Solved: Cannot remove Vundo/Virtumonde.dll trojan from my PC

i've seen this on many computer that i've been working on
there are a few ways to get rid of this
http://www.bleepingcomputer.com/forums/topic18610.html

go there and download the VundoFix. run that and let it scan

if that doesn't work then download and run the VirtumundoBegone.

i've removed this from a few computers this week, and they seem to work out well

let me know how this works out for you

Mohamed Osama

The log looks incomplete , can you please run another scan fron safe mode & post the log ?

also I have noticed there is IIS installed on this machine, do you host a website / FTP / mail server on this machine ?

if not this should be uninstalled

eXpeLLeD_4RM_heLL

download combofix from : www.bleepingcomputer.com/combofix/how-to-use-combofix and run it. Post the log file here once finshed as well as a complete HJT log as well.

rtl_support

ASKER

Hi guys, i'm not so sure its the vundo problem i have anymore. As my McAfee did a scan yesterday evening and found two files called NSPCA.TMP and nspCA.tmp and called them "prcviewer". Also it found a file called 00045c78.exe and called that "New Malware".

After running vundofix and such i can no longer locate any vundo related trojans, possibly some other problems?? Anyway i have the log files from combofix and hijackthis. Combofix log first.

Start Time= 03/07/2008 12:16:09.79

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-07-03 11:45:18 ( .D... ) "C:\Documents and Settings\woyt\Application Data\Apple Computer"
2008-07-03 10:25:28 ( .D... ) "C:\Documents and Settings\woyt\Application Data\PC Tools"
2008-07-03 10:25:26 ( .D... ) "C:\Documents and Settings\woyt\Application Data\Macromedia"
2008-07-03 10:25:26 ( .D... ) "C:\Documents and Settings\woyt\Application Data\HPAppData"
2008-07-03 10:25:26 ( .D... ) "C:\Documents and Settings\woyt\Application Data\Adobe"
2008-07-03 10:09:56 ( .DS.. ) "C:\Documents and Settings\woyt\Application Data\Microsoft"
2008-07-03 10:09:56 ( .D... ) "C:\Documents and Settings\woyt\Application Data\Sun"
2008-07-03 10:09:56 ( .D... ) "C:\Documents and Settings\woyt\Application Data\SampleView"
2008-07-03 10:09:56 ( .D... ) "C:\Documents and Settings\woyt\Application Data\InstallShield"
2008-07-03 10:09:56 ( .D... ) "C:\Documents and Settings\woyt\Application Data\Identities"
2008-07-02 10:58:02 102912 ( A.... ) "C:\WINDOWS\system32\retkfanb.dll"
2008-07-02 10:58:02 102912 ( A.... ) "C:\WINDOWS\system32\cerhem.dll"
2008-07-02 10:55:02 82432 ( A.... ) "C:\WINDOWS\system32\mihjbqcn.dll"
2008-07-02 10:52:02 90112 ( A.... ) "C:\WINDOWS\system32\hhwwjirm.dll"
2008-07-01 16:26:54 ( .D... ) "C:\Program Files\Common Files\Wise Installation Wizard"
2008-07-01 13:31:16 103424 ( A.... ) "C:\WINDOWS\system32\mjdpwj.dll"
2008-07-01 13:31:16 103424 ( A.... ) "C:\WINDOWS\system32\jexqufhr.dll"
2008-07-01 13:22:16 90624 ( A.... ) "C:\WINDOWS\system32\nsrbrlxa.dll"
2008-07-01 12:05:44 103424 ( A.... ) "C:\WINDOWS\system32\pwxegq.dll"
2008-07-01 12:05:44 103424 ( A.... ) "C:\WINDOWS\system32\gvrefthc.dll"
2008-07-01 12:05:30 90624 ( A.... ) "C:\WINDOWS\system32\yfnekgqb.dll"
2008-06-30 14:17:12 81920 ( A.... ) "C:\WINDOWS\system32\cdifguhu.dll"
2008-06-30 14:12:48 25088 ( A.... ) "C:\WINDOWS\system32\vtUoPgDs.dll"
2008-06-30 14:12:00 25088 ( A.... ) "C:\WINDOWS\system32\yayYPJCv.dll"
2008-06-30 14:11:44 33280 ( A.... ) "C:\WINDOWS\system32\winppp32.dll"
2008-06-30 14:11:42 25088 ( A.... ) "C:\WINDOWS\system32\qoMfGvVo.dll"
2008-06-30 14:11:34 33280 ( A.... ) "C:\WINDOWS\system32\winmbj32.dll"
2008-06-30 14:11:32 25088 ( A.... ) "C:\WINDOWS\system32\awtSKASl.dll"
2008-06-30 14:11:22 25088 ( A.... ) "C:\WINDOWS\system32\cbXrSMgd.dll"
2008-06-30 14:11:08 25088 ( A.... ) "C:\WINDOWS\system32\nnnlIcCv.dll.vir"
2008-05-30 00:35:12 17486968 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2008-05-29 09:56:40 ( .D... ) "C:\Program Files\Microsoft CAPICOM 2.1.0.2"
2008-05-28 15:22:14 ( .D... ) "C:\Program Files\Common Files\HP"
2008-05-28 15:20:52 ( .D... ) "C:\Program Files\Common Files\Hewlett-Packard"
2008-05-28 15:17:42 ( .D... ) "C:\Program Files\HP"
2008-05-27 10:57:24 ( .D... ) "C:\Program Files\Your Company Name"
2008-05-16 11:58:04 12632 ( A.... ) "C:\WINDOWS\system32\lsdelete.exe"
2008-05-08 16:43:44 ( .D... ) "C:\Program Files\Microsoft Silverlight"
2008-05-07 16:46:56 215144 ( A...R ) "C:\WINDOWS\pw32a.dll"
2008-05-07 16:46:56 215144 ( A...R ) "C:\WINDOWS\patchw32.dll"
2008-05-07 16:44:38 107368 ( A.... ) "C:\WINDOWS\system32\GEARAspi.dll"
2008-05-07 06:12:40 1288192 ( A.... ) "C:\WINDOWS\system32\quartz.dll"
2008-04-23 22:16:30 3591680 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2008-04-23 05:16:30 1159680 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2008-04-23 05:16:30 826368 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2008-04-23 05:16:30 233472 ( A.... ) "C:\WINDOWS\system32\webcheck.dll"
2008-04-23 05:16:28 6066176 ( A.... ) "C:\WINDOWS\system32\ieframe.dll"
2008-04-23 05:16:28 671232 ( ..... ) "C:\WINDOWS\system32\mstime.dll"
2008-04-23 05:16:28 478208 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2008-04-23 05:16:28 459264 ( A.... ) "C:\WINDOWS\system32\msfeeds.dll"
2008-04-23 05:16:28 384512 ( ..... ) "C:\WINDOWS\system32\iedkcs32.dll"
2008-04-23 05:16:28 383488 ( A.... ) "C:\WINDOWS\system32\ieapfltr.dll"
2008-04-23 05:16:28 347136 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2008-04-23 05:16:28 267776 ( A.... ) "C:\WINDOWS\system32\iertutil.dll"
2008-04-23 05:16:28 230400 ( ..... ) "C:\WINDOWS\system32\ieaksie.dll"
2008-04-23 05:16:28 214528 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2008-04-23 05:16:28 193024 ( ..... ) "C:\WINDOWS\system32\msrating.dll"
2008-04-23 05:16:28 153088 ( ..... ) "C:\WINDOWS\system32\ieakeng.dll"
2008-04-23 05:16:28 133120 ( ..... ) "C:\WINDOWS\system32\extmgr.dll"
2008-04-23 05:16:28 124928 ( A.... ) "C:\WINDOWS\system32\advpack.dll"
2008-04-23 05:16:28 105984 ( A.... ) "C:\WINDOWS\system32\url.dll"
2008-04-23 05:16:28 102912 ( ..... ) "C:\WINDOWS\system32\occache.dll"
2008-04-23 05:16:28 63488 ( A.... ) "C:\WINDOWS\system32\icardie.dll"
2008-04-23 05:16:28 52224 ( A.... ) "C:\WINDOWS\system32\msfeedsbs.dll"
2008-04-23 05:16:28 44544 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2008-04-23 05:16:28 44544 ( ..... ) "C:\WINDOWS\system32\iernonce.dll"
2008-04-23 05:16:28 27648 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2008-04-22 08:39:58 70656 ( A.... ) "C:\WINDOWS\system32\ie4uinit.exe"
2008-04-22 08:39:58 13824 ( A.... ) "C:\WINDOWS\system32\ieudinit.exe"
2008-04-20 06:07:52 161792 ( ..... ) "C:\WINDOWS\system32\ieakui.dll"
2008-04-17 10:56:44 83208 ( A.... ) "C:\WINDOWS\system32\S32EVNT1.DLL"
2008-04-14 05:42:38 11264 ( A.... ) "C:\WINDOWS\system32\spnpinst.exe"
2008-04-14 05:42:06 985088 ( A.... ) "C:\WINDOWS\system32\setupapi.dll"
2008-04-14 05:41:58 423936 ( A.... ) "C:\WINDOWS\system32\licdll.dll"
2008-04-14 01:16:52 329728 ( A.... ) "C:\WINDOWS\system32\netsetup.exe"
2008-04-14 01:13:22 92424 ( A.... ) "C:\WINDOWS\system32\rdpdd.dll"
2008-04-14 01:13:22 87176 ( A.... ) "C:\WINDOWS\system32\rdpwsx.dll"
2008-04-14 01:13:22 12168 ( A.... ) "C:\WINDOWS\system32\tsddd.dll"
2008-04-14 01:12:44 704512 ( A.... ) "C:\WINDOWS\system32\ss3dfo.scr"
2008-04-14 01:12:44 679936 ( A.... ) "C:\WINDOWS\system32\sstext3d.scr"
2008-04-14 01:12:44 610304 ( A.... ) "C:\WINDOWS\system32\sspipes.scr"
2008-04-14 01:12:44 393216 ( A.... ) "C:\WINDOWS\system32\ssflwbox.scr"
2008-04-14 01:12:44 220672 ( A.... ) "C:\WINDOWS\system32\logon.scr"
2008-04-14 01:12:44 47104 ( A.... ) "C:\WINDOWS\system32\ssmypics.scr"
2008-04-14 01:12:44 20992 ( A.... ) "C:\WINDOWS\system32\ssmarque.scr"
2008-04-14 01:12:44 19968 ( A.... ) "C:\WINDOWS\system32\ssbezier.scr"
2008-04-14 01:12:44 18944 ( A.... ) "C:\WINDOWS\system32\ssmyst.scr"
2008-04-14 01:12:44 14336 ( A.... ) "C:\WINDOWS\system32\ssstars.scr"
2008-04-14 01:12:44 9216 ( A.... ) "C:\WINDOWS\system32\scrnsave.scr"
2008-04-14 01:12:42 165888 ( A.... ) "C:\WINDOWS\system32\wuauclt1.exe"
2008-04-14 01:12:42 155648 ( A.... ) "C:\WINDOWS\system32\wscript.exe"
2008-04-14 01:12:42 30720 ( A.... ) "C:\WINDOWS\system32\xcopy.exe"
2008-04-14 01:12:42 29696 ( A.... ) "C:\WINDOWS\system32\format.com"
2008-04-14 01:12:42 16896 ( A.... ) "C:\WINDOWS\system32\more.com"
2008-04-14 01:12:42 13824 ( A.... ) "C:\WINDOWS\system32\wscntfy.exe"
2008-04-14 01:12:42 12800 ( A.... ) "C:\WINDOWS\system32\tree.com"
2008-04-14 01:12:42 11264 ( A.... ) "C:\WINDOWS\system32\wpnpinst.exe"
2008-04-14 01:12:40 507904 ( A.... ) "C:\WINDOWS\system32\winlogon.exe"
2008-04-14 01:12:40 433664 ( A.... ) "C:\WINDOWS\system32\wiaacmgr.exe"
2008-04-14 01:12:40 283648 ( A.... ) "C:\WINDOWS\winhlp32.exe"
2008-04-14 01:12:40 65024 ( A.... ) "C:\WINDOWS\system32\wextract.exe"
2008-04-14 01:12:40 32256 ( A.... ) "C:\WINDOWS\system32\wpabaln.exe"
2008-04-14 01:12:40 5632 ( A.... ) "C:\WINDOWS\system32\winver.exe"
2008-04-14 01:12:38 347136 ( A.... ) "C:\WINDOWS\system32\tourstart.exe"
2008-04-14 01:12:38 289792 ( A.... ) "C:\WINDOWS\system32\vssvc.exe"
2008-04-14 01:12:38 259584 ( A.... ) "C:\WINDOWS\system32\tracerpt.exe"
2008-04-14 01:12:38 135680 ( A.... ) "C:\WINDOWS\system32\taskmgr.exe"
2008-04-14 01:12:38 106496 ( A.... ) "C:\WINDOWS\system32\sysocmgr.exe"
2008-04-14 01:12:38 78336 ( A.... ) "C:\WINDOWS\system32\tlntsess.exe"
2008-04-14 01:12:38 77824 ( A.... ) "C:\WINDOWS\system32\tasklist.exe"
2008-04-14 01:12:38 76288 ( A.... ) "C:\WINDOWS\system32\taskkill.exe"
2008-04-14 01:12:38 75776 ( A.... ) "C:\WINDOWS\system32\telnet.exe"
2008-04-14 01:12:38 73216 ( A.... ) "C:\WINDOWS\system32\tlntsvr.exe"
2008-04-14 01:12:38 61440 ( A.... ) "C:\WINDOWS\system32\tlntadmn.exe"
2008-04-14 01:12:38 60416 ( A.... ) "C:\WINDOWS\system32\tzchange.exe"
2008-04-14 01:12:38 50176 ( A.... ) "C:\WINDOWS\system32\utilman.exe"
2008-04-14 01:12:38 28672 ( A.... ) "C:\WINDOWS\system32\verclsid.exe"
2008-04-14 01:12:38 26112 ( A.... ) "C:\WINDOWS\system32\userinit.exe"
2008-04-14 01:12:38 18432 ( A.... ) "C:\WINDOWS\system32\ups.exe"
2008-04-14 01:12:38 16896 ( A.... ) "C:\WINDOWS\system32\upnpcont.exe"
2008-04-14 01:12:38 12288 ( A.... ) "C:\WINDOWS\system32\tracert.exe"
2008-04-14 01:12:36 538624 ( A.... ) "C:\WINDOWS\system32\spider.exe"
2008-04-14 01:12:36 131584 ( A.... ) "C:\WINDOWS\system32\sndrec32.exe"
2008-04-14 01:12:36 89600 ( A.... ) "C:\WINDOWS\system32\smlogsvc.exe"
2008-04-14 01:12:36 77824 ( A.... ) "C:\WINDOWS\system32\shrpubw.exe"
2008-04-14 01:12:36 73796 ( A.... ) "C:\WINDOWS\system32\slserv.exe"
