 30,720 --a------ C:\WINDOWS\SYSTEM32\netstat.exe
2006-11-05 11:13 30,720 --a------ C:\WINDOWS\SYSTEM32\clipsrv.exe
2006-11-05 11:13 3,584 --a------ C:\WINDOWS\SYSTEM32\msafd.dll
2006-11-05 11:13 3,072 --a------ C:\WINDOWS\SYSTEM32\icmp.dll
2006-11-05 11:13 295,936 --a------ C:\WINDOWS\SYSTEM32\localspl.dll
2006-11-05 11:13 29,696 --a------ C:\WINDOWS\SYSTEM32\rtipxmib.dll
2006-11-05 11:13 29,184 --a------ C:\WINDOWS\SYSTEM32\wpnpinst.exe
2006-11-05 11:13 29,184 --a------ C:\WINDOWS\SYSTEM32\csrsrv.dll
2006-11-05 11:13 29,184 --a------ C:\WINDOWS\SYSTEM32\cryptdll.dll
2006-11-05 11:13 28,721 --a------ C:\WINDOWS\SYSTEM32\wshcon.dll
2006-11-05 11:13 28,672 --a------ C:\WINDOWS\SYSTEM32\sethc.exe
2006-11-05 11:13 28,672 --a------ C:\WINDOWS\SYSTEM32\profmap.dll
2006-11-05 11:13 28,672 --a------ C:\WINDOWS\SYSTEM32\isrdbg32.dll
2006-11-05 11:13 28,160 --a------ C:\WINDOWS\SYSTEM32\xcopy.exe
2006-11-05 11:13 278,016 --a------ C:\WINDOWS\SYSTEM32\winsrv.dll
2006-11-05 11:13 276,480 --a------ C:\WINDOWS\SYSTEM32\slbcsp.dll
2006-11-05 11:13 275,456 --a------ C:\WINDOWS\SYSTEM32\vssvc.exe
2006-11-05 11:13 272,768 --a------ C:\WINDOWS\SYSTEM32\atmfd.dll
2006-11-05 11:13 271,360 --a------ C:\WINDOWS\SYSTEM32\objsel.dll
2006-11-05 11:13 270,365 --a------ C:\WINDOWS\SYSTEM32\odbcjt32.dll
2006-11-05 11:13 27,136 --a------ C:\WINDOWS\SYSTEM32\sendcmsg.dll
2006-11-05 11:13 27,136 --a------ C:\WINDOWS\SYSTEM32\mspatcha.dll
2006-11-05 11:13 27,136 --a------ C:\WINDOWS\SYSTEM32\ddeshare.exe
2006-11-05 11:13 27,136 --a------ C:\WINDOWS\SYSTEM32\batmeter.dll
2006-11-05 11:13 27,136 --a------ C:\WINDOWS\SYSTEM32\atmlib.dll
2006-11-05 11:13 266,752 --a------ C:\WINDOWS\SYSTEM32\qdv.dll
2006-11-05 11:13 266,240 --a------ C:\WINDOWS\SYSTEM32\inetcfg.dll
2006-11-05 11:13 260,608 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2006-11-05 11:13 26,624 --a------ C:\WINDOWS\SYSTEM32\safrdm.dll
2006-11-05 11:13 26,112 --a------ C:\WINDOWS\SYSTEM32\dpnaddr.dll
2006-11-05 11:13 26,112 --a------ C:\WINDOWS\SYSTEM32\dplaysvr.exe
2006-11-05 11:13 258,048 --a------ C:\WINDOWS\SYSTEM32\comdlg32.dll
2006-11-05 11:13 253,952 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-11-05 11:13 25,600 --a------ C:\WINDOWS\SYSTEM32\pstorsvc.dll
2006-11-05 11:13 25,088 --a------ C:\WINDOWS\SYSTEM32\findstr.exe
2006-11-05 11:13 241,664 --a------ C:\WINDOWS\SYSTEM32\qasf.dll
2006-11-05 11:13 241,664 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-11-05 11:13 24,064 --a------ C:\WINDOWS\SYSTEM32\vdmdbg.dll
2006-11-05 11:13 24,064 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-11-05 11:13 24,064 --a------ C:\WINDOWS\SYSTEM32\dpvacm.dll
2006-11-05 11:13 24,064 --a------ C:\WINDOWS\SYSTEM32\ddrawex.dll
