User Tag List

spamming

This is a discussion on spamming within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have avast running on my computer and the email scanner is almost always running. when I checked the details


 
 
Thread Tools Search this Thread
Old 07-07-2006, 04:03 AM   #1
I helped the forums.
 
Join Date: Nov 2004
Posts: 26
OS: XP



I have avast running on my computer and the email scanner is almost always running. when I checked the details it is scanning outbound email from various internet email accounts none of which are mine and is sending over a thousand at each batch. Nothing is appearing in my outlook express sent box so I assume I have some form of spamming software which has not been picked up by avast or adaware.

below is my Hijack this log. Can you help please?

Logfile of HijackThis v1.99.1
Scan saved at 11:56:44, on 07/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://edit.europe.yahoo.com/config/....yahoo.com/%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://edit.europe.yahoo.com/config/....yahoo.com/%3f
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI-CPanel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1151654799765
O17 - HKLM\System\CCS\Services\Tcpip\..\{29775E67-2C9F-496C-ACDD-81BF2FA44E85}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
colblimp is offline  
Sponsored Links
Advertisement
 
Old 07-07-2006, 08:13 PM   #2
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


I recommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

There isn't much showing in your log, so we'll try a general cleaning and see what turns up. Hopefully we find a spambot, because that definitely sounds like the cause of your issue.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
Cleanup!- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Anti-Malware
  • Install Ewido Anti-Malware
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • I also recommend changing the "Update interval" to something more reasonable like 12 hours.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.

Tools
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if itís checked.
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted. If prompted to reboot, click No.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
  • When the scan is complete click Recommended Action and change it to Quarantine
  • Then click Apply all actions
Once finished, click the Save report button, then click Save Report As and save it to your desktop.

Reboot your system in Normal Mode.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan


In your next post please include:
  • Panda Activescan Log
  • Ewido Log
  • A new Hijackthis! Log
__________________
Vikesrock8411 is offline  
Old 07-09-2006, 03:50 PM   #3
I helped the forums.
 
Join Date: Nov 2004
Posts: 26
OS: XP


Many thanks _ I have dowloaded what I need but am off to South Africa for a few days - back friday when i will comlpete the task and ket you know how I get on.

many thanks

Kind regds

colblimp
colblimp is offline  
Sponsored Links
Advertisement
 
Old 07-14-2006, 09:19 AM   #4
I helped the forums.
 
Join Date: Nov 2004
Posts: 26
OS: XP


I have now carried out all the actions and the hijack this and ewido logs are below, the panda active scanner found nothing:

Logfile of HijackThis v1.99.1
Scan saved at 15:30:26, on 14/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://edit.europe.yahoo.com/config/....yahoo.com/%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://edit.europe.yahoo.com/config/....yahoo.com/%3f
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI-CPanel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1151654799765
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://download.zonelabs.com/bin/pro...anner37900.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29775E67-2C9F-496C-ACDD-81BF2FA44E85}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:41:44 14/07/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{0C2F6B27-27AF-B6F9-C5BB-A3232FA987AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{40623E66-6632-B92E-52FA-C47B8259279F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DF7B4507-13C3-06E8-197B-D732093994CA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87} -> Downloader.Fugif : Cleaned with backup (quarantined).
C:\nasq.exe -> Proxy.Agent.km : Cleaned with backup (quarantined).


::Report end

When I went back into windows the spambot or whatever it is was still working. Do you have any other suggestions please?

Kind regds

John
colblimp is offline  
Old 07-14-2006, 11:26 AM   #5
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Please download Rootkit Revealer (link is at the very bottom of the page)
  • Unzip it to your desktop.
  • Open the rootkitrevealer folder and double-click rootkitrevealer.exe
  • Click the Scan button (bottom right)
  • It may take a while to scan (don't do anything while it's running)
  • When it's done, go up to File > Save. Choose to save it to your desktop.
  • Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

Download GMER to your desktop.
  • Right Click the Zip and Select Extract All.
  • Open GMER and Click the Tab labeled Autostart.
  • Now Click Scan.
  • Once done, click Copy to copy the results then paste them into Notepad. Post them in the next reply.

Please download combofix.exe-Save it to your Desktop, we will need this later.

Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Vikesrock8411 is offline  
Old 07-16-2006, 06:56 AM   #6
I helped the forums.
 
Join Date: Nov 2004
Posts: 26
OS: XP


Hi
Here are two of the three Logs, the other is on a separate reply as the whole thing is too long.

Rootkit:
HKLM\S-1-5-21-839522115-1935655697-725345543-1005\RemoteAccess\InternetProfile 21/08/2004 21:14 29 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 16/10/2004 17:55 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 16/10/2004 17:55 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 16/10/2004 17:55 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 16/10/2004 17:55 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 16/10/2004 17:55 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 16/10/2004 17:55 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 16/10/2004 17:55 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 16/10/2004 17:55 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 16/10/2004 17:55 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 16/10/2004 17:55 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 16/10/2004 17:55 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 16/10/2004 17:55 0 bytes Key name contains embedded nulls (*)
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP136\ A0010303.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP136\ A0010304.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP136\ A0010305.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP136\ A0010306.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP136\ A0010307.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP136\A0010303.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP136\A0010304.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP136\A0010305.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP136\A0010306.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP136\A0010307.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP145\ A0011061.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP145\ A0011062.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP145\ A0011063.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP145\ A0011064.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP145\ A0011065.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP145\A0011061.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP145\A0011062.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP145\A0011063.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP145\A0011064.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP145\A0011065.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP155\ A0011615.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP155\ A0011616.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP155\ A0011617.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP155\ A0011618.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP155\ A0011619.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP155\A0011615.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP155\A0011616.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP155\A0011617.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP155\A0011618.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP155\A0011619.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011712.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011713.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011714.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011715.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011716.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011733.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011734.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011735.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011736.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011737.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011802.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011803.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011804.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011805.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\ A0011806.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011712.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011713.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011714.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011715.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011716.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011733.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011734.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011735.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011736.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011737.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011802.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011803.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011804.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011805.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP158\A0011806.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP159\ A0011810.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP159\ A0011811.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP159\ A0011812.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP159\ A0011813.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP159\ A0011814.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP159\A0011810.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP159\A0011811.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP159\A0011812.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP159\A0011813.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP159\A0011814.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\ A0011956.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\ A0011957.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\ A0011958.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\ A0011959.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\ A0011960.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\ A0011992.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\ A0011993.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\ A0011994.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\ A0011995.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\ A0011996.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\A0011956.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\A0011957.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\A0011958.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\A0011959.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\A0011960.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\A0011992.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\A0011993.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\A0011994.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\A0011995.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP163\A0011996.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP165\ A0012191.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP165\ A0012192.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP165\ A0012193.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP165\ A0012194.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP165\ A0012195.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP165\A0012191.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP165\A0012192.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP165\A0012193.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP165\A0012194.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP165\A0012195.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP166\ A0012199.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP166\ A0012200.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP166\ A0012201.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP166\ A0012202.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP166\ A0012203.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP166\A0012199.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP166\A0012200.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP166\A0012201.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP166\A0012202.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP166\A0012203.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP171\ A0022685.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP171\ A0022686.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP171\ A0022687.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP171\ A0022688.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP171\ A0022689.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP171\A0022685.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP171\A0022686.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP171\A0022687.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP171\A0022688.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP171\A0022689.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP175\ A0023090.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP175\ A0023091.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP175\ A0023092.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP175\ A0023093.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP175\ A0023094.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP175\A0023090.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP175\A0023091.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP175\A0023092.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP175\A0023093.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP175\A0023094.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP277\ A0044706.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP277\ A0044707.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP277\ A0044708.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP277\ A0044709.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP277\ A0044710.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP277\A0044706.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP277\A0044707.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP277\A0044708.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP277\A0044709.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP277\A0044710.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\ A0047353.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\ A0047355.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\ A0047356.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\ A0047357.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\ A0047358.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\ A0047427.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\ A0047428.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\ A0047429.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\ A0047430.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\ A0047431.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\A0047353.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\A0047355.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\A0047356.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\A0047357.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\A0047358.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\A0047427.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\A0047428.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\A0047429.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\A0047430.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP289\A0047431.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP303\A0050006.RDB 16/07/2006 14:14 1.20 MB Visible in directory index, but not Windows API or MFT.
C:\System Volume Information\_restore{56C8BD66-F61B-45A4-A1C5-EAD48F5D657C}\RP303\A0050007.RDB 16/07/2006 14:23 1.20 MB Visible in directory index, but not Windows API or MFT.
C:\WINDOWS\ 6459SFL2.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\ QR40374O.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\6459SFL2.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\WINDOWS\QR40374O.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\WINDOWS\system32\ 42KJE738.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\ JIPE1H35.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\ Y0ULRDQR.ocx 28/04/1660 14:20 3.05 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\42KJE738.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\WINDOWS\system32\JIPE1H35.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\WINDOWS\system32\Y0ULRDQR.ocx 03/04/28980 10:41 3.05 KB Hidden from Windows API.
C:\WINDOWS\temp\_avast4_\unp202890317.tmp 16/07/2006 14:23 17.21 KB Hidden from Windows API.
C:\WINDOWS\temp\_avast4_\unp252728411.tmp 16/07/2006 14:23 8.00 KB Hidden from Windows API.
C:\WINDOWS\temp\_avast4_\unp254054068.tmp 16/07/2006 14:23 17.02 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\temp\_avast4_\unp25601310.tmp 16/07/2006 14:23 17.38 KB Visible in Windows API, MFT, but not in directory index.
C:\WINDOWS\temp\_avast4_\unp256692878.tmp 16/07/2006 14:23 17.17 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\temp\_avast4_\unp25726581.tmp 16/07/2006 14:23 17.15 KB Hidden from Windows API.
C:\WINDOWS\temp\_avast4_\unp26273190.tmp 16/07/2006 14:23 17.09 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\temp\_avast4_\unp26312055.tmp 16/07/2006 14:23 8.00 KB Hidden from Windows API.
C:\WINDOWS\temp\_avast4_\unp26317018.tmp 16/07/2006 14:23 8.00 KB Hidden from Windows API.
C:\WINDOWS\temp\_avast4_\unp263245573.tmp 16/07/2006 14:24 16.96 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\temp\_avast4_\unp266396488.tmp 16/07/2006 14:23 17.26 KB Hidden from Windows API.
C:\WINDOWS\temp\_avast4_\unp266785941.tmp 16/07/2006 14:23 8.00 KB Hidden from Windows API.
C:\WINDOWS\temp\_avast4_\unp32384287.tmp 16/07/2006 14:23 17.40 KB Visible in Windows API, MFT, but not in directory index.
C:\WINDOWS\temp\_avast4_\unp7496576.tmp 16/07/2006 14:24 16.97 KB Visible in Windows API, but not in MFT or directory index.

GMER:
GMER 1.0.10.10122 - https://www.gmer.net
Autostart 2006-07-16 14:40:13
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\[email protected] = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
[email protected] = Ati2evxx.dll
[email protected] = WRLogonNTF.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Ati HotKey [email protected] = %SystemRoot%\System32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
avast! Antivirus /*avast! Antivirus*/@ = "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
btwdins /*Bluetooth Service*/@ = C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\System32\CTsvcCDA.EXE
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Program Files\ewido anti-spyware 4.0\guard.exe
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
svcWRSSSDK /*Webroot Spy Sweeper Engine*/@ = C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SunJavaUpdateSchedC:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe = C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
@ATIPTA"C:\ATI-CPanel\atiptaxx.exe" = "C:\ATI-CPanel\atiptaxx.exe"
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@OmnipageC:\Program Files\ScanSoft\OmniPageSE\opware32.exe = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@PinnacleDriverCheckC:\WINDOWS\System32\PSDrvCheck.exe -CheckReg = C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
@EPSON Stylus Photo R300 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@REGSHAVEC:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN /*file not found*/ = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN /*file not found*/
@SpySweeper"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
@Zone Labs Client"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
@!ewido"C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

HKCU\Software\Microsoft\Windows\CurrentVersion\[email protected] = C:\WINDOWS\System32\ctfmon.exe

HKLM\Software\Classes\[email protected] = blank

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\[email protected]{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{A68865DD-EE3C-4442-9BE9-1BAB2576E3FA} /*NOMAD Explorer*/C:\Program Files\Creative\Creative Zen Touch\NOMAD Explorer\CTJBNS.DLL = C:\Program Files\Creative\Creative Zen Touch\NOMAD Explorer\CTJBNS.DLL
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\System32\btneighborhood.dll = C:\WINDOWS\System32\btneighborhood.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Program Files\Alwil Software\Avast4\ashShell.dll = C:\Program Files\Alwil Software\Avast4\ashShell.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{7C9D5882-CB4A-4090-96C8-430BFE8B795B} /*Webroot Spy Sweeper Context Menu Integration*/C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\[email protected]{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Web Folders*/ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
[email protected]{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
ewido [email protected]{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ewido [email protected]{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
[email protected]{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
[email protected]{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll

HKCU\Control Panel\[email protected] = C:\WINDOWS\System32\ssstars.scr

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\[email protected] = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttps://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = https://www.microsoft.com/isapi/redir...r=6&ar=msnhome
@Start Pagehttps://edit.europe.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f = https://edit.europe.yahoo.com/config/....yahoo.com/%3f
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttps://edit.europe.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f = https://edit.europe.yahoo.com/config/....yahoo.com/%3f
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
[email protected] = C:\WINDOWS\System32\msvidctl.dll
[email protected] = C:\WINDOWS\System32\itss.dll
[email protected] = %SystemRoot%\System32\inetcomm.dll
[email protected] = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
[email protected] = C:\WINDOWS\System32\msvidctl.dll
[email protected] = C:\WINDOWS\system32\msdxm.ocx
[email protected] = C:\WINDOWS\System32\wiascr.dll
[email protected] = C:\WINDOWS\System32\btxppanel.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5499C4B-316F-4903-BFA2-95F86D9F9F66} /*Wireless Network Connection*/ >>>
@IPAddress192.168.0.1 = 192.168.0.1
@NameServer =
@DefaultGateway =
@Domain =

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Adobe Gamma Loader.exe.lnk = Adobe Gamma Loader.exe.lnk
BTTray.lnk = BTTray.lnk
InterVideo WinCinema Manager.lnk = InterVideo WinCinema Manager.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.10 ----

Thanks - Combofix on next post.

regds
colblimp is offline  
Old 07-16-2006, 06:58 AM   #7
I helped the forums.
 