2008-04-14 01:12:36 71680 ( A.... ) "C:\WINDOWS\system32\systeminfo.exe"
2008-04-14 01:12:36 70144 ( A.... ) "C:\WINDOWS\system32\sigverif.exe"
2008-04-14 01:12:36 57856 ( A.... ) "C:\WINDOWS\system32\spoolsv.exe"
2008-04-14 01:12:36 50688 ( A.... ) "C:\WINDOWS\system32\smss.exe"
2008-04-14 01:12:36 45056 ( A.... ) "C:\WINDOWS\system32\shmgrate.exe"
2008-04-14 01:12:36 32866 ( A.... ) "C:\WINDOWS\system32\slrundll.exe"
2008-04-14 01:12:36 32866 ( ..... ) "C:\WINDOWS\slrundll.exe"
2008-04-14 01:12:36 32768 ( A.... ) "C:\WINDOWS\system32\setupn.exe"
2008-04-14 01:12:36 26112 ( A.... ) "C:\WINDOWS\system32\skeys.exe"
2008-04-14 01:12:36 24576 ( A.... ) "C:\WINDOWS\system32\sort.exe"
2008-04-14 01:12:36 20992 ( A.... ) "C:\WINDOWS\system32\spupdwxp.exe"
2008-04-14 01:12:36 19456 ( A.... ) "C:\WINDOWS\system32\shutdown.exe"
2008-04-14 01:12:36 14848 ( A.... ) "C:\WINDOWS\system32\stimon.exe"
2008-04-14 01:12:36 14336 ( A.... ) "C:\WINDOWS\system32\svchost.exe"
2008-04-14 01:12:36 8192 ( A.... ) "C:\WINDOWS\system32\smbinst.exe"
2008-04-14 01:12:36 7680 ( A.... ) "C:\WINDOWS\system32\spdwnwxp.exe"
2008-04-14 01:12:34 141312 ( A.... ) "C:\WINDOWS\system32\sessmgr.exe"
2008-04-14 01:12:34 121856 ( A.... ) "C:\WINDOWS\system32\schtasks.exe"
2008-04-14 01:12:34 108544 ( A.... ) "C:\WINDOWS\system32\services.exe"
2008-04-14 01:12:34 107520 ( A.... ) "C:\WINDOWS\system32\rsnotify.exe"
2008-04-14 01:12:34 95744 ( A.... ) "C:\WINDOWS\system32\scardsvr.exe"
2008-04-14 01:12:34 77312 ( A.... ) "C:\WINDOWS\system32\sdbinst.exe"
2008-04-14 01:12:34 77312 ( A.... ) "C:\WINDOWS\system32\rtcshare.exe"
2008-04-14 01:12:34 33280 ( A.... ) "C:\WINDOWS\system32\rundll32.exe"
2008-04-14 01:12:34 31232 ( A.... ) "C:\WINDOWS\system32\sethc.exe"
2008-04-14 01:12:34 23040 ( A.... ) "C:\WINDOWS\system32\setup.exe"
2008-04-14 01:12:34 18944 ( A.... ) "C:\WINDOWS\system32\secedit.exe"
2008-04-14 01:12:34 14848 ( A.... ) "C:\WINDOWS\system32\rsh.exe"
2008-04-14 01:12:34 14336 ( A.... ) "C:\WINDOWS\system32\runonce.exe"
2008-04-14 01:12:34 13824 ( A.... ) "C:\WINDOWS\system32\rexec.exe"
2008-04-14 01:12:34 13312 ( A.... ) "C:\WINDOWS\system32\savedump.exe"
2008-04-14 01:12:32 215552 ( A.... ) "C:\WINDOWS\system32\osk.exe"
2008-04-14 01:12:32 146432 ( A.... ) "C:\WINDOWS\regedit.exe"
2008-04-14 01:12:32 109568 ( A.... ) "C:\WINDOWS\system32\progman.exe"
2008-04-14 01:12:32 67584 ( A.... ) "C:\WINDOWS\system32\openfiles.exe"
2008-04-14 01:12:32 67072 ( A.... ) "C:\WINDOWS\system32\rdshost.exe"
2008-04-14 01:12:32 62976 ( A.... ) "C:\WINDOWS\system32\rdpclip.exe"
2008-04-14 01:12:32 58368 ( A.... ) "C:\WINDOWS\system32\packager.exe"
2008-04-14 01:12:32 56832 ( A.... ) "C:\WINDOWS\system32\rasphone.exe"
2008-04-14 01:12:32 50176 ( A.... ) "C:\WINDOWS\system32\reg.exe"
2008-04-14 01:12:32 50176 ( A.... ) "C:\WINDOWS\system32\proquota.exe"
2008-04-14 01:12:32 49152 ( A.... ) "C:\WINDOWS\system32\powercfg.exe"
2008-04-14 01:12:32 35840 ( A.... ) "C:\WINDOWS\system32\rcimlby.exe"
2008-04-14 01:12:32 21504 ( A.... ) "C:\WINDOWS\system32\rcp.exe"
2008-04-14 01:12:32 19968 ( A.... ) "C:\WINDOWS\system32\qprocess.exe"
2008-04-14 01:12:32 17920 ( A.... ) "C:\WINDOWS\system32\ping.exe"
2008-04-14 01:12:32 15872 ( A.... ) "C:\WINDOWS\system32\perfmon.exe"
2008-04-14 01:12:32 13824 ( A.... ) "C:\WINDOWS\system32\rdsaddin.exe"
2008-04-14 01:12:32 11776 ( A.... ) "C:\WINDOWS\system32\regsvr32.exe"
2008-04-14 01:12:32 9216 ( A.... ) "C:\WINDOWS\system32\proxycfg.exe"
2008-04-14 01:12:30 1200640 ( A.... ) "C:\WINDOWS\system32\ntbackup.exe"
2008-04-14 01:12:30 420864 ( A.... ) "C:\WINDOWS\system32\ntvdm.exe"
2008-04-14 01:12:30 176640 ( A.... ) "C:\WINDOWS\system32\napstat.exe"
2008-04-14 01:12:30 124928 ( A.... ) "C:\WINDOWS\system32\net1.exe"
2008-04-14 01:12:30 111104 ( A.... ) "C:\WINDOWS\system32\netdde.exe"
2008-04-14 01:12:30 86016 ( A.... ) "C:\WINDOWS\system32\netsh.exe"
2008-04-14 01:12:30 76800 ( A.... ) "C:\WINDOWS\system32\nslookup.exe"
2008-04-14 01:12:30 69632 ( A.... ) "C:\WINDOWS\system32\odbcconf.exe"
2008-04-14 01:12:30 69120 ( A.... ) "C:\WINDOWS\system32\notepad.exe"
2008-04-14 01:12:30 69120 ( A.... ) "C:\WINDOWS\notepad.exe"
2008-04-14 01:12:30 53760 ( A.... ) "C:\WINDOWS\system32\narrator.exe"
2008-04-14 01:12:30 42496 ( A.... ) "C:\WINDOWS\system32\net.exe"
2008-04-14 01:12:30 36864 ( A.... ) "C:\WINDOWS\system32\netstat.exe"
2008-04-14 01:12:30 32768 ( A.... ) "C:\WINDOWS\system32\odbcad32.exe"
2008-04-14 01:12:30 12288 ( A.... ) "C:\WINDOWS\system32\mstinit.exe"
2008-04-14 01:12:30 4096 ( A.... ) "C:\WINDOWS\system32\nddeapir.exe"
2008-04-14 01:12:28 343040 ( A.... ) "C:\WINDOWS\system32\mspaint.exe"
2008-04-14 01:12:28 123392 ( A.... ) "C:\WINDOWS\system32\mplay32.exe"
2008-04-14 01:12:28 117248 ( A.... ) "C:\WINDOWS\system32\mqtgsvc.exe"
2008-04-14 01:12:28 78848 ( A.... ) "C:\WINDOWS\system32\msiexec.exe"
2008-04-14 01:12:28 19968 ( A.... ) "C:\WINDOWS\system32\mqbkup.exe"
2008-04-14 01:12:28 6144 ( A.... ) "C:\WINDOWS\system32\msdtc.exe"
2008-04-14 01:12:28 4608 ( A.... ) "C:\WINDOWS\system32\mqsvc.exe"
2008-04-14 01:12:26 1414656 ( A.... ) "C:\WINDOWS\system32\mmc.exe"
2008-04-14 01:12:26 143360 ( A.... ) "C:\WINDOWS\system32\mobsync.exe"
2008-04-14 01:12:26 57344 ( A.... ) "C:\WINDOWS\system32\makecab.exe"
2008-04-14 01:12:26 33792 ( A.... ) "C:\WINDOWS\system32\mmcperf.exe"
2008-04-14 01:12:26 32768 ( A.... ) "C:\WINDOWS\system32\mnmsrvc.exe"
2008-04-14 01:12:24 677888 ( A.... ) "C:\WINDOWS\system32\mstsc.exe"
2008-04-14 01:12:24 514560 ( A.... ) "C:\WINDOWS\system32\logonui.exe"
2008-04-14 01:12:24 75264 ( A.... ) "C:\WINDOWS\system32\locator.exe"
2008-04-14 01:12:24 72704 ( A.... ) "C:\WINDOWS\system32\magnify.exe"
2008-04-14 01:12:24 59392 ( A.... ) "C:\WINDOWS\system32\logman.exe"
2008-04-14 01:12:24 53248 ( A.... ) "C:\WINDOWS\system32\ipv6.exe"
2008-04-14 01:12:24 23552 ( A.... ) "C:\WINDOWS\system32\ipxroute.exe"
2008-04-14 01:12:24 13312 ( A.... ) "C:\WINDOWS\system32\lsass.exe"
2008-04-14 01:12:22 150528 ( A.... ) "C:\WINDOWS\system32\imapi.exe"
2008-04-14 01:12:22 120832 ( A.... ) "C:\WINDOWS\system32\gpresult.exe"
2008-04-14 01:12:22 114688 ( A.... ) "C:\WINDOWS\system32\iexpress.exe"
2008-04-14 01:12:22 59904 ( A.... ) "C:\WINDOWS\system32\getmac.exe"
2008-04-14 01:12:22 55808 ( A.... ) "C:\WINDOWS\system32\ipconfig.exe"
2008-04-14 01:12:22 39424 ( A.... ) "C:\WINDOWS\system32\grpconv.exe"
2008-04-14 01:12:22 15872 ( A.... ) "C:\WINDOWS\system32\help.exe"
2008-04-14 01:12:22 10752 ( A.... ) "C:\WINDOWS\hh.exe"
2008-04-14 01:12:20 1033728 ( A.... ) "C:\WINDOWS\explorer.exe"
2008-04-14 01:12:20 193024 ( A.... ) "C:\WINDOWS\system32\fsquirt.exe"
2008-04-14 01:12:20 193024 ( A.... ) "C:\WINDOWS\system32\eudcedit.exe"
2008-04-14 01:12:20 82944 ( A.... ) "C:\WINDOWS\system32\eventtriggers.exe"
2008-04-14 01:12:20 50688 ( A.... ) "C:\WINDOWS\system32\eventcreate.exe"
2008-04-14 01:12:20 42496 ( A.... ) "C:\WINDOWS\system32\ftp.exe"
2008-04-14 01:12:20 27136 ( A.... ) "C:\WINDOWS\system32\findstr.exe"
2008-04-14 01:12:20 24064 ( A.... ) "C:\WINDOWS\system32\extrac32.exe"
2008-04-14 01:12:20 23040 ( A.... ) "C:\WINDOWS\system32\fltmc.exe"
2008-04-14 01:12:20 20992 ( A.... ) "C:\WINDOWS\system32\fontview.exe"
2008-04-14 01:12:20 20992 ( A.... ) "C:\WINDOWS\system32\faxpatch.exe"
2008-04-14 01:12:20 7680 ( A.... ) "C:\WINDOWS\system32\forcedos.exe"
2008-04-14 01:12:18 1298432 ( A.... ) "C:\WINDOWS\system32\dxdiag.exe"
2008-04-14 01:12:18 224768 ( A.... ) "C:\WINDOWS\system32\dmadmin.exe"
2008-04-14 01:12:18 180224 ( A.... ) "C:\WINDOWS\system32\dwwin.exe"
2008-04-14 01:12:18 163840 ( A.... ) "C:\WINDOWS\system32\diskpart.exe"
2008-04-14 01:12:18 87040 ( A.... ) "C:\WINDOWS\system32\diantz.exe"
2008-04-14 01:12:18 83456 ( A.... ) "C:\WINDOWS\system32\dpvsetup.exe"
2008-04-14 01:12:18 62976 ( A.... ) "C:\WINDOWS\system32\driverquery.exe"
2008-04-14 01:12:18 29696 ( A.... ) "C:\WINDOWS\system32\dplaysvr.exe"
2008-04-14 01:12:18 17920 ( A.... ) "C:\WINDOWS\system32\dvdupgrd.exe"
2008-04-14 01:12:18 17920 ( A.... ) "C:\WINDOWS\system32\dpnsvr.exe"
2008-04-14 01:12:18 15872 ( A.... ) "C:\WINDOWS\system32\dmremote.exe"
2008-04-14 01:12:18 10752 ( A.... ) "C:\WINDOWS\system32\dumprep.exe"
2008-04-14 01:12:18 5120 ( A.... ) "C:\WINDOWS\system32\dllhost.exe"
2008-04-14 01:12:16 139264 ( A.... ) "C:\WINDOWS\system32\cscript.exe"
2008-04-14 01:12:16 105472 ( A.... ) "C:\WINDOWS\system32\dfrgntfs.exe"
2008-04-14 01:12:16 82944 ( A.... ) "C:\WINDOWS\system32\dfrgfat.exe"
2008-04-14 01:12:16 63488 ( A.... ) "C:\WINDOWS\system32\cmstp.exe"
2008-04-14 01:12:16 39936 ( A.... ) "C:\WINDOWS\system32\cmmon32.exe"
2008-04-14 01:12:16 30208 ( A.... ) "C:\WINDOWS\system32\ddeshare.exe"
2008-04-14 01:12:16 27648 ( A.... ) "C:\WINDOWS\system32\conime.exe"
2008-04-14 01:12:16 25088 ( A.... ) "C:\WINDOWS\system32\defrag.exe"
2008-04-14 01:12:16 15360 ( A.... ) "C:\WINDOWS\system32\ctfmon.exe"
2008-04-14 01:12:16 6144 ( A.... ) "C:\WINDOWS\system32\dcomcnfg.exe"
2008-04-14 01:12:16 6144 ( A.... ) "C:\WINDOWS\system32\csrss.exe"
2008-04-14 01:12:14 580608 ( A.... ) "C:\WINDOWS\system32\autofmt.exe"
2008-04-14 01:12:14 389120 ( A.... ) "C:\WINDOWS\system32\cmd.exe"
2008-04-14 01:12:14 142848 ( A.... ) "C:\WINDOWS\system32\bootcfg.exe"
2008-04-14 01:12:14 102912 ( A.... ) "C:\WINDOWS\system32\clipbrd.exe"
2008-04-14 01:12:14 71680 ( A.... ) "C:\WINDOWS\system32\blastcln.exe"
2008-04-14 01:12:14 64000 ( A.... ) "C:\WINDOWS\system32\cleanmgr.exe"
2008-04-14 01:12:14 56832 ( A.... ) "C:\WINDOWS\system32\cipher.exe"
2008-04-14 01:12:14 33280 ( A.... ) "C:\WINDOWS\system32\clipsrv.exe"
2008-04-14 01:12:14 25600 ( A.... ) "C:\WINDOWS\system32\cmdl32.exe"
2008-04-14 01:12:14 20480 ( A.... ) "C:\WINDOWS\system32\cliconfg.exe"
2008-04-14 01:12:14 19968 ( A.... ) "C:\WINDOWS\system32\cacls.exe"
2008-04-14 01:12:14 11264 ( A.... ) "C:\WINDOWS\system32\autolfn.exe"
2008-04-14 01:12:14 5632 ( A.... ) "C:\WINDOWS\system32\cisvc.exe"
2008-04-14 01:12:12 602624 ( A.... ) "C:\WINDOWS\system32\autoconv.exe"
2008-04-14 01:12:12 588800 ( A.... ) "C:\WINDOWS\system32\autochk.exe"
2008-04-14 01:12:12 483840 ( A.... ) "C:\WINDOWS\system32\wzcsvc.dll"
2008-04-14 01:12:12 383488 ( A.... ) "C:\WINDOWS\system32\wzcdlg.dll"
2008-04-14 01:12:12 338432 ( A.... ) "C:\WINDOWS\system32\zipfldr.dll"
2008-04-14 01:12:12 184320 ( A.... ) "C:\WINDOWS\system32\accwiz.exe"
2008-04-14 01:12:12 183296 ( A.... ) "C:\WINDOWS\system32\wuaueng1.dll"
2008-04-14 01:12:12 129024 ( A.... ) "C:\WINDOWS\system32\xmlprov.dll"
2008-04-14 01:12:12 121856 ( A.... ) "C:\WINDOWS\system32\xmllite.dll"
2008-04-14 01:12:12 98304 ( A.... ) "C:\WINDOWS\system32\ahui.exe"