2006-11-05 11:13 232,960 --a------ C:\WINDOWS\SYSTEM32\blackbox.dll
2006-11-05 11:13 230,400 --a------ C:\WINDOWS\SYSTEM32\netui1.dll
2006-11-05 11:13 23,552 --a------ C:\WINDOWS\SYSTEM32\perfdisk.dll
2006-11-05 11:13 23,040 --a------ C:\WINDOWS\SYSTEM32\shscrap.dll
2006-11-05 11:13 23,040 --a------ C:\WINDOWS\SYSTEM32\perfos.dll
2006-11-05 11:13 23,040 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-11-05 11:13 228,352 --a------ C:\WINDOWS\SYSTEM32\mswsock.dll
2006-11-05 11:13 222,208 --a------ C:\WINDOWS\SYSTEM32\compstui.dll
2006-11-05 11:13 22,528 --a------ C:\WINDOWS\SYSTEM32\wmdmlog.dll
2006-11-05 11:13 22,528 --a------ C:\WINDOWS\SYSTEM32\hid.dll
2006-11-05 11:13 22,016 --a------ C:\WINDOWS\SYSTEM32\mciwave.dll
2006-11-05 11:13 22,016 --a------ C:\WINDOWS\SYSTEM32\ipxroute.exe
2006-11-05 11:13 22,016 --a------ C:\WINDOWS\SYSTEM32\davclnt.dll
2006-11-05 11:13 218,112 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-11-05 11:13 212,992 --a------ C:\WINDOWS\SYSTEM32\dplayx.dll
2006-11-05 11:13 21,504 --a------ C:\WINDOWS\SYSTEM32\wsock32.dll
2006-11-05 11:13 21,504 --a------ C:\WINDOWS\SYSTEM32\dmserver.dll
2006-11-05 11:13 205,824 --a------ C:\WINDOWS\SYSTEM32\progman.exe
2006-11-05 11:13 204,800 --a------ C:\WINDOWS\SYSTEM32\dmadmin.exe
2006-11-05 11:13 202,752 --a------ C:\WINDOWS\SYSTEM32\localsec.dll
2006-11-05 11:13 20,992 --a------ C:\WINDOWS\SYSTEM32\seclogon.dll
2006-11-05 11:13 20,992 --a------ C:\WINDOWS\SYSTEM32\mfcsubs.dll
2006-11-05 11:13 20,992 --a------ C:\WINDOWS\SYSTEM32\mciseq.dll
2006-11-05 11:13 20,992 --a------ C:\WINDOWS\SYSTEM32\dpmodemx.dll
2006-11-05 11:13 20,554 --a------ C:\WINDOWS\SYSTEM32\odtext32.dll
2006-11-05 11:13 20,554 --a------ C:\WINDOWS\SYSTEM32\oddbse32.dll
2006-11-05 11:13 20,553 --a------ C:\WINDOWS\SYSTEM32\odpdx32.dll
2006-11-05 11:13 20,553 --a------ C:\WINDOWS\SYSTEM32\odfox32.dll
2006-11-05 11:13 20,553 --a------ C:\WINDOWS\SYSTEM32\odexl32.dll
2006-11-05 11:13 20,480 --a------ C:\WINDOWS\SYSTEM32\wmdmps.dll
2006-11-05 11:13 20,480 --a------ C:\WINDOWS\SYSTEM32\stimon.exe
2006-11-05 11:13 20,480 --a------ C:\WINDOWS\SYSTEM32\msorc32r.dll
2006-11-05 11:13 2,058,888 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-11-05 11:13 2,025,984 --a------ C:\WINDOWS\SYSTEM32\cdosys.dll
2006-11-05 11:13 19,968 --a------ C:\WINDOWS\SYSTEM32\rcp.exe
2006-11-05 11:13 184,320 --a------ C:\WINDOWS\SYSTEM32\dmdskmgr.dll
2006-11-05 11:13 183,296 --a------ C:\WINDOWS\SYSTEM32\syncui.dll
2006-11-05 11:13 181,760 --a------ C:\WINDOWS\SYSTEM32\activeds.dll
2006-11-05 11:13 180,800 --a------ C:\WINDOWS\SYSTEM32\sqlunirl.dll
2006-11-05 11:13 18,944 --a------ C:\WINDOWS\SYSTEM32\ws2help.dll
2006-11-05 11:13 18,944 --a------ C:\WINDOWS\SYSTEM32\lpk.dll