Join Date: Nov 2004
Posts: 26
OS: XP


Hi,

here is the combofix log:
Start Time= 16/07/2006 14:42:01.73
Running from: C:\Documents and Settings\John\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-16 14:39:12 528446 ( A.... ) "C:\WINDOWS\gmer.dll"
2006-07-14 13:54:56 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-14 13:54:14 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-09 11:03:14 ( .D... ) "C:\Program Files\Bethesda Softworks"
2006-07-07 12:55:16 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-01 20:57:04 ( .D... ) "C:\Program Files\Registry Mechanic"
2006-07-01 15:38:50 ( .D... ) "C:\Program Files\Webroot"
2006-07-01 15:38:50 ( .D... ) "C:\Documents and Settings\John\Application Data\Webroot"
2006-06-30 16:20:36 47580 ( A.SHR ) "C:\NTDETECT.COM"
2006-06-29 10:04:06 3055 ( A.... ) "C:\Program Files\secure32.html"
2006-06-18 17:54:58 394872 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-06-18 17:54:58 394872 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-06-18 17:54:26 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-06-18 17:54:26 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-06-18 17:54:24 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-06-18 17:54:24 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-06-18 17:54:22 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-06-18 17:54:22 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-06-18 17:54:20 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-06-18 17:54:20 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-06-18 17:54:20 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-06-18 17:54:18 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-06-18 17:54:08 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-06-12 11:03:26 ( .D... ) "C:\Program Files\Sports Interactive"
2006-06-06 20:49:18 745531 ( A.... ) "C:\WINDOWS\gmer.exe"
2006-05-31 10:02:04 624640 ( A.... ) "C:\WINDOWS\system32\aswBoot.exe"
2006-05-31 09:54:36 90112 ( A.... ) "C:\WINDOWS\system32\AVASTSS.scr"
2006-05-19 13:15:34 140288 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 13:15:34 83456 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-19 13:15:34 70656 ( A.... ) "C:\WINDOWS\system32\ws2_32.dll"
2006-05-19 13:15:34 54272 ( A.... ) "C:\WINDOWS\system32\ipv6mon.dll"
2006-05-19 13:15:34 31232 ( A.... ) "C:\WINDOWS\system32\inetmib1.dll"
2006-05-19 13:15:34 13312 ( A.... ) "C:\WINDOWS\system32\wship6.dll"
2006-05-19 13:15:32 103936 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 13:15:32 95232 ( A.... ) "C:\WINDOWS\system32\6to4svc.dll"
2006-05-19 09:51:02 159232 ( A.... ) "C:\WINDOWS\system32\xpob2res.dll"
2006-05-19 09:46:02 48640 ( A.... ) "C:\WINDOWS\system32\ipv6.exe"
2006-05-19 09:44:56 83456 ( A.... ) "C:\WINDOWS\system32\netsh.exe"
2006-05-18 06:58:56 458752 ( A.... ) "C:\WINDOWS\system32\jscript(2).dll"