2008-04-14 01:12:12 91648 ( A.... ) "C:\WINDOWS\system32\xactsrv.dll"
2008-04-14 01:12:12 52736 ( A.... ) "C:\WINDOWS\system32\wzcsapi.dll"
2008-04-14 01:12:12 50176 ( A.... ) "C:\WINDOWS\system32\xmlprovi.dll"
2008-04-14 01:12:12 44544 ( A.... ) "C:\WINDOWS\system32\alg.exe"
2008-04-14 01:12:12 32768 ( A.... ) "C:\WINDOWS\system32\asr_pfu.exe"
2008-04-14 01:12:12 30208 ( A.... ) "C:\WINDOWS\system32\asr_fmt.exe"
2008-04-14 01:12:12 25088 ( A.... ) "C:\WINDOWS\system32\at.exe"
2008-04-14 01:12:12 14336 ( A.... ) "C:\WINDOWS\system32\auditusr.exe"
2008-04-14 01:12:12 12288 ( A.... ) "C:\WINDOWS\system32\attrib.exe"
2008-04-14 01:12:12 11776 ( A.... ) "C:\WINDOWS\system32\xolehlp.dll"
2008-04-14 01:12:12 11264 ( A.... ) "C:\WINDOWS\system32\atmadm.exe"
2008-04-14 01:12:12 6656 ( A.... ) "C:\WINDOWS\system32\wuauserv.dll"
2008-04-14 01:12:12 4096 ( A.... ) "C:\WINDOWS\system32\actmovie.exe"
2008-04-14 01:12:10 604160 ( A.... ) "C:\WINDOWS\system32\wsecedit.dll"
2008-04-14 01:12:10 303616 ( A.... ) "C:\WINDOWS\system32\wmstream.dll"
2008-04-14 01:12:10 293376 ( A.... ) "C:\WINDOWS\system32\winsrv.dll"
2008-04-14 01:12:10 276992 ( A.... ) "C:\WINDOWS\system32\wmphoto.dll"
2008-04-14 01:12:10 264192 ( A.... ) "C:\WINDOWS\system32\wow32.dll"
2008-04-14 01:12:10 176640 ( A.... ) "C:\WINDOWS\system32\wintrust.dll"
2008-04-14 01:12:10 176128 ( A.... ) "C:\WINDOWS\system32\winmm.dll"
2008-04-14 01:12:10 172032 ( A.... ) "C:\WINDOWS\system32\wldap32.dll"
2008-04-14 01:12:10 132096 ( A.... ) "C:\WINDOWS\system32\wkssvc.dll"
2008-04-14 01:12:10 115200 ( A.... ) "C:\WINDOWS\system32\wmsdmoe.dll"
2008-04-14 01:12:10 108032 ( A.... ) "C:\WINDOWS\system32\wshbth.dll"
2008-04-14 01:12:10 99328 ( A.... ) "C:\WINDOWS\system32\winscard.dll"
2008-04-14 01:12:10 92672 ( A.... ) "C:\WINDOWS\system32\wlnotify.dll"
2008-04-14 01:12:10 90112 ( A.... ) "C:\WINDOWS\system32\wshext.dll"
2008-04-14 01:12:10 82432 ( A.... ) "C:\WINDOWS\system32\ws2_32.dll"
2008-04-14 01:12:10 80896 ( A.... ) "C:\WINDOWS\system32\wscsvc.dll"
2008-04-14 01:12:10 69120 ( A.... ) "C:\WINDOWS\system32\wlanapi.dll"
2008-04-14 01:12:10 53760 ( A.... ) "C:\WINDOWS\system32\winsta.dll"
2008-04-14 01:12:10 50688 ( A.... ) "C:\WINDOWS\system32\wstdecod.dll"
2008-04-14 01:12:10 41984 ( A.... ) "C:\WINDOWS\system32\wsnmp32.dll"
2008-04-14 01:12:10 36864 ( A.... ) "C:\WINDOWS\system32\wshcon.dll"
2008-04-14 01:12:10 32256 ( A.... ) "C:\WINDOWS\system32\winipsec.dll"
2008-04-14 01:12:10 22528 ( A.... ) "C:\WINDOWS\system32\wsock32.dll"
2008-04-14 01:12:10 20480 ( A.... ) "C:\WINDOWS\system32\wmpui.dll"
2008-04-14 01:12:10 20480 ( A.... ) "C:\WINDOWS\system32\wmpcore.dll"
2008-04-14 01:12:10 20480 ( A.... ) "C:\WINDOWS\system32\wmpcd.dll"
2008-04-14 01:12:10 19968 ( A.... ) "C:\WINDOWS\system32\ws2help.dll"
2008-04-14 01:12:10 19456 ( A.... ) "C:\WINDOWS\system32\wshtcpip.dll"
2008-04-14 01:12:10 18432 ( A.... ) "C:\WINDOWS\system32\wtsapi32.dll"
2008-04-14 01:12:10 17408 ( A.... ) "C:\WINDOWS\system32\winshfhc.dll"
2008-04-14 01:12:10 16896 ( A.... ) "C:\WINDOWS\system32\winrnr.dll"
2008-04-14 01:12:10 14336 ( A.... ) "C:\WINDOWS\system32\wship6.dll"
2008-04-14 01:12:10 11264 ( A.... ) "C:\WINDOWS\system32\wshrm.dll"
2008-04-14 01:12:08 990208 ( A.... ) "C:\WINDOWS\system32\syssetup.dll"
2008-04-14 01:12:08 858624 ( A.... ) "C:\WINDOWS\system32\tapi3.dll"
2008-04-14 01:12:08 727040 ( A.... ) "C:\WINDOWS\system32\userenv.dll"
2008-04-14 01:12:08 713216 ( A.... ) "C:\WINDOWS\system32\sxs.dll"
2008-04-14 01:12:08 712704 ( A.... ) "C:\WINDOWS\system32\windowscodecs.dll"
2008-04-14 01:12:08 589312 ( A.... ) "C:\WINDOWS\system32\wiashext.dll"
2008-04-14 01:12:08 578560 ( A.... ) "C:\WINDOWS\system32\user32.dll"
2008-04-14 01:12:08 463360 ( A.... ) "C:\WINDOWS\system32\wiadefui.dll"
2008-04-14 01:12:08 434176 ( A.... ) "C:\WINDOWS\system32\vbscript.dll"
2008-04-14 01:12:08 430592 ( A.... ) "C:\WINDOWS\system32\vssapi.dll"
2008-04-14 01:12:08 406016 ( A.... ) "C:\WINDOWS\system32\usp10.dll"
2008-04-14 01:12:08 385536 ( A.... ) "C:\WINDOWS\system32\themeui.dll"
2008-04-14 01:12:08 358400 ( A.... ) "C:\WINDOWS\system32\termmgr.dll"
2008-04-14 01:12:08 354304 ( A.... ) "C:\WINDOWS\system32\winhttp.dll"
2008-04-14 01:12:08 346112 ( A.... ) "C:\WINDOWS\system32\windowscodecsext.dll"
2008-04-14 01:12:08 333824 ( A.... ) "C:\WINDOWS\system32\wiaservc.dll"
2008-04-14 01:12:08 316416 ( A.... ) "C:\WINDOWS\system32\untfs.dll"
2008-04-14 01:12:08 295424 ( A.... ) "C:\WINDOWS\system32\termsrv.dll"
2008-04-14 01:12:08 275456 ( A.... ) "C:\WINDOWS\system32\ulib.dll"
2008-04-14 01:12:08 249856 ( A.... ) "C:\WINDOWS\system32\tapisrv.dll"
2008-04-14 01:12:08 246814 ( A.... ) "C:\WINDOWS\system32\strmdll.dll"
2008-04-14 01:12:08 239616 ( A.... ) "C:\WINDOWS\system32\upnpui.dll"
2008-04-14 01:12:08 239104 ( A.... ) "C:\WINDOWS\system32\srrstr.dll"
2008-04-14 01:12:08 218624 ( A.... ) "C:\WINDOWS\system32\uxtheme.dll"
2008-04-14 01:12:08 215552 ( A.... ) "C:\WINDOWS\system32\wavemsp.dll"
2008-04-14 01:12:08 191488 ( A.... ) "C:\WINDOWS\system32\syncui.dll"
2008-04-14 01:12:08 185856 ( A.... ) "C:\WINDOWS\system32\upnphost.dll"
2008-04-14 01:12:08 181760 ( A.... ) "C:\WINDOWS\system32\tapi32.dll"
2008-04-14 01:12:08 175104 ( A.... ) "C:\WINDOWS\system32\w32time.dll"
2008-04-14 01:12:08 171008 ( A.... ) "C:\WINDOWS\system32\srsvc.dll"
2008-04-14 01:12:08 136704 ( A.... ) "C:\WINDOWS\system32\sti_ci.dll"
2008-04-14 01:12:08 135680 ( A.... ) "C:\WINDOWS\system32\webvw.dll"
2008-04-14 01:12:08 133632 ( A.... ) "C:\WINDOWS\system32\upnp.dll"
2008-04-14 01:12:08 124416 ( A.... ) "C:\WINDOWS\system32\wiadss.dll"
2008-04-14 01:12:08 123392 ( A.... ) "C:\WINDOWS\system32\umpnpmgr.dll"
2008-04-14 01:12:08 121856 ( A.... ) "C:\WINDOWS\system32\stobject.dll"
2008-04-14 01:12:08 117760 ( A.... ) "C:\WINDOWS\system32\t2embed.dll"
2008-04-14 01:12:08 111104 ( A.... ) "C:\WINDOWS\system32\wiavideo.dll"
2008-04-14 01:12:08 102400 ( A.... ) "C:\WINDOWS\system32\win32spl.dll"
2008-04-14 01:12:08 101376 ( A.... ) "C:\WINDOWS\system32\txflog.dll"
2008-04-14 01:12:08 96768 ( A.... ) "C:\WINDOWS\system32\srvsvc.dll"
2008-04-14 01:12:08 93696 ( A.... ) "C:\WINDOWS\system32\tscfgwmi.dll"
2008-04-14 01:12:08 90112 ( A.... ) "C:\WINDOWS\system32\trkwks.dll"
2008-04-14 01:12:08 75776 ( A.... ) "C:\WINDOWS\system32\wiascr.dll"
2008-04-14 01:12:08 75776 ( A.... ) "C:\WINDOWS\system32\strmfilt.dll"
2008-04-14 01:12:08 74752 ( A.... ) "C:\WINDOWS\system32\storprop.dll"
2008-04-14 01:12:08 74240 ( A.... ) "C:\WINDOWS\system32\usbui.dll"
2008-04-14 01:12:08 74240 ( A.... ) "C:\WINDOWS\system32\unimdmat.dll"
2008-04-14 01:12:08 71680 ( A.... ) "C:\WINDOWS\system32\ssdpsrv.dll"
2008-04-14 01:12:08 68096 ( A.... ) "C:\WINDOWS\system32\webclnt.dll"
2008-04-14 01:12:08 68096 ( A.... ) "C:\WINDOWS\system32\sti.dll"
2008-04-14 01:12:08 67584 ( A.... ) "C:\WINDOWS\system32\srclient.dll"
2008-04-14 01:12:08 59392 ( A.... ) "C:\WINDOWS\system32\stclient.dll"
2008-04-14 01:12:08 57856 ( A.... ) "C:\WINDOWS\system32\twext.dll"
2008-04-14 01:12:08 57856 ( A.... ) "C:\WINDOWS\system32\synceng.dll"
2008-04-14 01:12:08 53248 ( A.... ) "C:\WINDOWS\system32\tsgqec.dll"
2008-04-14 01:12:08 51712 ( A.... ) "C:\WINDOWS\system32\vdmredir.dll"
2008-04-14 01:12:08 50688 ( A.... ) "C:\WINDOWS\twain_32.dll"
2008-04-14 01:12:08 50688 ( A.... ) "C:\WINDOWS\system32\tspkg.dll"
2008-04-14 01:12:08 49152 ( A.... ) "C:\WINDOWS\system32\wdigest.dll"
2008-04-14 01:12:08 45568 ( A.... ) "C:\WINDOWS\system32\tcpmonui.dll"
2008-04-14 01:12:08 45568 ( A.... ) "C:\WINDOWS\system32\tcpmon.dll"
2008-04-14 01:12:08 35840 ( A.... ) "C:\WINDOWS\system32\umandlg.dll"
2008-04-14 01:12:08 34816 ( A.... ) "C:\WINDOWS\system32\ssdpapi.dll"
2008-04-14 01:12:08 30749 ( A.... ) "C:\WINDOWS\system32\vbajet32.dll"
2008-04-14 01:12:08 26624 ( A.... ) "C:\WINDOWS\system32\verifier.dll"
2008-04-14 01:12:08 26624 ( A.... ) "C:\WINDOWS\system32\udhisapi.dll"
2008-04-14 01:12:08 26112 ( A.... ) "C:\WINDOWS\system32\vdmdbg.dll"
2008-04-14 01:12:08 18944 ( A.... ) "C:\WINDOWS\system32\version.dll"
2008-04-14 01:12:08 16896 ( A.... ) "C:\WINDOWS\system32\usbmon.dll"
2008-04-14 01:12:08 15872 ( A.... ) "C:\WINDOWS\system32\w3ssl.dll"
2008-04-14 01:12:08 14848 ( A.... ) "C:\WINDOWS\system32\tcpmib.dll"
2008-04-14 01:12:08 13824 ( A.... ) "C:\WINDOWS\system32\uniplat.dll"
2008-04-14 01:12:08 8192 ( A.... ) "C:\WINDOWS\system32\staxmem.dll"
2008-04-14 01:12:08 7168 ( A.... ) "C:\WINDOWS\system32\tlntsvrp.dll"
2008-04-14 01:12:06 8461312 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2008-04-14 01:12:06 1614848 ( A.... ) "C:\WINDOWS\system32\sfcfiles.dll"
2008-04-14 01:12:06 1499136 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"
2008-04-14 01:12:06 474112 ( A.... ) "C:\WINDOWS\system32\shlwapi.dll"
2008-04-14 01:12:06 442368 ( A.... ) "C:\WINDOWS\system32\sqlsrv32.dll"
2008-04-14 01:12:06 438272 ( A.... ) "C:\WINDOWS\system32\shimgvw.dll"
2008-04-14 01:12:06 362496 ( A.... ) "C:\WINDOWS\system32\smlogcfg.dll"
2008-04-14 01:12:06 314880 ( A.... ) "C:\WINDOWS\system32\scesrv.dll"
2008-04-14 01:12:06 286792 ( A.... ) "C:\WINDOWS\system32\slextspk.dll"
2008-04-14 01:12:06 192512 ( A.... ) "C:\WINDOWS\system32\schedsvc.dll"
2008-04-14 01:12:06 188508 ( A.... ) "C:\WINDOWS\system32\slgen.dll"
2008-04-14 01:12:06 182272 ( A.... ) "C:\WINDOWS\system32\snmpsnap.dll"
2008-04-14 01:12:06 181248 ( A.... ) "C:\WINDOWS\system32\scecli.dll"
2008-04-14 01:12:06 180800 ( A.... ) "C:\WINDOWS\system32\sqlunirl.dll"
2008-04-14 01:12:06 180224 ( A.... ) "C:\WINDOWS\system32\scrobj.dll"
2008-04-14 01:12:06 172032 ( A.... ) "C:\WINDOWS\system32\scrrun.dll"
2008-04-14 01:12:06 171008 ( A.... ) "C:\WINDOWS\system32\sccsccp.dll"
2008-04-14 01:12:06 152064 ( A.... ) "C:\WINDOWS\system32\shmedia.dll"
2008-04-14 01:12:06 144384 ( A.... ) "C:\WINDOWS\system32\schannel.dll"
2008-04-14 01:12:06 140288 ( A.... ) "C:\WINDOWS\system32\sfc_os.dll"
2008-04-14 01:12:06 135168 ( A.... ) "C:\WINDOWS\system32\shsvcs.dll"
2008-04-14 01:12:06 98304 ( A.... ) "C:\WINDOWS\system32\slbiop.dll"
2008-04-14 01:12:06 75264 ( A.... ) "C:\WINDOWS\system32\spoolss.dll"
2008-04-14 01:12:06 73832 ( A.... ) "C:\WINDOWS\system32\slcoinst.dll"
2008-04-14 01:12:06 68096 ( A.... ) "C:\WINDOWS\system32\shgina.dll"
2008-04-14 01:12:06 65024 ( A.... ) "C:\WINDOWS\system32\shimeng.dll"
2008-04-14 01:12:06 56320 ( A.... ) "C:\WINDOWS\system32\servdeps.dll"
2008-04-14 01:12:06 56320 ( A.... ) "C:\WINDOWS\system32\secur32.dll"
2008-04-14 01:12:06 54784 ( A.... ) "C:\WINDOWS\system32\sendmail.dll"
2008-04-14 01:12:06 39424 ( A.... ) "C:\WINDOWS\system32\sens.dll"