2006-11-05 11:13 18,944 --a------ C:\WINDOWS\SYSTEM32\dpnsvr.exe
2006-11-05 11:13 18,432 --a------ C:\WINDOWS\SYSTEM32\sclgntfy.dll
2006-11-05 11:13 18,432 --a------ C:\WINDOWS\SYSTEM32\rsmps.dll
2006-11-05 11:13 18,432 --a------ C:\WINDOWS\SYSTEM32\qprocess.exe
2006-11-05 11:13 18,432 --a------ C:\WINDOWS\SYSTEM32\feclient.dll
2006-11-05 11:13 179,200 --a------ C:\WINDOWS\SYSTEM32\accwiz.exe
2006-11-05 11:13 174,592 --a------ C:\WINDOWS\SYSTEM32\cmprops.dll
2006-11-05 11:13 172,664 --a------ C:\WINDOWS\SYSTEM32\xenroll.dll
2006-11-05 11:13 172,032 --a------ C:\WINDOWS\SYSTEM32\snmpsnap.dll
2006-11-05 11:13 17,920 --a------ C:\WINDOWS\SYSTEM32\shutdown.exe
2006-11-05 11:13 17,920 --a------ C:\WINDOWS\SYSTEM32\midimap.dll
2006-11-05 11:13 17,408 --a------ C:\WINDOWS\SYSTEM32\wshtcpip.dll
2006-11-05 11:13 17,408 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2006-11-05 11:13 166,912 --a------ C:\WINDOWS\SYSTEM32\wintrust.dll
2006-11-05 11:13 166,912 --a------ C:\WINDOWS\SYSTEM32\photowiz.dll
2006-11-05 11:13 165,888 --a------ C:\WINDOWS\SYSTEM32\dsdmo.dll
2006-11-05 11:13 16,896 --a------ C:\WINDOWS\SYSTEM32\dswave.dll
2006-11-05 11:13 16,896 --a------ C:\WINDOWS\SYSTEM32\cfgmgr32.dll
2006-11-05 11:13 16,384 --a------ C:\WINDOWS\SYSTEM32\version.dll
2006-11-05 11:13 16,384 --a------ C:\WINDOWS\SYSTEM32\msyuv.dll
2006-11-05 11:13 16,384 --a------ C:\WINDOWS\SYSTEM32\mmfutil.dll
2006-11-05 11:13 155,675 --a------ C:\WINDOWS\SYSTEM32\scrobj.dll
2006-11-05 11:13 155,648 --a------ C:\WINDOWS\SYSTEM32\mswmdm.dll
2006-11-05 11:13 151,626 --a------ C:\WINDOWS\SYSTEM32\msjint40.dll
2006-11-05 11:13 15,872 --a------ C:\WINDOWS\SYSTEM32\dvdupgrd.exe
2006-11-05 11:13 15,872 --a------ C:\WINDOWS\SYSTEM32\alrsvc.dll
2006-11-05 11:13 15,360 --a------ C:\WINDOWS\SYSTEM32\nddeapi.dll
2006-11-05 11:13 15,360 --a------ C:\WINDOWS\SYSTEM32\msisip.dll
2006-11-05 11:13 147,483 --------- C:\WINDOWS\SYSTEM32\scrrun.dll
2006-11-05 11:13 146,432 --a------ C:\WINDOWS\SYSTEM32\keymgr.dll
2006-11-05 11:13 145,920 --a------ C:\WINDOWS\SYSTEM32\diskpart.exe
2006-11-05 11:13 145,408 --a------ C:\WINDOWS\SYSTEM32\modemui.dll
2006-11-05 11:13 144,896 --a------ C:\WINDOWS\SYSTEM32\initpki.dll
2006-11-05 11:13 14,877 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-11-05 11:13 14,848 --a------ C:\WINDOWS\SYSTEM32\winrnr.dll
2006-11-05 11:13 14,848 --a------ C:\WINDOWS\SYSTEM32\usbmon.dll
2006-11-05 11:13 14,848 --a------ C:\WINDOWS\SYSTEM32\upnpcont.exe
2006-11-05 11:13 14,848 --a------ C:\WINDOWS\SYSTEM32\powrprof.dll
2006-11-05 11:13 14,848 --a------ C:\WINDOWS\SYSTEM32\bidispl.dll
2006-11-05 11:13 14,336 --a------ C:\WINDOWS\SYSTEM32\perfmon.exe
2006-11-05 11:13 14,336 --a------ C:\WINDOWS\SYSTEM32\inetppui.dll