Rootkit driver pe386 is present. A rootkit scan is required


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-16 14:39 745,531 C:\WINDOWS\gmer.exe
2006-07-16 14:39 528,446 C:\WINDOWS\gmer.dll
2006-07-14 14:51 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-14 14:51 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-07 12:55 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-07-07 12:55 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-07-07 12:55 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-07-07 12:55 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-07-07 12:55 59,384 C:\WINDOWS\system32\vswmi.dll
2006-07-07 12:55 394,872 C:\WINDOWS\system32\vsdatant.sys
2006-07-07 12:55 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-07-07 12:55 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-07-07 12:55 100,344 C:\WINDOWS\system32\vsxml.dll
2006-07-07 12:54 83,960 C:\WINDOWS\system32\vsdata.dll
2006-07-07 12:54 440,312 C:\WINDOWS\system32\vsutil.dll
2006-07-07 12:54 157,688 C:\WINDOWS\system32\vsinit.dll
2006-07-01 20:57 24,576 C:\WINDOWS\system32\STKIT432.DLL
2006-07-01 15:38 8,192 C:\WINDOWS\system32\ssiefr.EXE
2006-07-01 15:38 492,544 C:\WINDOWS\system32\WRLogonNtf.dll
2006-07-01 15:38 17,920 C:\WINDOWS\system32\wrlzma.dll
2006-07-01 15:38 102,912 C:\WINDOWS\system32\islzma.dll
2006-07-01 10:41 588,288 C:\WINDOWS\system32\wininet(3).dll
2006-07-01 10:41 484,352 C:\WINDOWS\system32\urlmon(3).dll
2006-07-01 10:41 1,026,048 C:\WINDOWS\system32\browseui(2).dll
2006-07-01 08:35 127,208 C:\WINDOWS\system32\mucltui.dll
2006-06-30 16:04 997,888 C:\WINDOWS\system32\wmvdmoe2.dll
2006-06-30 16:04 892,416 C:\WINDOWS\system32\wmspdmoe.dll
2006-06-30 16:04 865,216 C:\WINDOWS\system32\ati3d1ag.dll
2006-06-30 16:04 755,200 C:\WINDOWS\system32\ir50_32.dll
2006-06-30 16:04 7,680 C:\WINDOWS\system32\bitsprx2.dll
2006-06-30 16:04 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-06-30 16:04 594,944 C:\WINDOWS\system32\xpsp2res.dll
2006-06-30 16:04 52,224 C:\WINDOWS\system32\mspmsnsv.dll
2006-06-30 16:04 504,832 C:\WINDOWS\system32\msftedit.dll
2006-06-30 16:04 5,632 C:\WINDOWS\system32\hccoin.dll
2006-06-30 16:04 486,536 C:\WINDOWS\system32\wmspdmod.dll
2006-06-30 16:04 403,456 C:\WINDOWS\system32\winbrand.dll
2006-06-30 16:04 384,512 C:\WINDOWS\system32\mp4sdmod.dll
2006-06-30 16:04 361,984 C:\WINDOWS\system32\qmgr.dll
2006-06-30 16:04 361,984 C:\WINDOWS\system32\qmgr(2).dll
2006-06-30 16:04 338,432 C:\WINDOWS\system32\ir41_qcx.dll
2006-06-30 16:04 331,776 C:\WINDOWS\system32\winhttp.dll
2006-06-30 16:04 331,776 C:\WINDOWS\system32\winhttp(3).dll
2006-06-30 16:04 316,040 C:\WINDOWS\system32\mp43dmod.dll
2006-06-30 16:04 3,584 C:\WINDOWS\system32\dsprpres.dll
2006-06-30 16:04 27,648 C:\WINDOWS\system32\pidgen.dll
2006-06-30 16:04 225,280 C:\WINDOWS\system32\wmpdxm.dll
2006-06-30 16:04 218,112 C:\WINDOWS\system32\sbe.dll
2006-06-30 16:04 200,192 C:\WINDOWS\system32\ir50_qc.dll
2006-06-30 16:04 187,904 C:\WINDOWS\system32\xpsp1res.dll
2006-06-30 16:04 183,808 C:\WINDOWS\system32\ir50_qcx.dll
2006-06-30 16:04 18,944 C:\WINDOWS\system32\encapi.dll
2006-06-30 16:04 172,032 C:\WINDOWS\system32\mssap.dll
2006-06-30 16:04 167,936 C:\WINDOWS\system32\wmerror.dll
2006-06-30 16:04 155,648 C:\WINDOWS\system32\encdec.dll
2006-06-30 16:04 143,360 C:\WINDOWS\system32\wmidx.dll
2006-06-30 16:04 120,320 C:\WINDOWS\system32\ir41_qc.dll
2006-06-30 16:04 115,200 C:\WINDOWS\system32\dpcdll.dll
2006-06-30 16:04 110,080 C:\WINDOWS\system32\sbeio.dll
2006-06-30 16:04 106,496 C:\WINDOWS\system32\wmpasf.dll
2006-06-30 16:04 1,769,472 C:\WINDOWS\system32\dxdiagn.dll
2006-06-30 16:04 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-06-30 16:04 1,111,040 C:\WINDOWS\system32\wmsdmoe2.dll
2006-06-30 16:03 99,328 C:\WINDOWS\system32\dfrgntfs.exe
2006-06-30 16:03 98,816 C:\WINDOWS\system32\dmstyle.dll
2006-06-30 16:03 98,816 C:\WINDOWS\system32\clipbrd.exe
2006-06-30 16:03 98,304 C:\WINDOWS\system32\actxprxy.dll
2006-06-30 16:03 98,304 C:\WINDOWS\system32\actxprxy(2).dll
2006-06-30 16:03 92,160 C:\WINDOWS\system32\cscdll.dll
2006-06-30 16:03 92,160 C:\WINDOWS\system32\cscdll(3).dll
2006-06-30 16:03 91,648 C:\WINDOWS\system32\ahui.exe
2006-06-30 16:03 91,136 C:\WINDOWS\system32\advpack.dll
2006-06-30 16:03 91,136 C:\WINDOWS\system32\advpack(2).dll
2006-06-30 16:03 9,216 C:\WINDOWS\system32\wuauserv.dll
2006-06-30 16:03 9,216 C:\WINDOWS\system32\wuauserv(2).dll
2006-06-30 16:03 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-06-30 16:03 84,992 C:\WINDOWS\system32\dskquota.dll
2006-06-30 16:03 82,432 C:\WINDOWS\system32\drmstor.dll
2006-06-30 16:03 80,896 C:\WINDOWS\system32\dpvsetup.exe
2006-06-30 16:03 80,384 C:\WINDOWS\system32\cabview.dll
2006-06-30 16:03 8,192 C:\WINDOWS\system32\d3d8thk.dll
2006-06-30 16:03 8,192 C:\WINDOWS\system32\autolfn.exe
2006-06-30 16:03 797,184 C:\WINDOWS\system32\d3dim700.dll
2006-06-30 16:03 792,064 C:\WINDOWS\system32\comres.dll
2006-06-30 16:03 792,064 C:\WINDOWS\system32\comres(3).dll
2006-06-30 16:03 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-06-30 16:03 79,360 C:\WINDOWS\system32\diantz.exe
2006-06-30 16:03 77,824 C:\WINDOWS\system32\dpmodemx.dll
2006-06-30 16:03 77,824 C:\WINDOWS\system32\asycfilt.dll
2006-06-30 16:03 76,800 C:\WINDOWS\system32\dmscript.dll
2006-06-30 16:03 76,288 C:\WINDOWS\system32\dfrgfat.exe
2006-06-30 16:03 76,288 C:\WINDOWS\system32\avifil32.dll
2006-06-30 16:03 74,810 C:\WINDOWS\system32\atl.dll
2006-06-30 16:03 74,810 C:\WINDOWS\system32\atl(3).dll
2006-06-30 16:03 723,968 C:\WINDOWS\system32\dpnet.dll
2006-06-30 16:03 71,680 C:\WINDOWS\system32\browsewm.dll
2006-06-30 16:03 70,656 C:\WINDOWS\system32\defrag.exe
2006-06-30 16:03 70,144 C:\WINDOWS\system32\cryptdlg.dll
2006-06-30 16:03 7,680 C:\WINDOWS\system32\dciman32.dll
2006-06-30 16:03 7,680 C:\WINDOWS\system32\dciman32(2).dll
2006-06-30 16:03 7,680 C:\WINDOWS\system32\asferror.dll
2006-06-30 16:03 68,096 C:\WINDOWS\system32\dpnhupnp.dll
2006-06-30 16:03 678,912 C:\WINDOWS\system32\drmv2clt.dll
2006-06-30 16:03 64,512 C:\WINDOWS\system32\ciodm.dll
2006-06-30 16:03 64,512 C:\WINDOWS\system32\amstream.dll
2006-06-30 16:03 62,976 C:\WINDOWS\system32\browselc.dll
2006-06-30 16:03 62,976 C:\WINDOWS\system32\browselc(2).dll
2006-06-30 16:03 62,464 C:\WINDOWS\system32\colbact.dll
2006-06-30 16:03 62,464 C:\WINDOWS\system32\colbact(4).dll
2006-06-30 16:03 62,464 C:\WINDOWS\system32\colbact(3).dll
2006-06-30 16:03 62,464 C:\WINDOWS\system32\adsmsext.dll
2006-06-30 16:03 61,440 C:\WINDOWS\system32\dbnetlib.dll
2006-06-30 16:03 61,440 C:\WINDOWS\system32\cleanmgr.exe
2006-06-30 16:03 6,656 C:\WINDOWS\system32\batt.dll
2006-06-30 16:03 59,904 C:\WINDOWS\system32\cabinet.dll
2006-06-30 16:03 59,904 C:\WINDOWS\system32\cabinet(3).dll
2006-06-30 16:03 581,632 C:\WINDOWS\system32\catsrvut.dll
2006-06-30 16:03 581,632 C:\WINDOWS\system32\catsrvut(4).dll
2006-06-30 16:03 581,632 C:\WINDOWS\system32\catsrvut(3).dll
2006-06-30 16:03 58,368 C:\WINDOWS\system32\dmcompos.dll
2006-06-30 16:03 57,344 C:\WINDOWS\system32\admparse.dll
2006-06-30 16:03 558,592 C:\WINDOWS\system32\autofmt.exe
2006-06-30 16:03 55,296 C:\WINDOWS\system32\digest.dll
2006-06-30 16:03 544,256 C:\WINDOWS\system32\crypt32.dll
2006-06-30 16:03 544,256 C:\WINDOWS\system32\crypt32(3).dll
2006-06-30 16:03 54,784 C:\WINDOWS\system32\cmstp.exe
2006-06-30 16:03 54,272 C:\WINDOWS\system32\clusapi.dll
2006-06-30 16:03 54,272 C:\WINDOWS\system32\clusapi(3).dll
2006-06-30 16:03 53,840 C:\WINDOWS\system32\dosx.exe
2006-06-30 16:03 53,760 C:\WINDOWS\system32\cryptsvc.dll
2006-06-30 16:03 53,760 C:\WINDOWS\system32\cryptsvc(3).dll
2006-06-30 16:03 53,760 C:\WINDOWS\system32\authz.dll
2006-06-30 16:03 53,760 C:\WINDOWS\system32\authz(4).dll
2006-06-30 16:03 53,760 C:\WINDOWS\system32\authz(3).dll
2006-06-30 16:03 53,248 C:\WINDOWS\system32\cryptnet.dll
2006-06-30 16:03 51,712 C:\WINDOWS\system32\dataclen.dll
2006-06-30 16:03 50,688 C:\WINDOWS\system32\dmutil.dll
2006-06-30 16:03 5,120 C:\WINDOWS\system32\cisvc.exe
2006-06-30 16:03 499,200 C:\WINDOWS\system32\comuid.dll
2006-06-30 16:03 497,152 C:\WINDOWS\system32\clbcatq.dll
2006-06-30 16:03 497,152 C:\WINDOWS\system32\clbcatq(4).dll
2006-06-30 16:03 497,152 C:\WINDOWS\system32\clbcatq(3).dll
2006-06-30 16:03 491,520 C:\WINDOWS\system32\dsdmoprp.dll
2006-06-30 16:03 49,152 C:\WINDOWS\system32\browser.dll
2006-06-30 16:03 49,152 C:\WINDOWS\system32\browser(2).dll
2006-06-30 16:03 489,984 C:\WINDOWS\system32\dbghelp.dll
2006-06-30 16:03 489,984 C:\WINDOWS\system32\dbghelp(2).dll
2006-06-30 16:03 48,640 C:\WINDOWS\system32\cryptext.dll
2006-06-30 16:03 477,696 C:\WINDOWS\system32\cryptui.dll
2006-06-30 16:03 477,696 C:\WINDOWS\system32\cryptui(3).dll
2006-06-30 16:03 46,592 C:\WINDOWS\twain_32.dll
2006-06-30 16:03 45,632 C:\WINDOWS\system32\cliconfg.exe
2006-06-30 16:03 45,568 C:\WINDOWS\system32\docprop2.dll
2006-06-30 16:03 45,568 C:\WINDOWS\system32\cnbjmon.dll
2006-06-30 16:03 45,568 C:\WINDOWS\system32\cnbjmon(2).dll
2006-06-30 16:03 45,056 C:\WINDOWS\system32\camocx.dll
2006-06-30 16:03 44,032 C:\WINDOWS\system32\dnsrslvr.dll
2006-06-30 16:03 44,032 C:\WINDOWS\system32\dnsrslvr(2).dll
2006-06-30 16:03 44,032 C:\WINDOWS\system32\basesrv.dll
2006-06-30 16:03 436,736 C:\WINDOWS\system32\certmgr.dll
2006-06-30 16:03 41,984 C:\WINDOWS\system32\alg.exe
2006-06-30 16:03 41,472 C:\WINDOWS\system32\cmdl32.exe
2006-06-30 16:03 4,608 C:\WINDOWS\system32\dllhost.exe
2006-06-30 16:03 4,096 C:\WINDOWS\system32\csrss.exe
2006-06-30 16:03 4,096 C:\WINDOWS\system32\csrss(3).exe
2006-06-30 16:03 4,096 C:\WINDOWS\system32\actmovie.exe
2006-06-30 16:03 381,952 C:\WINDOWS\system32\dsound.dll
2006-06-30 16:03 381,952 C:\WINDOWS\system32\dpvoice.dll
2006-06-30 16:03 38,912 C:\WINDOWS\system32\audiosrv.dll
2006-06-30 16:03 38,912 C:\WINDOWS\system32\audiosrv(2).dll
2006-06-30 16:03 36,352 C:\WINDOWS\system32\cmutil.dll
2006-06-30 16:03 35,840 C:\WINDOWS\system32\cmmon32.exe
2006-06-30 16:03 35,328 C:\WINDOWS\system32\dfrgsnap.dll
2006-06-30 16:03 33,280 C:\WINDOWS\system32\dmloader.dll
2006-06-30 16:03 324,608 C:\WINDOWS\system32\cmdial32.dll
2006-06-30 16:03 32,768 C:\WINDOWS\system32\dpnhpast.dll
2006-06-30 16:03 32,768 C:\WINDOWS\system32\cfgbkend.dll
2006-06-30 16:03 307,712 C:\WINDOWS\system32\cscui.dll
2006-06-30 16:03 307,712 C:\WINDOWS\system32\cscui(2).dll
2006-06-30 16:03 301,712 C:\WINDOWS\system32\drmclien.dll
2006-06-30 16:03 30,720 C:\WINDOWS\system32\clipsrv.exe
2006-06-30 16:03 3,072 C:\WINDOWS\system32\dpnlobby.dll
2006-06-30 16:03 3,072 C:\WINDOWS\system32\dpnaddr.dll
2006-06-30 16:03 292,864 C:\WINDOWS\system32\ddraw.dll
2006-06-30 16:03 292,864 C:\WINDOWS\system32\ddraw(2).dll
2006-06-30 16:03 29,184 C:\WINDOWS\system32\cryptdll.dll
2006-06-30 16:03 29,184 C:\WINDOWS\system32\cryptdll(3).dll
2006-06-30 16:03 28,672 C:\WINDOWS\system32\dbnmpntw.dll
2006-06-30 16:03 28,160 C:\WINDOWS\system32\dplaysvr.exe
2006-06-30 16:03 272,768 C:\WINDOWS\system32\atmfd.dll
2006-06-30 16:03 27,136 C:\WINDOWS\system32\dmband.dll
2006-06-30 16:03 27,136 C:\WINDOWS\system32\ddeshare.exe
2006-06-30 16:03 27,136 C:\WINDOWS\system32\batmeter.dll
2006-06-30 16:03 27,136 C:\WINDOWS\system32\batmeter(2).dll
2006-06-30 16:03 27,136 C:\WINDOWS\system32\atmlib.dll
2006-06-30 16:03 266,752 C:\WINDOWS\winhlp32.exe
2006-06-30 16:03 263,168 C:\WINDOWS\system32\devmgr.dll
2006-06-30 16:03 25,600 C:\WINDOWS\system32\dfsshlex.dll
2006-06-30 16:03 24,576 C:\WINDOWS\system32\dbmsrpcn.dll
2006-06-30 16:03 24,576 C:\WINDOWS\system32\conime.exe
2006-06-30 16:03 24,064 C:\WINDOWS\system32\ddrawex.dll
2006-06-30 16:03 24,064 C:\WINDOWS\system32\ddrawex(2).dll
2006-06-30 16:03 239,616 C:\WINDOWS\system32\adsnt.dll
2006-06-30 16:03 238,592 C:\WINDOWS\system32\compatui.dll
2006-06-30 16:03 232,960 C:\WINDOWS\system32\blackbox.dll
2006-06-30 16:03 230,400 C:\WINDOWS\system32\dplayx.dll
2006-06-30 16:03 222,208 C:\WINDOWS\system32\compstui.dll
2006-06-30 16:03 220,672 C:\WINDOWS\system32\catsrv.dll
2006-06-30 16:03 220,672 C:\WINDOWS\system32\catsrv(4).dll