2008-04-14 01:12:06 29184 ( A.... ) "C:\WINDOWS\system32\sendcmsg.dll"
2008-04-14 01:12:06 29184 ( A.... ) "C:\WINDOWS\system32\sdhcinst.dll"
2008-04-14 01:12:06 27648 ( A.... ) "C:\WINDOWS\system32\shscrap.dll"
2008-04-14 01:12:06 25088 ( A.... ) "C:\WINDOWS\system32\slayerxp.dll"
2008-04-14 01:12:06 25088 ( A.... ) "C:\WINDOWS\system32\shfolder.dll"
2008-04-14 01:12:06 20480 ( A.... ) "C:\WINDOWS\system32\sclgntfy.dll"
2008-04-14 01:12:06 18944 ( A.... ) "C:\WINDOWS\system32\snmpapi.dll"
2008-04-14 01:12:06 18944 ( A.... ) "C:\WINDOWS\system32\seclogon.dll"
2008-04-14 01:12:06 13312 ( A.... ) "C:\WINDOWS\system32\sigtab.dll"
2008-04-14 01:12:06 10752 ( A.... ) "C:\WINDOWS\system32\smtpapi.dll"
2008-04-14 01:12:06 7168 ( A.... ) "C:\WINDOWS\system32\sensapi.dll"
2008-04-14 01:12:06 5632 ( A.... ) "C:\WINDOWS\system32\security.dll"
2008-04-14 01:12:06 5120 ( A.... ) "C:\WINDOWS\system32\sfc.dll"
2008-04-14 01:12:04 1435648 ( A.... ) "C:\WINDOWS\system32\query.dll"
2008-04-14 01:12:04 658432 ( A.... ) "C:\WINDOWS\system32\rasdlg.dll"
2008-04-14 01:12:04 584704 ( A.... ) "C:\WINDOWS\system32\rpcrt4.dll"
2008-04-14 01:12:04 562176 ( A.... ) "C:\WINDOWS\system32\qedit.dll"
2008-04-14 01:12:04 560640 ( A.... ) "C:\WINDOWS\system32\printui.dll"
2008-04-14 01:12:04 433664 ( A.... ) "C:\WINDOWS\system32\riched20.dll"
2008-04-14 01:12:04 415744 ( A.... ) "C:\WINDOWS\system32\samsrv.dll"
2008-04-14 01:12:04 409088 ( A.... ) "C:\WINDOWS\system32\qmgr.dll"
2008-04-14 01:12:04 399360 ( A.... ) "C:\WINDOWS\system32\rpcss.dll"
2008-04-14 01:12:04 397824 ( A.... ) "C:\WINDOWS\system32\regwizc.dll"
2008-04-14 01:12:04 397056 ( A.... ) "C:\WINDOWS\system32\s3gnb.dll"
2008-04-14 01:12:04 386048 ( A.... ) "C:\WINDOWS\system32\qdvd.dll"
2008-04-14 01:12:04 291328 ( A.... ) "C:\WINDOWS\system32\qagentrt.dll"
2008-04-14 01:12:04 290304 ( A.... ) "C:\WINDOWS\system32\rhttpaa.dll"
2008-04-14 01:12:04 279040 ( A.... ) "C:\WINDOWS\system32\qdv.dll"
2008-04-14 01:12:04 270848 ( A.... ) "C:\WINDOWS\system32\sbe.dll"
2008-04-14 01:12:04 237056 ( A.... ) "C:\WINDOWS\system32\rasapi32.dll"
2008-04-14 01:12:04 210944 ( A.... ) "C:\WINDOWS\system32\rasppp.dll"
2008-04-14 01:12:04 192512 ( A.... ) "C:\WINDOWS\system32\qcap.dll"
2008-04-14 01:12:04 186368 ( A.... ) "C:\WINDOWS\system32\rasmans.dll"
2008-04-14 01:12:04 159232 ( A.... ) "C:\WINDOWS\system32\sbeio.dll"
2008-04-14 01:12:04 150528 ( A.... ) "C:\WINDOWS\system32\qagent.dll"
2008-04-14 01:12:04 150016 ( A.... ) "C:\WINDOWS\system32\rastls.dll"
2008-04-14 01:12:04 147968 ( A.... ) "C:\WINDOWS\system32\rdchost.dll"
2008-04-14 01:12:04 102400 ( A.... ) "C:\WINDOWS\system32\rcbdyctl.dll"
2008-04-14 01:12:04 96768 ( A.... ) "C:\WINDOWS\system32\psbase.dll"
2008-04-14 01:12:04 92672 ( A.... ) "C:\WINDOWS\system32\rsvpsp.dll"
2008-04-14 01:12:04 88576 ( A.... ) "C:\WINDOWS\system32\rasauto.dll"
2008-04-14 01:12:04 79872 ( A.... ) "C:\WINDOWS\system32\raschap.dll"
2008-04-14 01:12:04 76800 ( A.... ) "C:\WINDOWS\system32\qutil.dll"
2008-04-14 01:12:04 69632 ( A.... ) "C:\WINDOWS\system32\scarddlg.dll"
2008-04-14 01:12:04 64000 ( A.... ) "C:\WINDOWS\system32\samlib.dll"
2008-04-14 01:12:04 62464 ( A.... ) "C:\WINDOWS\system32\qcliprov.dll"
2008-04-14 01:12:04 61952 ( A.... ) "C:\WINDOWS\system32\rasqec.dll"
2008-04-14 01:12:04 61440 ( A.... ) "C:\WINDOWS\system32\rasman.dll"
2008-04-14 01:12:04 60416 ( A.... ) "C:\WINDOWS\system32\remotepg.dll"
2008-04-14 01:12:04 59904 ( A.... ) "C:\WINDOWS\system32\regsvc.dll"
2008-04-14 01:12:04 58880 ( A.... ) "C:\WINDOWS\system32\resutils.dll"
2008-04-14 01:12:04 58368 ( A.... ) "C:\WINDOWS\system32\rastapi.dll"
2008-04-14 01:12:04 49664 ( A.... ) "C:\WINDOWS\system32\regapi.dll"
2008-04-14 01:12:04 45568 ( A.... ) "C:\WINDOWS\system32\safrslv.dll"
2008-04-14 01:12:04 44032 ( A.... ) "C:\WINDOWS\system32\rtutils.dll"
2008-04-14 01:12:04 43520 ( A.... ) "C:\WINDOWS\system32\safrcdlg.dll"
2008-04-14 01:12:04 43520 ( A.... ) "C:\WINDOWS\system32\racpldlg.dll"
2008-04-14 01:12:04 43520 ( A.... ) "C:\WINDOWS\system32\pstorec.dll"
2008-04-14 01:12:04 39936 ( A.... ) "C:\WINDOWS\system32\rshx32.dll"
2008-04-14 01:12:04 34304 ( A.... ) "C:\WINDOWS\system32\pstorsvc.dll"
2008-04-14 01:12:04 31744 ( A.... ) "C:\WINDOWS\system32\rtipxmib.dll"
2008-04-14 01:12:04 29696 ( A.... ) "C:\WINDOWS\system32\safrdm.dll"
2008-04-14 01:12:04 27648 ( A.... ) "C:\WINDOWS\system32\profmap.dll"
2008-04-14 01:12:04 23040 ( A.... ) "C:\WINDOWS\system32\psapi.dll"
2008-04-14 01:12:04 19968 ( A.... ) "C:\WINDOWS\system32\rdpsnd.dll"
2008-04-14 01:12:04 18944 ( A.... ) "C:\WINDOWS\system32\rsmps.dll"
2008-04-14 01:12:04 18944 ( A.... ) "C:\WINDOWS\system32\qmgrprxy.dll"
2008-04-14 01:12:04 17408 ( A.... ) "C:\WINDOWS\system32\powrprof.dll"
2008-04-14 01:12:04 16384 ( A.... ) "C:\WINDOWS\system32\rassapi.dll"
2008-04-14 01:12:04 9728 ( A.... ) "C:\WINDOWS\system32\rwnh.dll"
2008-04-14 01:12:04 7680 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll"
2008-04-14 01:12:02 4274816 ( A.... ) "C:\WINDOWS\system32\nv4_disp.dll"
2008-04-14 01:12:02 1737856 ( A.... ) "C:\WINDOWS\system32\mtxparhd.dll"
2008-04-14 01:12:02 1703936 ( A.... ) "C:\WINDOWS\system32\netshell.dll"
2008-04-14 01:12:02 1428992 ( A.... ) "C:\WINDOWS\system32\msvidctl.dll"
2008-04-14 01:12:02 1306624 ( A.... ) "C:\WINDOWS\system32\msxml6.dll"
2008-04-14 01:12:02 1287168 ( A.... ) "C:\WINDOWS\system32\ole32.dll"
2008-04-14 01:12:02 1104896 ( A.... ) "C:\WINDOWS\system32\msxml3.dll"
2008-04-14 01:12:02 875008 ( A.... ) "C:\WINDOWS\system32\netplwiz.dll"
2008-04-14 01:12:02 713728 ( A.... ) "C:\WINDOWS\system32\opengl32.dll"
2008-04-14 01:12:02 701440 ( A.... ) "C:\WINDOWS\system32\msxml2.dll"
2008-04-14 01:12:02 622592 ( A.... ) "C:\WINDOWS\system32\netcfgx.dll"
2008-04-14 01:12:02 554496 ( A.... ) "C:\WINDOWS\system32\p2psvc.dll"
2008-04-14 01:12:02 551936 ( A.... ) "C:\WINDOWS\system32\oleaut32.dll"
2008-04-14 01:12:02 506368 ( A.... ) "C:\WINDOWS\system32\msxml.dll"
2008-04-14 01:12:02 488448 ( A.... ) "C:\WINDOWS\system32\ntmsmgr.dll"
2008-04-14 01:12:02 435200 ( A.... ) "C:\WINDOWS\system32\ntmssvc.dll"
2008-04-14 01:12:02 413696 ( A.... ) "C:\WINDOWS\system32\msvcp60.dll"
2008-04-14 01:12:02 412160 ( A.... ) "C:\WINDOWS\system32\photometadatahandler.dll"
2008-04-14 01:12:02 407040 ( A.... ) "C:\WINDOWS\system32\netlogon.dll"
2008-04-14 01:12:02 343040 ( A.... ) "C:\WINDOWS\system32\msvcrt.dll"
2008-04-14 01:12:02 337408 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2008-04-14 01:12:02 313856 ( A.... ) "C:\WINDOWS\system32\p2pgraph.dll"
2008-04-14 01:12:02 286208 ( A.... ) "C:\WINDOWS\system32\objsel.dll"
2008-04-14 01:12:02 284160 ( A.... ) "C:\WINDOWS\system32\pdh.dll"
2008-04-14 01:12:02 278559 ( A.... ) "C:\WINDOWS\system32\odbcjt32.dll"
2008-04-14 01:12:02 270336 ( A.... ) "C:\WINDOWS\system32\oakley.dll"
2008-04-14 01:12:02 249856 ( A.... ) "C:\WINDOWS\system32\odbc32.dll"
2008-04-14 01:12:02 247808 ( A.... ) "C:\WINDOWS\system32\newdev.dll"
2008-04-14 01:12:02 245760 ( A.... ) "C:\WINDOWS\system32\netui1.dll"
2008-04-14 01:12:02 245248 ( A.... ) "C:\WINDOWS\system32\mswsock.dll"
2008-04-14 01:12:02 203776 ( A.... ) "C:\WINDOWS\system32\mswebdvd.dll"
2008-04-14 01:12:02 198144 ( A.... ) "C:\WINDOWS\system32\netman.dll"
2008-04-14 01:12:02 193024 ( A.... ) "C:\WINDOWS\system32\napmontr.dll"
2008-04-14 01:12:02 192000 ( A.... ) "C:\WINDOWS\system32\offfilt.dll"
2008-04-14 01:12:02 179200 ( A.... ) "C:\WINDOWS\system32\ntmsdba.dll"
2008-04-14 01:12:02 176128 ( A.... ) "C:\WINDOWS\system32\photowiz.dll"
2008-04-14 01:12:02 153600 ( A.... ) "C:\WINDOWS\system32\p2p.dll"
2008-04-14 01:12:02 147456 ( A.... ) "C:\WINDOWS\system32\odbctrac.dll"
2008-04-14 01:12:02 144384 ( A.... ) "C:\WINDOWS\system32\onex.dll"
2008-04-14 01:12:02 143360 ( A.... ) "C:\WINDOWS\system32\ntshrui.dll"
2008-04-14 01:12:02 142336 ( A.... ) "C:\WINDOWS\system32\nwprovau.dll"
2008-04-14 01:12:02 139264 ( A.... ) "C:\WINDOWS\system32\netid.dll"
2008-04-14 01:12:02 135168 ( A.... ) "C:\WINDOWS\system32\odbcconf.dll"
2008-04-14 01:12:02 122880 ( A.... ) "C:\WINDOWS\system32\oledlg.dll"
2008-04-14 01:12:02 121344 ( A.... ) "C:\WINDOWS\system32\msvfw32.dll"
2008-04-14 01:12:02 118784 ( A.... ) "C:\WINDOWS\system32\ntmarta.dll"
2008-04-14 01:12:02 115712 ( A.... ) "C:\WINDOWS\system32\p2pnetsh.dll"
2008-04-14 01:12:02 107008 ( A.... ) "C:\WINDOWS\system32\oleprn.dll"
2008-04-14 01:12:02 106496 ( A.... ) "C:\WINDOWS\system32\odbccp32.dll"
2008-04-14 01:12:02 105472 ( A.... ) "C:\WINDOWS\system32\polstore.dll"
2008-04-14 01:12:02 105472 ( A.... ) "C:\WINDOWS\system32\p2pgasvc.dll"
2008-04-14 01:12:02 98304 ( A.... ) "C:\WINDOWS\system32\nlhtml.dll"
2008-04-14 01:12:02 91648 ( A.... ) "C:\WINDOWS\system32\mtxoci.dll"
2008-04-14 01:12:02 91136 ( A.... ) "C:\WINDOWS\system32\ntprint.dll"
2008-04-14 01:12:02 90624 ( A.... ) "C:\WINDOWS\system32\mydocs.dll"
2008-04-14 01:12:02 84992 ( A.... ) "C:\WINDOWS\system32\olepro32.dll"
2008-04-14 01:12:02 80896 ( A.... ) "C:\WINDOWS\system32\netui0.dll"
2008-04-14 01:12:02 74752 ( A.... ) "C:\WINDOWS\system32\olecli32.dll"
2008-04-14 01:12:02 72704 ( A.... ) "C:\WINDOWS\system32\msw3prt.dll"
2008-04-14 01:12:02 67584 ( A.... ) "C:\WINDOWS\system32\pautoenr.dll"
2008-04-14 01:12:02 67584 ( A.... ) "C:\WINDOWS\system32\osuninst.dll"
2008-04-14 01:12:02 67584 ( A.... ) "C:\WINDOWS\system32\ocmanage.dll"
2008-04-14 01:12:02 67072 ( A.... ) "C:\WINDOWS\system32\ntdsapi.dll"
2008-04-14 01:12:02 66560 ( A.... ) "C:\WINDOWS\system32\mtxclu.dll"
2008-04-14 01:12:02 65536 ( A.... ) "C:\WINDOWS\system32\odbccu32.dll"
2008-04-14 01:12:02 65536 ( A.... ) "C:\WINDOWS\system32\odbccr32.dll"
2008-04-14 01:12:02 65536 ( A.... ) "C:\WINDOWS\system32\nwwks.dll"
2008-04-14 01:12:02 64000 ( A.... ) "C:\WINDOWS\system32\nwapi32.dll"
2008-04-14 01:12:02 58880 ( A.... ) "C:\WINDOWS\system32\pnrpnsp.dll"
2008-04-14 01:12:02 57344 ( A.... ) "C:\WINDOWS\system32\msvcirt.dll"
2008-04-14 01:12:02 54784 ( A.... ) "C:\WINDOWS\system32\npptools.dll"
2008-04-14 01:12:02 44032 ( A.... ) "C:\WINDOWS\system32\ntlanman.dll"
2008-04-14 01:12:02 40960 ( A.... ) "C:\WINDOWS\system32\ntmsapi.dll"
2008-04-14 01:12:02 39936 ( A.... ) "C:\WINDOWS\system32\perfctrs.dll"
2008-04-14 01:12:02 37376 ( A.... ) "C:\WINDOWS\system32\olecnv32.dll"
2008-04-14 01:12:02 36352 ( A.... ) "C:\WINDOWS\system32\ncobjapi.dll"
2008-04-14 01:12:02 35328 ( A.... ) "C:\WINDOWS\system32\pid.dll"
2008-04-14 01:12:02 34816 ( A.... ) "C:\WINDOWS\system32\perfproc.dll"
2008-04-14 01:12:02 34304 ( A.... ) "C:\WINDOWS\system32\mtxlegih.dll"
2008-04-14 01:12:02 30720 ( A.... ) "C:\WINDOWS\system32\mtxdm.dll"