2006-11-05 11:13 14,336 --a------ C:\WINDOWS\SYSTEM32\dmremote.exe
2006-11-05 11:13 137,216 --a------ C:\WINDOWS\SYSTEM32\hotplug.dll
2006-11-05 11:13 135,680 --a------ C:\WINDOWS\SYSTEM32\mobsync.exe
2006-11-05 11:13 134,656 --a------ C:\WINDOWS\SYSTEM32\netid.dll
2006-11-05 11:13 13,824 --a------ C:\WINDOWS\SYSTEM32\uniplat.dll
2006-11-05 11:13 13,312 --a------ C:\WINDOWS\SYSTEM32\tcpmib.dll
2006-11-05 11:13 13,312 --a------ C:\WINDOWS\SYSTEM32\rsh.exe
2006-11-05 11:13 127,552 --a------ C:\WINDOWS\SYSTEM32\cliconfg.dll
2006-11-05 11:13 126,976 --a------ C:\WINDOWS\SYSTEM32\imagehlp.dll
2006-11-05 11:13 125,952 --a------ C:\WINDOWS\SYSTEM32\ifmon.dll
2006-11-05 11:13 124,416 --a------ C:\WINDOWS\SYSTEM32\sndrec32.exe
2006-11-05 11:13 12,800 --a------ C:\WINDOWS\SYSTEM32\svchost.exe
2006-11-05 11:13 12,800 --a------ C:\WINDOWS\SYSTEM32\pjlmon.dll
2006-11-05 11:13 12,800 --a------ C:\WINDOWS\SYSTEM32\mgmtapi.dll
2006-11-05 11:13 12,800 --a------ C:\WINDOWS\SYSTEM32\mcastmib.dll
2006-11-05 11:13 12,288 --a------ C:\WINDOWS\SYSTEM32\lmhsvc.dll
2006-11-05 11:13 12,288 --a------ C:\WINDOWS\SYSTEM32\cmcfg32.dll
2006-11-05 11:13 118,834 --a------ C:\WINDOWS\SYSTEM32\wscript.exe
2006-11-05 11:13 116,736 --a------ C:\WINDOWS\SYSTEM32\glu32.dll
2006-11-05 11:13 116,224 --a------ C:\WINDOWS\SYSTEM32\iasrad.dll
2006-11-05 11:13 113,152 --a------ C:\WINDOWS\SYSTEM32\dpvvox.dll
2006-11-05 11:13 111,616 --a------ C:\WINDOWS\SYSTEM32\t2embed.dll
2006-11-05 11:13 110,592 --a------ C:\WINDOWS\SYSTEM32\iccvid.dll
2006-11-05 11:13 11,776 --a------ C:\WINDOWS\SYSTEM32\xolehlp.dll
2006-11-05 11:13 11,776 --a------ C:\WINDOWS\SYSTEM32\rexec.exe
2006-11-05 11:13 11,776 --a------ C:\WINDOWS\SYSTEM32\lsass.exe
2006-11-05 11:13 11,776 --a------ C:\WINDOWS\SYSTEM32\drprov.dll
2006-11-05 11:13 11,264 --a------ C:\WINDOWS\SYSTEM32\msdmo.dll
2006-11-05 11:13 108,544 --a------ C:\WINDOWS\SYSTEM32\msv1_0.dll
2006-11-05 11:13 108,544 --a------ C:\WINDOWS\SYSTEM32\mdminst.dll
2006-11-05 11:13 107,008 --a------ C:\WINDOWS\SYSTEM32\aclui.dll
2006-11-05 11:13 106,496 --a------ C:\WINDOWS\SYSTEM32\olepro32.dll
2006-11-05 11:13 106,496 --a------ C:\WINDOWS\SYSTEM32\dsuiext.dll
2006-11-05 11:13 104,448 --a------ C:\WINDOWS\SYSTEM32\wiavideo.dll
2006-11-05 11:13 103,936 --a------ C:\WINDOWS\SYSTEM32\sysocmgr.exe
2006-11-05 11:13 103,936 --a------ C:\WINDOWS\SYSTEM32\mstlsapi.dll
2006-11-05 11:13 102,450 --a------ C:\WINDOWS\SYSTEM32\cscript.exe
2006-11-05 11:13 10,752 --a------ C:\WINDOWS\SYSTEM32\netrap.dll
2006-11-05 11:13 10,240 --a------ C:\WINDOWS\SYSTEM32\wshrm.dll
2006-11-05 11:13 10,240 --a------ C:\WINDOWS\SYSTEM32\atmadm.exe
2006-11-05 11:13 1,388,544 --------- C:\WINDOWS\SYSTEM32\ms