2006-06-30 16:03 220,672 C:\WINDOWS\system32\catsrv(3).dll
2006-06-30 16:03 22,528 C:\WINDOWS\system32\at.exe
2006-06-30 16:03 22,016 C:\WINDOWS\system32\davclnt.dll
2006-06-30 16:03 22,016 C:\WINDOWS\system32\davclnt(3).dll
2006-06-30 16:03 21,504 C:\WINDOWS\system32\dmserver.dll
2006-06-30 16:03 204,800 C:\WINDOWS\system32\dmadmin.exe
2006-06-30 16:03 2,025,984 C:\WINDOWS\system32\cdosys.dll
2006-06-30 16:03 19,968 C:\WINDOWS\system32\dpvacm.dll
2006-06-30 16:03 186,880 C:\WINDOWS\system32\dsdmo.dll
2006-06-30 16:03 186,880 C:\WINDOWS\system32\certcli.dll
2006-06-30 16:03 186,880 C:\WINDOWS\system32\certcli(3).dll
2006-06-30 16:03 184,320 C:\WINDOWS\system32\dmdskmgr.dll
2006-06-30 16:03 181,760 C:\WINDOWS\system32\activeds.dll
2006-06-30 16:03 181,760 C:\WINDOWS\system32\activeds(2).dll
2006-06-30 16:03 181,248 C:\WINDOWS\system32\dmime.dll
2006-06-30 16:03 179,200 C:\WINDOWS\system32\accwiz.exe
2006-06-30 16:03 174,592 C:\WINDOWS\system32\cmprops.dll
2006-06-30 16:03 168,960 C:\WINDOWS\system32\dinput8.dll
2006-06-30 16:03 168,960 C:\WINDOWS\system32\dinput8(2).dll
2006-06-30 16:03 162,816 C:\WINDOWS\system32\adsldp.dll
2006-06-30 16:03 16,896 C:\WINDOWS\system32\dpnsvr.exe
2006-06-30 16:03 16,896 C:\WINDOWS\system32\cfgmgr32.dll
2006-06-30 16:03 16,896 C:\WINDOWS\system32\cfgmgr32(2).dll
2006-06-30 16:03 16,384 C:\WINDOWS\system32\ds32gt.dll
2006-06-30 16:03 159,232 C:\WINDOWS\system32\cewmdm.dll
2006-06-30 16:03 158,720 C:\WINDOWS\system32\credui.dll
2006-06-30 16:03 158,720 C:\WINDOWS\system32\credui(2).dll
2006-06-30 16:03 151,552 C:\WINDOWS\system32\dinput.dll
2006-06-30 16:03 15,872 C:\WINDOWS\system32\alrsvc.dll
2006-06-30 16:03 145,920 C:\WINDOWS\system32\diskpart.exe
2006-06-30 16:03 14,877 C:\WINDOWS\system32\corpol.dll
2006-06-30 16:03 14,848 C:\WINDOWS\system32\bidispl.dll
2006-06-30 16:03 14,336 C:\WINDOWS\system32\dmremote.exe
2006-06-30 16:03 139,776 C:\WINDOWS\system32\adsldpc.dll
2006-06-30 16:03 139,776 C:\WINDOWS\system32\adsldpc(2).dll
2006-06-30 16:03 139,264 C:\WINDOWS\system32\dnsapi(3).dll
2006-06-30 16:03 135,680 C:\WINDOWS\system32\dsprop.dll
2006-06-30 16:03 134,144 C:\WINDOWS\regedit.exe
2006-06-30 16:03 132,608 C:\WINDOWS\system32\devenum.dll
2006-06-30 16:03 13,312 C:\WINDOWS\system32\ctfmon.exe
2006-06-30 16:03 13,312 C:\WINDOWS\system32\ctfmon(2).exe
2006-06-30 16:03 127,552 C:\WINDOWS\system32\cliconfg.dll
2006-06-30 16:03 122,880 C:\WINDOWS\system32\dmusic.dll
2006-06-30 16:03 12,288 C:\WINDOWS\system32\cmcfg32.dll
2006-06-30 16:03 115,712 C:\WINDOWS\system32\apphelp.dll
2006-06-30 16:03 113,152 C:\WINDOWS\system32\dfrgui.dll
2006-06-30 16:03 112,128 C:\WINDOWS\system32\dpvvox.dll
2006-06-30 16:03 110,080 C:\WINDOWS\system32\clbcatex.dll
2006-06-30 16:03 11,776 C:\WINDOWS\system32\drprov.dll
2006-06-30 16:03 11,776 C:\WINDOWS\system32\drprov(3).dll
2006-06-30 16:03 107,008 C:\WINDOWS\system32\aclui.dll
2006-06-30 16:03 103,424 C:\WINDOWS\system32\dgnet.dll
2006-06-30 16:03 102,450 C:\WINDOWS\system32\cscript.exe
2006-06-30 16:03 100,864 C:\WINDOWS\system32\dmsynth.dll
2006-06-30 16:03 10,752 C:\WINDOWS\hh.exe
2006-06-30 16:03 10,240 C:\WINDOWS\system32\atmadm.exe
2006-06-30 16:03 1,294,336 C:\WINDOWS\system32\dsound3d.dll
2006-06-30 16:03 1,201,152 C:\WINDOWS\system32\d3d8.dll
2006-06-30 16:03 1,179,136 C:\WINDOWS\system32\comsvcs.dll
2006-06-30 16:03 1,179,136 C:\WINDOWS\system32\comsvcs(4).dll
2006-06-30 16:03 1,179,136 C:\WINDOWS\system32\comsvcs(3).dll
2006-06-30 16:03 1,051,712 C:\WINDOWS\system32\ati3d2ag.dll
2006-06-30 16:03 1,004,032 C:\WINDOWS\explorer.exe
2006-06-30 16:03 1,004,032 C:\WINDOWS\explorer(2).exe
2006-06-30 16:02 995,384 C:\WINDOWS\system32\mfc42u.dll
2006-06-30 16:02 995,383 C:\WINDOWS\system32\mfc42.dll
2006-06-30 16:02 995,383 C:\WINDOWS\system32\mfc42(2).dll
2006-06-30 16:02 991,232 C:\WINDOWS\system32\esent.dll
2006-06-30 16:02 991,232 C:\WINDOWS\system32\esent(4).dll
2006-06-30 16:02 991,232 C:\WINDOWS\system32\esent(3).dll
2006-06-30 16:02 99,840 C:\WINDOWS\system32\services.exe
2006-06-30 16:02 99,840 C:\WINDOWS\system32\iexpress.exe
2006-06-30 16:02 981,504 C:\WINDOWS\system32\wmnetmgr.dll
2006-06-30 16:02 98,304 C:\WINDOWS\system32\wmpshell.dll
2006-06-30 16:02 98,304 C:\WINDOWS\system32\oleprn.dll
2006-06-30 16:02 98,304 C:\WINDOWS\system32\odbccp32.dll
2006-06-30 16:02 974,848 C:\WINDOWS\system32\dxdiag.exe
2006-06-30 16:02 974,336 C:\WINDOWS\system32\msdtctm.dll
2006-06-30 16:02 971,264 C:\WINDOWS\system32\msgina.dll
2006-06-30 16:02 97,280 C:\WINDOWS\system32\txflog.dll
2006-06-30 16:02 96,256 C:\WINDOWS\system32\rcbdyctl.dll
2006-06-30 16:02 95,744 C:\WINDOWS\system32\nlhtml.dll
2006-06-30 16:02 938,496 C:\WINDOWS\system32\syssetup.dll
2006-06-30 16:02 932,864 C:\WINDOWS\system32\setupapi.dll
2006-06-30 16:02 930,304 C:\WINDOWS\system32\kernel32.dll
2006-06-30 16:02 93,184 C:\WINDOWS\system32\winscard.dll
2006-06-30 16:02 93,184 C:\WINDOWS\system32\winscard(3).dll
2006-06-30 16:02 93,184 C:\WINDOWS\system32\scardsvr.exe
2006-06-30 16:02 92,160 C:\WINDOWS\system32\krnl386.exe
2006-06-30 16:02 91,648 C:\WINDOWS\system32\loadperf.dll
2006-06-30 16:02 91,136 C:\WINDOWS\system32\rastls.dll
2006-06-30 16:02 91,136 C:\WINDOWS\system32\rastls(2).dll
2006-06-30 16:02 91,136 C:\WINDOWS\system32\msoert2.dll
2006-06-30 16:02 90,112 C:\WINDOWS\system32\odbcint.dll
2006-06-30 16:02 9,728 C:\WINDOWS\system32\regsvr32.exe
2006-06-30 16:02 9,728 C:\WINDOWS\system32\gpkrsrc.dll
2006-06-30 16:02 9,216 C:\WINDOWS\system32\icaapi.dll
2006-06-30 16:02 9,216 C:\WINDOWS\system32\icaapi(2).dll
2006-06-30 16:02 9,216 C:\WINDOWS\system32\dumprep.exe
2006-06-30 16:02 89,600 C:\WINDOWS\system32\slbiop.dll
2006-06-30 16:02 88,064 C:\WINDOWS\system32\tscfgwmi.dll
2006-06-30 16:02 88,064 C:\WINDOWS\system32\mydocs.dll
2006-06-30 16:02 87,552 C:\WINDOWS\system32\polstore.dll
2006-06-30 16:02 87,552 C:\WINDOWS\system32\occache.dll
2006-06-30 16:02 87,304 C:\WINDOWS\system32\rdpdd.dll
2006-06-30 16:02 87,304 C:\WINDOWS\system32\rdpdd(2).dll
2006-06-30 16:02 86,528 C:\WINDOWS\system32\wlnotify.dll
2006-06-30 16:02 86,528 C:\WINDOWS\system32\wlnotify(3).dll
2006-06-30 16:02 86,016 C:\WINDOWS\system32\xactsrv.dll
2006-06-30 16:02 857,600 C:\WINDOWS\system32\netplwiz.dll
2006-06-30 16:02 831,519 C:\WINDOWS\system32\mswdat10.dll
2006-06-30 16:02 83,456 C:\WINDOWS\system32\mtxoci.dll
2006-06-30 16:02 829,952 C:\WINDOWS\system32\tapi3.dll
2006-06-30 16:02 82,944 C:\WINDOWS\system32\smlogsvc.exe
2006-06-30 16:02 82,944 C:\WINDOWS\system32\rasauto.dll
2006-06-30 16:02 82,944 C:\WINDOWS\system32\psbase.dll
2006-06-30 16:02 82,944 C:\WINDOWS\system32\psbase(2).dll
2006-06-30 16:02 82,944 C:\WINDOWS\system32\iphlpapi(3).dll
2006-06-30 16:02 82,432 C:\WINDOWS\system32\fldrclnr.dll
2006-06-30 16:02 816,264 C:\WINDOWS\system32\wmvdmod.dll
2006-06-30 16:02 81,920 C:\WINDOWS\system32\trkwks.dll
2006-06-30 16:02 81,920 C:\WINDOWS\system32\trkwks(2).dll
2006-06-30 16:02 81,408 C:\WINDOWS\system32\logagent.exe
2006-06-30 16:02 802,304 C:\WINDOWS\system32\dxmrtp.dll
2006-06-30 16:02 80,896 C:\WINDOWS\system32\ntprint.dll
2006-06-30 16:02 80,384 C:\WINDOWS\system32\mciavi32.dll
2006-06-30 16:02 80,128 C:\WINDOWS\system32\msapsspc.dll
2006-06-30 16:02 8,832 C:\WINDOWS\system32\framebuf.dll
2006-06-30 16:02 8,704 C:\WINDOWS\system32\lprhelp.dll
2006-06-30 16:02 8,456 C:\WINDOWS\system32\tsddd.dll
2006-06-30 16:02 8,351,232 C:\WINDOWS\system32\shell32.dll
2006-06-30 16:02 8,351,232 C:\WINDOWS\system32\shell32(5).dll
2006-06-30 16:02 8,351,232 C:\WINDOWS\system32\shell32(4).dll
2006-06-30 16:02 8,351,232 C:\WINDOWS\system32\shell32(3).dll
2006-06-30 16:02 8,192 C:\WINDOWS\system32\scrnsave.scr
2006-06-30 16:02 8,192 C:\WINDOWS\system32\igmpagnt.dll
2006-06-30 16:02 79,872 C:\WINDOWS\system32\srvsvc.dll
2006-06-30 16:02 79,360 C:\WINDOWS\system32\mprapi.dll
2006-06-30 16:02 79,360 C:\WINDOWS\system32\mprapi(2).dll
2006-06-30 16:02 79,360 C:\WINDOWS\system32\makecab.exe
2006-06-30 16:02 774,144 C:\WINDOWS\system32\mmc.exe
2006-06-30 16:02 77,824 C:\WINDOWS\system32\isign32.dll
2006-06-30 16:02 762,368 C:\WINDOWS\system32\winntbbu.dll
2006-06-30 16:02 760,968 C:\WINDOWS\system32\wmsdmod.dll
2006-06-30 16:02 75,912 C:\WINDOWS\system32\rdpwsx.dll
2006-06-30 16:02 75,264 C:\WINDOWS\system32\ws2_32(3).dll
2006-06-30 16:02 74,752 C:\WINDOWS\system32\netui0.dll
2006-06-30 16:02 74,752 C:\WINDOWS\system32\netui0(3).dll
2006-06-30 16:02 74,240 C:\WINDOWS\system32\rtcshare.exe
2006-06-30 16:02 733,184 C:\WINDOWS\system32\qedwipes.dll
2006-06-30 16:02 73,728 C:\WINDOWS\system32\ils.dll
2006-06-30 16:02 72,192 C:\WINDOWS\system32\telnet.exe
2006-06-30 16:02 71,680 C:\WINDOWS\system32\nslookup.exe
2006-06-30 16:02 71,168 C:\WINDOWS\system32\storprop.dll
2006-06-30 16:02 71,168 C:\WINDOWS\system32\sdbinst.exe
2006-06-30 16:02 700,928 C:\WINDOWS\system32\sxs.dll
2006-06-30 16:02 700,928 C:\WINDOWS\system32\sxs(3).dll
2006-06-30 16:02 70,656 C:\WINDOWS\system32\wiascr.dll
2006-06-30 16:02 7,040 C:\WINDOWS\system32\kd1394.dll
2006-06-30 16:02 699,392 C:\WINDOWS\system32\msxml2.dll
2006-06-30 16:02 69,632 C:\WINDOWS\system32\shrpubw.exe
2006-06-30 16:02 69,632 C:\WINDOWS\system32\icwdial.dll
2006-06-30 16:02 69,120 C:\WINDOWS\system32\unimdmat.dll
2006-06-30 16:02 686,080 C:\WINDOWS\system32\opengl32.dll
2006-06-30 16:02 681,984 C:\WINDOWS\system32\lsasrv.dll
2006-06-30 16:02 68,928 C:\WINDOWS\system32\mmsystem.dll
2006-06-30 16:02 68,608 C:\WINDOWS\system32\mscms.dll
2006-06-30 16:02 68,608 C:\WINDOWS\system32\mscms(3).dll
2006-06-30 16:02 68,608 C:\WINDOWS\system32\mscms(2).dll
2006-06-30 16:02 68,608 C:\WINDOWS\system32\locator.exe
2006-06-30 16:02 68,096 C:\WINDOWS\system32\inetpp.dll
2006-06-30 16:02 68,096 C:\WINDOWS\system32\inetpp(2).dll
2006-06-30 16:02 670,208 C:\WINDOWS\system32\wmadmoe.dll
2006-06-30 16:02 67,584 C:\WINDOWS\system32\msctfp.dll
2006-06-30 16:02 67,584 C:\WINDOWS\system32\magnify.exe
2006-06-30 16:02 67,072 C:\WINDOWS\system32\usbui.dll
2006-06-30 16:02 67,072 C:\WINDOWS\system32\msacm32.dll
2006-06-30 16:02 67,072 C:\WINDOWS\system32\msacm32(3).dll
2006-06-30 16:02 667,648 C:\WINDOWS\system32\ss3dfo.scr
2006-06-30 16:02 667,136 C:\WINDOWS\system32\userenv.dll
2006-06-30 16:02 66,560 C:\WINDOWS\system32\spoolss.dll
2006-06-30 16:02 66,560 C:\WINDOWS\system32\spoolss(2).dll
2006-06-30 16:02 66,560 C:\WINDOWS\system32\scarddlg.dll
2006-06-30 16:02 66,560 C:\WINDOWS\system32\mmcbase.dll
2006-06-30 16:02 66,560 C:\WINDOWS\system32\faultrep.dll
2006-06-30 16:02 66,048 C:\WINDOWS\system32\sigverif.exe
2006-06-30 16:02 66,048 C:\WINDOWS\system32\notepad.exe
2006-06-30 16:02 66,048 C:\WINDOWS\system32\msw3prt.dll
2006-06-30 16:02 66,048 C:\WINDOWS\notepad.exe
2006-06-30 16:02 654,336 C:\WINDOWS\system32\ntdll.dll
2006-06-30 16:02 65,585 C:\WINDOWS\system32\wshext.dll
2006-06-30 16:02 65,536 C:\WINDOWS\system32\msconf.dll
2006-06-30 16:02 65,024 C:\WINDOWS\system32\msvcrt40.dll
2006-06-30 16:02 64,512 C:\WINDOWS\system32\ntdsapi.dll
2006-06-30 16:02 64,512 C:\WINDOWS\system32\ntdsapi(3).dll
2006-06-30 16:02 64,512 C:\WINDOWS\system32\mtxclu.dll
2006-06-30 16:02 64,512 C:\WINDOWS\system32\mtxclu(5).dll
2006-06-30 16:02 64,512 C:\WINDOWS\system32\mtxclu(4).dll
2006-06-30 16:02 64,512 C:\WINDOWS\system32\mtxclu(3).dll
2006-06-30 16:02 64,000 C:\WINDOWS\system32\webclnt.dll
2006-06-30 16:02 64,000 C:\WINDOWS\system32\webclnt(3).dll
2006-06-30 16:02 64,000 C:\WINDOWS\system32\webclnt(2).dll
2006-06-30 16:02 638,976 C:\WINDOWS\system32\sstext3d.scr
2006-06-30 16:02 631,808 C:\WINDOWS\system32\rasdlg.dll
2006-06-30 16:02 63,488 C:\WINDOWS\system32\srclient.dll
2006-06-30 16:02 62,976 C:\WINDOWS\system32\shgina.dll
2006-06-30 16:02 614,431 C:\WINDOWS\system32\mswstr10.dll
2006-06-30 16:02 61,952 C:\WINDOWS\system32\sti.dll
2006-06-30 16:02 61,952 C:\WINDOWS\system32\rdshost.exe
2006-06-30 16:02 61,952 C:\WINDOWS\system32\osuninst.dll
2006-06-30 16:02 61,440 C:\WINDOWS\system32\odbccu32.dll
2006-06-30 16:02 61,440 C:\WINDOWS\system32\odbccr32.dll
2006-06-30 16:02 61,440 C:\WINDOWS\system32\icwphbk.dll
2006-06-30 16:02 602,624 C:\WINDOWS\system32\dx7vb.dll