2008-04-14 01:12:02 30208 ( A.... ) "C:\WINDOWS\system32\napipsec.dll"
2008-04-14 01:12:02 28672 ( A.... ) "C:\WINDOWS\system32\nmmkcert.dll"
2008-04-14 01:12:02 26624 ( A.... ) "C:\WINDOWS\system32\perfdisk.dll"
2008-04-14 01:12:02 25088 ( A.... ) "C:\WINDOWS\system32\perfos.dll"
2008-04-14 01:12:02 24576 ( A.... ) "C:\WINDOWS\system32\odbcbcp.dll"
2008-04-14 01:12:02 20511 ( A.... ) "C:\WINDOWS\system32\odtext32.dll"
2008-04-14 01:12:02 20511 ( A.... ) "C:\WINDOWS\system32\oddbse32.dll"
2008-04-14 01:12:02 20510 ( A.... ) "C:\WINDOWS\system32\odpdx32.dll"
2008-04-14 01:12:02 20510 ( A.... ) "C:\WINDOWS\system32\odfox32.dll"
2008-04-14 01:12:02 20510 ( A.... ) "C:\WINDOWS\system32\odexl32.dll"
2008-04-14 01:12:02 18944 ( A.... ) "C:\WINDOWS\system32\nddenb32.dll"
2008-04-14 01:12:02 17920 ( A.... ) "C:\WINDOWS\system32\perfnet.dll"
2008-04-14 01:12:02 17920 ( A.... ) "C:\WINDOWS\system32\nddeapi.dll"
2008-04-14 01:12:02 16896 ( A.... ) "C:\WINDOWS\system32\msyuv.dll"
2008-04-14 01:12:02 16384 ( A.... ) "C:\WINDOWS\system32\odbc32gt.dll"
2008-04-14 01:12:02 15360 ( A.... ) "C:\WINDOWS\system32\pjlmon.dll"
2008-04-14 01:12:02 15360 ( A.... ) "C:\WINDOWS\system32\ntvdmd.dll"
2008-04-14 01:12:02 11776 ( A.... ) "C:\WINDOWS\system32\netrap.dll"
2008-04-14 01:12:02 8192 ( A.... ) "C:\WINDOWS\system32\ntlsapi.dll"
2008-04-14 01:12:02 4096 ( A.... ) "C:\WINDOWS\system32\mtxex.dll"
2008-04-14 01:12:00 2843136 ( A.... ) "C:\WINDOWS\system32\msi.dll"
2008-04-14 01:12:00 1384479 ( A.... ) "C:\WINDOWS\system32\msvbvm60.dll"
2008-04-14 01:12:00 997376 ( A.... ) "C:\WINDOWS\system32\msgina.dll"
2008-04-14 01:12:00 956928 ( A.... ) "C:\WINDOWS\system32\msdtctm.dll"
2008-04-14 01:12:00 539136 ( A.... ) "C:\WINDOWS\system32\msftedit.dll"
2008-04-14 01:12:00 427008 ( A.... ) "C:\WINDOWS\system32\msdtcprx.dll"
2008-04-14 01:12:00 290816 ( A.... ) "C:\WINDOWS\system32\msnsspc.dll"
2008-04-14 01:12:00 274944 ( A.... ) "C:\WINDOWS\system32\mstask.dll"
2008-04-14 01:12:00 271360 ( A.... ) "C:\WINDOWS\system32\msihnd.dll"
2008-04-14 01:12:00 252928 ( A.... ) "C:\WINDOWS\system32\msoeacct.dll"
2008-04-14 01:12:00 248832 ( A.... ) "C:\WINDOWS\system32\msieftp.dll"
2008-04-14 01:12:00 195072 ( A.... ) "C:\WINDOWS\system32\msutb.dll"
2008-04-14 01:12:00 161792 ( A.... ) "C:\WINDOWS\system32\msdtcuiu.dll"
2008-04-14 01:12:00 159232 ( A.... ) "C:\WINDOWS\system32\msimtf.dll"
2008-04-14 01:12:00 155136 ( A.... ) "C:\WINDOWS\system32\mssha.dll"
2008-04-14 01:12:00 151583 ( A.... ) "C:\WINDOWS\system32\msjint40.dll"
2008-04-14 01:12:00 151552 ( A.... ) "C:\WINDOWS\system32\msdart.dll"
2008-04-14 01:12:00 143360 ( A.... ) "C:\WINDOWS\system32\msorcl32.dll"
2008-04-14 01:12:00 134656 ( A.... ) "C:\WINDOWS\system32\mssap.dll"
2008-04-14 01:12:00 132608 ( A.... ) "C:\WINDOWS\system32\msv1_0.dll"
2008-04-14 01:12:00 116224 ( A.... ) "C:\WINDOWS\system32\mstlsapi.dll"
2008-04-14 01:12:00 105984 ( A.... ) "C:\WINDOWS\system32\msoert2.dll"
2008-04-14 01:12:00 58880 ( A.... ) "C:\WINDOWS\system32\msdtclog.dll"
2008-04-14 01:12:00 51712 ( A.... ) "C:\WINDOWS\system32\msident.dll"
2008-04-14 01:12:00 33792 ( A.... ) "C:\WINDOWS\system32\msgsvc.dll"
2008-04-14 01:12:00 29696 ( A.... ) "C:\WINDOWS\system32\mspatcha.dll"
2008-04-14 01:12:00 25088 ( A.... ) "C:\WINDOWS\system32\mslbui.dll"
2008-04-14 01:12:00 15360 ( A.... ) "C:\WINDOWS\system32\msisip.dll"
2008-04-14 01:12:00 14336 ( A.... ) "C:\WINDOWS\system32\msdmo.dll"
2008-04-14 01:12:00 11264 ( A.... ) "C:\WINDOWS\system32\msrle32.dll"
2008-04-14 01:12:00 6656 ( A.... ) "C:\WINDOWS\system32\msidle.dll"
2008-04-14 01:12:00 4608 ( A.... ) "C:\WINDOWS\system32\msimg32.dll"
2008-04-14 01:11:58 1872896 ( A.... ) "C:\WINDOWS\system32\mmcndmgr.dll"
2008-04-14 01:11:58 663040 ( A.... ) "C:\WINDOWS\system32\mqqm.dll"
2008-04-14 01:11:58 586240 ( A.... ) "C:\WINDOWS\system32\mlang.dll"
2008-04-14 01:11:58 517632 ( A.... ) "C:\WINDOWS\system32\mqsnap.dll"
2008-04-14 01:11:58 471552 ( A.... ) "C:\WINDOWS\system32\mqutil.dll"
2008-04-14 01:11:58 397312 ( A.... ) "C:\WINDOWS\system32\mmcex.dll"
2008-04-14 01:11:58 297984 ( A.... ) "C:\WINDOWS\system32\msctf.dll"
2008-04-14 01:11:58 225280 ( A.... ) "C:\WINDOWS\system32\mqoa.dll"
2008-04-14 01:11:58 207360 ( A.... ) "C:\WINDOWS\system32\mobsync.dll"
2008-04-14 01:11:58 187392 ( A.... ) "C:\WINDOWS\system32\mqtrig.dll"
2008-04-14 01:11:58 184320 ( A.... ) "C:\WINDOWS\system32\microsoft.managementconsole.dll"
2008-04-14 01:11:58 177152 ( A.... ) "C:\WINDOWS\system32\mqrt.dll"
2008-04-14 01:11:58 163328 ( A.... ) "C:\WINDOWS\system32\mmcbase.dll"
2008-04-14 01:11:58 153600 ( A.... ) "C:\WINDOWS\system32\modemui.dll"
2008-04-14 01:11:58 138240 ( A.... ) "C:\WINDOWS\system32\mqad.dll"
2008-04-14 01:11:58 123904 ( A.... ) "C:\WINDOWS\system32\mqrtdep.dll"
2008-04-14 01:11:58 118784 ( A.... ) "C:\WINDOWS\system32\msdadiag.dll"
2008-04-14 01:11:58 106496 ( A.... ) "C:\WINDOWS\system32\mmcfxcommon.dll"
2008-04-14 01:11:58 95744 ( A.... ) "C:\WINDOWS\system32\mqsec.dll"
2008-04-14 01:11:58 89088 ( A.... ) "C:\WINDOWS\system32\mqlogmgr.dll"
2008-04-14 01:11:58 87040 ( A.... ) "C:\WINDOWS\system32\mprapi.dll"
2008-04-14 01:11:58 86016 ( A.... ) "C:\WINDOWS\system32\msapsspc.dll"
2008-04-14 01:11:58 73728 ( A.... ) "C:\WINDOWS\system32\mscms.dll"
2008-04-14 01:11:58 71680 ( A.... ) "C:\WINDOWS\system32\msacm32.dll"
2008-04-14 01:11:58 69632 ( A.... ) "C:\WINDOWS\system32\msconf.dll"
2008-04-14 01:11:58 68608 ( A.... ) "C:\WINDOWS\system32\msctfp.dll"
2008-04-14 01:11:58 61440 ( A.... ) "C:\WINDOWS\system32\mmcshext.dll"
2008-04-14 01:11:58 60928 ( A.... ) "C:\WINDOWS\system32\miglibnt.dll"
2008-04-14 01:11:58 59904 ( A.... ) "C:\WINDOWS\system32\mpr.dll"
2008-04-14 01:11:58 57344 ( A.... ) "C:\WINDOWS\system32\msasn1.dll"
2008-04-14 01:11:58 53248 ( A.... ) "C:\WINDOWS\system32\mprdim.dll"
2008-04-14 01:11:58 49152 ( A.... ) "C:\WINDOWS\system32\mqupgrd.dll"
2008-04-14 01:11:58 47616 ( A.... ) "C:\WINDOWS\system32\mqdscli.dll"
2008-04-14 01:11:58 36864 ( A.... ) "C:\WINDOWS\system32\mscpxl32.dll"
2008-04-14 01:11:58 34560 ( A.... ) "C:\WINDOWS\system32\mnmdd.dll"
2008-04-14 01:11:58 29696 ( A.... ) "C:\WINDOWS\system32\mimefilt.dll"
2008-04-14 01:11:58 18944 ( A.... ) "C:\WINDOWS\system32\midimap.dll"
2008-04-14 01:11:58 17408 ( A.... ) "C:\WINDOWS\system32\mmfutil.dll"
2008-04-14 01:11:58 16896 ( A.... ) "C:\WINDOWS\system32\mqise.dll"
2008-04-14 01:11:56 2061824 ( A.... ) "C:\WINDOWS\system32\mstscax.dll"
2008-04-14 01:11:56 1028096 ( A.... ) "C:\WINDOWS\system32\mfc42.dll"
2008-04-14 01:11:56 989696 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2008-04-14 01:11:56 927504 ( A.... ) "C:\WINDOWS\system32\mfc40u.dll"
2008-04-14 01:11:56 755200 ( A.... ) "C:\WINDOWS\system32\ir50_32.dll"
2008-04-14 01:11:56 728064 ( A.... ) "C:\WINDOWS\system32\lsasrv.dll"
2008-04-14 01:11:56 512000 ( A.... ) "C:\WINDOWS\system32\jscript.dll"
2008-04-14 01:11:56 399872 ( A.... ) "C:\WINDOWS\system32\lmrt.dll"
2008-04-14 01:11:56 384000 ( A.... ) "C:\WINDOWS\system32\ipsmsnap.dll"
2008-04-14 01:11:56 349696 ( A.... ) "C:\WINDOWS\system32\ipsecsnp.dll"
2008-04-14 01:11:56 343040 ( A.... ) "C:\WINDOWS\system32\localspl.dll"
2008-04-14 01:11:56 338432 ( A.... ) "C:\WINDOWS\system32\ir41_qcx.dll"
2008-04-14 01:11:56 331264 ( A.... ) "C:\WINDOWS\system32\ipnathlp.dll"
2008-04-14 01:11:56 330752 ( A.... ) "C:\WINDOWS\system32\ippromon.dll"
2008-04-14 01:11:56 299520 ( A.... ) "C:\WINDOWS\system32\kerberos.dll"
2008-04-14 01:11:56 221696 ( A.... ) "C:\WINDOWS\system32\localsec.dll"
2008-04-14 01:11:56 200192 ( A.... ) "C:\WINDOWS\system32\ir50_qc.dll"
2008-04-14 01:11:56 191488 ( A.... ) "C:\WINDOWS\system32\iuengine.dll"
2008-04-14 01:11:56 183808 ( A.... ) "C:\WINDOWS\system32\ir50_qcx.dll"
2008-04-14 01:11:56 183808 ( A.... ) "C:\WINDOWS\system32\ipsecsvc.dll"
2008-04-14 01:11:56 177152 ( A.... ) "C:\WINDOWS\system32\iprtrmgr.dll"
2008-04-14 01:11:56 163840 ( A.... ) "C:\WINDOWS\system32\jgdw400.dll"
2008-04-14 01:11:56 161280 ( A.... ) "C:\WINDOWS\system32\ipmontr.dll"
2008-04-14 01:11:56 155136 ( A.... ) "C:\WINDOWS\system32\itircl.dll"
2008-04-14 01:11:56 150528 ( A.... ) "C:\WINDOWS\system32\keymgr.dll"
2008-04-14 01:11:56 147456 ( A.... ) "C:\WINDOWS\system32\initpki.dll"
2008-04-14 01:11:56 138240 ( A.... ) "C:\WINDOWS\system32\itss.dll"
2008-04-14 01:11:56 123392 ( A.... ) "C:\WINDOWS\system32\input.dll"
2008-04-14 01:11:56 120320 ( A.... ) "C:\WINDOWS\system32\ir41_qc.dll"
2008-04-14 01:11:56 118272 ( A.... ) "C:\WINDOWS\system32\mdminst.dll"
2008-04-14 01:11:56 97280 ( A.... ) "C:\WINDOWS\system32\loadperf.dll"
2008-04-14 01:11:56 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2008-04-14 01:11:56 86016 ( A.... ) "C:\WINDOWS\system32\mdmxsdk.dll"
2008-04-14 01:11:56 84480 ( A.... ) "C:\WINDOWS\system32\mciavi32.dll"
2008-04-14 01:11:56 81920 ( A.... ) "C:\WINDOWS\system32\isign32.dll"
2008-04-14 01:11:56 75264 ( A.... ) "C:\WINDOWS\system32\inetpp.dll"
2008-04-14 01:11:56 61440 ( A.... ) "C:\WINDOWS\system32\kmsvc.dll"
2008-04-14 01:11:56 59904 ( A.... ) "C:\WINDOWS\system32\ipv6mon.dll"
2008-04-14 01:11:56 58880 ( A.... ) "C:\WINDOWS\system32\licwmi.dll"
2008-04-14 01:11:56 54272 ( A.... ) "C:\WINDOWS\system32\ixsso.dll"
2008-04-14 01:11:56 47616 ( A.... ) "C:\WINDOWS\system32\iyuv_32.dll"
2008-04-14 01:11:56 40960 ( A.... ) "C:\WINDOWS\system32\mf3216.dll"
2008-04-14 01:11:56 37376 ( A.... ) "C:\WINDOWS\system32\l2gpstore.dll"
2008-04-14 01:11:56 35328 ( A.... ) "C:\WINDOWS\system32\mciqtz32.dll"
2008-04-14 01:11:56 33792 ( A.... ) "C:\WINDOWS\system32\lmmib2.dll"
2008-04-14 01:11:56 32768 ( A.... ) "C:\WINDOWS\system32\isrdbg32.dll"
2008-04-14 01:11:56 32768 ( A.... ) "C:\WINDOWS\system32\inetmib1.dll"
2008-04-14 01:11:56 27648 ( A.... ) "C:\WINDOWS\system32\jgpl400.dll"
2008-04-14 01:11:56 23552 ( A.... ) "C:\WINDOWS\system32\mciwave.dll"
2008-04-14 01:11:56 23040 ( A.... ) "C:\WINDOWS\system32\mciseq.dll"
2008-04-14 01:11:56 22528 ( A.... ) "C:\WINDOWS\system32\mfcsubs.dll"
2008-04-14 01:11:56 22016 ( A.... ) "C:\WINDOWS\system32\lpk.dll"
2008-04-14 01:11:56 22016 ( A.... ) "C:\WINDOWS\system32\ipxwan.dll"
2008-04-14 01:11:56 19968 ( A.... ) "C:\WINDOWS\system32\linkinfo.dll"
2008-04-14 01:11:56 15872 ( A.... ) "C:\WINDOWS\system32\inetppui.dll"
2008-04-14 01:11:56 14848 ( A.... ) "C:\WINDOWS\system32\mgmtapi.dll"
2008-04-14 01:11:56 14336 ( A.... ) "C:\WINDOWS\system32\mcastmib.dll"
2008-04-14 01:11:56 13824 ( A.... ) "C:\WINDOWS\system32\lmhsvc.dll"
2008-04-14 01:11:56 13312 ( A.... ) "C:\WINDOWS\system32\infoadmn.dll"
2008-04-14 01:11:56 11776 ( A.... ) "C:\WINDOWS\system32\localui.dll"
2008-04-14 01:11:56 10240 ( A.... ) "C:\WINDOWS\system32\lprhelp.dll"
2008-04-14 01:11:56 4096 ( A.... ) "C:\WINDOWS\system32\ksuser.dll"
2008-04-14 01:11:54 1082368 ( A.... ) "C:\WINDOWS\system32\esent.dll"
2008-04-14 01:11:54 702845 ( A.... ) "C:\WINDOWS\system32\i81xdnt5.dll"
2008-04-14 01:11:54 691712 ( A.... ) "C:\WINDOWS\system32\inetcomm.dll"
2008-04-14 01:11:54 614912 ( A.... ) "C:\WINDOWS\system32\h323msp.dll"
2008-04-14 01:11:54 382976 ( A.... ) "C:\WINDOWS\system32\fontext.dll"
2008-04-14 01:11:54 380445 ( A.... ) "C:\WINDOWS\system32\expsrv.dll"
2008-04-14 01:11:54 347136 ( A.... ) "C:\WINDOWS\system32\hypertrm.dll"
2008-04-14 01:11:54 344064 ( A.... ) "C:\WINDOWS\system32\hnetcfg.dll"
2008-04-14 01:11:54 337920 ( A.... ) "C:\WINDOWS\system32\filemgmt.dll"
2008-04-14 01:11:54 330752 ( A.... ) "C:\WINDOWS\system32\hnetwiz.dll"
2008-04-14 01:11:54 285184 ( A.... ) "C:\WINDOWS\system32\gdi32.dll"
2008-04-14 01:11:54 274432 ( A.... ) "C:\WINDOWS\system32\inetcfg.dll"
2008-04-14 01:11:54 254976 ( A.... ) "C:\WINDOWS\system32\icm32.dll"
2008-04-14 01:11:54 246272 ( A.... ) "C:\WINDOWS\system32\es.dll"
2008-04-14 01:11:54 199680 ( A.... ) "C:\WINDOWS\system32\gptext.dll"
2008-04-14 01:11:54 186880 ( A.... ) "C:\WINDOWS\system32\encdec.dll"
2008-04-14 01:11:54 183296 ( A.... ) "C:\WINDOWS\system32\els.dll"
2008-04-14 01:11:54 144896 ( A.... ) "C:\WINDOWS\system32\hotplug.dll"
2008-04-14 01:11:54 144384 ( A.... ) "C:\WINDOWS\system32\imagehlp.dll"
2008-04-14 01:11:54 135680 ( A.... ) "C:\WINDOWS\system32\ifmon.dll"
2008-04-14 01:11:54 133632 ( A.... ) "C:\WINDOWS\system32\iisrtl.dll"
2008-04-14 01:11:54 125952 ( A.... ) "C:\WINDOWS\system32\exts.dll"
2008-04-14 01:11:54 124928 ( A.... ) "C:\WINDOWS\system32\fde.dll"
2008-04-14 01:11:54 122880 ( A.... ) "C:\WINDOWS\system32\glu32.dll"
2008-04-14 01:11:54 120832 ( A.... ) "C:\WINDOWS\system32\idq.dll"
2008-04-14 01:11:54 119808 ( A.... ) "C:\WINDOWS\system32\iasrad.dll"
2008-04-14 01:11:54 110080 ( A.... ) "C:\WINDOWS\system32\imm32.dll"
2008-04-14 01:11:54 87552 ( A.... ) "C:\WINDOWS\system32\fldrclnr.dll"
2008-04-14 01:11:54 81920 ( A.... ) "C:\WINDOWS\system32\ils.dll"
2008-04-14 01:11:54 81920 ( A.... ) "C:\WINDOWS\system32\ieencode.dll"
2008-04-14 01:11:54 80896 ( A.... ) "C:\WINDOWS\system32\fontsub.dll"
2008-04-14 01:11:54 80384 ( A.... ) "C:\WINDOWS\system32\iccvid.dll"
2008-04-14 01:11:54 80384 ( A.... ) "C:\WINDOWS\system32\faultrep.dll"
2008-04-14 01:11:54 73728 ( A.... ) "C:\WINDOWS\system32\icwdial.dll"
2008-04-14 01:11:54 73728 ( A.... ) "C:\WINDOWS\system32\fdeploy.dll"
2008-04-14 01:11:54 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll"
2008-04-14 01:11:54 68608 ( A.... ) "C:\WINDOWS\system32\iisext.dll"
2008-04-14 01:11:54 65536 ( A.... ) "C:\WINDOWS\system32\icwphbk.dll"
2008-04-14 01:11:54 64512 ( A.... ) "C:\WINDOWS\system32\iismap.dll"
2008-04-14 01:11:54 60416 ( A.... ) "C:\WINDOWS\system32\fwcfg.dll"
2008-04-14 01:11:54 56320 ( A.... ) "C:\WINDOWS\system32\eventlog.dll"
2008-04-14 01:11:54 41984 ( A.... ) "C:\WINDOWS\system32\htui.dll"
2008-04-14 01:11:54 41472 ( A.... ) "C:\WINDOWS\system32\hhsetup.dll"
2008-04-14 01:11:54 36921 ( A.... ) "C:\WINDOWS\system32\imeshare.dll"
2008-04-14 01:11:54 32285 ( A.... ) "C:\WINDOWS\system32\hsfcisp2.dll"
2008-04-14 01:11:54 24576 ( A.... ) "C:\WINDOWS\system32\httpapi.dll"
2008-04-14 01:11:54 23040 ( A.... ) "C:\WINDOWS\system32\ersvc.dll"
2008-04-14 01:11:54 21504 ( A.... ) "C:\WINDOWS\system32\hidserv.dll"
2008-04-14 01:11:54 21504 ( A.... ) "C:\WINDOWS\system32\feclient.dll"
2008-04-14 01:11:54 20992 ( A.... ) "C:\WINDOWS\system32\hid.dll"
2008-04-14 01:11:54 20480 ( A.... ) "C:\WINDOWS\system32\encapi.dll"
2008-04-14 01:11:54 16896 ( A.... ) "C:\WINDOWS\system32\fltlib.dll"
2008-04-14 01:11:54 14336 ( A.... ) "C:\WINDOWS\system32\exstrace.dll"
2008-04-14 01:11:54 11264 ( A.... ) "C:\WINDOWS\system32\icaapi.dll"
2008-04-14 01:11:54 8192 ( A.... ) "C:\WINDOWS\system32\igmpagnt.dll"
2008-04-14 01:11:54 7168 ( A.... ) "C:\WINDOWS\system32\hccoin.dll"
2008-04-14 01:11:52 2113536 ( A.... ) "C:\WINDOWS\system32\dxdiagn.dll"
2008-04-14 01:11:52 1689088 ( A.... ) "C:\WINDOWS\system32\d3d9.dll"
2008-04-14 01:11:52 1504256 ( A.... ) "C:\WINDOWS\system32\diskcopy.dll"
2008-04-14 01:11:52 1293824 ( A.... ) "C:\WINDOWS\system32\dsound3d.dll"
2008-04-14 01:11:52 1267200 ( A.... ) "C:\WINDOWS\system32\comsvcs.dll"
2008-04-14 01:11:52 1227264 ( A.... ) "C:\WINDOWS\system32\dx8vb.dll"
2008-04-14 01:11:52 1179648 ( A.... ) "C:\WINDOWS\system32\d3d8.dll"
2008-04-14 01:11:52 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"
2008-04-14 01:11:52 824320 ( A.... ) "C:\WINDOWS\system32\d3dim700.dll"
2008-04-14 01:11:52 792064 ( A.... ) "C:\WINDOWS\system32\comres.dll"
2008-04-14 01:11:52 650752 ( A.... ) "C:\WINDOWS\system32\dot3ui.dll"
2008-04-14 01:11:52 640000 ( A.... ) "C:\WINDOWS\system32\dbghelp.dll"
2008-04-14 01:11:52 619008 ( A.... ) "C:\WINDOWS\system32\dx7vb.dll"
2008-04-14 01:11:52 617472 ( A.... ) "C:\WINDOWS\system32\comctl32.dll"
2008-04-14 01:11:52 599040 ( A.... ) "C:\WINDOWS\system32\crypt32.dll"
2008-04-14 01:11:52 539648 ( A.... ) "C:\WINDOWS\system32\comuid.dll"
2008-04-14 01:11:52 512512 ( A.... ) "C:\WINDOWS\system32\cryptui.dll"
2008-04-14 01:11:52 498742 ( A.... ) "C:\WINDOWS\system32\dxmasf.dll"
2008-04-14 01:11:52 379904 ( A.... ) "C:\WINDOWS\system32\dhcpmon.dll"
2008-04-14 01:11:52 375296 ( A.... ) "C:\WINDOWS\system32\dpnet.dll"
2008-04-14 01:11:52 367616 ( A.... ) "C:\WINDOWS\system32\dsound.dll"
2008-04-14 01:11:52 357888 ( A.... ) "C:\WINDOWS\system32\confmsp.dll"
2008-04-14 01:11:52 326656 ( A.... ) "C:\WINDOWS\system32\cscui.dll"
2008-04-14 01:11:52 304128 ( A.... ) "C:\WINDOWS\system32\duser.dll"
2008-04-14 01:11:52 285184 ( A.... ) "C:\WINDOWS\system32\dmdlgs.dll"
2008-04-14 01:11:52 282624 ( A.... ) "C:\WINDOWS\system32\devmgr.dll"
2008-04-14 01:11:52 279552 ( A.... ) "C:\WINDOWS\system32\ddraw.dll"
2008-04-14 01:11:52 276992 ( A.... ) "C:\WINDOWS\system32\comdlg32.dll"
2008-04-14 01:11:52 252928 ( A.... ) "C:\WINDOWS\system32\compatui.dll"
2008-04-14 01:11:52 239104 ( A.... ) "C:\WINDOWS\system32\dsquery.dll"
2008-04-14 01:11:52 229888 ( A.... ) "C:\WINDOWS\system32\dplayx.dll"
2008-04-14 01:11:52 229376 ( A.... ) "C:\WINDOWS\system32\compstui.dll"
2008-04-14 01:11:52 212480 ( A.... ) "C:\WINDOWS\system32\dpvoice.dll"
2008-04-14 01:11:52 200704 ( A.... ) "C:\WINDOWS\system32\dmdskmgr.dll"
2008-04-14 01:11:52 184832 ( A.... ) "C:\WINDOWS\system32\eapp3hst.dll"
2008-04-14 01:11:52 181760 ( A.... ) "C:\WINDOWS\system32\dinput8.dll"
2008-04-14 01:11:52 181248 ( A.... ) "C:\WINDOWS\system32\dsdmo.dll"
2008-04-14 01:11:52 181248 ( A.... ) "C:\WINDOWS\system32\dmime.dll"
2008-04-14 01:11:52 180224 ( A.... ) "C:\WINDOWS\system32\eapphost.dll"
2008-04-14 01:11:52 167424 ( A.... ) "C:\WINDOWS\system32\comsnap.dll"
2008-04-14 01:11:52 165376 ( A.... ) "C:\WINDOWS\system32\datime.dll"
2008-04-14 01:11:52 163840 ( A.... ) "C:\WINDOWS\system32\credui.dll"
2008-04-14 01:11:52 158720 ( A.... ) "C:\WINDOWS\system32\dinput.dll"
2008-04-14 01:11:52 155648 ( A.... ) "C:\WINDOWS\system32\dskquoui.dll"
2008-04-14 01:11:52 147968 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2008-04-14 01:11:52 142848 ( A.... ) "C:\WINDOWS\system32\dsprop.dll"
2008-04-14 01:11:52 132096 ( A.... ) "C:\WINDOWS\system32\dot3svc.dll"
2008-04-14 01:11:52 126976 ( A.... ) "C:\WINDOWS\system32\eappcfg.dll"
2008-04-14 01:11:52 126976 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2008-04-14 01:11:52 124416 ( A.... ) "C:\WINDOWS\system32\dfrgui.dll"
2008-04-14 01:11:52 116736 ( A.... ) "C:\WINDOWS\system32\dpvvox.dll"
2008-04-14 01:11:52 113152 ( A.... ) "C:\WINDOWS\system32\dsuiext.dll"
2008-04-14 01:11:52 111104 ( A.... ) "C:\WINDOWS\system32\dgnet.dll"
2008-04-14 01:11:52 110592 ( A.... ) "C:\WINDOWS\system32\dbnetlib.dll"
2008-04-14 01:11:52 105984 ( A.... ) "C:\WINDOWS\system32\dmstyle.dll"
2008-04-14 01:11:52 104448 ( A.... ) "C:\WINDOWS\system32\dmusic.dll"
2008-04-14 01:11:52 103424 ( A.... ) "C:\WINDOWS\system32\dmsynth.dll"
2008-04-14 01:11:52 102912 ( A.... ) "C:\WINDOWS\system32\dpcdll.dll"
2008-04-14 01:11:52 101888 ( A.... ) "C:\WINDOWS\system32\cscdll.dll"
2008-04-14 01:11:52 97792 ( A.... ) "C:\WINDOWS\system32\comrepl.dll"
2008-04-14 01:11:52 94208 ( A.... ) "C:\WINDOWS\system32\eappgnui.dll"
2008-04-14 01:11:52 92672 ( A.... ) "C:\WINDOWS\system32\dskquota.dll"
2008-04-14 01:11:52 82432 ( A.... ) "C:\WINDOWS\system32\dmscript.dll"
2008-04-14 01:11:52 74752 ( A.... ) "C:\WINDOWS\system32\cryptdlg.dll"
2008-04-14 01:11:52 71680 ( A.... ) "C:\WINDOWS\system32\dsdmoprp.dll"
2008-04-14 01:11:52 68608 ( A.... ) "C:\WINDOWS\system32\digest.dll"
2008-04-14 01:11:52 64512 ( A.... ) "C:\WINDOWS\system32\cryptnet.dll"
2008-04-14 01:11:52 62464 ( A.... ) "C:\WINDOWS\system32\cryptsvc.dll"
2008-04-14 01:11:52 61440 ( A.... ) "C:\WINDOWS\system32\dmcompos.dll"
2008-04-14 01:11:52 60928 ( A.... ) "C:\WINDOWS\system32\dpnhupnp.dll"
2008-04-14 01:11:52 60416 ( A.... ) "C:\WINDOWS\system32\colbact.dll"
2008-04-14 01:11:52 59904 ( A.... ) "C:\WINDOWS\system32\devenum.dll"
2008-04-14 01:11:52 59392 ( A.... ) "C:\WINDOWS\system32\eapqec.dll"
2008-04-14 01:11:52 57856 ( A.... ) "C:\WINDOWS\system32\dot3cfg.dll"
2008-04-14 01:11:52 57344 ( A.... ) "C:\WINDOWS\system32\dpwsockx.dll"
2008-04-14 01:11:52 56320 ( A.... ) "C:\WINDOWS\system32\dot3msm.dll"
2008-04-14 01:11:52 54272 ( A.... ) "C:\WINDOWS\system32\dataclen.dll"
2008-04-14 01:11:52 53760 ( A.... ) "C:\WINDOWS\system32\cryptext.dll"
2008-04-14 01:11:52 52224 ( A.... ) "C:\WINDOWS\system32\dmutil.dll"
2008-04-14 01:11:52 51200 ( A.... ) "C:\WINDOWS\system32\dssec.dll"
2008-04-14 01:11:52 48640 ( A.... ) "C:\WINDOWS\system32\dhcpqec.dll"
2008-04-14 01:11:52 48128 ( A.... ) "C:\WINDOWS\system32\docprop2.dll"
2008-04-14 01:11:52 45568 ( A.... ) "C:\WINDOWS\system32\dnsrslvr.dll"
2008-04-14 01:11:52 40960 ( A.... ) "C:\WINDOWS\system32\eappprxy.dll"
2008-04-14 01:11:52 39936 ( A.... ) "C:\WINDOWS\system32\dot3gpclnt.dll"
2008-04-14 01:11:52 39936 ( A.... ) "C:\WINDOWS\system32\dimsroam.dll"
2008-04-14 01:11:52 39424 ( A.... ) "C:\WINDOWS\system32\dfrgsnap.dll"
2008-04-14 01:11:52 35840 ( A.... ) "C:\WINDOWS\system32\dmloader.dll"
2008-04-14 01:11:52 35328 ( A.... ) "C:\WINDOWS\system32\dpnhpast.dll"
2008-04-14 01:11:52 35328 ( ..... ) "C:\WINDOWS\system32\corpol.dll"
2008-04-14 01:11:52 33792 ( A.... ) "C:\WINDOWS\system32\eapsvc.dll"
2008-04-14 01:11:52 33280 ( A.... ) "C:\WINDOWS\system32\cryptdll.dll"
2008-04-14 01:11:52 32768 ( A.... ) "C:\WINDOWS\system32\dispex.dll"
2008-04-14 01:11:52 32256 ( A.... ) "C:\WINDOWS\system32\csrsrv.dll"
2008-04-14 01:11:52 30720 ( A.... ) "C:\WINDOWS\system32\eapolqec.dll"
2008-04-14 01:11:52 28672 ( A.... ) "C:\WINDOWS\system32\dmband.dll"
2008-04-14 01:11:52 28672 ( A.... ) "C:\WINDOWS\system32\dfsshlex.dll"
2008-04-14 01:11:52 28672 ( A.... ) "C:\WINDOWS\system32\dbnmpntw.dll"
2008-04-14 01:11:52 28160 ( A.... ) "C:\WINDOWS\system32\comaddin.dll"
2008-04-14 01:11:52 27136 ( A.... ) "C:\WINDOWS\system32\ddrawex.dll"
2008-04-14 01:11:52 26624 ( A.... ) "C:\WINDOWS\system32\efsadu.dll"
2008-04-14 01:11:52 26112 ( A.... ) "C:\WINDOWS\system32\dot3api.dll"
2008-04-14 01:11:52 25088 ( A.... ) "C:\WINDOWS\system32\davclnt.dll"
2008-04-14 01:11:52 24576 ( A.... ) "C:\WINDOWS\system32\dbmsrpcn.dll"
2008-04-14 01:11:52 23552 ( A.... ) "C:\WINDOWS\system32\dpmodemx.dll"
2008-04-14 01:11:52 23552 ( A.... ) "C:\WINDOWS\system32\dmserver.dll"
2008-04-14 01:11:52 21504 ( A.... ) "C:\WINDOWS\system32\dpvacm.dll"
2008-04-14 01:11:52 19456 ( A.... ) "C:\WINDOWS\system32\dswave.dll"
2008-04-14 01:11:52 19456 ( A.... ) "C:\WINDOWS\system32\dimsntfy.dll"
2008-04-14 01:11:52 16384 ( A.... ) "C:\WINDOWS\system32\ds32gt.dll"
2008-04-14 01:11:52 14336 ( A.... ) "C:\WINDOWS\system32\drprov.dll"
2008-04-14 01:11:52 12800 ( A.... ) "C:\WINDOWS\system32\credssp.dll"
2008-04-14 01:11:52 9216 ( A.... ) "C:\WINDOWS\system32\dot3dlg.dll"
2008-04-14 01:11:52 8704 ( A.... ) "C:\WINDOWS\system32\dciman32.dll"
2008-04-14 01:11:52 8192 ( A.... ) "C:\WINDOWS\system32\d3d8thk.dll"
2008-04-14 01:11:50 2091520 ( A.... ) "C:\WINDOWS\system32\cdosys.dll"
2008-04-14 01:11:50 1888992 ( A.... ) "C:\WINDOWS\system32\ati3duag.dll"
2008-04-14 01:11:50 1025024 ( A.... ) "C:\WINDOWS\system32\browseui.dll"
2008-04-14 01:11:50 870784 ( A.... ) "C:\WINDOWS\system32\ati3d1ag.dll"
2008-04-14 01:11:50 625664 ( A.... ) "C:\WINDOWS\system32\catsrvut.dll"
2008-04-14 01:11:50 516768 ( A.... ) "C:\WINDOWS\system32\ativvaxx.dll"
2008-04-14 01:11:50 498688 ( A.... ) "C:\WINDOWS\system32\clbcatq.dll"
2008-04-14 01:11:50 457728 ( A.... ) "C:\WINDOWS\system32\certmgr.dll"
2008-04-14 01:11:50 377984 ( A.... ) "C:\WINDOWS\system32\ati2dvaa.dll"
2008-04-14 01:11:50 344064 ( A.... ) "C:\WINDOWS\system32\cmdial32.dll"
2008-04-14 01:11:50 295936 ( A.... ) "C:\WINDOWS\system32\appmgr.dll"
2008-04-14 01:11:50 233472 ( A.... ) "C:\WINDOWS\system32\azroles.dll"
2008-04-14 01:11:50 229376 ( A.... ) "C:\WINDOWS\system32\ati2cqag.dll"
2008-04-14 01:11:50 226304 ( A.... ) "C:\WINDOWS\system32\catsrv.dll"
2008-04-14 01:11:50 201728 ( A.... ) "C:\WINDOWS\system32\ati2dvag.dll"
2008-04-14 01:11:50 194560 ( A.... ) "C:\WINDOWS\system32\certcli.dll"
2008-04-14 01:11:50 185344 ( A.... ) "C:\WINDOWS\system32\cmprops.dll"
2008-04-14 01:11:50 167936 ( A.... ) "C:\WINDOWS\system32\appmgmts.dll"
2008-04-14 01:11:50 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"
2008-04-14 01:11:50 150016 ( A.... ) "C:\WINDOWS\system32\capesnpn.dll"
2008-04-14 01:11:50 148480 ( A.... ) "C:\WINDOWS\system32\cic.dll"
2008-04-14 01:11:50 125952 ( A.... ) "C:\WINDOWS\system32\apphelp.dll"
2008-04-14 01:11:50 110592 ( A.... ) "C:\WINDOWS\system32\clbcatex.dll"
2008-04-14 01:11:50 85504 ( A.... ) "C:\WINDOWS\system32\catsrvps.dll"
2008-04-14 01:11:50 84992 ( A.... ) "C:\WINDOWS\system32\avifil32.dll"
2008-04-14 01:11:50 84480 ( A.... ) "C:\WINDOWS\system32\cabview.dll"
2008-04-14 01:11:50 78336 ( A.... ) "C:\WINDOWS\system32\browsewm.dll"
2008-04-14 01:11:50 77824 ( A.... ) "C:\WINDOWS\system32\cliconfg.dll"
2008-04-14 01:11:50 77824 ( A.... ) "C:\WINDOWS\system32\browser.dll"
2008-04-14 01:11:50 70656 ( A.... ) "C:\WINDOWS\system32\amstream.dll"
2008-04-14 01:11:50 69120 ( A.... ) "C:\WINDOWS\system32\ciodm.dll"
2008-04-14 01:11:50 65024 ( A.... ) "C:\WINDOWS\system32\asycfilt.dll"
2008-04-14 01:11:50 62464 ( A.... ) "C:\WINDOWS\system32\authz.dll"
2008-04-14 01:11:50 60416 ( A.... ) "C:\WINDOWS\system32\cabinet.dll"
2008-04-14 01:11:50 58880 ( A.... ) "C:\WINDOWS\system32\atl.dll"
2008-04-14 01:11:50 58368 ( A.... ) "C:\WINDOWS\system32\clusapi.dll"
2008-04-14 01:11:50 52736 ( A.... ) "C:\WINDOWS\system32\basesrv.dll"
2008-04-14 01:11:50 50688 ( A.... ) "C:\WINDOWS\system32\camocx.dll"
2008-04-14 01:11:50 50688 ( A.... ) "C:\WINDOWS\system32\btpanui.dll"
2008-04-14 01:11:50 47104 ( A.... ) "C:\WINDOWS\system32\cnbjmon.dll"
2008-04-14 01:11:50 42496 ( A.... ) "C:\WINDOWS\system32\audiosrv.dll"
2008-04-14 01:11:50 39424 ( A.... ) "C:\WINDOWS\system32\cmutil.dll"
2008-04-14 01:11:50 38912 ( A.... ) "C:\WINDOWS\system32\cfgbkend.dll"
2008-04-14 01:11:50 32768 ( A.... ) "C:\WINDOWS\system32\ativtmxx.dll"
2008-04-14 01:11:50 30208 ( A.... ) "C:\WINDOWS\system32\bthserv.dll"
2008-04-14 01:11:50 30208 ( A.... ) "C:\WINDOWS\system32\atmlib.dll"
2008-04-14 01:11:50 29184 ( A.... ) "C:\WINDOWS\system32\batmeter.dll"
2008-04-14 01:11:50 20992 ( A.... ) "C:\WINDOWS\system32\bthci.dll"
2008-04-14 01:11:50 17408 ( A.... ) "C:\WINDOWS\system32\bidispl.dll"
2008-04-14 01:11:50 17408 ( A.... ) "C:\WINDOWS\system32\alrsvc.dll"
2008-04-14 01:11:50 15872 ( A.... ) "C:\WINDOWS\system32\cmcfg32.dll"
2008-04-14 01:11:50 13312 ( A.... ) "C:\WINDOWS\system32\cmsetacl.dll"
2008-04-14 01:11:50 8704 ( A.... ) "C:\WINDOWS\system32\batt.dll"
2008-04-14 01:11:50 8192 ( A.... ) "C:\WINDOWS\system32\bitsprx2.dll"
2008-04-14 01:11:50 7168 ( A.... ) "C:\WINDOWS\system32\bitsprx4.dll"
2008-04-14 01:11:50 7168 ( A.... ) "C:\WINDOWS\system32\bitsprx3.dll"
2008-04-14 01:11:48 617472 ( A.... ) "C:\WINDOWS\system32\advapi32.dll"
2008-04-14 01:11:48 290816 ( A.... ) "C:\WINDOWS\system32\adsiis.dll"
2008-04-14 01:11:48 263680 ( A.... ) "C:\WINDOWS\system32\adsnt.dll"
2008-04-14 01:11:48 193536 ( A.... ) "C:\WINDOWS\system32\activeds.dll"
2008-04-14 01:11:48 175616 ( A.... ) "C:\WINDOWS\system32\adsldp.dll"
2008-04-14 01:11:48 143360 ( A.... ) "C:\WINDOWS\system32\adsldpc.dll"
2008-04-14 01:11:48 136192 ( A.... ) "C:\WINDOWS\system32\aaclient.dll"
2008-04-14 01:11:48 123392 ( A.... ) "C:\WINDOWS\system32\adsnw.dll"
2008-04-14 01:11:48 115712 ( A.... ) "C:\WINDOWS\system32\aclui.dll"
2008-04-14 01:11:48 100352 ( A.... ) "C:\WINDOWS\system32\6to4svc.dll"
2008-04-14 01:11:48 98304 ( A.... ) "C:\WINDOWS\system32\actxprxy.dll"
2008-04-14 01:11:48 68096 ( A.... ) "C:\WINDOWS\system32\adsmsext.dll"
2008-04-14 01:11:48 43520 ( A.... ) "C:\WINDOWS\system32\admwprox.dll"
2008-04-14 01:11:24 706048 ( A.... ) "C:\WINDOWS\system32\ntdll.dll"
2008-04-14 01:11:16 5632 ( A.... ) "C:\WINDOWS\system32\wmi.dll"
2008-04-14 01:11:12 756224 ( A.... ) "C:\WINDOWS\system32\winntbbu.dll"
2008-04-14 01:11:10 24064 ( A.... ) "C:\WINDOWS\system32\pidgen.dll"
2008-04-14 01:10:32 53279 ( A.... ) "C:\WINDOWS\system32\odbcji32.dll"
2008-04-14 01:10:08 4126 ( A.... ) "C:\WINDOWS\system32\msdxmlc.dll"
2008-04-14 01:10:06 3584 ( A.... ) "C:\WINDOWS\system32\msafd.dll"
2008-04-14 01:09:56 7680 ( A.... ) "C:\WINDOWS\system32\kbdsmsno.dll"
2008-04-14 01:09:56 7680 ( A.... ) "C:\WINDOWS\system32\kbdsmsfi.dll"
2008-04-14 01:09:56 7168 ( A.... ) "C:\WINDOWS\system32\kbdukx.dll"
2008-04-14 01:09:56 7168 ( A.... ) "C:\WINDOWS\system32\kbdno1.dll"
2008-04-14 01:09:56 7168 ( A.... ) "C:\WINDOWS\system32\kbdnec.dll"
2008-04-14 01:09:56 7168 ( A.... ) "C:\WINDOWS\system32\kbdfi1.dll"
2008-04-14 01:09:56 6656 ( A.... ) "C:\WINDOWS\system32\kbdinmal.dll"
2008-04-14 01:09:56 6144 ( A.... ) "C:\WINDOWS\system32\kbdpash.dll"
2008-04-14 01:09:56 6144 ( A.... ) "C:\WINDOWS\system32\kbdnepr.dll"
2008-04-14 01:09:56 6144 ( A.... ) "C:\WINDOWS\system32\kbdmlt48.dll"
2008-04-14 01:09:56 6144 ( A.... ) "C:\WINDOWS\system32\kbdmlt47.dll"
2008-04-14 01:09:56 6144 ( A.... ) "C:\WINDOWS\system32\kbdiultn.dll"
2008-04-14 01:09:56 6144 ( A.... ) "C:\WINDOWS\system32\kbdinben.dll"
2008-04-14 01:09:56 6144 ( A.... ) "C:\WINDOWS\system32\kbdinbe1.dll"
2008-04-14 01:09:56 6144 ( A.... ) "C:\WINDOWS\system32\kbdbhc.dll"
2008-04-14 01:09:56 5632 ( A.... ) "C:\WINDOWS\system32\kbdmaori.dll"
2008-04-14 01:09:40 3584 ( A.... ) "C:\WINDOWS\system32\icmp.dll"
2008-04-14 01:09:36 566784 ( A.... ) "C:\WINDOWS\system32\gpedit.dll"
2008-04-14 01:09:34 9344 ( A.... ) "C:\WINDOWS\system32\framebuf.dll"
2008-04-14 01:09:20 3072 ( A.... ) "C:\WINDOWS\system32\dpnlobby.dll"
2008-04-14 01:09:20 3072 ( A.... ) "C:\WINDOWS\system32\dpnaddr.dll"
2008-04-14 01:09:06 16896 ( A.... ) "C:\WINDOWS\system32\cfgmgr32.dll"
2008-04-14 01:09:02 285696 ( A.... ) "C:\WINDOWS\system32\atmfd.dll"
2008-04-13 20:30:10 1845632 ( A.... ) "C:\WINDOWS\system32\win32k.sys"
2008-04-13 20:24:38 2145280 ( A.... ) "C:\WINDOWS\system32\ntoskrnl.exe"
2008-04-13 19:45:00 17664 ( A.... ) "C:\WINDOWS\system32\watchdog.sys"
2008-04-13 19:43:32 12800 ( A.... ) "C:\WINDOWS\system32\spiisupd.exe"
2008-04-13 19:43:32 9728 ( A.... ) "C:\WINDOWS\system32\comsdupd.exe"
2008-04-13 19:31:36 7424 ( A.... ) "C:\WINDOWS\system32\kd1394.dll"
2008-04-13 19:31:28 134400 ( A.... ) "C:\WINDOWS\system32\HAL.DLL"
2008-04-13 19:31:22 2023936 ( A.... ) "C:\WINDOWS\system32\ntkrnlpa.exe"
2008-04-13 19:30:46 61440 ( A.... ) "C:\WINDOWS\system32\Msvcrt40.dll"
2008-04-13 19:14:58 76800 ( A.... ) "C:\WINDOWS\system32\msshavmsg.dll"
2008-04-13 18:39:30 438784 ( A.... ) "C:\WINDOWS\system32\xpob2res.dll"
2008-04-13 18:39:26 689152 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"
2008-04-13 18:39:24 2897920 ( A.... ) "C:\WINDOWS\system32\xpsp2res.dll"
2008-04-13 18:39:22 187392 ( A.... ) "C:\WINDOWS\system32\xpsp1res.dll"
2008-04-13 18:37:58 208384 ( A.... ) "C:\WINDOWS\system32\rsaenh.dll"
2008-04-13 18:37:58 138752 ( A.... ) "C:\WINDOWS\system32\dssenh.dll"
2008-04-13 18:27:18 79872 ( A.... ) "C:\WINDOWS\system32\msxml6r.dll"
2008-04-13 18:26:08 12288 ( A.... ) "C:\WINDOWS\system32\mscpx32r.dll"
2008-04-13 18:26:06 94208 ( A.... ) "C:\WINDOWS\system32\odbcint.dll"
2008-04-13 18:26:06 12288 ( A.... ) "C:\WINDOWS\system32\odbcp32r.dll"
2008-04-13 18:24:14 20480 ( A.... ) "C:\WINDOWS\system32\msorc32r.dll"
2008-04-13 18:21:32 733696 ( A.... ) "C:\WINDOWS\system32\qedwipes.dll"
2008-04-13 18:09:30 4096 ( A.... ) "C:\WINDOWS\system32\dsprpres.dll"
2008-04-13 18:03:24 63488 ( A.... ) "C:\WINDOWS\system32\browselc.dll"
2008-04-13 18:03:20 549376 ( A.... ) "C:\WINDOWS\system32\shdoclc.dll"
2008-04-13 17:48:54 1647616 ( A.... ) "C:\WINDOWS\system32\winbrand.dll"
2008-04-13 17:45:30 216064 ( A.... ) "C:\WINDOWS\system32\moricons.dll"
2008-04-13 17:23:32 48128 ( A.... ) "C:\WINDOWS\system32\msprivs.dll"
2008-04-13 17:22:12 48128 ( A.... ) "C:\WINDOWS\system32\inetres.dll"
2008-04-13 16:39:44 884736 ( A.... ) "C:\WINDOWS\system32\msimsg.dll"

((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"SetRefresh"="C:\\Program Files\\Compaq\\SetRefresh\\SetRefresh.exe"
"Recguard"="C:\\WINDOWS\\Sminst\\Recguard.exe"
"Reminder"="C:\\WINDOWS\\Creator\\Remind_XP.exe"
"Scheduler"="C:\\WINDOWS\\SMINST\\Scheduler.exe"
"ShStatEXE"="\"C:\\Program Files\\McAfee\\VirusScan Enterprise\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\McAfee\\Common Framework\\UdaterUI.exe\" /StartedFromRunKey"
"Adobe Reader Speed Launcher"="\"D:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HP Software Update"="D:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Norton Ghost 14.0"="\"D:\\Program Files\\Norton Ghost\\Agent\\VProTray.exe\""
"4d2468f1"="rundll32.exe \"C:\\WINDOWS\\system32\\mihjbqcn.dll\",b"
"BM4e175b6d"="Rundll32.exe \"C:\\WINDOWS\\system32\\hhwwjirm.dll\",s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"d:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"d:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
"{427B37EF-B6C5-4823-A97C-10B88977E398}"=""

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 03/07/2008 12:16:38.67
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

rtl_support

ASKER

And here is the HiJackThis log, in full this time. Thanks for the help so far

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:52, on 03/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
D:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
d:\Program Files\Remote Task Manager\RTMService.exe
d:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
d:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\WINDOWS\system32\dllhost.exe
D:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
D:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
D:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\woyt\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {05CD9087-92C0-44AC-B068-22257AA4B390} - C:\WINDOWS\system32\iifdayya.dll (file missing)
O2 - BHO: (no name) - {1C028F3B-5919-4041-815D-F4836C4C6E66} - C:\WINDOWS\system32\rqRHxwVP.dll (file missing)
O2 - BHO: {4fdb7420-52c1-d03b-0d94-e58b0e5d78b3} - {3b87d5e0-b85e-49d0-b30d-1c250247bdf4} - C:\WINDOWS\system32\cerhem.dll
O2 - BHO: (no name) - {3C082AB6-E103-44BB-A3F3-D745CDF98754} - C:\WINDOWS\system32\rqRLbXnl.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "D:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [4d2468f1] rundll32.exe "C:\WINDOWS\system32\mihjbqcn.dll",b
O4 - HKLM\..\Run: [BM4e175b6d] Rundll32.exe "C:\WINDOWS\system32\hhwwjirm.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "d:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {26700CD9-6157-4B72-B46F-EC93C952F19C} (SWToolSet.Engine) - http://itapps:8080/SWToolset.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208301416265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208362371890
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://synaptrismeetings.webex.com/client/T26L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radiotaxis.co.uk
O17 - HKLM\Software\..\Telephony: DomainName = radiotaxis.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = radiotaxis.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = radiotaxis.co.uk
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winppp32 - C:\WINDOWS\SYSTEM32\winppp32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - d:\Program Files\Remote Task Manager\RTMService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - d:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymSnapService - Symantec - D:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - d:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 12415 bytes

rpggamergirl

There are vundo/conhook entries showing in the combofix log. The log seems to be missing the header, can you post the top part of the log?
Is that a fresh download of combofix? If not. please delete that one and download a fresh copy.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

rpggamergirl

I think the Combofix that you have there is an old one (2 years, right?)
Please download and run a fresh copy of Combofix.

rtl_support

ASKER

Thanks rpggamergirl, downloaded the latest version and ran it last night and have the log here now. Interestingly my McAfee picked up combofix as a remote handler/controller type virus and says it deleted it :s Ok here is the combofix log from the latest version, will follow with a post of the most up to date HJT log.ComboFix 08-07-02.5 - Administrator 2008-07-03 17:49:57.1 - NTFSx86 MINIMALMicrosoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1755 [GMT 1:00]Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\cookies.iniC:\WINDOWS\pskt.iniC:\WINDOWS\system32\AutoRun.infC:\WINDOWS\system32\awtSKASl.dllC:\WINDOWS\system32\ayyadfii.iniC:\WINDOWS\system32\ayyadfii.ini2C:\WINDOWS\system32\CacheC:\WINDOWS\system32\cbXrSMgd.dllC:\WINDOWS\system32\cdifguhu.dllC:\WINDOWS\system32\cerhem.dllC:\WINDOWS\system32\gvrefthc.dllC:\WINDOWS\system32\hhwwjirm.dllC:\WINDOWS\system32\iflkltsi.iniC:\WINDOWS\system32\jexqufhr.dllC:\WINDOWS\system32\lnXbLRqr.iniC:\WINDOWS\system32\lnXbLRqr.ini2C:\WINDOWS\system32\mihjbqcn.dllC:\WINDOWS\system32\mjdpwj.dllC:\WINDOWS\system32\ncqbjhim.iniC:\WINDOWS\system32\nsrbrlxa.dllC:\WINDOWS\system32\PVwxHRqr.iniC:\WINDOWS\system32\PVwxHRqr.ini2C:\WINDOWS\system32\pwxegq.dllC:\WINDOWS\system32\qoMfGvVo.dllC:\WINDOWS\system32\retkfanb.dllC:\WINDOWS\system32\uhugfidc.iniC:\WINDOWS\system32\vtUoPgDs.dllC:\WINDOWS\system32\wbaearin.iniC:\WINDOWS\system32\winmbj32.dllC:\WINDOWS\system32\winppp32.dllC:\WINDOWS\system32\x64C:\WINDOWS\system32\yayYPJCv.dllC:\WINDOWS\system32\yfnekgqb.dllK:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))).2008-07-03 12:31 . 2008-07-03 12:31 0 --a------ C:\WINDOWS\nsreg.dat2008-07-03 11:45 . 2008-07-03 11:45 <DIR> d-------- C:\Documents and Settings\woyt\Application Data\Apple Computer2008-07-03 11:10 . 2008-07-03 11:10 0 --a------ C:\WINDOWS\AUTORUN.INI2008-07-03 10:25 . 2008-07-03 10:25 <DIR> d-------- C:\Documents and Settings\woyt\Application Data\PC Tools2008-07-03 10:25 . 2008-07-03 10:25 <DIR> d-------- C:\Documents and Settings\woyt\Application Data\HPAppData2008-07-03 10:09 . 2008-04-04 11:44 <DIR> d-------- C:\Documents and Settings\woyt\Application Data\SampleView2008-07-03 10:09 . 2008-04-04 11:34 <DIR> d-------- C:\Documents and Settings\woyt\Application Data\InstallShield2008-07-03 10:09 . 2008-07-03 15:49 <DIR> d-------- C:\Documents and Settings\woyt2008-07-03 10:08 . 2008-04-04 11:44 <DIR> d-------- C:\Documents and Settings\serverops\Application Data\SampleView2008-07-03 10:08 . 2008-04-04 11:34 <DIR> d-------- C:\Documents and Settings\serverops\Application Data\InstallShield2008-07-03 10:08 . 2008-07-03 10:09 <DIR> d-------- C:\Documents and Settings\serverops2008-07-02 14:22 . 2008-07-02 14:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HPAppData2008-07-02 14:08 . 2008-07-02 14:08 <DIR> d-------- C:\VundoFix Backups2008-07-02 13:06 . 2008-07-02 13:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools2008-07-02 11:26 . 2008-07-03 12:29 891 --a------ C:\WINDOWS\win.tmp2008-07-02 11:26 . 2006-04-25 11:19 231 --a------ C:\WINDOWS\system.tmp2008-07-01 16:28 . 2008-07-01 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-07-01 16:26 . 2008-07-01 16:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-07-01 12:52 . 2008-07-02 10:46 327 --a------ C:\WINDOWS\wininit.ini2008-07-01 12:05 . 2008-07-03 12:06 110,419 --a------ C:\WINDOWS\BM4e175b6d.xml2008-07-01 11:55 . 2008-07-01 11:55 25 --a------ C:\WINDOWS\RTMServices.INI2008-06-30 14:11 . 2008-06-30 14:11 25,088 --a------ C:\WINDOWS\system32\nnnlIcCv.dll.vir2008-06-30 14:04 . 2008-06-30 15:13 1,205 --a------ C:\WINDOWS\aoxppr.ini2008-06-26 15:37 . 2008-06-26 15:37 <DIR> d-------- C:\WINDOWS\AiOTemp2008-06-26 15:37 . 2008-06-26 15:37 <DIR> d-------- C:\Temp\hp_officejet_7100_series2008-06-23 14:08 . 2008-06-23 14:08 <DIR> d--h----- C:\WINDOWS\PIF2008-06-18 10:58 . 2008-06-18 10:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG2008-06-18 10:52 . 2008-06-18 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY2008-06-18 10:51 . 2008-06-18 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant2008-06-18 10:48 . 2008-06-18 10:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard2008-06-18 10:47 . 2007-03-30 16:11 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll2008-06-18 10:47 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll2008-06-13 12:55 . 2008-06-13 12:55 <DIR> d-------- C:\WINDOWS\Sun2008-06-11 15:16 . 2008-06-13 12:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys2008-06-11 15:16 . 2008-05-08 15:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys2008-06-10 15:54 . 1998-10-28 12:03 743,504 --a------ C:\WINDOWS\system32\Ss32x25.ocx2008-06-09 14:26 . 2008-06-09 14:26 <DIR> d-------- C:\WINDOWS\system32\Adobe2008-06-09 11:25 . 2008-06-09 11:25 <DIR> d-------- C:\IVODBC2008-06-05 13:00 . 2008-05-07 16:46 215,144 -ra------ C:\WINDOWS\pw32a.dll2008-06-05 13:00 . 2008-05-07 16:46 215,144 -ra------ C:\WINDOWS\patchw32.dll2008-06-05 12:52 . 2008-05-07 12:30 137,952 --a------ C:\WINDOWS\system32\drivers\symsnap.sys2008-06-05 12:52 . 2008-01-19 20:12 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys2008-06-05 12:52 . 2008-01-19 19:45 38,112 --a------ C:\WINDOWS\system32\drivers\v2imount.sys2008-06-05 12:52 . 2008-01-19 19:40 15,088 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys2008-06-04 10:55 . 2002-08-14 15:03 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL2008-06-04 10:55 . 2002-08-14 15:03 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS2008-06-04 10:55 . 2002-08-14 15:03 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL2008-06-04 10:55 . 2002-08-14 15:03 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-03 09:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype2008-06-27 15:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared2008-06-27 15:23 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-06-18 09:52 --------- d-----w C:\Program Files\HP2008-06-18 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys2008-06-05 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec2008-05-29 08:56 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.22008-05-28 14:22 --------- d-----w C:\Program Files\Common Files\HP2008-05-28 14:21 --------- d-----w C:\Program Files\Hewlett-Packard2008-05-28 14:20 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard2008-05-27 09:57 --------- d-----w C:\Program Files\Your Company Name2008-05-20 09:07 --------- d-----w C:\Program Files\Microsoft Silverlight2008-05-16 09:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search2008-05-14 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys2008-05-07 15:44 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys2008-04-25 09:25 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]"H/PC Connection Agent"="D:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 16:48 21898024]"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-07 11:22 141848]"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-07 11:22 166424]"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-07 11:22 137752]"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 05:39 1036288]"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 20:01 525824]"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 21:50 1138688]"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 23:44 761856]"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-07-10 19:53 872448]"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-16 20:50 111952]"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]"Norton Ghost 14.0"="D:\Program Files\Norton Ghost\Agent\VProTray.exe" [2008-05-07 17:13 2245984][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]"Spyware Doctor"="d:\Program Files\Spyware Doctor\swdoctor.exe" [2005-11-24 13:14 1947872]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM 210520]VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [4/16/2008 11:19:32 PM 6144]WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE [4/16/2008 10:21:07 PM 106560][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="D:\Program Files\Microsoft ActiveSync\rapimgr.exe"= D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"D:\Program Files\Microsoft ActiveSync\wcescomm.exe"= D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5800:TCP"= 5800:TCP:VNC1"5900:TCP"= 5900:TCP:VNC2"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 17:50]R2 MSExchangeMGMT;Microsoft Exchange Management;"C:\Program Files\Exchsrvr\bin\exmgmt.exe" [2007-04-27 10:00]R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\WINDOWS\system32\dllhost.exe [2008-04-14 01:12]R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 21:13]R3 SymSnapService;SymSnapService;"D:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe" [2008-05-07 12:30]S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480.Contents of the 'Scheduled Tasks' folder"2008-06-05 07:21:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe.- - - - ORPHANS REMOVED - - - -BHO-{05CD9087-92C0-44AC-B068-22257AA4B390} - C:\WINDOWS\system32\iifdayya.dllBHO-{1C028F3B-5919-4041-815D-F4836C4C6E66} - C:\WINDOWS\system32\rqRHxwVP.dllBHO-{3C082AB6-E103-44BB-A3F3-D745CDF98754} - C:\WINDOWS\system32\rqRLbXnl.dllHKLM-Run-4d2468f1 - C:\WINDOWS\system32\mihjbqcn.dllHKLM-Run-BM4e175b6d - C:\WINDOWS\system32\hhwwjirm.dllShellExecuteHooks-{427B37EF-B6C5-4823-A97C-10B88977E398} - (no file)Notify-winppp32 - winppp32.dll**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-03 17:54:35Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.D:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeD:\Program Files\Cisco Systems\VPN Client\cvpnd.exeD:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeD:\Program Files\Norton Ghost\Agent\VProSvc.exeC:\Program Files\McAfee\Common Framework\naPrdMgr.exeC:\WINDOWS\system32\HPZipm12.exeD:\Program Files\Remote Task Manager\rtmservice.exeD:\Program Files\Spyware Doctor\sdhelp.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeD:\Program Files\RealVNC\VNC4\winvnc4.exeC:\WINDOWS\system32\searchindexer.exeC:\WINDOWS\system32\msdtc.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\McAfee\Common Framework\Mctray.exeD:\PROGRA~1\MICROS~1\rapimgr.exeC:\WINDOWS\system32\searchprotocolhost.exeC:\WINDOWS\system32\searchfilterhost.exeC:\Program Files\iPod\bin\iPodService.exe.**************************************************************************.Completion time: 2008-07-03 17:56:38 - machine was rebootedComboFix-quarantined-files.txt 2008-07-03 16:56:35ComboFix2.txt 2008-07-03 11:16:38Pre-Run: 59,253,743,616 bytes freePost-Run: 57,075,183,616 bytes free244 --- E O F --- 2008-06-20 16:05:00

rtl_support

ASKER

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:45, on 04/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
D:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
d:\Program Files\Remote Task Manager\RTMService.exe
d:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
d:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\WINDOWS\system32\dllhost.exe
D:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
D:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Documents and Settings\woyt\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=desktop
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "D:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "d:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {26700CD9-6157-4B72-B46F-EC93C952F19C} (SWToolSet.Engine) - http://itapps:8080/SWToolset.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208301416265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208362371890
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://synaptrismeetings.webex.com/client/T26L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radiotaxis.co.uk
O17 - HKLM\Software\..\Telephony: DomainName = radiotaxis.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = radiotaxis.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = radiotaxis.co.uk
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - d:\Program Files\Remote Task Manager\RTMService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - d:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SymSnapService - Symantec - D:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - d:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 12041 bytes

rpggamergirl

Hi,
The formatting is so messed up, hard to analyze, is it possible to make it easier to read? like when you open the log in notepad can you check or uncheck wordwrap and see if they display correctly? like your first log, each entry in one separate line, thanks.

Oh, that's why is't important to STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

rtl_support

ASKER

Thanks rpggamergirl, I have indeed installed a few office password recovery tools in the last week or so which i wondered might have caused the problems. I'll give that script a try today and let you know how it goes. The PC has seemed better but i'll find out after running a few scans later when i try the script. I'll let you know how it goes.

rpggamergirl

I thought you might've purposely installed a Password Recovery tool, so I didn't include the file in the above script.