#6 JonMonster

JonMonster
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 06 November 2006 - 08:54 PM

I didn't know if the last post was truncated or not, here is the rest of my information if you did not see it before.

Kaspersky Log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, November 06, 2006 7:41:57 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/11/2006
Kaspersky Anti-Virus database records: 225165
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 68057
Number of viruses found: 13
Number of infected objects: 30 / 0
Number of suspicious objects: 3
Duration of the scan process: 01:09:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodecStarVideos.zip/stdrun16.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodecStarVideos.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\~ds39990.tmp Infected: Trojan.Win32.Kolweb.b skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Martin Ballard\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Martin Ballard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Martin Ballard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Martin Ballard\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Martin Ballard\Local Settings\Temp\~DF94A2.tmp Object is locked skipped
C:\Documents and Settings\Martin Ballard\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Martin Ballard\ntuser.dat Object is locked skipped
C:\Documents and Settings\Martin Ballard\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\~ds39990.tmp Infected: Trojan.Win32.Kolweb.b skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BMKLDE9C\komkd[1].htm/EXE-file Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BMKLDE9C\komkd[1].htm Embedded EXE: infected - 1 skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP117\change.log Object is locked skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP14\A0001592.exe Infected: Trojan-Downloader.Win32.Adload.hr skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP14\A0002591.exe Infected: Trojan-Downloader.Win32.Adload.hr skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP14\A0002612.exe Infected: Trojan-Downloader.Win32.Adload.hr skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP14\A0002616.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP14\A0004615.exe Infected: Trojan-Downloader.Win32.Adload.hr skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP14\A0004618.exe Infected: Trojan-Downloader.Win32.Tibs.iw skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP14\A0004621.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP15\A0004677.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP15\A0004683.exe Infected: Trojan-Downloader.Win32.Tibs.iw skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP16\A0013682.exe Infected: Trojan-Proxy.Win32.Ranky.de skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP16\A0013683.exe Infected: Trojan-Proxy.Win32.Ranky.de skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP16\A0013751.exe Infected: Trojan-Downloader.Win32.Tibs.iw skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP16\A0013762.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP16\A0013768.exe Suspicious: Packed.Win32.CryptExe skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP16\A0013795.exe Infected: Trojan-Downloader.Win32.Agent.bai skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP16\A0013824.dll Infected: Trojan-Spy.Win32.Agent.io skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP27\A0026012.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP27\A0026013.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP28\A0026911.exe Infected: Trojan-Proxy.Win32.Ranky.ga skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP28\A0026912.exe Infected: Trojan-Proxy.Win32.Ranky.ga skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP29\A0028983.dll Object is locked skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP29\A0028988.dll Object is locked skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP29\A0028994.exe Object is locked skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP29\A0028998.dll Object is locked skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP29\A0029012.dll Object is locked skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP29\A0029014.dll Object is locked skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP29\A0029021.exe Object is locked skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP31\A0030469.exe Infected: Trojan-Proxy.Win32.Ranky.ga skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP31\A0030470.exe Infected: Trojan-Proxy.Win32.Ranky.ga skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP42\A0039558.exe Infected: Trojan-Proxy.Win32.Ranky.ga skipped
C:\U.exe Infected: Trojan-Proxy.Win32.Ranky.ga skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\D5BZ9Y11.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\stdrun16.exe Infected: Trojan-Spy.Win32.Agent.io skipped
C:\WINDOWS\Temp\xm_ab.exe Infected: Trojan-Downloader.Win32.Agent.bac skipped
C:\WINDOWS\Temp\ZLT054c7.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT054ca.TMP Object is locked skipped
C:\WINDOWS\Temp\~ds39990.tmp Infected: Trojan.Win32.Kolweb.b skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
--------------------------------------------------------
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 7:45:23 PM, on 11/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrator.D5BZ9Y11\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PxClient.exe] "C:\Program Files\Proxyconn\PxUi.exe" /Automation
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162778285718
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:17 PM