2006-06-30 16:02 60,416 C:\WINDOWS\system32\wextract.exe
2006-06-30 16:02 60,416 C:\WINDOWS\system32\shimeng.dll
2006-06-30 16:02 6,656 C:\WINDOWS\system32\ntlsapi.dll
2006-06-30 16:02 6,656 C:\WINDOWS\system32\laprxy.dll
2006-06-30 16:02 6,144 C:\WINDOWS\system32\sensapi.dll
2006-06-30 16:02 6,144 C:\WINDOWS\system32\sensapi(3).dll
2006-06-30 16:02 6,144 C:\WINDOWS\system32\rasadhlp.dll
2006-06-30 16:02 6,144 C:\WINDOWS\system32\rasadhlp(3).dll
2006-06-30 16:02 6,144 C:\WINDOWS\system32\msdtc.exe
2006-06-30 16:02 598,016 C:\WINDOWS\system32\mstscax.dll
2006-06-30 16:02 596,480 C:\WINDOWS\system32\inetcomm.dll
2006-06-30 16:02 593,408 C:\WINDOWS\system32\h323msp.dll
2006-06-30 16:02 59,392 C:\WINDOWS\system32\iesetup.dll
2006-06-30 16:02 584,192 C:\WINDOWS\system32\netcfgx.dll
2006-06-30 16:02 584,192 C:\WINDOWS\system32\netcfgx(2).dll
2006-06-30 16:02 58,880 C:\WINDOWS\system32\pautoenr.dll
2006-06-30 16:02 578,560 C:\WINDOWS\system32\autoconv.exe
2006-06-30 16:02 577,024 C:\WINDOWS\system32\mlang.dll
2006-06-30 16:02 577,024 C:\WINDOWS\system32\mlang(2).dll
2006-06-30 16:02 57,856 C:\WINDOWS\system32\raschap.dll
2006-06-30 16:02 57,856 C:\WINDOWS\system32\raschap(2).dll
2006-06-30 16:02 57,856 C:\WINDOWS\system32\licwmi.dll
2006-06-30 16:02 569,344 C:\WINDOWS\system32\sspipes.scr
2006-06-30 16:02 569,344 C:\WINDOWS\system32\oleaut32.dll
2006-06-30 16:02 568,832 C:\WINDOWS\system32\wiashext.dll
2006-06-30 16:02 565,760 C:\WINDOWS\system32\autochk.exe
2006-06-30 16:02 561,152 C:\WINDOWS\system32\user32.dll
2006-06-30 16:02 56,832 C:\WINDOWS\system32\wzcdlg.dll
2006-06-30 16:02 56,320 C:\WINDOWS\system32\remotepg.dll
2006-06-30 16:02 56,320 C:\WINDOWS\system32\mshtmler.dll
2006-06-30 16:02 56,320 C:\WINDOWS\system32\miglibnt.dll
2006-06-30 16:02 558,080 C:\WINDOWS\system32\advapi32.dll
2006-06-30 16:02 557,056 C:\WINDOWS\system32\comctl32.dll
2006-06-30 16:02 552,989 C:\WINDOWS\system32\msrepl40.dll
2006-06-30 16:02 55,808 C:\WINDOWS\system32\rasman.dll
2006-06-30 16:02 55,808 C:\WINDOWS\system32\mpr.dll
2006-06-30 16:02 55,808 C:\WINDOWS\system32\mpr(3).dll
2006-06-30 16:02 548,864 C:\WINDOWS\system32\shdoclc.dll
2006-06-30 16:02 548,864 C:\WINDOWS\system32\shdoclc(2).dll
2006-06-30 16:02 548,352 C:\WINDOWS\system32\rtcdll.dll
2006-06-30 16:02 54,784 C:\WINDOWS\system32\samlib.dll
2006-06-30 16:02 54,784 C:\WINDOWS\system32\resutils.dll
2006-06-30 16:02 54,784 C:\WINDOWS\system32\resutils(3).dll
2006-06-30 16:02 54,784 C:\WINDOWS\system32\msdtclog.dll
2006-06-30 16:02 54,272 C:\WINDOWS\system32\rastapi.dll
2006-06-30 16:02 54,272 C:\WINDOWS\system32\rasphone.exe
2006-06-30 16:02 535,552 C:\WINDOWS\system32\rpcrt4.dll
2006-06-30 16:02 535,552 C:\WINDOWS\system32\rpcrt4(3).dll
2006-06-30 16:02 534,016 C:\WINDOWS\system32\spider.exe
2006-06-30 16:02 53,279 C:\WINDOWS\system32\odbcji32.dll
2006-06-30 16:02 53,279 C:\WINDOWS\system32\msjter40.dll
2006-06-30 16:02 53,248 C:\WINDOWS\system32\spoolsv.exe
2006-06-30 16:02 53,248 C:\WINDOWS\system32\spoolsv(3).exe
2006-06-30 16:02 53,248 C:\WINDOWS\system32\spoolsv(2).exe
2006-06-30 16:02 53,248 C:\WINDOWS\system32\servdeps.dll
2006-06-30 16:02 53,248 C:\WINDOWS\system32\sendmail.dll
2006-06-30 16:02 53,248 C:\WINDOWS\system32\packager.exe
2006-06-30 16:02 53,248 C:\WINDOWS\system32\odbcconf.exe
2006-06-30 16:02 522,240 C:\WINDOWS\system32\printui.dll
2006-06-30 16:02 52,224 C:\WINDOWS\system32\secur32.dll
2006-06-30 16:02 52,224 C:\WINDOWS\system32\secur32(3).dll
2006-06-30 16:02 516,608 C:\WINDOWS\system32\winlogon.exe
2006-06-30 16:02 512,029 C:\WINDOWS\system32\msexch40.dll
2006-06-30 16:02 51,712 C:\WINDOWS\system32\synceng.dll
2006-06-30 16:02 51,712 C:\WINDOWS\system32\regsvc.dll
2006-06-30 16:02 51,712 C:\WINDOWS\system32\msasn1.dll
2006-06-30 16:02 51,712 C:\WINDOWS\system32\msasn1(3).dll
2006-06-30 16:02 51,712 C:\WINDOWS\system32\ipconfig.exe
2006-06-30 16:02 51,200 C:\WINDOWS\system32\narrator.exe
2006-06-30 16:02 504,320 C:\WINDOWS\system32\logonui.exe
2006-06-30 16:02 50,688 C:\WINDOWS\system32\msvcirt.dll
2006-06-30 16:02 5,632 C:\WINDOWS\system32\wmi.dll
2006-06-30 16:02 5,632 C:\WINDOWS\system32\wmi(2).dll
2006-06-30 16:02 5,632 C:\WINDOWS\system32\security.dll
2006-06-30 16:02 5,632 C:\WINDOWS\system32\security(2).dll
2006-06-30 16:02 5,120 C:\WINDOWS\system32\msidle.dll
2006-06-30 16:02 5,120 C:\WINDOWS\system32\msidle(2).dll
2006-06-30 16:02 498,205 C:\WINDOWS\system32\dxmasf.dll
2006-06-30 16:02 495,376 C:\WINDOWS\system32\msxml.dll
2006-06-30 16:02 493,056 C:\WINDOWS\system32\hypertrm.dll
2006-06-30 16:02 49,664 C:\WINDOWS\system32\vfwwdm32.dll
2006-06-30 16:02 49,664 C:\WINDOWS\system32\ixsso.dll
2006-06-30 16:02 49,152 C:\WINDOWS\system32\npptools.dll
2006-06-30 16:02 49,152 C:\WINDOWS\system32\eventlog.dll
2006-06-30 16:02 49,152 C:\WINDOWS\system32\eventlog(3).dll
2006-06-30 16:02 48,640 C:\WINDOWS\system32\vdmredir.dll
2006-06-30 16:02 48,128 C:\WINDOWS\system32\winsta.dll
2006-06-30 16:02 48,128 C:\WINDOWS\system32\reg.exe
2006-06-30 16:02 479,261 C:\WINDOWS\system32\vbscript.dll
2006-06-30 16:02 470,528 C:\WINDOWS\system32\qdvd.dll
2006-06-30 16:02 47,616 C:\WINDOWS\system32\utilman.exe
2006-06-30 16:02 47,616 C:\WINDOWS\system32\inetres.dll
2006-06-30 16:02 47,104 C:\WINDOWS\system32\wstdecod.dll
2006-06-30 16:02 47,104 C:\WINDOWS\system32\mspmspsv.dll
2006-06-30 16:02 47,104 C:\WINDOWS\system32\dssec.dll
2006-06-30 16:02 460,288 C:\WINDOWS\system32\ntmsmgr.dll
2006-06-30 16:02 46,592 C:\WINDOWS\system32\wdigest.dll
2006-06-30 16:02 46,592 C:\WINDOWS\system32\wdigest(3).dll
2006-06-30 16:02 46,592 C:\WINDOWS\system32\mmcshext.dll
2006-06-30 16:02 45,568 C:\WINDOWS\system32\smss.exe
2006-06-30 16:02 45,568 C:\WINDOWS\system32\iyuv_32.dll
2006-06-30 16:02 45,056 C:\WINDOWS\system32\proquota.exe
2006-06-30 16:02 45,056 C:\WINDOWS\system32\msprivs.dll
2006-06-30 16:02 45,056 C:\WINDOWS\system32\msprivs(3).dll
2006-06-30 16:02 449,536 C:\WINDOWS\system32\wiadefui.dll
2006-06-30 16:02 440,320 C:\WINDOWS\system32\mshtmled(2).dll
2006-06-30 16:02 44,032 C:\WINDOWS\system32\regapi.dll
2006-06-30 16:02 44,032 C:\WINDOWS\system32\regapi(3).dll
2006-06-30 16:02 44,032 C:\WINDOWS\system32\rdpclip.exe
2006-06-30 16:02 44,032 C:\WINDOWS\system32\msident.dll
2006-06-30 16:02 439,808 C:\WINDOWS\system32\ipnathlp.dll
2006-06-30 16:02 43,008 C:\WINDOWS\system32\ssmypics.scr
2006-06-30 16:02 43,008 C:\WINDOWS\system32\ssdpsrv.dll
2006-06-30 16:02 43,008 C:\WINDOWS\system32\ssdpsrv(2).dll
2006-06-30 16:02 423,424 C:\WINDOWS\system32\riched20.dll
2006-06-30 16:02 423,424 C:\WINDOWS\system32\riched20(2).dll
2006-06-30 16:02 421,919 C:\WINDOWS\system32\msrd2x40.dll
2006-06-30 16:02 420,864 C:\WINDOWS\system32\shimgvw.dll
2006-06-30 16:02 42,496 C:\WINDOWS\system32\ncobjapi.dll
2006-06-30 16:02 414,720 C:\WINDOWS\system32\wiaacmgr.exe
2006-06-30 16:02 411,136 C:\WINDOWS\system32\samsrv.dll
2006-06-30 16:02 410,248 C:\WINDOWS\system32\wmadmod.dll
2006-06-30 16:02 409,088 C:\WINDOWS\system32\vssapi.dll
2006-06-30 16:02 409,088 C:\WINDOWS\system32\vssapi(3).dll
2006-06-30 16:02 409,088 C:\WINDOWS\system32\shlwapi(4).dll
2006-06-30 16:02 409,088 C:\WINDOWS\system32\shlwapi(3).dll
2006-06-30 16:02 401,462 C:\WINDOWS\system32\msvcp60.dll
2006-06-30 16:02 401,462 C:\WINDOWS\system32\msvcp60(3).dll
2006-06-30 16:02 40,960 C:\WINDOWS\system32\tscupgrd.exe
2006-06-30 16:02 40,960 C:\WINDOWS\system32\tcpmonui.dll
2006-06-30 16:02 40,960 C:\WINDOWS\system32\safrslv.dll
2006-06-30 16:02 40,960 C:\WINDOWS\system32\extrac32.exe
2006-06-30 16:02 40,448 C:\WINDOWS\system32\tcpmon.dll
2006-06-30 16:02 40,448 C:\WINDOWS\system32\tcpmon(2).dll
2006-06-30 16:02 40,448 C:\WINDOWS\system32\ftp.exe
2006-06-30 16:02 4,608 C:\WINDOWS\system32\msimg32.dll
2006-06-30 16:02 4,608 C:\WINDOWS\system32\msimg32(3).dll
2006-06-30 16:02 4,126 C:\WINDOWS\system32\msdxmlc.dll
2006-06-30 16:02 4,096 C:\WINDOWS\system32\winver.exe
2006-06-30 16:02 4,096 C:\WINDOWS\system32\sfc.dll
2006-06-30 16:02 4,096 C:\WINDOWS\system32\sfc(3).dll
2006-06-30 16:02 4,096 C:\WINDOWS\system32\nddeapir.exe
2006-06-30 16:02 4,096 C:\WINDOWS\system32\ksuser.dll
2006-06-30 16:02 399,360 C:\WINDOWS\system32\netlogon.dll
2006-06-30 16:02 399,360 C:\WINDOWS\system32\netlogon(3).dll
2006-06-30 16:02 395,776 C:\WINDOWS\system32\ntvdm.exe
2006-06-30 16:02 392,704 C:\WINDOWS\system32\ntmssvc.dll
2006-06-30 16:02 39,936 C:\WINDOWS\system32\rtutils.dll
2006-06-30 16:02 39,936 C:\WINDOWS\system32\rtutils(3).dll
2006-06-30 16:02 39,936 C:\WINDOWS\system32\htui.dll
2006-06-30 16:02 39,424 C:\WINDOWS\system32\safrcdlg.dll
2006-06-30 16:02 39,424 C:\WINDOWS\system32\net.exe
2006-06-30 16:02 388,608 C:\WINDOWS\system32\mstsc.exe
2006-06-30 16:02 387,584 C:\WINDOWS\system32\regwizc.dll
2006-06-30 16:02 385,024 C:\WINDOWS\system32\sqlsrv32.dll
2006-06-30 16:02 384,000 C:\WINDOWS\system32\themeui.dll
2006-06-30 16:02 384,000 C:\WINDOWS\system32\themeui(2).dll
2006-06-30 16:02 381,440 C:\WINDOWS\system32\lmrt.dll
2006-06-30 16:02 380,957 C:\WINDOWS\system32\expsrv.dll
2006-06-30 16:02 38,912 C:\WINDOWS\system32\wsnmp32.dll
2006-06-30 16:02 38,912 C:\WINDOWS\system32\hhsetup.dll
2006-06-30 16:02 38,400 C:\WINDOWS\system32\ntmsapi.dll
2006-06-30 16:02 38,400 C:\WINDOWS\system32\ntlanman.dll
2006-06-30 16:02 38,400 C:\WINDOWS\system32\ntlanman(3).dll
2006-06-30 16:02 375,808 C:\WINDOWS\system32\cmd.exe
2006-06-30 16:02 37,888 C:\WINDOWS\system32\pstorec.dll
2006-06-30 16:02 37,888 C:\WINDOWS\system32\grpconv.exe
2006-06-30 16:02 37,376 C:\WINDOWS\system32\perfctrs.dll
2006-06-30 16:02 368,640 C:\WINDOWS\system32\msdtcprx.dll
2006-06-30 16:02 367,616 C:\WINDOWS\system32\licdll.dll
2006-06-30 16:02 367,616 C:\WINDOWS\system32\licdll(2).dll
2006-06-30 16:02 364,544 C:\WINDOWS\system32\ssflwbox.scr
2006-06-30 16:02 364,032 C:\WINDOWS\system32\ipsmsnap.dll
2006-06-30 16:02 361,472 C:\WINDOWS\system32\fontext.dll
2006-06-30 16:02 36,922 C:\WINDOWS\system32\imeshare.dll
2006-06-30 16:02 36,864 C:\WINDOWS\system32\mscpxl32.dll
2006-06-30 16:02 36,864 C:\WINDOWS\system32\mf3216.dll
2006-06-30 16:02 36,352 C:\WINDOWS\system32\sens.dll
2006-06-30 16:02 36,352 C:\WINDOWS\system32\sens(2).dll
2006-06-30 16:02 36,352 C:\WINDOWS\system32\rshx32.dll
2006-06-30 16:02 358,912 C:\WINDOWS\system32\msscp.dll
2006-06-30 16:02 354,816 C:\WINDOWS\system32\psisdecd.dll
2006-06-30 16:02 35,632 C:\WINDOWS\system32\ntio411.sys
2006-06-30 16:02 35,392 C:\WINDOWS\system32\ntio412.sys
2006-06-30 16:02 348,189 C:\WINDOWS\system32\msxbde40.dll
2006-06-30 16:02 348,189 C:\WINDOWS\system32\mspbde40.dll
2006-06-30 16:02 346,624 C:\WINDOWS\system32\tourstart.exe
2006-06-30 16:02 343,552 C:\WINDOWS\system32\termmgr.dll
2006-06-30 16:02 34,528 C:\WINDOWS\system32\ntio804.sys
2006-06-30 16:02 34,528 C:\WINDOWS\system32\ntio404.sys
2006-06-30 16:02 34,304 C:\WINDOWS\system32\rcimlby.exe
2006-06-30 16:02 34,304 C:\WINDOWS\system32\mciqtz32.dll
2006-06-30 16:02 339,968 C:\WINDOWS\system32\mspaint.exe
2006-06-30 16:02 339,456 C:\WINDOWS\system32\usp10.dll
2006-06-30 16:02 334,848 C:\WINDOWS\system32\smlogcfg.dll
2006-06-30 16:02 332,800 C:\WINDOWS\system32\ipsecsnp.dll
2006-06-30 16:02 33,808 C:\WINDOWS\system32\ntio.sys
2006-06-30 16:02 33,280 C:\WINDOWS\system32\shmgrate.exe
2006-06-30 16:02 33,280 C:\WINDOWS\system32\racpldlg.dll
2006-06-30 16:02 328,704 C:\WINDOWS\system32\oakley.dll
2006-06-30 16:02 328,704 C:\WINDOWS\system32\oakley(2).dll
2006-06-30 16:02 326,656 C:\WINDOWS\system32\netsetup.exe
2006-06-30 16:02 324,096 C:\WINDOWS\system32\mswebdvd.dll
2006-06-30 16:02 323,072 C:\WINDOWS\system32\msvcrt.dll
2006-06-30 16:02 323,072 C:\WINDOWS\system32\msvcrt(3).dll
2006-06-30 16:02 323,072 C:\WINDOWS\system32\filemgmt.dll
2006-06-30 16:02 32,768 C:\WINDOWS\system32\odbcad32.exe
2006-06-30 16:02 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-06-30 16:02 32,256 C:\WINDOWS\system32\umandlg.dll
2006-06-30 16:02 32,256 C:\WINDOWS\system32\perfproc.dll
2006-06-30 16:02 32,256 C:\WINDOWS\system32\msgsvc.dll
2006-06-30 16:02 32,256 C:\WINDOWS\system32\mnmdd.dll
2006-06-30 16:02 319,760 C:\WINDOWS\system32\msnsspc.dll
2006-06-30 16:02 319,517 C:\WINDOWS\system32\msexcl40.dll
2006-06-30 16:02 318,464 C:\WINDOWS\system32\ippromon.dll
2006-06-30 16:02 316,928 C:\WINDOWS\system32\zipfldr.dll
2006-06-30 16:02 316,928 C:\WINDOWS\system32\qdv.dll
2006-06-30 16:02 316,416 C:\WINDOWS\system32\wiaservc.dll
2006-06-30 16:02 316,416 C:\WINDOWS\system32\wiaservc(2).dll
2006-06-30 16:02 315,904 C:\WINDOWS\system32\hnetwiz.dll
2006-06-30 16:02 315,423 C:\WINDOWS\system32\msrd3x40.dll
2006-06-30 16:02 31,744 C:\WINDOWS\system32\rundll32.exe
2006-06-30 16:02 31,744 C:\WINDOWS\system32\pid.dll
2006-06-30 16:02 31,232 C:\WINDOWS\system32\wpabaln.exe
2006-06-30 16:02 306,688 C:\WINDOWS\system32\netapi32.dll
2006-06-30 16:02 306,688 C:\WINDOWS\system32\netapi32(3).dll
2006-06-30 16:02 302,080 C:\WINDOWS\system32\untfs.dll
2006-06-30 16:02 30,749 C:\WINDOWS\system32\vbajet32.dll
2006-06-30 16:02 30,720 C:\WINDOWS\system32\netstat.exe
2006-06-30 16:02 30,208 C:\WINDOWS\system32\imgutil.dll
2006-06-30 16:02 30,208 C:\WINDOWS\system32\imgutil(2).dll
2006-06-30 16:02 3,584 C:\WINDOWS\system32\msafd.dll
2006-06-30 16:02 3,338 C:\WINDOWS\system32\redir.exe
2006-06-30 16:02 3,072 C:\WINDOWS\system32\icmp.dll
2006-06-30 16:02 3,072 C:\WINDOWS\system32\icmp(2).dll
2006-06-30 16:02 297,984 C:\WINDOWS\system32\scesrv.dll
2006-06-30 16:02 297,984 C:\WINDOWS\system32\scesrv(3).dll
2006-06-30 16:02 296,448 C:\WINDOWS\system32\wmstream.dll
2006-06-30 16:02 295,936 C:\WINDOWS\system32\localspl.dll
2006-06-30 16:02 294,912 C:\WINDOWS\system32\iedkcs32.dll
2006-06-30 16:02 29,696 C:\WINDOWS\system32\rtipxmib.dll
2006-06-30 16:02 29,184 C:\WINDOWS\system32\wpnpinst.exe
2006-06-30 16:02 29,184 C:\WINDOWS\system32\csrsrv.dll
2006-06-30 16:02 285,184 C:\WINDOWS\system32\kerberos.dll
2006-06-30 16:02 285,184 C:\WINDOWS\system32\kerberos(4).dll
2006-06-30 16:02 285,184 C:\WINDOWS\system32\kerberos(3).dll
2006-06-30 16:02 28,721 C:\WINDOWS\system32\wshcon.dll
2006-06-30 16:02 28,672 C:\WINDOWS\system32\sethc.exe
2006-06-30 16:02 28,672 C:\WINDOWS\system32\profmap.dll
2006-06-30 16:02 28,672 C:\WINDOWS\system32\profmap(3).dll
2006-06-30 16:02 28,672 C:\WINDOWS\system32\isrdbg32.dll
2006-06-30 16:02 28,672 C:\WINDOWS\system32\ie4uinit.exe
2006-06-30 16:02 28,160 C:\WINDOWS\system32\xcopy.exe
2006-06-30 16:02 278,016 C:\WINDOWS\system32\winsrv.dll
2006-06-30 16:02 276,992 C:\WINDOWS\system32\rpcss.dll
2006-06-30 16:02 276,992 C:\WINDOWS\system32\rpcss(4).dll
2006-06-30 16:02 276,992 C:\WINDOWS\system32\rpcss(3).dll
2006-06-30 16:02 276,480 C:\WINDOWS\system32\slbcsp.dll
2006-06-30 16:02 275,456 C:\WINDOWS\system32\vssvc.exe
2006-06-30 16:02 271,360 C:\WINDOWS\system32\objsel.dll
2006-06-30 16:02 270,365 C:\WINDOWS\system32\odbcjt32.dll
2006-06-30 16:02 27,136 C:\WINDOWS\system32\wmdmlog.dll
2006-06-30 16:02 27,136 C:\WINDOWS\system32\ssdpapi.dll
2006-06-30 16:02 27,136 C:\WINDOWS\system32\ssdpapi(2).dll
2006-06-30 16:02 27,136 C:\WINDOWS\system32\sendcmsg.dll
2006-06-30 16:02 27,136 C:\WINDOWS\system32\mspatcha.dll
2006-06-30 16:02 27,136 C:\WINDOWS\system32\mspatcha(2).dll
2006-06-30 16:02 268,800 C:\WINDOWS\system32\ulib.dll
2006-06-30 16:02 266,752 C:\WINDOWS\system32\msctf.dll
2006-06-30 16:02 266,752 C:\WINDOWS\system32\msctf(2).dll
2006-06-30 16:02 266,240 C:\WINDOWS\system32\inetcfg.dll
2006-06-30 16:02 264,704 C:\WINDOWS\system32\wzcsvc.dll
2006-06-30 16:02 264,704 C:\WINDOWS\system32\wzcsvc(2).dll
2006-06-30 16:02 263,680 C:\WINDOWS\system32\duser.dll
2006-06-30 16:02 260,608 C:\WINDOWS\system32\gdi32.dll
2006-06-30 16:02 260,096 C:\WINDOWS\system32\mstask.dll
2006-06-30 16:02 26,624 C:\WINDOWS\system32\safrdm.dll
2006-06-30 16:02 258,077 C:\WINDOWS\system32\mstext40.dll
2006-06-30 16:02 258,048 C:\WINDOWS\system32\webcheck.dll
2006-06-30 16:02 258,048 C:\WINDOWS\system32\webcheck(2).dll
2006-06-30 16:02 258,048 C:\WINDOWS\system32\comdlg32.dll
2006-06-30 16:02 257,024 C:\WINDOWS\system32\qcap.dll
2006-06-30 16:02 254,976 C:\WINDOWS\system32\pdh.dll
2006-06-30 16:02 253,952 C:\WINDOWS\system32\msnetobj.dll
2006-06-30 16:02 251,904 C:\WINDOWS\system32\strmdll.dll
2006-06-30 16:02 25,600 C:\WINDOWS\system32\winipsec.dll
2006-06-30 16:02 25,600 C:\WINDOWS\system32\winipsec(2).dll
2006-06-30 16:02 25,600 C:\WINDOWS\system32\pstorsvc.dll
2006-06-30 16:02 25,600 C:\WINDOWS\system32\pstorsvc(2).dll
2006-06-30 16:02 25,088 C:\WINDOWS\system32\findstr.exe
2006-06-30 16:02 247,808 C:\WINDOWS\system32\wow32.dll
2006-06-30 16:02 247,808 C:\WINDOWS\system32\wow32(3).dll
2006-06-30 16:02 245,760 C:\WINDOWS\system32\mswmdm.dll
2006-06-30 16:02 241,693 C:\WINDOWS\system32\msjtes40.dll
2006-06-30 16:02 241,664 C:\WINDOWS\system32\qasf.dll
2006-06-30 16:02 241,664 C:\WINDOWS\system32\mpg4dmod.dll
2006-06-30 16:02 240,640 C:\WINDOWS\system32\hnetcfg.dll
2006-06-30 16:02 240,640 C:\WINDOWS\system32\hnetcfg(3).dll
2006-06-30 16:02 24,576 C:\WINDOWS\system32\odbcbcp.dll
2006-06-30 16:02 24,576 C:\WINDOWS\system32\nmmkcert.dll
2006-06-30 16:02 24,064 C:\WINDOWS\system32\vdmdbg.dll
2006-06-30 16:02 24,064 C:\WINDOWS\system32\vdmdbg(2).dll
2006-06-30 16:02 24,064 C:\WINDOWS\system32\skeys.exe
2006-06-30 16:02 24,064 C:\WINDOWS\system32\mshta.exe
2006-06-30 16:02 238,592 C:\WINDOWS\system32\tapisrv.dll
2006-06-30 16:02 238,592 C:\WINDOWS\system32\tapisrv(3).dll
2006-06-30 16:02 238,592 C:\WINDOWS\system32\tapisrv(2).dll
2006-06-30 16:02 238,080 C:\WINDOWS\system32\newdev.dll
2006-06-30 16:02 238,080 C:\WINDOWS\system32\newdev(2).dll
2006-06-30 16:02 237,056 C:\WINDOWS\system32\icm32.dll
2006-06-30 16:02 231,424 C:\WINDOWS\system32\upnpui.dll
2006-06-30 16:02 230,400 C:\WINDOWS\system32\netui1.dll
2006-06-30 16:02 230,400 C:\WINDOWS\system32\netui1(3).dll
2006-06-30 16:02 230,400 C:\WINDOWS\system32\msieftp.dll
2006-06-30 16:02 23,552 C:\WINDOWS\system32\wzcsapi.dll
2006-06-30 16:02 23,552 C:\WINDOWS\system32\wmdmps.dll
2006-06-30 16:02 23,552 C:\WINDOWS\system32\perfdisk.dll
2006-06-30 16:02 23,040 C:\WINDOWS\system32\shscrap.dll
2006-06-30 16:02 23,040 C:\WINDOWS\system32\perfos.dll
2006-06-30 16:02 23,040 C:\WINDOWS\system32\perfos(2).dll
2006-06-30 16:02 23,040 C:\WINDOWS\system32\iernonce.dll
2006-06-30 16:02 229,376 C:\WINDOWS\system32\msoeacct.dll
2006-06-30 16:02 228,352 C:\WINDOWS\system32\mswsock.dll
2006-06-30 16:02 228,352 C:\WINDOWS\system32\mswsock(3).dll
2006-06-30 16:02 227,840 C:\WINDOWS\system32\dsquery.dll
2006-06-30 16:02 227,328 C:\WINDOWS\system32\es.dll
2006-06-30 16:02 227,328 C:\WINDOWS\system32\es(3).dll
2006-06-30 16:02 227,328 C:\WINDOWS\system32\es(2).dll
2006-06-30 16:02 226,816 C:\WINDOWS\system32\srrstr.dll
2006-06-30 16:02 22,528 C:\WINDOWS\system32\slayerxp.dll
2006-06-30 16:02 22,528 C:\WINDOWS\system32\shfolder.dll
2006-06-30 16:02 22,528 C:\WINDOWS\system32\shfolder(2).dll
2006-06-30 16:02 22,528 C:\WINDOWS\system32\mslbui.dll
2006-06-30 16:02 22,528 C:\WINDOWS\system32\hid.dll
2006-06-30 16:02 22,528 C:\WINDOWS\system32\hid(2).dll
2006-06-30 16:02 22,016 C:\WINDOWS\system32\userinit.exe
2006-06-30 16:02 22,016 C:\WINDOWS\system32\udhisapi.dll
2006-06-30 16:02 22,016 C:\WINDOWS\system32\mciwave.dll
2006-06-30 16:02 22,016 C:\WINDOWS\system32\ipxroute.exe
2006-06-30 16:02 219,648 C:\WINDOWS\system32\logon.scr
2006-06-30 16:02 218,112 C:\WINDOWS\system32\wmasf.dll
2006-06-30 16:02 217,088 C:\WINDOWS\system32\rasapi32.dll
2006-06-30 16:02 213,023 C:\WINDOWS\system32\msltus40.dll
2006-06-30 16:02 212,480 C:\WINDOWS\system32\osk.exe
2006-06-30 16:02 210,944 C:\WINDOWS\system32\moricons.dll
2006-06-30 16:02 21,504 C:\WINDOWS\system32\wsock32.dll
2006-06-30 16:02 21,504 C:\WINDOWS\system32\wsock32(3).dll
2006-06-30 16:02 205,824 C:\WINDOWS\system32\progman.exe
2006-06-30 16:02 204,800 C:\WINDOWS\system32\odbc32.dll
2006-06-30 16:02 204,288 C:\WINDOWS\system32\ieaksie.dll
2006-06-30 16:02 203,264 C:\WINDOWS\system32\uxtheme.dll
2006-06-30 16:02 203,264 C:\WINDOWS\system32\uxtheme(3).dll
2006-06-30 16:02 202,752 C:\WINDOWS\system32\localsec.dll
2006-06-30 16:02 201,728 C:\WINDOWS\system32\mspmsp.dll
2006-06-30 16:02 200,192 C:\WINDOWS\system32\termsrv.dll
2006-06-30 16:02 200,192 C:\WINDOWS\system32\termsrv(2).dll
2006-06-30 16:02 20,992 C:\WINDOWS\system32\setup.exe
2006-06-30 16:02 20,992 C:\WINDOWS\system32\seclogon.dll
2006-06-30 16:02 20,992 C:\WINDOWS\system32\seclogon(2).dll
2006-06-30 16:02 20,992 C:\WINDOWS\system32\mfcsubs.dll
2006-06-30 16:02 20,992 C:\WINDOWS\system32\mfcsubs(3).dll
2006-06-30 16:02 20,992 C:\WINDOWS\system32\mciseq.dll
2006-06-30 16:02 20,554 C:\WINDOWS\system32\odtext32.dll
2006-06-30 16:02 20,554 C:\WINDOWS\system32\oddbse32.dll
2006-06-30 16:02 20,553 C:\WINDOWS\system32\odpdx32.dll
2006-06-30 16:02 20,553 C:\WINDOWS\system32\odfox32.dll
2006-06-30 16:02 20,553 C:\WINDOWS\system32\odexl32.dll
2006-06-30 16:02 20,480 C:\WINDOWS\system32\wmpui.dll
2006-06-30 16:02 20,480 C:\WINDOWS\system32\wmpcore.dll
2006-06-30 16:02 20,480 C:\WINDOWS\system32\wmpcd.dll
2006-06-30 16:02 20,480 C:\WINDOWS\system32\stimon.exe
2006-06-30 16:02 20,480 C:\WINDOWS\system32\msorc32r.dll
2006-06-30 16:02 2,940,928 C:\WINDOWS\system32\wmploc.dll
2006-06-30 16:02 2,058,888 C:\WINDOWS\system32\wmvcore.dll
2006-06-30 16:02 2,040,832 C:\WINDOWS\system32\ntoskrnl.exe
2006-06-30 16:02 196,096 C:\WINDOWS\system32\mobsync.dll
2006-06-30 16:02 193,536 C:\WINDOWS\system32\rasppp.dll
2006-06-30 16:02 193,536 C:\WINDOWS\system32\rasppp(2).dll
2006-06-30 16:02 19,968 C:\WINDOWS\system32\rcp.exe
2006-06-30 16:02 19,456 C:\WINDOWS\system32\ssmarque.scr
2006-06-30 16:02 19,456 C:\WINDOWS\system32\savedump.exe
2006-06-30 16:02 19,456 C:\WINDOWS\system32\licmgr10.dll
2006-06-30 16:02 19,456 C:\WINDOWS\system32\fontview.exe
2006-06-30 16:02 19,456 C:\WINDOWS\system32\ersvc.dll
2006-06-30 16:02 19,456 C:\WINDOWS\system32\ersvc(2).dll
2006-06-30 16:02 183,296 C:\WINDOWS\system32\syncui.dll
2006-06-30 16:02 182,784 C:\WINDOWS\system32\msutb.dll
2006-06-30 16:02 182,784 C:\WINDOWS\system32\msutb(2).dll
2006-06-30 16:02 180,800 C:\WINDOWS\system32\sqlunirl.dll
2006-06-30 16:02 180,224 C:\WINDOWS\system32\dwwin.exe
2006-06-30 16:02 18,944 C:\WINDOWS\system32\ws2help.dll
2006-06-30 16:02 18,944 C:\WINDOWS\system32\ws2help(3).dll
2006-06-30 16:02 18,944 C:\WINDOWS\system32\ssbezier.scr
2006-06-30 16:02 18,944 C:\WINDOWS\system32\lpk.dll
2006-06-30 16:02 18,432 C:\WINDOWS\system32\sclgntfy.dll
2006-06-30 16:02 18,432 C:\WINDOWS\system32\rsmps.dll
2006-06-30 16:02 18,432 C:\WINDOWS\system32\qprocess.exe
2006-06-30 16:02 18,432 C:\WINDOWS\system32\feclient.dll
2006-06-30 16:02 18,432 C:\WINDOWS\system32\dswave.dll
2006-06-30 16:02 178,688 C:\WINDOWS\system32\eudcedit.exe
2006-06-30 16:02 174,592 C:\WINDOWS\system32\scecli.dll
2006-06-30 16:02 174,592 C:\WINDOWS\system32\scecli(3).dll
2006-06-30 16:02 172,664 C:\WINDOWS\system32\xenroll.dll
2006-06-30 16:02 172,544 C:\WINDOWS\system32\schedsvc.dll
2006-06-30 16:02 172,544 C:\WINDOWS\system32\schedsvc(2).dll
2006-06-30 16:02 172,032 C:\WINDOWS\system32\snmpsnap.dll
2006-06-30 16:02 171,520 C:\WINDOWS\system32\winmm.dll
2006-06-30 16:02 171,520 C:\WINDOWS\system32\winmm(3).dll
2006-06-30 16:02 171,008 C:\WINDOWS\system32\sccsccp.dll
2006-06-30 16:02 17,920 C:\WINDOWS\system32\shutdown.exe
2006-06-30 16:02 17,920 C:\WINDOWS\system32\midimap.dll
2006-06-30 16:02 17,920 C:\WINDOWS\system32\midimap(2).dll
2006-06-30 16:02 17,408 C:\WINDOWS\system32\wtsapi32.dll
2006-06-30 16:02 17,408 C:\WINDOWS\system32\wtsapi32(3).dll
2006-06-30 16:02 17,408 C:\WINDOWS\system32\wshtcpip.dll
2006-06-30 16:02 17,408 C:\WINDOWS\system32\wshtcpip(3).dll
2006-06-30 16:02 17,408 C:\WINDOWS\system32\ssmyst.scr
2006-06-30 16:02 17,408 C:\WINDOWS\system32\qmgrprxy.dll
2006-06-30 16:02 17,408 C:\WINDOWS\system32\psapi.dll
2006-06-30 16:02 17,408 C:\WINDOWS\system32\psapi(3).dll
2006-06-30 16:02 168,448 C:\WINDOWS\system32\wldap32.dll
2006-06-30 16:02 168,448 C:\WINDOWS\system32\wldap32(3).dll
2006-06-30 16:02 166,912 C:\WINDOWS\system32\wintrust.dll
2006-06-30 16:02 166,912 C:\WINDOWS\system32\wintrust(3).dll
2006-06-30 16:02 166,912 C:\WINDOWS\system32\photowiz.dll