Posted 07 November 2006 - 11:53 AM

Hey there,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Click Start, then All Programs, then Spybot - Search & Destroy and then Spybot - Search & Destroy.
On the left side, click "Recovery".
Select (place a check) beside ALL the backup files that contain quarantined items.
Click on the Purge Selected Items button.
A dialog will appear, stating that the backup will be removed. Click Yes.
When the Recovery window is empty, Exit Spybot.

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Please delete this file:
C:\U.exe

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° When prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button.
° Type the following in the fox --> cleanmgr and click ok.
° Let it scan your system for files to remove.
° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
° Press OK to remove them.

Now reboot back to Normal Mode

We need to purge your infected system restore points.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Now, we want to create a new, clean restore point.
Please first reboot your computer.
Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point - Something like "After trojan/spyware cleanup".
Click Create and you're done.

Please post a new Hijackthis log and let me know how the system is running.
Can you also send the Combofix log to the following email (it was cut off - too long):
blyghtondj [at] aol.com (replace the [at] with an @)

David

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:17 PM

Posted 07 November 2006 - 05:57 PM

Hey, recieved the Combofix log..thanks.
Please find and delete these three files:
C:\WINDOWS\SYSTEM32\ybadd.bak2
C:\WINDOWS\SYSTEM32\rpcc.dll
C:\WINDOWS\SYSTEM32\ddaby.dll

Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, copy and paste next in the field:

C:\WINDOWS\SYSTEM32\rlxf.dll

Then click the Send File button below.
Please let me know when you have submitted the file.

How is the PC running?

#9 JonMonster

JonMonster
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 07 November 2006 - 07:04 PM

hello,

I have submitted the file you requested, and performed all of the tasks in your last two posts. I am not having any performance problems, my pc seems to be running great. Here is my current HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:00:14 PM, on 11/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Proxyconn\PxUi.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Administrator.D5BZ9Y11\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PxClient.exe] "C:\Program Files\Proxyconn\PxUi.exe" /Automation
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162778285718
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Thank you so much for all your help! Let me know what else I need to do.
Thanks again! :thumbsup:

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:17 PM

Posted 08 November 2006 - 12:54 PM

I took a look at the file, and it appears to be legitimate, so that's good.
The latest log is looking clean!
Follow this list and your potential for being infected again will be reduced dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> Computer Safety On line - Anti-Virus
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
Glad I could help! :thumbsup:
David

#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:17 PM

Posted 18 November 2006 - 06:11 PM

Since this issue appears resolved, this Topic is now closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users