2006-06-30 16:02 165,888 C:\WINDOWS\system32\ntmsdba.dll
2006-06-30 16:02 165,376 C:\WINDOWS\system32\w32time.dll
2006-06-30 16:02 165,376 C:\WINDOWS\system32\w32time(3).dll
2006-06-30 16:02 165,376 C:\WINDOWS\system32\tapi32.dll
2006-06-30 16:02 165,376 C:\WINDOWS\system32\tapi32(3).dll
2006-06-30 16:02 165,376 C:\WINDOWS\system32\els.dll
2006-06-30 16:02 164,864 C:\WINDOWS\system32\upnphost.dll
2006-06-30 16:02 16,896 C:\WINDOWS\system32\snmpapi.dll
2006-06-30 16:02 16,896 C:\WINDOWS\system32\msyuv.dll
2006-06-30 16:02 16,384 C:\WINDOWS\system32\watchdog.sys
2006-06-30 16:02 16,384 C:\WINDOWS\system32\version.dll
2006-06-30 16:02 16,384 C:\WINDOWS\system32\version(3).dll
2006-06-30 16:02 16,384 C:\WINDOWS\system32\ups.exe
2006-06-30 16:02 16,384 C:\WINDOWS\system32\ping.exe
2006-06-30 16:02 16,384 C:\WINDOWS\system32\odbc32gt.dll
2006-06-30 16:02 16,384 C:\WINDOWS\system32\nddenb32.dll
2006-06-30 16:02 16,384 C:\WINDOWS\system32\mmfutil.dll
2006-06-30 16:02 16,384 C:\WINDOWS\system32\linkinfo.dll
2006-06-30 16:02 16,384 C:\WINDOWS\system32\linkinfo(3).dll
2006-06-30 16:02 16,384 C:\WINDOWS\system32\linkinfo(2).dll
2006-06-30 16:02 158,720 C:\WINDOWS\system32\srsvc.dll
2006-06-30 16:02 158,720 C:\WINDOWS\system32\srsvc(3).dll
2006-06-30 16:02 158,720 C:\WINDOWS\system32\rasmans(2).dll
2006-06-30 16:02 155,675 C:\WINDOWS\system32\scrobj.dll
2006-06-30 16:02 155,648 C:\WINDOWS\system32\ipsecsvc.dll
2006-06-30 16:02 155,648 C:\WINDOWS\system32\ipsecsvc(2).dll
2006-06-30 16:02 154,624 C:\WINDOWS\system32\netman.dll
2006-06-30 16:02 154,624 C:\WINDOWS\system32\netman(3).dll
2006-06-30 16:02 154,624 C:\WINDOWS\system32\netman(2).dll
2006-06-30 16:02 151,583 C:\WINDOWS\system32\msjint40.dll
2006-06-30 16:02 150,528 C:\WINDOWS\system32\msdtcuiu.dll
2006-06-30 16:02 15,872 C:\WINDOWS\system32\dvdupgrd.exe
2006-06-30 16:02 15,360 C:\WINDOWS\system32\nddeapi.dll
2006-06-30 16:02 15,360 C:\WINDOWS\system32\nddeapi(3).dll
2006-06-30 16:02 147,483 C:\WINDOWS\system32\scrrun.dll
2006-06-30 16:02 147,456 C:\WINDOWS\system32\odbctrac.dll
2006-06-30 16:02 146,432 C:\WINDOWS\system32\keymgr.dll
2006-06-30 16:02 145,408 C:\WINDOWS\system32\modemui.dll
2006-06-30 16:02 144,896 C:\WINDOWS\system32\initpki.dll
2006-06-30 16:02 143,872 C:\WINDOWS\system32\msimtf.dll
2006-06-30 16:02 143,872 C:\WINDOWS\system32\msimtf(2).dll
2006-06-30 16:02 143,872 C:\WINDOWS\system32\itircl.dll
2006-06-30 16:02 14,848 C:\WINDOWS\system32\winrnr.dll
2006-06-30 16:02 14,848 C:\WINDOWS\system32\winrnr(3).dll
2006-06-30 16:02 14,848 C:\WINDOWS\system32\usbmon.dll
2006-06-30 16:02 14,848 C:\WINDOWS\system32\usbmon(2).dll
2006-06-30 16:02 14,848 C:\WINDOWS\system32\upnpcont.exe
2006-06-30 16:02 14,848 C:\WINDOWS\system32\rdpsnd.dll
2006-06-30 16:02 14,848 C:\WINDOWS\system32\powrprof.dll
2006-06-30 16:02 14,848 C:\WINDOWS\system32\powrprof(3).dll
2006-06-30 16:02 14,366 C:\WINDOWS\system32\asfsipc.dll
2006-06-30 16:02 14,336 C:\WINDOWS\system32\perfmon.exe
2006-06-30 16:02 14,336 C:\WINDOWS\system32\inetppui.dll
2006-06-30 16:02 137,216 C:\WINDOWS\system32\ntshrui.dll
2006-06-30 16:02 137,216 C:\WINDOWS\system32\ntshrui(2).dll
2006-06-30 16:02 137,216 C:\WINDOWS\system32\hotplug.dll
2006-06-30 16:02 136,704 C:\WINDOWS\system32\schannel.dll
2006-06-30 16:02 135,680 C:\WINDOWS\system32\rdchost.dll
2006-06-30 16:02 135,680 C:\WINDOWS\system32\mobsync.exe
2006-06-30 16:02 134,656 C:\WINDOWS\system32\netid.dll
2006-06-30 16:02 133,632 C:\WINDOWS\system32\rsaenh.dll
2006-06-30 16:02 133,632 C:\WINDOWS\system32\rsaenh(3).dll
2006-06-30 16:02 133,632 C:\WINDOWS\system32\nwprovau.dll
2006-06-30 16:02 133,120 C:\WINDOWS\system32\sfc_os.dll
2006-06-30 16:02 133,120 C:\WINDOWS\system32\sfc_os(3).dll
2006-06-30 16:02 131,072 C:\WINDOWS\system32\msorcl32.dll
2006-06-30 16:02 130,560 C:\WINDOWS\system32\sti_ci.dll
2006-06-30 16:02 13,824 C:\WINDOWS\system32\uniplat.dll
2006-06-30 16:02 13,824 C:\WINDOWS\system32\rassapi.dll
2006-06-30 16:02 13,312 C:\WINDOWS\system32\tcpmib.dll
2006-06-30 16:02 13,312 C:\WINDOWS\system32\ssstars.scr
2006-06-30 16:02 13,312 C:\WINDOWS\system32\rsh.exe
2006-06-30 16:02 13,312 C:\WINDOWS\system32\msdmo.dll
2006-06-30 16:02 129,024 C:\WINDOWS\system32\sessmgr.exe
2006-06-30 16:02 128,512 C:\WINDOWS\system32\taskmgr.exe
2006-06-30 16:02 128,000 C:\WINDOWS\system32\itss.dll
2006-06-30 16:02 127,872 C:\WINDOWS\system32\hal.dll
2006-06-30 16:02 126,976 C:\WINDOWS\system32\msdart.dll
2006-06-30 16:02 126,976 C:\WINDOWS\system32\imagehlp.dll
2006-06-30 16:02 126,976 C:\WINDOWS\system32\ieakeng.dll
2006-06-30 16:02 125,952 C:\WINDOWS\system32\ifmon.dll
2006-06-30 16:02 125,440 C:\WINDOWS\system32\shmedia.dll
2006-06-30 16:02 124,928 C:\WINDOWS\system32\webvw.dll
2006-06-30 16:02 124,928 C:\WINDOWS\system32\dssenh.dll
2006-06-30 16:02 124,928 C:\WINDOWS\system32\dssenh(2).dll
2006-06-30 16:02 124,416 C:\WINDOWS\system32\sndrec32.exe
2006-06-30 16:02 123,904 C:\WINDOWS\system32\imapi.exe
2006-06-30 16:02 122,880 C:\WINDOWS\system32\odbcconf.dll
2006-06-30 16:02 120,320 C:\WINDOWS\system32\upnp.dll
2006-06-30 16:02 120,320 C:\WINDOWS\system32\upnp(2).dll
2006-06-30 16:02 12,800 C:\WINDOWS\system32\svchost.exe
2006-06-30 16:02 12,800 C:\WINDOWS\system32\svchost(3).exe
2006-06-30 16:02 12,800 C:\WINDOWS\system32\runonce.exe
2006-06-30 16:02 12,800 C:\WINDOWS\system32\pjlmon.dll
2006-06-30 16:02 12,800 C:\WINDOWS\system32\pjlmon(2).dll
2006-06-30 16:02 12,800 C:\WINDOWS\system32\mgmtapi.dll
2006-06-30 16:02 12,800 C:\WINDOWS\system32\mcastmib.dll
2006-06-30 16:02 12,288 C:\WINDOWS\system32\rdsaddin.exe
2006-06-30 16:02 12,288 C:\WINDOWS\system32\odbcp32r.dll
2006-06-30 16:02 12,288 C:\WINDOWS\system32\mscpx32r.dll
2006-06-30 16:02 12,288 C:\WINDOWS\system32\lmhsvc.dll
2006-06-30 16:02 119,808 C:\WINDOWS\system32\wkssvc.dll
2006-06-30 16:02 119,808 C:\WINDOWS\system32\wiadss.dll
2006-06-30 16:02 118,834 C:\WINDOWS\system32\wscript.exe
2006-06-30 16:02 118,784 C:\WINDOWS\system32\wmsdmoe.dll
2006-06-30 16:02 117,760 C:\WINDOWS\system32\stobject.dll
2006-06-30 16:02 117,760 C:\WINDOWS\system32\stobject(2).dll
2006-06-30 16:02 116,736 C:\WINDOWS\system32\shsvcs.dll
2006-06-30 16:02 116,736 C:\WINDOWS\system32\shsvcs(3).dll
2006-06-30 16:02 116,736 C:\WINDOWS\system32\mplay32.exe
2006-06-30 16:02 116,736 C:\WINDOWS\system32\glu32.dll
2006-06-30 16:02 116,224 C:\WINDOWS\system32\iasrad.dll
2006-06-30 16:02 115,480 C:\WINDOWS\system32\iuctl.dll
2006-06-30 16:02 115,200 C:\WINDOWS\system32\net1.exe
2006-06-30 16:02 114,176 C:\WINDOWS\system32\input.dll
2006-06-30 16:02 113,664 C:\WINDOWS\system32\msvfw32.dll
2006-06-30 16:02 113,152 C:\WINDOWS\system32\idq.dll
2006-06-30 16:02 112,128 C:\WINDOWS\system32\ntmarta.dll
2006-06-30 16:02 112,128 C:\WINDOWS\system32\ntmarta(3).dll
2006-06-30 16:02 111,104 C:\WINDOWS\system32\umpnpmgr.dll
2006-06-30 16:02 111,104 C:\WINDOWS\system32\umpnpmgr(4).dll
2006-06-30 16:02 111,104 C:\WINDOWS\system32\umpnpmgr(3).dll
2006-06-30 16:02 110,592 C:\WINDOWS\system32\iccvid.dll
2006-06-30 16:02 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-06-30 16:02 11,776 C:\WINDOWS\system32\sigtab.dll
2006-06-30 16:02 11,776 C:\WINDOWS\system32\rexec.exe
2006-06-30 16:02 11,776 C:\WINDOWS\system32\lsass.exe
2006-06-30 16:02 11,776 C:\WINDOWS\system32\lsass(3).exe
2006-06-30 16:02 109,568 C:\WINDOWS\system32\offfilt.dll
2006-06-30 16:02 108,544 C:\WINDOWS\system32\msv1_0.dll
2006-06-30 16:02 108,544 C:\WINDOWS\system32\mdminst.dll
2006-06-30 16:02 106,496 C:\WINDOWS\system32\url.dll
2006-06-30 16:02 106,496 C:\WINDOWS\system32\url(3).dll
2006-06-30 16:02 106,496 C:\WINDOWS\system32\olepro32.dll
2006-06-30 16:02 106,496 C:\WINDOWS\system32\olepro32(2).dll
2006-06-30 16:02 106,496 C:\WINDOWS\system32\dsuiext.dll
2006-06-30 16:02 105,984 C:\WINDOWS\system32\netdde.exe
2006-06-30 16:02 104,448 C:\WINDOWS\system32\wiavideo.dll
2006-06-30 16:02 103,936 C:\WINDOWS\system32\sysocmgr.exe
2006-06-30 16:02 103,936 C:\WINDOWS\system32\mstlsapi.dll
2006-06-30 16:02 103,936 C:\WINDOWS\system32\mstlsapi(2).dll
2006-06-30 16:02 103,936 C:\WINDOWS\system32\imm32.dll
2006-06-30 16:02 103,936 C:\WINDOWS\system32\dhcpcsvc.dll
2006-06-30 16:02 102,400 C:\WINDOWS\system32\win32spl.dll
2006-06-30 16:02 10,752 C:\WINDOWS\system32\tracert.exe
2006-06-30 16:02 10,752 C:\WINDOWS\system32\netrap.dll
2006-06-30 16:02 10,752 C:\WINDOWS\system32\netrap(3).dll
2006-06-30 16:02 10,752 C:\WINDOWS\system32\mstinit.exe
2006-06-30 16:02 10,240 C:\WINDOWS\system32\wshrm.dll
2006-06-30 16:02 10,240 C:\WINDOWS\system32\msrle32.dll
2006-06-30 16:02 10,240 C:\WINDOWS\system32\localui.dll
2006-06-30 16:02 1,955,840 C:\WINDOWS\system32\ntkrnlpa.exe
2006-06-30 16:02 1,799,552 C:\WINDOWS\system32\win32k.sys
2006-06-30 16:02 1,798,144 C:\WINDOWS\system32\qedit.dll
2006-06-30 16:02 1,622,528 C:\WINDOWS\system32\netshell.dll
2006-06-30 16:02 1,622,528 C:\WINDOWS\system32\netshell(2).dll
2006-06-30 16:02 1,507,356 C:\WINDOWS\system32\msjet40.dll
2006-06-30 16:02 1,386,496 C:\WINDOWS\system32\msvbvm60.dll
2006-06-30 16:02 1,349,120 C:\WINDOWS\system32\query.dll
2006-06-30 16:02 1,230,336 C:\WINDOWS\system32\msvidctl.dll
2006-06-30 16:02 1,227,776 C:\WINDOWS\system32\quartz.dll
2006-06-30 16:02 1,190,400 C:\WINDOWS\system32\ole32.dll
2006-06-30 16:02 1,190,400 C:\WINDOWS\system32\ole32(4).dll
2006-06-30 16:02 1,190,400 C:\WINDOWS\system32\ole32(3).dll
2006-06-30 16:02 1,189,888 C:\WINDOWS\system32\dx8vb.dll
2006-06-30 16:02 1,157,632 C:\WINDOWS\system32\sfcfiles.dll
2006-06-30 16:02 1,128,960 C:\WINDOWS\system32\mmcndmgr.dll
2006-06-30 16:02 1,122,304 C:\WINDOWS\system32\msxml3.dll
2006-06-30 16:02 1,122,304 C:\WINDOWS\system32\msxml3(2).dll
2006-06-30 12:08 594,944 C:\WINDOWS\system32\_003901_.tmp.dll
2006-06-30 12:07 932,864 C:\WINDOWS\system32\_003857_.tmp.dll
2006-06-30 12:07 631,808 C:\WINDOWS\system32\_003868_.tmp.dll
2006-06-30 12:07 569,344 C:\WINDOWS\system32\_003873_.tmp.dll
2006-06-30 12:07 558,080 C:\WINDOWS\system32\_003899_.tmp.dll
2006-06-30 12:07 557,056 C:\WINDOWS\system32\_003895_.tmp.dll
2006-06-30 12:07 55,808 C:\WINDOWS\system32\_003867_.tmp.dll
2006-06-30 12:07 54,784 C:\WINDOWS\system32\_003864_.tmp.dll
2006-06-30 12:07 54,272 C:\WINDOWS\system32\_003866_.tmp.dll
2006-06-30 12:07 522,240 C:\WINDOWS\system32\_003871_.tmp.dll
2006-06-30 12:07 258,048 C:\WINDOWS\system32\_003894_.tmp.dll
2006-06-30 12:07 132,096 C:\WINDOWS\system32\_003846_.tmp.dll
2006-06-30 12:07 126,976 C:\WINDOWS\system32\_003888_.tmp.dll
2006-06-30 12:07 119,808 C:\WINDOWS\system32\_003845_.tmp.dll
2006-06-30 10:50 29,184 C:\WINDOWS\system32\_003893_.tmp.dll
2006-06-30 10:48 99,840 C:\WINDOWS\system32\_003891_.tmp.dll
2006-06-30 10:48 99,840 C:\WINDOWS\system32\_003859_.tmp.dll
2006-06-30 10:48 654,336 C:\WINDOWS\system32\_003878_.tmp.dll
2006-06-30 10:48 6,656 C:\WINDOWS\system32\_003877_.tmp.dll
2006-06-30 10:48 45,568 C:\WINDOWS\system32\_003856_.tmp.dll
2006-06-30 10:48 411,136 C:\WINDOWS\system32\_003863_.tmp.dll
2006-06-30 10:48 295,936 C:\WINDOWS\system32\_003885_.tmp.dll
2006-06-30 10:48 132,096 C:\WINDOWS\system32\_003838_.tmp.dll
2006-06-30 10:48 12,288 C:\WINDOWS\system32\_003886_.tmp.dll
2006-06-30 10:48 119,808 C:\WINDOWS\system32\_003837_.tmp.dll
2006-06-30 10:48 108,544 C:\WINDOWS\system32\_003880_.tmp.dll
2006-06-30 10:48 102,400 C:\WINDOWS\system32\_003839_.tmp.dll
2006-06-30 10:48 1,799,552 C:\WINDOWS\system32\_003848_.tmp.dll
2006-06-30 10:48 1,799,552 C:\WINDOWS\system32\_003840_.tmp.dll
2006-06-30 08:51 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-06-04 19:07 90,112 C:\WINDOWS\system32\AVASTSS.scr
2006-06-04 19:07 624,640 C:\WINDOWS\system32\aswBoot.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\jusched.exe"
"ATIPTA"="\"C:\\ATI-CPanel\\atiptaxx.exe\""
"SoundMan"="SOUNDMAN.EXE"
"Omnipage"="C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
"EPSON Stylus Photo R300 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0F2.EXE /P30 \"EPSON Stylus Photo R300 Series\" /O6 \"USB001\" /M \"Stylus Photo R300\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\svcWRSSSDK


Contents of the 'Scheduled Tasks' folder

Completion time: 16/07/2006 14:43:16.21
ComboFix ver 06.07.15 - This logfile is located at C:\ComboFix.txt


Thanks look fwd to hearing from you.

regds
colblimp is offline  
Old 07-16-2006, 05:24 PM   #8
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


Quote:
Rootkit driver pe386 is present. A rootkit scan is required
Found it

Click to watch a movie on how to remove this rootkit. You are looking for the part about 30 seconds from the end where GMER is used. Ignore the other tools.

Please let me know how that goes.
__________________
Vikesrock8411 is offline  
Old 07-17-2006, 02:57 PM   #9
I helped the forums.
 
Join Date: Nov 2004
Posts: 26
OS: XP


many thanks for your help, this seems to have worked - will make a donation. How can I stop this happening again - will my ZoneAlarm firewall do the trick?

regds
colblimp is offline  
Old 07-17-2006, 03:07 PM   #10
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Setting a new Restore Point
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.
  • Tick the checkbox - Turn off System Restore on all drives
  • Click Apply
  • Turn it back 'On' by unticking the same checkbox & click OK

Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition (Antivirus & Firewall)
AntiVir

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:
Zone Alarm
Outpost
Tiny Personal Firewall
Sunbelt Kerio Personal Firewall

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
__________________
Vikesrock8411 is offline  
Old 07-18-2006, 12:24 PM   #11
I helped the forums.
 
Join Date: Nov 2004
Posts: 26
OS: XP


Hi,

New Hijackthis log below. Everything seems to be working ok

many thanks

Logfile of HijackThis v1.99.1
Scan saved at 20:14:33, on 18/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://edit.europe.yahoo.com/config/....yahoo.com/%3f
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://edit.europe.yahoo.com/config/....yahoo.com/%3f
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI-CPanel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1151654799765
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://download.zonelabs.com/bin/pro...anner37900.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29775E67-2C9F-496C-ACDD-81BF2FA44E85}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
colblimp is offline  
Old 07-18-2006, 07:51 PM   #12
TSF Team, Emeritus
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,100
OS: Windows XP


That log is all clean
__________________
Vikesrock8411 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:41 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts