View Full Version : Smithfraud-C. Toolbar888 and other things
Destination
2007-05-26, 08:17
Well first off I found the Smithfraud thing and couldnt get rid of it. Then I went to panda and checked there and it sayed something about backdoor trojans, and rootkit hacker tools on my PC so I am concerned about cleaning it up.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:11:41 AM, on 5/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\AWLGTSTA.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\derek\Local Settings\Temporary Internet Files\Content.IE5\T49T1ZIY\HiJackThis_v2[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {00F148E4-E01B-4164-9772-ADE1123BD83C} - C:\WINNT\system32\mljhh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AWLGTSTA.exe] "C:\WINNT\system32\AWLGTSTA.exe" /START
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WebCheck] C:\Windows\loadwc.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174707452167
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
--
End of file - 3196 bytes
I hope that I did that in posting the thing from hijackthis!
Hello Destination and welcoem to the Forums :)
You're infected.
Download HijackThis 1.99.1 to your desktop from here (http://downloads.malwareremoval.com/HijackThis.exe)
Create a new folder for HijackThis and move HijackThis.exe into it.
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Destination
2007-05-29, 03:18
Sorry it took so long to get back but I was very busy this weekend (Memorial Day) but yeah here is the new log. Notice that Vundo didn't find any files.
Logfile of HijackThis v1.99.1
Scan saved at 8:16:39 PM, on 5/28/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\AWLGTSTA.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\derek\Desktop\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {00F148E4-E01B-4164-9772-ADE1123BD83C} - C:\WINNT\system32\mljhh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AWLGTSTA.exe] "C:\WINNT\system32\AWLGTSTA.exe" /START
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WebCheck] C:\Windows\loadwc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174707452167
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Destination
2007-05-29, 03:21
Well I closed that window and I cant find out how to edit the post.
But here is the Vundo log.
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 12:08:06 AM 5/26/2007
Listing files found while scanning....
C:\WINNT\system32\fccbcba.dll
C:\WINNT\system32\gebayaw.dll
C:\WINNT\system32\gumriacv.dll
C:\WINNT\system32\hhjlm.bak1
C:\WINNT\system32\hhjlm.bak2
C:\WINNT\system32\hhjlm.ini
C:\WINNT\system32\khfccba.dll
C:\WINNT\system32\khfgeef.dll
C:\WINNT\system32\mljhh.dll
C:\WINNT\system32\pmnmnol.dll
C:\WINNT\system32\qomllif.dll
C:\WINNT\system32\rqrssrr.dll
C:\WINNT\system32\tuvvwvv.dll
C:\WINNT\system32\vcairmug.ini
C:\WINNT\system32\vvssorvp.dll
rundll32.exe
Beginning removal...
Attempting to delete C:\WINNT\system32\fccbcba.dll
C:\WINNT\system32\fccbcba.dll Has been deleted!
Attempting to delete C:\WINNT\system32\gebayaw.dll
C:\WINNT\system32\gebayaw.dll Has been deleted!
Attempting to delete C:\WINNT\system32\gumriacv.dll
C:\WINNT\system32\gumriacv.dll Has been deleted!
Attempting to delete C:\WINNT\system32\hhjlm.bak1
C:\WINNT\system32\hhjlm.bak1 Has been deleted!
Attempting to delete C:\WINNT\system32\hhjlm.bak2
C:\WINNT\system32\hhjlm.bak2 Has been deleted!
Attempting to delete C:\WINNT\system32\hhjlm.ini
C:\WINNT\system32\hhjlm.ini Has been deleted!
Attempting to delete C:\WINNT\system32\khfccba.dll
C:\WINNT\system32\khfccba.dll Has been deleted!
Attempting to delete C:\WINNT\system32\khfgeef.dll
C:\WINNT\system32\khfgeef.dll Has been deleted!
Attempting to delete C:\WINNT\system32\mljhh.dll
C:\WINNT\system32\mljhh.dll Has been deleted!
Attempting to delete C:\WINNT\system32\pmnmnol.dll
C:\WINNT\system32\pmnmnol.dll Has been deleted!
Attempting to delete C:\WINNT\system32\qomllif.dll
C:\WINNT\system32\qomllif.dll Has been deleted!
Attempting to delete C:\WINNT\system32\rqrssrr.dll
C:\WINNT\system32\rqrssrr.dll Has been deleted!
Attempting to delete C:\WINNT\system32\tuvvwvv.dll
C:\WINNT\system32\tuvvwvv.dll Has been deleted!
Attempting to delete C:\WINNT\system32\vcairmug.ini
C:\WINNT\system32\vcairmug.ini Has been deleted!
Attempting to delete C:\WINNT\system32\vvssorvp.dll
C:\WINNT\system32\vvssorvp.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 12:19:13 AM 5/26/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 8:08:55 PM 5/28/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
Ok we'll continue...
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Destination
2007-05-30, 00:15
"derek" - 05/29/2007 16:34:33 Service Pack 4
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\derek\Desktop\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
"C:\DOCUME~1\derek\Desktop.\internet explorer.lnk"
"C:\Temp\17O7"
((((((((((((((((((((((((((((((( Files Created from 05/2-01-07 to 05/29/2007 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-26 05:38:50 -------- d-----w C:\Program Files\MSN Messenger
2007-05-26 04:56:57 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-26 04:56:42 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-25 20:59:28 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_158.dat
2007-05-25 10:48:17 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_2b0.dat
2007-05-24 02:51:24 -------- d-----w C:\Program Files\Google
2007-05-23 19:20:16 -------- d-----w C:\DOCUME~1\derek\APPLIC~1\LimeWire
2007-05-22 21:23:15 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_2ac.dat
2007-05-20 21:21:25 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_150.dat
2007-05-17 03:37:25 -------- d-----w C:\DOCUME~1\derek\APPLIC~1\SmartFTP
2007-05-14 03:49:54 164 ----a-w C:\install.dat
2007-04-30 05:05:43 -------- d-----w C:\DOCUME~1\derek\APPLIC~1\Hamachi
2007-04-30 04:26:14 26,056 ----a-w C:\WINNT\system32\drivers\hamachi.sys
2007-04-25 02:02:26 -------- d-----w C:\Program Files\Messenger
2007-04-14 20:16:12 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_33c.dat
2007-04-13 05:05:46 -------- d-----w C:\DOCUME~1\derek\APPLIC~1\WinRAR
2007-04-08 23:49:14 -------- d-----w C:\DOCUME~1\derek\APPLIC~1\Ulead Systems
2007-04-07 03:31:07 -------- d-----w C:\Program Files\MAIET
2007-04-05 07:17:39 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-03-24 04:34:58 -------- d--ha-w C:\Program Files\WindowsUpdate
2007-03-24 04:13:40 -------- d-----w C:\Program Files\Windows NT
2007-03-24 03:16:28 499,712 ----a-w C:\WINNT\system32\msvcp71.dll
2007-03-24 03:16:28 348,160 ----a-w C:\WINNT\system32\msvcr71.dll
2007-03-23 23:52:28 -------- d-----w C:\Program Files\microsoft frontpage
2007-03-23 23:51:27 0 -csha-r C:\MSDOS.SYS
2007-03-23 23:51:27 0 -csha-r C:\IO.SYS
2007-03-23 23:51:27 0 -c-h--w C:\CONFIG.SYS
2007-03-23 23:51:27 0 -c-h--w C:\AUTOEXEC.BAT
2007-03-23 23:49:21 15,012 ----a-w C:\WINNT\system32\emptyregdb.dat
2007-03-23 16:49:50 -------- d-----w C:\Program Files\Accessories
2007-03-23 14:26:02 -------- d---a-w C:\Program Files\Common Files\ODBC
2007-03-13 09:44:49 245,520 ----a-w C:\WINNT\system32\WINSRV.DLL
2007-03-06 11:17:48 381,200 ----a-w C:\WINNT\system32\USER32.DLL
2007-03-06 11:17:46 38,160 ----a-w C:\WINNT\system32\mf3216.dll
2007-03-06 11:17:46 235,280 ----a-w C:\WINNT\system32\GDI32.DLL
2007-03-06 06:12:21 1,641,936 ----a-w C:\WINNT\system32\WIN32K.SYS
2007-03-02 00:54:22 21,056 ----a-w C:\WINNT\system32\drivers\sskbfd.sys
2007-01-10 17:09:52 212,992 ----a-w C:\WINNT\system32\odbc32.dll
2007-01-05 14:49:42 22,752 ----a-w C:\WINNT\system32\spupdsvc.exe
2006-11-29 15:31:30 53,520 ----a-w C:\WINNT\system32\odbcji32.dll
2006-11-29 15:31:30 278,800 ----a-w C:\WINNT\system32\odbcjt32.dll
2006-11-29 15:31:30 20,752 ----a-w C:\WINNT\system32\odtext32.dll
2006-11-29 15:31:30 20,752 ----a-w C:\WINNT\system32\odpdx32.dll
2006-11-29 15:31:30 20,752 ----a-w C:\WINNT\system32\odfox32.dll
2006-11-29 15:31:30 20,752 ----a-w C:\WINNT\system32\odexl32.dll
2006-11-29 15:31:30 20,752 ----a-w C:\WINNT\system32\oddbse32.dll
2006-11-29 15:31:30 102,672 ----a-w C:\WINNT\system32\ODBCCP32.dll
2006-11-06 18:47:54 596,480 ----a-w C:\WINNT\system32\INETCOMM.DLL
2006-11-02 17:31:40 927,504 ----a-w C:\WINNT\system32\MFC40U.DLL
2006-11-02 17:31:40 1,011,774 ----a-w C:\WINNT\system32\mfc42u.dll
2006-10-19 08:02:22 115,472 ----a-w C:\WINNT\system32\OLEDLG.DLL
2006-09-06 04:58:48 1,110,528 ----a-w C:\WINNT\system32\msxml3.dll
2006-09-05 16:03:16 3,968 ----a-w C:\WINNT\system32\drivers\AvgAsCln.sys
2006-09-01 05:49:24 64,784 ----a-w C:\WINNT\system32\NWAPI32.DLL
2006-09-01 05:49:24 140,048 ----a-w C:\WINNT\system32\NWPROVAU.DLL
2006-09-01 04:57:48 161,520 ----a-w C:\WINNT\system32\drivers\nwrdr.sys
2006-08-28 08:44:10 530,192 ----a-w C:\WINNT\system32\comctl32.dll
2006-08-22 17:48:40 136,912 ------w C:\WINNT\system32\drivers\fltmgr.sys
2006-08-22 10:05:26 498,742 ----a-w C:\WINNT\system32\dxmasf.dll
2006-08-21 15:52:08 246,814 ----a-w C:\WINNT\system32\strmdll.dll
2006-08-17 13:14:37 98,064 ----a-w C:\WINNT\system32\WKSSVC.DLL
2006-08-16 14:28:16 513,808 ----a-w C:\WINNT\system32\LSASRV.DLL
2006-08-11 14:17:00 239,280 ----a-w C:\WINNT\system32\drivers\SRV.SYS
2006-07-25 05:08:31 840,976 ----a-w C:\WINNT\system32\mmcndmgr.dll
2006-07-21 15:08:54 72,704 ----a-w C:\WINNT\system32\hlink.dll
2006-07-06 17:52:40 613,648 ----a-w C:\WINNT\system32\mmc.exe
2006-07-06 11:45:32 96,528 ----a-w C:\WINNT\system32\dnsrslvr.dll
2006-06-27 08:30:50 1,427,728 ----a-w C:\WINNT\system32\query.dll
2006-05-31 07:14:15 415,536 ----a-w C:\WINNT\system32\drivers\mrxsmb.sys
2006-05-03 06:57:40 6,401,024 ----a-w C:\WINNT\system32\sp3res.dll
2006-04-25 13:38:52 320,336 ----a-w C:\WINNT\system32\drivers\tcpip.sys
2006-04-23 08:01:01 96,016 ----a-w C:\WINNT\system32\msdtclog.dll
2006-04-23 08:01:01 726,800 ----a-w C:\WINNT\system32\msdtcprx.dll
2006-04-23 08:01:01 52,496 ----a-w C:\WINNT\system32\mtxclu.dll
2006-04-23 08:01:01 19,216 ----a-w C:\WINNT\system32\xolehlp.dll
2006-04-23 08:01:01 153,872 ----a-w C:\WINNT\system32\msdtcui.dll
2006-04-23 08:01:01 123,152 ----a-w C:\WINNT\system32\mtxoci.dll
2006-04-23 08:01:01 1,202,448 ----a-w C:\WINNT\system32\msdtctm.dll
2006-04-13 05:17:08 437,008 ----a-w C:\WINNT\system32\rpcrt4.dll
2006-03-18 09:51:34 21,264 ------w C:\WINNT\system32\verclsid.exe
2006-03-06 05:07:31 1,842,672 ----a-r C:\WINNT\system32\dtcsetup.exe
2006-02-27 19:31:50 47,616 ----a-w C:\WINNT\system32\INETRES.DLL
2006-02-27 19:31:40 229,376 ----a-w C:\WINNT\system32\MSOEACCT.DLL
2006-02-27 19:31:36 91,136 ----a-w C:\WINNT\system32\MSOERT2.DLL
2006-02-27 19:29:32 44,032 ----a-w C:\WINNT\system32\MSIDENT.DLL
2005-11-24 22:54:16 79,632 ----a-w C:\WINNT\system32\fontsub.dll
2005-11-24 22:54:16 163,600 ----a-w C:\WINNT\system32\t2embed.dll
2005-09-23 11:03:26 1,120,016 ----a-w C:\WINNT\system32\webvw.dll
2005-09-23 11:03:25 17,680 ----a-w C:\WINNT\system32\linkinfo.dll
2005-09-05 08:18:50 71,440 ----a-w C:\WINNT\system32\stclient.dll
2005-09-05 08:18:50 35,600 ----a-w C:\WINNT\system32\mtxlegih.dll
2005-09-05 08:18:48 625,936 ----a-w C:\WINNT\system32\comuid.dll
2005-09-05 08:18:48 26,896 ----a-w C:\WINNT\system32\mtxdm.dll
2005-09-05 08:18:48 1,471,248 ----a-w C:\WINNT\system32\comsvcs.dll
2005-09-05 08:18:46 97,552 ----a-w C:\WINNT\system32\comrepl.dll
2005-09-05 08:18:46 97,040 ----a-w C:\WINNT\system32\clbcatex.dll
2005-09-05 08:18:46 957,712 ----a-w C:\WINNT\system32\OLE32.DLL
2005-09-05 08:18:46 595,728 ----a-w C:\WINNT\system32\catsrvut.dll
2005-09-05 08:18:46 551,184 ----a-w C:\WINNT\system32\clbcatq.dll
2005-09-05 08:18:46 41,744 ----a-w C:\WINNT\system32\colbact.dll
2005-09-05 08:18:46 398,608 ----a-w C:\WINNT\system32\txfaux.dll
2005-09-05 08:18:46 36,624 ----a-w C:\WINNT\system32\OLECNV32.DLL
2005-09-05 08:18:46 242,448 ----a-w C:\WINNT\system32\es.dll
2005-09-05 08:18:46 212,240 ----a-w C:\WINNT\system32\rpcss.dll
2005-09-05 08:18:46 165,648 ----a-w C:\WINNT\system32\catsrv.dll
2005-09-02 09:24:06 94,480 ----a-w C:\WINNT\system32\UMPNPMGR.DLL
2005-08-31 03:19:42 791,312 ----a-w C:\WINNT\system32\quartz.dll
2005-08-30 09:29:42 2,532,112 ----a-w C:\WINNT\system32\cdosys.dll
2005-08-22 09:20:40 61,200 ----a-w C:\WINNT\system32\NWWKS.DLL
2005-08-16 09:39:00 483,600 ----a-w C:\WINNT\system32\NTDLL.DLL
2005-08-16 08:40:58 30,160 ----a-w C:\WINNT\system32\drivers\mountmgr.sys
2005-08-16 08:35:00 100,112 ----a-w C:\WINNT\system32\netman.dll
2005-08-05 19:53:02 248,592 ----a-w C:\WINNT\system32\MSIEFTP.DLL
2005-07-25 06:06:20 58,368 ----a-w C:\WINNT\Unwash6.exe
2005-07-19 10:44:44 142,288 ----a-w C:\WINNT\system32\drivers\fastfat.sys
2005-07-19 05:42:04 170,800 ----a-w C:\WINNT\system32\drivers\rdbss.sys
2005-07-14 12:24:08 74,384 ----a-w C:\WINNT\system32\drivers\SCSIPORT.SYS
2005-07-13 07:22:02 88,848 ----a-w C:\WINNT\system32\WIN32SPL.DLL
2005-07-13 07:22:02 81,168 ----a-w C:\WINNT\system32\spoolss.dll
2005-07-13 07:22:02 138,000 ----a-w C:\WINNT\system32\faxui.dll
2005-07-12 04:59:12 47,376 ----a-w C:\WINNT\system32\spoolsv.exe
2005-07-02 11:30:14 175,888 ----a-w C:\WINNT\system32\tapisrv.dll
2005-06-29 07:30:56 69,904 ----a-w C:\WINNT\system32\mscms.dll
2005-06-29 07:30:56 246,032 ----a-w C:\WINNT\system32\icm32.dll
2005-06-15 04:22:48 208,144 ----a-w C:\WINNT\system32\kerberos.dll
2005-06-13 20:46:32 430,296 ----a-w C:\WINNT\system32\rtcrtp.dll
2005-06-13 19:46:32 1,011,928 ----a-w C:\WINNT\system32\rtclib.dll
2005-06-03 04:58:10 938,768 ----a-w C:\WINNT\system32\ntdsa.dll
2005-05-26 10:19:32 173,536 ----a-w C:\WINNT\system32\wuweb.dll
2005-05-26 10:16:30 465,176 ----a-w C:\WINNT\system32\wuapi.dll
2005-05-26 10:16:30 41,240 ----a-w C:\WINNT\system32\wups.dll
2005-05-26 10:16:30 194,328 ----a-w C:\WINNT\system32\wuaueng1.dll
2005-05-26 10:16:30 18,200 ----a-w C:\WINNT\system32\wups2.dll
2005-05-26 10:16:30 172,312 ----a-w C:\WINNT\system32\wuauclt1.exe
2005-05-26 10:16:30 127,256 ----a-w C:\WINNT\system32\wucltui.dll
2005-05-26 10:16:30 124,184 ----a-w C:\WINNT\system32\wuauclt.exe
2005-05-26 10:16:30 1,343,768 ----a-w C:\WINNT\system32\wuaueng.dll
2005-05-26 10:16:24 75,544 ----a-w C:\WINNT\system32\cdm.dll
2005-05-26 10:16:24 198,424 ----a-w C:\WINNT\system32\iuengine.dll
2005-05-10 09:20:32 513,424 ----a-w C:\WINNT\system32\drivers\ntfs.sys
2005-05-04 20:45:36 884,736 ----a-w C:\WINNT\system32\msimsg.dll
2005-05-04 20:45:36 78,848 ----a-w C:\WINNT\system32\msiexec.exe
2005-05-04 20:45:36 271,360 ----a-w C:\WINNT\system32\msihnd.dll
2005-05-04 20:45:36 15,360 ----a-w C:\WINNT\system32\msisip.dll
2005-04-21 14:16:56 38,912 ----a-w C:\WINNT\system32\hhsetup.dll
2005-04-21 14:16:56 143,872 ----a-w C:\WINNT\system32\itircl.dll
2005-04-21 14:16:56 128,000 ----a-w C:\WINNT\system32\itss.dll
2005-04-21 08:08:44 78,096 ----a-w C:\WINNT\system32\cryptsvc.dll
2005-04-21 08:08:44 401,168 ----a-w C:\WINNT\system32\ADVAPI32.DLL
2005-04-21 08:03:08 127,568 ----a-w C:\WINNT\system32\drivers\AFD.SYS
2005-04-15 01:08:24 10,752 ----a-w C:\WINNT\hh.exe
2005-04-08 11:54:36 57,104 ----a-w C:\WINNT\system32\mpr.dll
2005-04-08 11:54:36 51,984 ----a-w C:\WINNT\system32\samlib.dll
2005-04-08 11:54:36 37,648 ----a-w C:\WINNT\system32\NTLANMAN.DLL
2005-04-08 11:54:34 63,760 ----a-w C:\WINNT\system32\CRYPTNET.DLL
2005-04-08 11:54:34 390,416 ----a-w C:\WINNT\system32\SAMSRV.DLL
2005-04-08 11:54:34 130,832 ----a-w C:\WINNT\system32\adsldp.dll
2005-04-08 11:54:32 86,288 ----a-w C:\WINNT\system32\srvsvc.dll
2005-04-08 11:54:32 71,440 ----a-w C:\WINNT\system32\browser.dll
2005-04-08 11:54:32 58,128 ----a-w C:\WINNT\system32\RASMAN.DLL
2005-04-08 11:54:32 57,104 ----a-w C:\WINNT\system32\wlnotify.dll
2005-04-08 11:54:32 563,984 ----a-w C:\WINNT\system32\CRYPT32.DLL
2005-04-08 11:54:32 56,592 ----a-w C:\WINNT\system32\msasn1.dll
2005-04-08 11:54:32 49,424 ----a-w C:\WINNT\system32\EVENTLOG.DLL
2005-04-08 11:54:32 48,400 ----a-w C:\WINNT\system32\w32time.dll
2005-04-08 11:54:32 366,864 ----a-w C:\WINNT\system32\NETLOGON.DLL
2005-04-08 11:54:32 35,600 ----a-w C:\WINNT\system32\MSGSVC.DLL
2005-04-08 11:54:32 338,704 ----a-w C:\WINNT\system32\MSGINA.DLL
2005-04-08 11:54:32 266,000 ----a-w C:\WINNT\system32\LOCALSPL.DLL
2005-04-08 11:54:32 200,464 ----a-w C:\WINNT\system32\RASAPI32.DLL
2005-04-08 11:54:32 17,680 ----a-w C:\WINNT\system32\seclogon.dll
2005-04-08 11:54:32 134,928 ----a-w C:\WINNT\system32\adsldpc.dll
2005-04-08 11:54:32 117,520 ----a-w C:\WINNT\system32\PSBASE.DLL
2005-04-08 11:54:30 399,120 ----a-w C:\WINNT\system32\USERENV.DLL
2005-04-08 11:54:30 146,192 ----a-w C:\WINNT\system32\WLDAP32.DLL
2005-04-08 11:51:24 151,312 ----a-w C:\WINNT\system32\SCHANNEL.DLL
2005-04-08 11:51:18 125,200 ----a-w C:\WINNT\system32\MSV1_0.DLL
2005-04-08 11:51:16 92,944 ----a-w C:\WINNT\system32\SERVICES.EXE
2005-04-08 11:51:16 186,640 ----a-w C:\WINNT\system32\WINLOGON.EXE
2005-04-08 11:51:14 63,248 ----a-w C:\WINNT\system32\drivers\cdfs.sys
2005-04-08 11:51:14 175,632 ----a-w C:\WINNT\system32\drivers\netbt.sys
2005-04-08 10:34:42 973,072 ----a-w C:\WINNT\system32\sfcfiles.dll
2005-02-22 12:25:16 69,392 ----a-w C:\WINNT\system32\olecli32.dll
2005-02-22 07:05:10 18,192 ------w C:\WINNT\system32\fltlib.dll
2005-02-08 05:21:24 29,456 ----a-w C:\WINNT\system32\VDMDBG.DLL
2005-02-04 05:34:04 55,568 ------w C:\WINNT\system32\authz.dll
2005-01-13 09:09:50 35,088 ----a-w C:\WINNT\system32\CSRSRV.DLL
2005-01-13 09:09:48 63,760 ----a-w C:\WINNT\system32\adsmsext.dll
2005-01-12 19:40:00 322,832 ----a-w C:\WINNT\system32\UNTFS.DLL
2005-01-12 19:40:00 27,920 ----a-w C:\WINNT\system32\umandlg.dll
2005-01-12 19:40:00 239,888 ----a-w C:\WINNT\system32\wow32.dll
2005-01-12 19:39:58 29,968 ----a-w C:\WINNT\system32\profmap.dll
2005-01-12 19:39:58 14,096 ----a-w C:\WINNT\system32\ntvdmd.dll
2005-01-12 19:39:56 549,136 ----a-w C:\WINNT\system32\netcfgx.dll
2005-01-12 19:39:56 218,896 ----a-w C:\WINNT\system32\mstask.dll
2005-01-12 19:39:56 17,168 ----a-w C:\WINNT\system32\NDDENB32.DLL
2005-01-12 19:39:56 114,448 ----a-w C:\WINNT\system32\newdev.dll
2005-01-12 19:39:52 576,784 ----a-w C:\WINNT\system32\hypertrm.dll
2005-01-12 19:39:52 442,640 ----a-w C:\WINNT\system32\ipnathlp.dll
2005-01-12 19:39:50 44,304 ----a-w C:\WINNT\system32\DPWSOCKX.DLL
2005-01-12 19:39:50 305,424 ----a-w C:\WINNT\system32\gpedit.dll
2005-01-12 19:39:50 299,792 ----a-w C:\WINNT\system32\dsprop.dll
2005-01-12 19:39:50 220,432 ----a-w C:\WINNT\system32\DPLAYX.DLL
2005-01-12 19:39:50 163,088 ----a-w C:\WINNT\system32\h323msp.dll
2005-01-12 19:39:48 68,880 ----a-w C:\WINNT\system32\ciodm.dll
2005-01-12 19:39:48 46,352 ----a-w C:\WINNT\system32\BASESRV.DLL
2005-01-12 19:39:46 63,248 ----a-w C:\WINNT\system32\RASSCRPT.DLL
2005-01-12 19:39:46 56,080 ----a-w C:\WINNT\system32\cabinet.dll
2005-01-12 19:39:46 531,216 ----a-w C:\WINNT\system32\RASDLG.DLL
2005-01-12 19:39:46 443,664 ----a-w C:\WINNT\system32\CRYPTUI.DLL
2005-01-12 19:39:44 114,448 ----a-w C:\WINNT\system32\scecli.dll
2005-01-12 19:39:42 261,904 ----a-w C:\WINNT\system32\scesrv.dll
2005-01-12 19:39:42 167,184 ----a-w C:\WINNT\system32\WINTRUST.DLL
2004-12-19 22:30:54 33,552 ----a-w C:\WINNT\system32\LSASS.EXE
2004-12-15 04:54:48 398,608 ----a-w C:\WINNT\system32\NTVDM.EXE
2004-12-09 18:10:08 41,744 ----a-w C:\WINNT\system32\GRPCONV.EXE
2004-12-02 13:19:44 22,800 ------w C:\WINNT\system32\fltmc.exe
2004-12-02 13:07:26 63,280 ----a-w C:\WINNT\system32\drivers\udfs.sys
2004-12-02 13:07:24 89,328 ----a-w C:\WINNT\system32\drivers\mup.sys
2004-12-02 13:00:00 116,400 ----a-w C:\WINNT\system32\drivers\ftdisk.sys
2004-11-06 14:38:16 47,376 ----a-w C:\WINNT\system32\FONTVIEW.EXE
2004-11-02 22:48:18 236,816 ----a-w C:\WINNT\system32\CMD.EXE
2004-10-26 14:52:16 258,320 ----a-w C:\WINNT\system32\mstext40.dll
2004-10-11 06:04:34 331,776 ----a-w C:\WINNT\system32\winhttp.dll
2004-10-05 16:43:34 17,408 ----a-w C:\WINNT\system32\qmgrprxy.dll
2004-10-05 16:43:30 362,496 ------w C:\WINNT\system32\qmgr.dll
2004-10-05 16:43:28 7,680 ------w C:\WINNT\system32\bitsprx2.dll
2004-10-05 16:43:28 7,168 ------w C:\WINNT\system32\bitsprx3.dll
2004-09-07 15:59:06 122,128 ----a-w C:\WINNT\system32\mstask.exe
2004-08-11 22:42:40 67,344 ----a-w C:\WINNT\system32\drivers\ipnat.sys
2004-07-20 02:56:48 553,232 ----a-w C:\WINNT\system32\msrepl40.dll
2004-07-20 02:56:46 348,432 ----a-w C:\WINNT\system32\mspbde40.dll
2004-07-20 02:56:46 241,936 ----a-w C:\WINNT\system32\msjtes40.dll
2004-07-20 02:56:44 1,507,600 ----a-w C:\WINNT\system32\msjet40.dll
2004-07-20 02:56:40 319,760 ----a-w C:\WINNT\system32\msexcl40.dll
2004-07-20 02:56:28 348,432 ----a-w C:\WINNT\system32\msxbde40.dll
2004-07-09 14:37:38 110,352 ----a-w C:\WINNT\system32\NETDDE.EXE
2004-06-18 19:40:50 33,280 ----a-w C:\WINNT\muninst.exe
Destination
2007-05-30, 00:16
2004-06-04 21:13:44 439,296 ------w C:\WINNT\system32\xpob2res.dll
2004-05-16 05:02:14 90,384 ----a-w C:\WINNT\system32\psxss.exe
2004-04-05 03:16:30 57,104 ----a-w C:\WINNT\system32\w32tm.exe
2004-02-17 09:56:44 352,528 ----a-w C:\WINNT\system32\msjetoledb40.dll
2003-12-10 02:47:42 13,584 ----a-w C:\WINNT\system32\CHKDSK.EXE
2003-12-10 02:47:36 579,856 ----a-w C:\WINNT\system32\AUTOCHK.EXE
2003-11-07 01:46:56 188,493 ----a-w C:\WINNT\system32\AWLGTSTA.exe
2003-11-07 01:44:36 118,859 ----a-w C:\WINNT\system32\AWLGTRES.dll
2003-11-07 01:44:06 90,197 ----a-w C:\WINNT\system32\AWLGTIOC.dll
2003-11-06 07:44:00 336,384 ----a-r C:\WINNT\system32\drivers\AWLGTUSB.sys
2003-10-28 19:44:24 524,560 ----a-w C:\WINNT\system32\sqlsrv32.dll
2003-10-28 19:44:24 24,848 ----a-w C:\WINNT\system32\odbcbcp.dll
2003-09-26 10:43:02 831,760 ----a-w C:\WINNT\system32\mswdat10.dll
2003-09-26 10:43:02 614,672 ----a-w C:\WINNT\system32\mswstr10.dll
2003-09-26 10:42:58 422,160 ----a-w C:\WINNT\system32\msrd2x40.dll
2003-09-26 10:42:58 315,664 ----a-w C:\WINNT\system32\msrd3x40.dll
2003-09-26 10:42:56 213,264 ----a-w C:\WINNT\system32\msltus40.dll
2003-09-26 10:42:54 53,520 ----a-w C:\WINNT\system32\msjter40.dll
2003-09-26 10:42:54 151,824 ----a-w C:\WINNT\system32\msjint40.dll
2003-09-26 10:42:48 512,272 ----a-w C:\WINNT\system32\msexch40.dll
2003-09-26 10:42:40 380,957 ----a-w C:\WINNT\system32\expsrv.dll
2003-09-26 10:42:32 30,749 ----a-w C:\WINNT\system32\vbajet32.dll
2003-09-20 10:02:22 71,888 ----a-w C:\WINNT\system32\drivers\ksecdd.sys
2003-06-23 08:44:36 1,415,680 ----a-w C:\WINNT\system32\wmv9vcm.dll
2003-06-19 19:05:04 99,088 ----a-w C:\WINNT\system32\modemui.dll
2003-06-19 19:05:04 977,680 ----a-w C:\WINNT\system32\vfpodbc.dll
2003-06-19 19:05:04 97,040 ----a-w C:\WINNT\system32\rtm.dll
2003-06-19 19:05:04 97,040 ----a-w C:\WINNT\system32\iasrad.dll
2003-06-19 19:05:04 96,528 ----a-w C:\WINNT\system32\imm32.dll
2003-06-19 19:05:04 95,024 ----a-w C:\WINNT\system32\sfc.dll
2003-06-19 19:05:04 94,992 ----a-w C:\WINNT\system32\FAXSVC.EXE
2003-06-19 19:05:04 94,720 ------w C:\WINNT\system32\iuctl.dll
2003-06-19 19:05:04 93,360 ----a-w C:\WINNT\system32\drivers\ndiswan.sys
2003-06-19 19:05:04 92,944 ----a-w C:\WINNT\system32\faxadmin.dll
2003-06-19 19:05:04 92,944 ----a-w C:\WINNT\system32\dskquota.dll
2003-06-19 19:05:04 92,432 ----a-w C:\WINNT\system32\xactsrv.dll
2003-06-19 19:05:04 92,032 ----a-w C:\WINNT\system32\KRNL386.EXE
2003-06-19 19:05:04 91,408 ----a-w C:\WINNT\system32\drivers\NWLNKIPX.SYS
2003-06-19 19:05:04 90,384 ----a-w C:\WINNT\system32\trkwks.dll
2003-06-19 19:05:04 90,112 ----a-w C:\WINNT\system32\odbcint.dll
2003-06-19 19:05:04 9,904 ----a-w C:\WINNT\system32\drivers\cmbatt.sys
2003-06-19 19:05:04 9,264 ----a-w C:\WINNT\system32\drivers\compbatt.sys
2003-06-19 19:05:04 9,216 ------w C:\WINNT\system32\wuauserv.dll
2003-06-19 19:05:04 9,200 ----a-w C:\WINNT\system32\drivers\ndistapi.sys
2003-06-19 19:05:04 89,600 ----a-w C:\WINNT\system32\nlhtml.dll
2003-06-19 19:05:04 88,336 ----a-w C:\WINNT\system32\NSLOOKUP.EXE
2003-06-19 19:05:04 87,312 ----a-w C:\WINNT\system32\TASKMGR.EXE
2003-06-19 19:05:04 86,672 ----a-w C:\WINNT\system32\drivers\atapi.sys
2003-06-19 19:05:04 85,776 ----a-w C:\WINNT\system32\smlogsvc.exe
2003-06-19 19:05:04 85,776 ----a-w C:\WINNT\system32\ntsdexts.dll
2003-06-19 19:05:04 83,888 ----a-w C:\WINNT\system32\vga.dll
2003-06-19 19:05:04 83,216 ----a-w C:\WINNT\system32\UFAT.DLL
2003-06-19 19:05:04 82,704 ----a-w C:\WINNT\system32\cmnquery.dll
2003-06-19 19:05:04 81,168 ----a-w C:\WINNT\system32\stobject.dll
2003-06-19 19:05:04 80,144 ----a-w C:\WINNT\system32\telnet.exe
2003-06-19 19:05:04 80,144 ----a-w C:\WINNT\system32\faxcom.dll
2003-06-19 19:05:04 8,976 ----a-w C:\WINNT\system32\autolfn.exe
2003-06-19 19:05:04 8,464 ----a-w C:\WINNT\system32\wshirda.dll
2003-06-19 19:05:04 8,464 ----a-w C:\WINNT\system32\RECOVER.EXE
2003-06-19 19:05:04 8,464 ----a-w C:\WINNT\system32\DISKCOPY.COM
2003-06-19 19:05:04 79,632 ----a-w C:\WINNT\system32\ntdskcc.dll
2003-06-19 19:05:04 79,120 ----a-w C:\WINNT\system32\winscard.dll
2003-06-19 19:05:04 78,608 ----a-w C:\WINNT\system32\avifil32.dll
2003-06-19 19:05:04 78,096 ----a-w C:\WINNT\system32\aclui.dll
2003-06-19 19:05:04 77,584 ----a-w C:\WINNT\system32\scripto.dll
2003-06-19 19:05:04 77,584 ----a-w C:\WINNT\system32\RASAUTO.DLL
2003-06-19 19:05:04 77,584 ------w C:\WINNT\system32\gpresult.exe
2003-06-19 19:05:04 77,072 ----a-w C:\WINNT\system32\rsvpsp.dll
2003-06-19 19:05:04 76,560 ----a-w C:\WINNT\system32\msw3prt.dll
2003-06-19 19:05:04 76,560 ----a-w C:\WINNT\system32\hotplug.dll
2003-06-19 19:05:04 76,048 ----a-w C:\WINNT\system32\mdhcp.dll
2003-06-19 19:05:04 75,536 ----a-w C:\WINNT\system32\iasads.dll
2003-06-19 19:05:04 75,536 ----a-w C:\WINNT\system32\DHCPSAPI.DLL
2003-06-19 19:05:04 74,810 ----a-w C:\WINNT\system32\atl.dll
2003-06-19 19:05:04 74,512 ----a-w C:\WINNT\system32\wmicore.dll
2003-06-19 19:05:04 74,512 ----a-w C:\WINNT\system32\dsauth.dll
2003-06-19 19:05:04 73,872 ----a-w C:\WINNT\system32\drivers\wdmaud.sys
2003-06-19 19:05:04 73,488 ----a-w C:\WINNT\system32\irmon.dll
2003-06-19 19:05:04 73,488 ----a-w C:\WINNT\regedit.exe
2003-06-19 19:05:04 72,464 ----a-w C:\WINNT\system32\LOCATOR.EXE
2003-06-19 19:05:04 72,464 ----a-w C:\WINNT\system32\isign32.dll
2003-06-19 19:05:04 72,464 ----a-w C:\WINNT\system32\DRWTSN32.EXE
2003-06-19 19:05:04 72,192 ----a-w C:\WINNT\system32\sdbapiu.dll
2003-06-19 19:05:04 71,952 ----a-w C:\WINNT\system32\netui0.dll
2003-06-19 19:05:04 70,928 ----a-w C:\WINNT\system32\olethk32.dll
2003-06-19 19:05:04 7,728 ----a-w C:\WINNT\system32\drivers\diskperf.sys
2003-06-19 19:05:04 7,600 ----a-w C:\WINNT\system32\drivers\fs_rec.sys
2003-06-19 19:05:04 7,440 ----a-w C:\WINNT\system32\svcpack.dll
2003-06-19 19:05:04 7,440 ----a-w C:\WINNT\system32\sensapi.dll
2003-06-19 19:05:04 7,440 ----a-w C:\WINNT\system32\msswchx.exe
2003-06-19 19:05:04 7,440 ----a-w C:\WINNT\system32\control.exe
2003-06-19 19:05:04 7,312 ----a-w C:\WINNT\system32\drivers\dmload.sys
2003-06-19 19:05:04 7,184 ----a-w C:\WINNT\system32\drivers\battc.sys
2003-06-19 19:05:04 692,496 ----a-w C:\WINNT\system32\OPENGL32.DLL
2003-06-19 19:05:04 69,904 ----a-w C:\WINNT\system32\ws2_32.dll
2003-06-19 19:05:04 69,904 ----a-w C:\WINNT\system32\mprddm.dll
2003-06-19 19:05:04 69,392 ----a-w C:\WINNT\system32\shim.dll
2003-06-19 19:05:04 68,368 ----a-w C:\WINNT\system32\unimdmat.dll
2003-06-19 19:05:04 68,368 ----a-w C:\WINNT\system32\regsvc.exe
2003-06-19 19:05:04 67,856 ----a-w C:\WINNT\system32\SAVEDUMP.EXE
2003-06-19 19:05:04 67,344 ----a-w C:\WINNT\system32\ntdsetup.dll
2003-06-19 19:05:04 67,344 ----a-w C:\WINNT\system32\IFSUTIL.DLL
2003-06-19 19:05:04 66,832 ----a-w C:\WINNT\system32\tcpmonui.dll
2003-06-19 19:05:04 66,832 ----a-w C:\WINNT\system32\inetpp.dll
2003-06-19 19:05:04 66,320 ----a-w C:\WINNT\system32\NTPRINT.DLL
2003-06-19 19:05:04 66,320 ----a-w C:\WINNT\system32\LOADPERF.DLL
2003-06-19 19:05:04 65,601 ----a-w C:\WINNT\system32\servdeps.dll
2003-06-19 19:05:04 65,520 ----a-w C:\WINNT\system32\drivers\nwlnknb.sys
2003-06-19 19:05:04 64,272 ----a-w C:\WINNT\system32\mswsock.dll
2003-06-19 19:05:04 626,960 ----a-w C:\WINNT\system32\OLEAUT32.DLL
2003-06-19 19:05:04 62,736 ----a-w C:\WINNT\system32\sstext3d.scr
2003-06-19 19:05:04 62,736 ----a-w C:\WINNT\system32\drivers\serial.sys
2003-06-19 19:05:04 62,224 ----a-w C:\WINNT\system32\dfrgfat.exe
2003-06-19 19:05:04 61,712 ----a-w C:\WINNT\system32\stisvc.exe
2003-06-19 19:05:04 61,712 ----a-w C:\WINNT\system32\oiui400.dll
2003-06-19 19:05:04 61,712 ----a-w C:\WINNT\system32\cliconfg.dll
2003-06-19 19:05:04 60,688 ----a-w C:\WINNT\system32\RASCHAP.DLL
2003-06-19 19:05:04 60,496 ----a-w C:\WINNT\system32\drivers\psched.sys
2003-06-19 19:05:04 60,208 ----a-w C:\WINNT\system32\drivers\parallel.sys
2003-06-19 19:05:04 60,176 ----a-w C:\WINNT\system32\iassvcs.dll
2003-06-19 19:05:04 60,176 ----a-w C:\WINNT\system32\iasnap.dll
2003-06-19 19:05:04 6,928 ----a-w C:\WINNT\system32\skdll.dll
2003-06-19 19:05:04 6,928 ----a-w C:\WINNT\system32\ntlsapi.dll
2003-06-19 19:05:04 6,928 ----a-w C:\WINNT\system32\KBDCA.DLL
2003-06-19 19:05:04 6,928 ------w C:\WINNT\system32\perfvd.exe
2003-06-19 19:05:04 6,416 ------w C:\WINNT\system32\hccoin.dll
2003-06-19 19:05:04 59,312 ----a-w C:\WINNT\system32\drivers\pci.sys
2003-06-19 19:05:04 59,152 ----a-w C:\WINNT\system32\winfax.dll
2003-06-19 19:05:04 589,072 ----a-w C:\WINNT\system32\AUTOCONV.EXE
2003-06-19 19:05:04 570,128 ----a-w C:\WINNT\system32\SETUPAPI.DLL
2003-06-19 19:05:04 57,616 ----a-w C:\WINNT\system32\ntdsapi.dll
2003-06-19 19:05:04 57,296 ----a-w C:\WINNT\system32\drivers\irda.sys
2003-06-19 19:05:04 57,264 ----a-w C:\WINNT\system32\drivers\mf.sys
2003-06-19 19:05:04 57,104 ----a-w C:\WINNT\system32\ocmanage.dll
2003-06-19 19:05:04 57,104 ----a-w C:\WINNT\system32\mydocs.dll
2003-06-19 19:05:04 568,592 ----a-w C:\WINNT\system32\autofmt.exe
2003-06-19 19:05:04 56,112 ----a-w C:\WINNT\system32\drivers\DLC.SYS
2003-06-19 19:05:04 56,080 ----a-w C:\WINNT\system32\mprui.dll
2003-06-19 19:05:04 55,568 ----a-w C:\WINNT\system32\esentutl.exe
2003-06-19 19:05:04 55,568 ----a-w C:\WINNT\system32\CLUSAPI.DLL
2003-06-19 19:05:04 55,056 ----a-w C:\WINNT\system32\tlntsess.exe
2003-06-19 19:05:04 542,480 ----a-w C:\WINNT\system32\wsecedit.dll
2003-06-19 19:05:04 54,032 ----a-w C:\WINNT\system32\rastapi.dll
2003-06-19 19:05:04 53,552 ----a-w C:\WINNT\system32\drivers\swmidi.sys
2003-06-19 19:05:04 53,520 ----a-w C:\WINNT\system32\ntmsapi.dll
2003-06-19 19:05:04 53,008 ----a-w C:\WINNT\system32\packager.exe
2003-06-19 19:05:04 52,496 ------w C:\WINNT\system32\wzcdlg.dll
2003-06-19 19:05:04 52,112 ----a-w C:\WINNT\system32\drivers\rasl2tp.sys
2003-06-19 19:05:04 514,320 ----a-w C:\WINNT\system32\msxml.dll
2003-06-19 19:05:04 509,712 ----a-w C:\WINNT\system32\SYSSETUP.DLL
2003-06-19 19:05:04 50,640 ----a-w C:\WINNT\system32\drivers\videoprt.sys
2003-06-19 19:05:04 50,620 ----a-w C:\WINNT\system32\command.com
2003-06-19 19:05:04 50,448 ----a-w C:\WINNT\system32\fdeploy.dll
2003-06-19 19:05:04 5,904 ----a-w C:\WINNT\system32\dllhst3g.exe
2003-06-19 19:05:04 49,936 ----a-w C:\WINNT\system32\ixsso.dll
2003-06-19 19:05:04 49,776 ------w C:\WINNT\system32\drivers\usbhub20.sys
2003-06-19 19:05:04 49,424 ----a-w C:\WINNT\system32\sqlwoa.dll
2003-06-19 19:05:04 48,912 ----a-w C:\WINNT\system32\secur32.dll
2003-06-19 19:05:04 48,496 ----a-w C:\WINNT\system32\drivers\atmlane.sys
2003-06-19 19:05:04 48,464 ----a-w C:\WINNT\system32\drivers\raspptp.sys
2003-06-19 19:05:04 48,400 ----a-w C:\WINNT\system32\loghours.dll
2003-06-19 19:05:04 48,200 ------w C:\WINNT\system32\scrdx86.dll
2003-06-19 19:05:04 48,200 ------w C:\WINNT\system32\scrdenrl.dll
2003-06-19 19:05:04 477,456 ----a-w C:\WINNT\system32\netshell.dll
2003-06-19 19:05:04 47,888 ----a-w C:\WINNT\system32\ssbezier.scr
2003-06-19 19:05:04 47,568 ----a-w C:\WINNT\system32\drivers\sysaudio.sys
2003-06-19 19:05:04 47,376 ----a-w C:\WINNT\system32\mprdim.dll
2003-06-19 19:05:04 47,104 ----a-w C:\WINNT\system32\MSPRIVS.DLL
2003-06-19 19:05:04 46,992 ----a-w C:\WINNT\system32\drivers\isapnp.sys
2003-06-19 19:05:04 46,992 ----a-w C:\WINNT\system32\drivers\i8042prt.sys
2003-06-19 19:05:04 45,840 ----a-w C:\WINNT\system32\SMSS.EXE
2003-06-19 19:05:04 45,840 ----a-w C:\WINNT\system32\skeys.exe
2003-06-19 19:05:04 45,840 ------w C:\WINNT\system32\msmqprop.exe
2003-06-19 19:05:04 45,328 ----a-w C:\WINNT\system32\cmstp.exe
2003-06-19 19:05:04 444,176 ----a-w C:\WINNT\system32\oieng400.dll
2003-06-19 19:05:04 44,816 ----a-w C:\WINNT\system32\rsm.exe
2003-06-19 19:05:04 44,304 ----a-w C:\WINNT\system32\cryptdll.dll
2003-06-19 19:05:04 43,792 ----a-w C:\WINNT\system32\magnify.exe
2003-06-19 19:05:04 43,280 ----a-w C:\WINNT\system32\dmutil.dll
2003-06-19 19:05:04 425,232 ----a-w C:\WINNT\system32\dxdiag.exe
2003-06-19 19:05:04 422,160 ----a-w C:\WINNT\system32\certmgr.dll
2003-06-19 19:05:04 42,809 ----a-w C:\WINNT\system32\key01.sys
2003-06-19 19:05:04 42,768 ----a-w C:\WINNT\system32\webhits.dll
2003-06-19 19:05:04 42,768 ----a-w C:\WINNT\system32\dfrgsnap.dll
2003-06-19 19:05:04 42,537 ----a-w C:\WINNT\system32\KEYBOARD.SYS
2003-06-19 19:05:04 42,256 ----a-w C:\WINNT\system32\PERFCTRS.DLL
2003-06-19 19:05:04 42,000 ----a-w C:\WINNT\system32\drivers\stream.sys
2003-06-19 19:05:04 419,600 ----a-w C:\WINNT\system32\ssmaze.scr
2003-06-19 19:05:04 41,744 ----a-w C:\WINNT\system32\tcpmon.dll
2003-06-19 19:05:04 41,744 ----a-w C:\WINNT\system32\sti.dll
2003-06-19 19:05:04 41,744 ----a-w C:\WINNT\system32\ssflwbox.scr
2003-06-19 19:05:04 41,744 ----a-w C:\WINNT\system32\dsfolder.dll
2003-06-19 19:05:04 41,232 ----a-w C:\WINNT\system32\odbcconf.exe
2003-06-19 19:05:04 41,232 ----a-w C:\WINNT\system32\odbcconf.dll
2003-06-19 19:05:04 402,704 ----a-w C:\WINNT\system32\cdonts.dll
2003-06-19 19:05:04 401,168 ----a-w C:\WINNT\system32\ntmssvc.dll
2003-06-19 19:05:04 40,720 ----a-w C:\WINNT\system32\RESUTILS.DLL
2003-06-19 19:05:04 40,176 ----a-w C:\WINNT\system32\drivers\usbhub.sys
2003-06-19 19:05:04 4,880 ----a-w C:\WINNT\system32\NDDEAPIR.EXE
2003-06-19 19:05:04 4,624 ----a-w C:\WINNT\system32\drivers\intelide.sys
2003-06-19 19:05:04 4,368 ----a-w C:\WINNT\system32\winver.exe
2003-06-19 19:05:04 4,368 ----a-w C:\WINNT\system32\IPROP.DLL
2003-06-19 19:05:04 4,126 ----a-w C:\WINNT\system32\msdxmlc.dll
2003-06-19 19:05:04 39,696 ----a-w C:\WINNT\system32\wsnmp32.dll
2003-06-19 19:05:04 39,696 ----a-w C:\WINNT\system32\FTP.EXE
2003-06-19 19:05:04 39,184 ----a-w C:\WINNT\system32\winsta.dll
2003-06-19 19:05:04 381,712 ----a-w C:\WINNT\system32\PRINTUI.DLL
2003-06-19 19:05:04 38,672 ----a-w C:\WINNT\system32\ssmarque.scr
2003-06-19 19:05:04 38,160 ----a-w C:\WINNT\system32\sens.dll
2003-06-19 19:05:04 375,568 ----a-w C:\WINNT\system32\tapi3.dll
2003-06-19 19:05:04 374,032 ----a-w C:\WINNT\system32\JET500.DLL
2003-06-19 19:05:04 37,552 ----a-w C:\WINNT\system32\drivers\nmnt.sys
2003-06-19 19:05:04 37,136 ----a-w C:\WINNT\system32\ODBCAD32.exe
2003-06-19 19:05:04 37,136 ----a-w C:\WINNT\system32\cliconfg.exe
2003-06-19 19:05:04 369,104 ----a-w C:\WINNT\system32\drivers\dmboot.sys
2003-06-19 19:05:04 36,624 ----a-w C:\WINNT\system32\ssmyst.scr
2003-06-19 19:05:04 36,624 ----a-w C:\WINNT\system32\RNR20.DLL
2003-06-19 19:05:04 36,112 ----a-w C:\WINNT\system32\regapi.dll
2003-06-19 19:05:04 36,112 ----a-w C:\WINNT\system32\cipher.exe
2003-06-19 19:05:04 35,648 ----a-w C:\WINNT\system32\ntio411.sys
2003-06-19 19:05:04 35,600 ----a-w C:\WINNT\system32\storprop.dll
2003-06-19 19:05:04 35,408 ----a-w C:\WINNT\system32\ntio412.sys
2003-06-19 19:05:04 35,344 ----a-w C:\WINNT\system32\drivers\redbook.sys
2003-06-19 19:05:04 35,088 ----a-w C:\WINNT\system32\rshx32.dll
2003-06-19 19:05:04 35,088 ----a-w C:\WINNT\system32\MSSIGN32.DLL
2003-06-19 19:05:04 34,832 ----a-w C:\WINNT\system32\drivers\classpnp.sys
2003-06-19 19:05:04 34,816 ------w C:\WINNT\system32\msiregmv.exe
2003-06-19 19:05:04 34,704 ----a-w C:\WINNT\system32\drivers\msgpc.sys
2003-06-19 19:05:04 34,576 ------w C:\WINNT\system32\wzcsetup.exe
2003-06-19 19:05:04 34,544 ----a-w C:\WINNT\system32\ntio804.sys
2003-06-19 19:05:04 34,544 ----a-w C:\WINNT\system32\ntio404.sys
2003-06-19 19:05:04 34,064 ----a-w C:\WINNT\system32\FORMAT.COM
2003-06-19 19:05:04 331,088 ----a-w C:\WINNT\system32\drivers\atmuni.sys
2003-06-19 19:05:04 33,824 ----a-w C:\WINNT\system32\NTIO.SYS
2003-06-19 19:05:04 33,616 ------w C:\WINNT\system32\drivers\fips.sys
2003-06-19 19:05:04 33,552 ----a-w C:\WINNT\system32\shmgrate.exe
2003-06-19 19:05:04 33,040 ----a-w C:\WINNT\system32\ssstars.scr
2003-06-19 19:05:04 33,040 ----a-w C:\WINNT\system32\dbnmpntw.dll
2003-06-19 19:05:04 33,040 ----a-w C:\WINNT\system32\dbmsspxn.dll
2003-06-19 19:05:04 33,040 ----a-w C:\WINNT\system32\dbmsadsn.dll
2003-06-19 19:05:04 32,848 ----a-w C:\WINNT\system32\drivers\uhcd.sys
2003-06-19 19:05:04 32,272 ----a-w C:\WINNT\system32\drivers\wanarp.sys
2003-06-19 19:05:04 32,016 ----a-w C:\WINNT\system32\ntdsatq.dll
2003-06-19 19:05:04 319,760 ----a-w C:\WINNT\system32\MSPAINT.EXE
2003-06-19 19:05:04 316,176 ----a-w C:\WINNT\system32\dmconfig.dll
2003-06-19 19:05:04 315,664 ----a-w C:\WINNT\system32\usp10.dll
2003-06-19 19:05:04 31,504 ----a-w C:\WINNT\system32\traffic.dll
2003-06-19 19:05:04 31,504 ----a-w C:\WINNT\system32\atmlib.dll
2003-06-19 19:05:04 306,448 ----a-w C:\WINNT\system32\dhcpmon.dll
2003-06-19 19:05:04 30,768 ----a-w C:\WINNT\system32\drivers\DISK.SYS
2003-06-19 19:05:04 3,856 ----a-w C:\WINNT\system32\COMCAT.DLL
2003-06-19 19:05:04 294,672 ----a-w C:\WINNT\system32\filemgmt.dll
2003-06-19 19:05:04 291,888 ----a-w C:\WINNT\system32\atmfd.dll
2003-06-19 19:05:04 29,968 ----a-w C:\WINNT\system32\wpnpinst.exe
2003-06-19 19:05:04 29,968 ----a-w C:\WINNT\system32\ntdsbsrv.dll
2003-06-19 19:05:04 29,968 ------w C:\WINNT\system32\wzcsapi.dll
2003-06-19 19:05:04 29,456 ----a-w C:\WINNT\system32\perfproc.dll
2003-06-19 19:05:04 29,456 ----a-w C:\WINNT\system32\INETMIB1.DLL
2003-06-19 19:05:04 29,168 ----a-w C:\WINNT\system32\drivers\modem.sys
2003-06-19 19:05:04 286,773 ----a-w C:\WINNT\system32\msvcrt.dll
2003-06-19 19:05:04 285,456 ----a-w C:\WINNT\system32\smlogcfg.dll
2003-06-19 19:05:04 28,944 ----a-w C:\WINNT\system32\iasacct.dll
2003-06-19 19:05:04 28,944 ----a-w C:\WINNT\system32\dssec.dll
2003-06-19 19:05:04 28,944 ----a-w C:\WINNT\system32\dbmsvinn.dLL
2003-06-19 19:05:04 28,944 ----a-w C:\WINNT\system32\dbmsrpcn.dll
2003-06-19 19:05:04 28,432 ----a-w C:\WINNT\system32\scrnsave.scr
Destination
2007-05-30, 00:17
2003-06-19 19:05:04 28,432 ----a-w C:\WINNT\system32\ntdsbcli.dll
2003-06-19 19:05:04 28,400 ----a-w C:\WINNT\system32\wupdinfo.dll
2003-06-19 19:05:04 270,608 ----a-w C:\WINNT\winhlp32.exe
2003-06-19 19:05:04 27,984 ----a-w C:\WINNT\system32\drivers\cdrom.sys
2003-06-19 19:05:04 27,866 ----a-w C:\WINNT\system32\NTDOS.SYS
2003-06-19 19:05:04 27,440 ----a-w C:\WINNT\system32\drivers\efs.sys
2003-06-19 19:05:04 27,136 ----a-w C:\WINNT\system32\mspatcha.dll
2003-06-19 19:05:04 27,097 ----a-w C:\WINNT\system32\country.sys
2003-06-19 19:05:04 269,584 ----a-w C:\WINNT\system32\iassdo.dll
2003-06-19 19:05:04 265,488 ----a-w C:\WINNT\system32\dxmrtp.dll
2003-06-19 19:05:04 261,392 ----a-w C:\WINNT\system32\ULIB.DLL
2003-06-19 19:05:04 26,896 ----a-w C:\WINNT\system32\NETSTAT.EXE
2003-06-19 19:05:04 26,624 ------w C:\WINNT\system32\msxmlr.dll
2003-06-19 19:05:04 26,384 ----a-w C:\WINNT\system32\utildll.dll
2003-06-19 19:05:04 26,384 ----a-w C:\WINNT\system32\CNVFAT.DLL
2003-06-19 19:05:04 26,256 ----a-w C:\WINNT\system32\drivers\fdc.sys
2003-06-19 19:05:04 25,872 ----a-w C:\WINNT\system32\LODCTR.EXE
2003-06-19 19:05:04 25,872 ----a-w C:\WINNT\system32\findstr.exe
2003-06-19 19:05:04 25,872 ----a-w C:\WINNT\system32\conime.exe
2003-06-19 19:05:04 25,360 ----a-w C:\WINNT\system32\rsfsaps.dll
2003-06-19 19:05:04 25,360 ----a-w C:\WINNT\system32\rapilib.dll
2003-06-19 19:05:04 25,104 ----a-w C:\WINNT\system32\drivers\parport.sys
2003-06-19 19:05:04 246,032 ----a-w C:\WINNT\system32\localsec.dll
2003-06-19 19:05:04 243,472 ----a-w C:\WINNT\explorer.exe
2003-06-19 19:05:04 242,960 ----a-w C:\WINNT\system32\cscui.dll
2003-06-19 19:05:04 241,424 ----a-w C:\WINNT\system32\COMDLG32.DLL
2003-06-19 19:05:04 24,848 ----a-w C:\WINNT\system32\sqlwid.dll
2003-06-19 19:05:04 24,848 ----a-w C:\WINNT\system32\spdwnw2k.exe
2003-06-19 19:05:04 24,848 ----a-w C:\WINNT\system32\perfdisk.dll
2003-06-19 19:05:04 24,848 ----a-w C:\WINNT\system32\ODBC32GT.dll
2003-06-19 19:05:04 24,848 ----a-w C:\WINNT\system32\narrator.exe
2003-06-19 19:05:04 24,848 ----a-w C:\WINNT\system32\msdart32.dll
2003-06-19 19:05:04 24,848 ----a-w C:\WINNT\system32\ds32gt.dll
2003-06-19 19:05:04 24,752 ----a-w C:\WINNT\system32\drivers\hidclass.sys
2003-06-19 19:05:04 24,528 ----a-w C:\WINNT\system32\drivers\kbdclass.sys
2003-06-19 19:05:04 24,336 ----a-w C:\WINNT\system32\rpcns4.dll
2003-06-19 19:05:04 24,336 ------w C:\WINNT\system32\ftpqfe.exe
2003-06-19 19:05:04 239,376 ----a-w C:\WINNT\system32\winsmon.dll
2003-06-19 19:05:04 236,304 ----a-w C:\WINNT\system32\msclus.dll
2003-06-19 19:05:04 23,824 ----a-w C:\WINNT\system32\at.exe
2003-06-19 19:05:04 23,056 ----a-w C:\WINNT\system32\drivers\hidparse.sys
2003-06-19 19:05:04 226,576 ----a-w C:\WINNT\system32\avtapi.dll
2003-06-19 19:05:04 224,016 ----a-w C:\WINNT\system32\appmgr.dll
2003-06-19 19:05:04 221,968 ----a-w C:\WINNT\system32\devmgr.dll
2003-06-19 19:05:04 221,456 ----a-w C:\WINNT\system32\osk.exe
2003-06-19 19:05:04 22,800 ----a-w C:\WINNT\system32\utilman.exe
2003-06-19 19:05:04 22,800 ----a-w C:\WINNT\system32\routeext.dll
2003-06-19 19:05:04 22,800 ----a-w C:\WINNT\system32\dfsshlex.dll
2003-06-19 19:05:04 22,288 ----a-w C:\WINNT\system32\cmutil.dll
2003-06-19 19:05:04 22,064 ----a-w C:\WINNT\system32\drivers\sonydcam.sys
2003-06-19 19:05:04 22,064 ----a-w C:\WINNT\system32\drivers\pciidex.sys
2003-06-19 19:05:04 219,920 ----a-w C:\WINNT\system32\confmsp.dll
2003-06-19 19:05:04 214,800 ----a-w C:\WINNT\system32\objsel.dll
2003-06-19 19:05:04 214,288 ----a-w C:\WINNT\system32\snmpsnap.dll
2003-06-19 19:05:04 21,776 ----a-w C:\WINNT\system32\wsock32.dll
2003-06-19 19:05:04 21,776 ----a-w C:\WINNT\system32\HTICONS.DLL
2003-06-19 19:05:04 21,776 ----a-w C:\WINNT\system32\drivers\mouclass.sys
2003-06-19 19:05:04 21,776 ------w C:\WINNT\system32\spupdw2k.exe
2003-06-19 19:05:04 21,264 ----a-w C:\WINNT\system32\stimon.exe
2003-06-19 19:05:04 21,008 ----a-w C:\WINNT\system32\drivers\agp440.sys
2003-06-19 19:05:04 206,096 ----a-w C:\WINNT\system32\infosoft.dll
2003-06-19 19:05:04 201,488 ----a-w C:\WINNT\system32\adsnt.dll
2003-06-19 19:05:04 200,976 ----a-w C:\WINNT\system32\odbccu32.dll
2003-06-19 19:05:04 200,976 ----a-w C:\WINNT\system32\FONTEXT.DLL
2003-06-19 19:05:04 20,752 ----a-w C:\WINNT\system32\sclgntfy.dll
2003-06-19 19:05:04 20,752 ----a-w C:\WINNT\system32\NBTSTAT.EXE
2003-06-19 19:05:04 20,752 ----a-w C:\WINNT\system32\iasperf.dll
2003-06-19 19:05:04 20,752 ----a-w C:\WINNT\system32\batmeter.dll
2003-06-19 19:05:04 20,688 ----a-w C:\WINNT\system32\drivers\usbd.sys
2003-06-19 19:05:04 20,240 ----a-w C:\WINNT\system32\VWIPXSPX.DLL
2003-06-19 19:05:04 20,240 ----a-w C:\WINNT\system32\lpk.dll
2003-06-19 19:05:04 20,240 ----a-w C:\WINNT\system32\iasuserr.dll
2003-06-19 19:05:04 20,208 ------w C:\WINNT\system32\drivers\msircomm.sys
2003-06-19 19:05:04 198,928 ----a-w C:\WINNT\system32\rasppp.dll
2003-06-19 19:05:04 196,880 ----a-w C:\WINNT\system32\odbccr32.dll
2003-06-19 19:05:04 195,856 ------w C:\WINNT\system32\wzcsvc.dll
2003-06-19 19:05:04 193,808 ----a-w C:\WINNT\system32\cmdial32.dll
2003-06-19 19:05:04 193,296 ----a-w C:\WINNT\winrep.exe
2003-06-19 19:05:04 19,952 ----a-w C:\WINNT\system32\drivers\irsir.sys
2003-06-19 19:05:04 19,920 ----a-w C:\WINNT\system32\drivers\rasirda.sys
2003-06-19 19:05:04 19,728 ----a-w C:\WINNT\system32\mimefilt.dll
2003-06-19 19:05:04 19,728 ------w C:\WINNT\system32\drivers\usbehci.sys
2003-06-19 19:05:04 19,312 ----a-w C:\WINNT\system32\drivers\flpydisk.sys
2003-06-19 19:05:04 187,664 ----a-w C:\WINNT\system32\thumbvw.dll
2003-06-19 19:05:04 187,152 ----a-w C:\WINNT\system32\eudcedit.exe
2003-06-19 19:05:04 187,024 ----a-w C:\WINNT\system32\spcmdcon.sys
2003-06-19 19:05:04 186,128 ----a-w C:\WINNT\system32\tlntsvr.exe
2003-06-19 19:05:04 185,616 ----a-w C:\WINNT\system32\faxt30.dll
2003-06-19 19:05:04 182,032 ----a-w C:\WINNT\system32\activeds.dll
2003-06-19 19:05:04 18,192 ----a-w C:\WINNT\system32\hid.dll
2003-06-19 19:05:04 18,192 ------w C:\WINNT\system32\sp4iis.exe
2003-06-19 19:05:04 176,912 ----a-w C:\WINNT\system32\rsvp.exe
2003-06-19 19:05:04 174,864 ----a-w C:\WINNT\system32\dmdlgs.dll
2003-06-19 19:05:04 173,840 ----a-w C:\WINNT\system32\netplwiz.dll
2003-06-19 19:05:04 173,328 ----a-w C:\WINNT\system32\ntmsdba.dll
2003-06-19 19:05:04 173,232 ----a-w C:\WINNT\system32\drivers\UPDATE.SYS
2003-06-19 19:05:04 172,664 ----a-w C:\WINNT\system32\XENROLL.DLL
2003-06-19 19:05:04 170,928 ----a-w C:\WINNT\system32\drivers\ndis.sys
2003-06-19 19:05:04 17,840 ----a-w C:\WINNT\system32\drivers\asyncmac.sys
2003-06-19 19:05:04 17,680 ----a-w C:\WINNT\system32\wshtcpip.dll
2003-06-19 19:05:04 17,680 ----a-w C:\WINNT\system32\USERINIT.EXE
2003-06-19 19:05:04 17,680 ----a-w C:\WINNT\system32\tftp.exe
2003-06-19 19:05:04 17,680 ----a-w C:\WINNT\system32\SNMPAPI.DLL
2003-06-19 19:05:04 17,680 ----a-w C:\WINNT\system32\FMIFS.DLL
2003-06-19 19:05:04 17,680 ----a-w C:\WINNT\system32\drivers\ptilink.sys
2003-06-19 19:05:04 17,680 ----a-w C:\WINNT\system32\CACLS.EXE
2003-06-19 19:05:04 17,168 ----a-w C:\WINNT\system32\secedit.exe
2003-06-19 19:05:04 169,232 ----a-w C:\WINNT\system32\mobsync.dll
2003-06-19 19:05:04 166,672 ----a-w C:\WINNT\system32\qcap.dll
2003-06-19 19:05:04 165,136 ----a-w C:\WINNT\system32\ntdsutil.exe
2003-06-19 19:05:04 164,112 ----a-w C:\WINNT\system32\OLEPRO32.DLL
2003-06-19 19:05:04 164,112 ----a-w C:\WINNT\system32\adsnds.dll
2003-06-19 19:05:04 163,840 --sha-r C:\arcsetup.exe
2003-06-19 19:05:04 163,600 ----a-w C:\WINNT\system32\dmdskmgr.dll
2003-06-19 19:05:04 163,120 ----a-w C:\WINNT\system32\drivers\acpi.sys
2003-06-19 19:05:04 163,088 ----a-w C:\WINNT\system32\dbghelp.dll
2003-06-19 19:05:04 16,240 ----a-w C:\WINNT\system32\drivers\tdi.sys
2003-06-19 19:05:04 16,144 ----a-w C:\WINNT\system32\version.dll
2003-06-19 19:05:04 16,144 ----a-w C:\WINNT\system32\NDDEAPI.DLL
2003-06-19 19:05:04 16,144 ----a-w C:\WINNT\system32\diskcopy.dll
2003-06-19 19:05:04 159,807 ----a-w C:\WINNT\system32\cmprops.dll
2003-06-19 19:05:04 159,504 ----a-w C:\WINNT\system32\iprtrmgr.dll
2003-06-19 19:05:04 157,968 ----a-w C:\WINNT\system32\els.dll
2003-06-19 19:05:04 157,456 ----a-w C:\WINNT\system32\dsquery.dll
2003-06-19 19:05:04 156,944 ----a-w C:\WINNT\system32\ciadmin.dll
2003-06-19 19:05:04 155,920 ----a-w C:\WINNT\system32\wavemsp.dll
2003-06-19 19:05:04 155,920 ----a-w C:\WINNT\system32\ODBCTRAC.dll
2003-06-19 19:05:04 155,920 ----a-w C:\WINNT\system32\msorcl32.dll
2003-06-19 19:05:04 154,896 ----a-w C:\WINNT\system32\rasmontr.dll
2003-06-19 19:05:04 151,824 ----a-w C:\WINNT\system32\pdh.dll
2003-06-19 19:05:04 150,800 ----a-w C:\WINNT\system32\accwiz.exe
2003-06-19 19:05:04 150,528 --sha-r C:\arcldr.exe
2003-06-19 19:05:04 15,120 ----a-w C:\WINNT\system32\sisbkup.dll
2003-06-19 19:05:04 15,120 ----a-w C:\WINNT\system32\faxdrv.dll
2003-06-19 19:05:04 148,400 ----a-w C:\WINNT\system32\drivers\sfmatalk.sys
2003-06-19 19:05:04 148,304 ----a-w C:\WINNT\system32\drivers\kmixer.sys
2003-06-19 19:05:04 148,208 ----a-w C:\WINNT\system32\drivers\portcls.sys
2003-06-19 19:05:04 147,728 ----a-w C:\WINNT\system32\dmadmin.exe
2003-06-19 19:05:04 147,216 ------w C:\WINNT\system32\dssenh.dll
2003-06-19 19:05:04 146,192 ----a-w C:\WINNT\system32\dskquoui.dll
2003-06-19 19:05:04 145,680 ----a-w C:\WINNT\system32\DSSBASE.DLL
2003-06-19 19:05:04 143,632 ----a-w C:\WINNT\system32\ASYCFILT.DLL
2003-06-19 19:05:04 14,608 ----a-w C:\WINNT\system32\uniplat.dll
2003-06-19 19:05:04 14,608 ----a-w C:\WINNT\system32\RASSAPI.DLL
2003-06-19 19:05:04 14,608 ----a-w C:\WINNT\system32\msswch.dll
2003-06-19 19:05:04 14,288 ----a-w C:\WINNT\system32\drivers\diskdump.sys
2003-06-19 19:05:04 14,160 ----a-w C:\WINNT\system32\drivers\serenum.sys
2003-06-19 19:05:04 14,096 ----a-w C:\WINNT\system32\rsh.exe
2003-06-19 19:05:04 14,096 ----a-w C:\WINNT\system32\MGMTAPI.DLL
2003-06-19 19:05:04 14,096 ----a-w C:\WINNT\system32\diskperf.exe
2003-06-19 19:05:04 14,096 ----a-w C:\WINNT\system32\CONVERT.EXE
2003-06-19 19:05:04 14,096 ----a-w C:\WINNT\system32\atkctrs.dll
2003-06-19 19:05:04 139,536 ----a-w C:\WINNT\system32\regedt32.exe
2003-06-19 19:05:04 138,288 ------w C:\WINNT\system32\drivers\usbport.sys
2003-06-19 19:05:04 138,000 ----a-w C:\WINNT\system32\ss3dfo.scr
2003-06-19 19:05:04 138,000 ----a-w C:\WINNT\system32\INITPKI.DLL
2003-06-19 19:05:04 137,936 ----a-w C:\WINNT\system32\drivers\dmio.sys
2003-06-19 19:05:04 135,440 ----a-w C:\WINNT\system32\certcli.dll
2003-06-19 19:05:04 134,928 ------w C:\WINNT\system32\rsaenh.dll
2003-06-19 19:05:04 134,416 ----a-w C:\WINNT\system32\DINPUT.DLL
2003-06-19 19:05:04 132,368 ----a-w C:\WINNT\system32\RSABASE.DLL
2003-06-19 19:05:04 131,344 ----a-w C:\WINNT\system32\netid.dll
2003-06-19 19:05:04 130,832 ----a-w C:\WINNT\system32\logon.scr
2003-06-19 19:05:04 130,832 ----a-w C:\WINNT\system32\CLUSTER.EXE
2003-06-19 19:05:04 13,824 ----a-w C:\WINNT\system32\mscpxl32.dLL
2003-06-19 19:05:04 13,584 ----a-w C:\WINNT\system32\powrprof.dll
2003-06-19 19:05:04 13,072 ----a-w C:\WINNT\system32\tcpmib.dll
2003-06-19 19:05:04 13,072 ----a-w C:\WINNT\system32\dmintf.dll
2003-06-19 19:05:04 13,072 ----a-w C:\WINNT\system32\CHKNTFS.EXE
2003-06-19 19:05:04 13,072 ------w C:\WINNT\system32\spiisupd.exe
2003-06-19 19:05:04 128,784 ----a-w C:\WINNT\system32\IMAGEHLP.DLL
2003-06-19 19:05:04 127,760 ----a-w C:\WINNT\system32\capesnpn.dll
2003-06-19 19:05:04 126,736 ----a-w C:\WINNT\system32\TAPI32.DLL
2003-06-19 19:05:04 124,176 ----a-w C:\WINNT\system32\net1.exe
2003-06-19 19:05:04 122,368 ----a-w C:\WINNT\system32\dmdskres.dll
2003-06-19 19:05:04 122,128 ----a-w C:\WINNT\system32\idq.dll
2003-06-19 19:05:04 120,592 ----a-w C:\WINNT\system32\appmgmts.dll
2003-06-19 19:05:04 12,048 ----a-w C:\WINNT\system32\dmserver.dll
2003-06-19 19:05:04 119,056 ----a-w C:\WINNT\system32\sqlstr.dll
2003-06-19 19:05:04 118,544 ----a-w C:\WINNT\system32\gptext.dll
2003-06-19 19:05:04 116,496 ----a-w C:\WINNT\system32\msvfw32.dll
2003-06-19 19:05:04 113,936 ----a-w C:\WINNT\system32\DCOMCNFG.EXE
2003-06-19 19:05:04 113,744 ----a-w C:\WINNT\system32\drivers\ks.sys
2003-06-19 19:05:04 112,400 ----a-w C:\WINNT\system32\adsnw.dll
2003-06-19 19:05:04 111,376 ----a-w C:\WINNT\system32\mobsync.exe
2003-06-19 19:05:04 110,864 ----a-w C:\WINNT\system32\dsuiext.dll
2003-06-19 19:05:04 110,352 ----a-w C:\WINNT\system32\mycomput.dll
2003-06-19 19:05:04 110,080 ----a-w C:\WINNT\system32\offfilt.dll
2003-06-19 19:05:04 11,984 ------w C:\WINNT\system32\drivers\ndisuio.sys
2003-06-19 19:05:04 11,792 ----a-w C:\WINNT\system32\drivers\partmgr.sys
2003-06-19 19:05:04 11,536 ----a-w C:\WINNT\system32\usbmon.dll
2003-06-19 19:05:04 11,536 ----a-w C:\WINNT\system32\drivers\acpiec.sys
2003-06-19 19:05:04 11,536 ------w C:\WINNT\system32\sptsupd.exe
2003-06-19 19:05:04 11,024 ----a-w C:\WINNT\system32\REGSVR32.EXE
2003-06-19 19:05:04 11,024 ----a-w C:\WINNT\system32\msrle32.dll
2003-06-19 19:05:04 11,024 ----a-w C:\WINNT\system32\LABEL.EXE
2003-06-19 19:05:04 109,584 ----a-w C:\WINNT\system32\drivers\pcmcia.sys
2003-06-19 19:05:04 108,816 ----a-w C:\WINNT\system32\msafd.dll
2003-06-19 19:05:04 108,304 ----a-w C:\WINNT\system32\rsnotify.exe
2003-06-19 19:05:04 107,792 ----a-w C:\WINNT\system32\sndrec32.exe
2003-06-19 19:05:04 106,256 ----a-w C:\WINNT\system32\oleprn.dll
2003-06-19 19:05:04 105,232 ----a-w C:\WINNT\system32\rend.dll
2003-06-19 19:05:04 102,672 ----a-w C:\WINNT\system32\NTMARTA.DLL
2003-06-19 19:05:04 102,160 ----a-w C:\WINNT\system32\sspipes.scr
2003-06-19 19:05:04 102,160 ----a-w C:\WINNT\system32\mdminst.dll
2003-06-19 19:05:04 101,136 ----a-w C:\WINNT\system32\cscdll.dll
2003-06-19 19:05:04 100,624 ----a-w C:\WINNT\system32\rastls.dll
2003-06-19 19:05:04 100,624 ----a-w C:\WINNT\system32\iassam.dll
2003-06-19 19:05:04 100,112 ----a-w C:\WINNT\system32\scardsvr.exe
2003-06-19 19:05:04 10,928 ----a-w C:\WINNT\system32\drivers\tape.sys
2003-06-19 19:05:04 10,512 ----a-w C:\WINNT\system32\dmremote.exe
2003-06-19 19:05:04 10,512 ----a-w C:\WINNT\system32\DISKCOMP.COM
2003-06-19 19:05:04 10,384 ----a-w C:\WINNT\system32\drivers\sfloppy.sys
2003-06-19 19:05:04 10,288 ------w C:\WINNT\system32\drivers\irenum.sys
2003-06-19 19:05:04 10,000 ----a-w C:\WINNT\system32\wshatm.dll
2003-06-19 19:05:04 10,000 ----a-w C:\WINNT\system32\subst.exe
2003-06-19 19:05:04 10,000 ----a-w C:\WINNT\system32\runas.exe
2003-06-19 19:05:04 10,000 ----a-w C:\WINNT\system32\lz32.dll
2003-06-19 19:05:04 10,000 ----a-w C:\WINNT\system32\LMHSVC.DLL
2003-06-19 19:05:04 10,000 ----a-w C:\WINNT\system32\find.exe
2003-06-19 19:05:04 1,385,744 ----a-w C:\WINNT\system32\MSVBVM60.DLL
2003-06-19 19:05:04 1,164,048 ----a-w C:\WINNT\system32\NTBACKUP.EXE
2003-06-19 19:05:04 1,135,376 ----a-w C:\WINNT\system32\esent.dll
2003-06-19 19:05:04 1,015,859 ----a-w C:\WINNT\system32\mfc42.dll
2003-06-19 18:05:04 3,856 ------w C:\WINNT\system32\SVCPACK1.DLL
2003-06-19 17:05:04 90,384 ----a-w C:\WINNT\system32\CRYPTDLG.DLL
2003-05-02 00:39:14 96,528 ----a-w C:\WINNT\system32\polagent.dll
2003-05-02 00:39:14 417,552 ----a-w C:\WINNT\system32\oakley.dll
2003-05-02 00:39:14 137,488 ----a-w C:\WINNT\system32\polstore.dll
2003-04-21 18:19:44 29,456 ----a-w C:\WINNT\system32\ipsecmon.exe
2003-04-21 18:19:42 80,848 ----a-w C:\WINNT\system32\drivers\ipsec.sys
2003-02-28 23:26:32 171,792 ----a-w C:\WINNT\system32\wjview.exe
2003-02-28 23:26:30 46,352 ----a-w C:\WINNT\setdebug.exe
2003-02-28 23:26:30 172,304 ----a-w C:\WINNT\system32\jview.exe
2003-02-28 23:26:30 15,120 ----a-w C:\WINNT\system32\jdbgmgr.exe
2003-02-28 23:26:26 947,472 ----a-w C:\WINNT\system32\msjava.dll
2003-02-28 23:26:26 49,424 ----a-w C:\WINNT\system32\clspack.exe
2003-02-28 23:26:26 286,992 ----a-w C:\WINNT\system32\vmhelper.dll
2003-02-28 23:26:26 21,264 ----a-w C:\WINNT\system32\msjdbc10.dll
2003-02-28 23:26:20 171,280 ----a-w C:\WINNT\system32\jit.dll
2003-02-28 23:26:20 154,384 ----a-w C:\WINNT\system32\msawt.dll
2003-02-28 23:26:18 63,248 ----a-w C:\WINNT\system32\javaprxy.dll
2003-02-28 23:26:18 404,752 ----a-w C:\WINNT\system32\javart.dll
2003-02-28 23:26:18 139,536 ----a-w C:\WINNT\system32\javaee.dll
2003-02-28 23:26:16 187,152 ----a-w C:\WINNT\system32\javacypt.dll
2003-02-28 21:38:32 113 ----a-w C:\WINNT\system32\zonedon.reg
2003-02-28 21:38:32 113 ----a-w C:\WINNT\system32\zonedoff.reg
2003-02-28 21:35:26 6,550 ----a-w C:\WINNT\jautoexp.dat
2003-02-28 21:34:42 313,856 ----a-w C:\WINNT\system32\dx3j.dll
2002-08-29 13:14:40 98,816 ----a-w C:\WINNT\system32\actxprxy.dll
2002-08-29 13:14:40 95,744 ----a-w C:\WINNT\system32\msencode.dll
2002-08-29 13:14:40 86,016 ----a-w C:\WINNT\system32\csseqchk.dll
2002-08-29 13:14:40 71,680 ----a-w C:\WINNT\system32\browsewm.dll
2002-08-29 13:14:40 62,976 ----a-w C:\WINNT\system32\browselc.dll
2002-08-29 13:14:40 59,904 ----a-w C:\WINNT\system32\msratelc.dll
2002-08-29 13:14:40 574,976 ----a-w C:\WINNT\system32\mlang.dll
2002-08-29 13:14:40 57,856 ----a-w C:\WINNT\system32\iesetup.dll
2002-08-29 13:14:40 56,320 ----a-w C:\WINNT\system32\mshtmler.dll
2002-08-29 13:14:40 55,296 ----a-w C:\WINNT\system32\digest.dll
2002-08-29 13:14:40 533,504 ----a-w C:\WINNT\system32\shdoclc.dll
2002-08-29 13:14:40 50,688 ----a-w C:\WINNT\system32\setupwbv.dll
2002-08-29 13:14:40 44,032 ----a-w C:\WINNT\system32\msxml3r.dll
2002-08-29 13:14:40 30,720 ----a-w C:\WINNT\system32\imgutil.dll
2002-08-29 13:14:40 24,576 ----a-w C:\WINNT\system32\msxml3a.dll
2002-08-29 13:14:40 24,576 ----a-w C:\WINNT\system32\mshta.exe
2002-08-29 13:14:40 22,528 ----a-w C:\WINNT\system32\shfolder.dll
2002-08-29 13:14:40 18,704 ----a-w C:\WINNT\system32\sendmail.dll
2002-08-29 13:14:40 16,384 ----a-w C:\WINNT\system32\corpol.dll
2002-08-29 13:14:40 14,848 ----a-w C:\WINNT\system32\msidntld.dll
2002-08-29 13:14:40 110,592 ----a-w C:\WINNT\system32\inetcplc.dll
2002-08-29 13:06:14 64,512 ----a-w C:\WINNT\system32\acctres.dll
2002-02-26 21:58:06 462,906 ----a-w C:\WINNT\system32\vbscript.dll
2002-01-13 17:09:08 414,720 ----a-w C:\WINNT\system32\drivers\es198xdl.sys
2001-06-26 23:59:32 28,721 ----a-w C:\WINNT\system32\wshcon.dll
2001-06-26 23:56:36 65,585 ----a-w C:\WINNT\system32\wshext.dll
2001-06-26 23:53:50 118,834 ----a-w C:\WINNT\system32\wscript.exe
2001-06-26 23:49:06 102,450 ----a-w C:\WINNT\system32\cscript.exe
2001-06-26 22:42:14 45,105 ----a-w C:\WINNT\system32\dispex.dll
2001-06-26 22:39:42 151,601 ----a-w C:\WINNT\system32\scrrun.dll
Destination
2007-05-30, 00:18
2001-06-26 22:38:20 159,793 ----a-w C:\WINNT\system32\scrobj.dll
2001-03-23 22:17:12 7,168 ----a-w C:\WINNT\system32\updcrl.exe
2001-01-03 14:51:28 1,255,352 ----a-w C:\winzipdb.exe
1999-12-07 16:43:28 135,184 ----a-w C:\WINNT\system32\atidrab.dll
1999-12-07 12:00:00 99,600 ----a-w C:\WINNT\system32\clipbrd.exe
1999-12-07 12:00:00 98,064 ----a-w C:\WINNT\system32\themes.exe
1999-12-07 12:00:00 96,528 ----a-w C:\WINNT\system32\winmine.exe
1999-12-07 12:00:00 94,784 ----a-w C:\WINNT\twain.dll
1999-12-07 12:00:00 93,456 ----a-w C:\WINNT\system32\gpkcsp.dll
1999-12-07 12:00:00 93,456 ----a-w C:\WINNT\system32\d3dref.dll
1999-12-07 12:00:00 924,432 ----a-w C:\WINNT\system32\mfc40.dll
1999-12-07 12:00:00 917 ----a-w C:\WINNT\system32\mscdexnt.exe
1999-12-07 12:00:00 91,408 ----a-w C:\WINNT\system32\fde.dll
1999-12-07 12:00:00 91,408 ----a-w C:\WINNT\system32\calc.exe
1999-12-07 12:00:00 90,384 ----a-w C:\WINNT\system32\charmap.exe
1999-12-07 12:00:00 9,936 ----a-w C:\WINNT\system32\lzexpand.dll
1999-12-07 12:00:00 9,680 ----a-w C:\WINNT\system32\drivers\netdtect.sys
1999-12-07 12:00:00 9,488 ----a-w C:\WINNT\system32\rasauth.dll
1999-12-07 12:00:00 9,488 ----a-w C:\WINNT\system32\localui.dll
1999-12-07 12:00:00 9,488 ----a-w C:\WINNT\system32\faxsend.exe
1999-12-07 12:00:00 9,488 ----a-w C:\WINNT\system32\eventvwr.exe
1999-12-07 12:00:00 9,488 ----a-w C:\WINNT\system32\ckcnv.exe
1999-12-07 12:00:00 9,488 ----a-w C:\WINNT\system32\cidaemon.exe
1999-12-07 12:00:00 9,216 ----a-w C:\WINNT\system32\wifeman.dll
1999-12-07 12:00:00 9,029 ----a-w C:\WINNT\system32\ansi.sys
1999-12-07 12:00:00 9,008 ----a-w C:\WINNT\system32\ver.dll
1999-12-07 12:00:00 882 ----a-w C:\WINNT\system32\share.exe
1999-12-07 12:00:00 882 ----a-w C:\WINNT\system32\fastopen.exe
1999-12-07 12:00:00 88,848 ----a-w C:\WINNT\system32\sfmwshat.dll
1999-12-07 12:00:00 88,816 ----a-w C:\WINNT\system32\drivers\lvcam.sys
1999-12-07 12:00:00 87,312 ----a-w C:\WINNT\system32\ipxmontr.dll
1999-12-07 12:00:00 85,264 ----a-w C:\WINNT\system32\dgsetup.dll
1999-12-07 12:00:00 84,240 ----a-w C:\WINNT\system32\txflog.dll
1999-12-07 12:00:00 84,240 ----a-w C:\WINNT\system32\netsh.exe
1999-12-07 12:00:00 83,728 ----a-w C:\WINNT\system32\irftp.exe
1999-12-07 12:00:00 82,944 ----a-w C:\WINNT\system32\olecli.dll
1999-12-07 12:00:00 82,704 ----a-w C:\WINNT\system32\dmime.dll
1999-12-07 12:00:00 82,192 ----a-w C:\WINNT\system32\mciavi32.dll
1999-12-07 12:00:00 81,168 ----a-w C:\WINNT\system32\mprapi.dll
1999-12-07 12:00:00 81,168 ----a-w C:\WINNT\system32\makecab.exe
1999-12-07 12:00:00 81,168 ----a-w C:\WINNT\system32\diantz.exe
1999-12-07 12:00:00 80,128 ----a-w C:\WINNT\system32\msapsspc.dll
1999-12-07 12:00:00 8,976 ----a-w C:\WINNT\system32\winhlp32.exe
1999-12-07 12:00:00 8,976 ----a-w C:\WINNT\system32\rasautou.exe
1999-12-07 12:00:00 8,976 ----a-w C:\WINNT\system32\mll_mtf.dll
1999-12-07 12:00:00 8,976 ----a-w C:\WINNT\system32\mag_hook.dll
1999-12-07 12:00:00 8,976 ----a-w C:\WINNT\system32\lpr.exe
1999-12-07 12:00:00 8,976 ----a-w C:\WINNT\system32\igmpagnt.dll
1999-12-07 12:00:00 8,752 ----a-w C:\WINNT\system32\framebuf.dll
1999-12-07 12:00:00 8,464 ----a-w C:\WINNT\system32\vcdex.dll
1999-12-07 12:00:00 8,464 ----a-w C:\WINNT\system32\qosname.dll
1999-12-07 12:00:00 8,464 ----a-w C:\WINNT\system32\mciole32.dll
1999-12-07 12:00:00 8,464 ----a-w C:\WINNT\system32\kbdcan.dll
1999-12-07 12:00:00 8,464 ----a-w C:\WINNT\system32\hostname.exe
1999-12-07 12:00:00 8,464 ----a-w C:\WINNT\system32\faxshell.dll
1999-12-07 12:00:00 8,464 ----a-w C:\WINNT\system32\dciman32.dll
1999-12-07 12:00:00 8,464 ----a-w C:\WINNT\system32\chcp.com
1999-12-07 12:00:00 8,424 ----a-w C:\WINNT\system32\exe2bin.exe
1999-12-07 12:00:00 8,192 ----a-w C:\WINNT\system32\mciole16.dll
1999-12-07 12:00:00 8,192 ----a-w C:\WINNT\system32\gpkrsrc.dll
1999-12-07 12:00:00 8,016 ----a-w C:\WINNT\system32\drivers\rasacd.sys
1999-12-07 12:00:00 79,120 ----a-w C:\WINNT\system32\drivers\lvcodek.sys
1999-12-07 12:00:00 78,608 ----a-w C:\WINNT\system32\dmstyle.dll
1999-12-07 12:00:00 77,878 ----a-w C:\WINNT\system32\msvcirt.dll
1999-12-07 12:00:00 77,584 ----a-w C:\WINNT\system32\faxocm.dll
1999-12-07 12:00:00 77,072 ----a-w C:\WINNT\system32\drmstor.dll
1999-12-07 12:00:00 76,048 ----a-w C:\WINNT\system32\avwav.dll
1999-12-07 12:00:00 755,200 ----a-w C:\WINNT\system32\ir50_32.dll
1999-12-07 12:00:00 75,024 ----a-w C:\WINNT\system32\narrhook.dll
1999-12-07 12:00:00 741 ----a-w C:\WINNT\system32\noise.dat
1999-12-07 12:00:00 74,000 ----a-w C:\WINNT\system32\msrclr40.dll
1999-12-07 12:00:00 71,952 ----a-w C:\WINNT\system32\ipxpromn.dll
1999-12-07 12:00:00 71,952 ----a-w C:\WINNT\system32\Channel Screen Saver.scr
1999-12-07 12:00:00 71,440 ----a-w C:\WINNT\system32\scarddlg.dll
1999-12-07 12:00:00 707 ----a-w C:\WINNT\_default.pif
1999-12-07 12:00:00 70,928 ----a-w C:\WINNT\system32\posix.exe
1999-12-07 12:00:00 70,416 ----a-w C:\WINNT\system32\shrpubw.exe
1999-12-07 12:00:00 7,952 ----a-w C:\WINNT\system32\wshnetbs.dll
1999-12-07 12:00:00 7,952 ----a-w C:\WINNT\system32\svchost.exe
1999-12-07 12:00:00 7,952 ----a-w C:\WINNT\system32\sprestrt.exe
1999-12-07 12:00:00 7,952 ----a-w C:\WINNT\system32\psnppagn.dll
1999-12-07 12:00:00 7,952 ----a-w C:\WINNT\system32\nwevent.dll
1999-12-07 12:00:00 7,952 ----a-w C:\WINNT\system32\mscat32.dll
1999-12-07 12:00:00 7,952 ----a-w C:\WINNT\system32\mountvol.exe
1999-12-07 12:00:00 7,440 ----a-w C:\WINNT\system32\streamci.dll
1999-12-07 12:00:00 7,440 ----a-w C:\WINNT\system32\routetab.dll
1999-12-07 12:00:00 7,440 ----a-w C:\WINNT\system32\mll_qic.dll
1999-12-07 12:00:00 7,440 ----a-w C:\WINNT\system32\kbdsg.dll
1999-12-07 12:00:00 7,440 ----a-w C:\WINNT\system32\kbdfc.dll
1999-12-07 12:00:00 7,440 ----a-w C:\WINNT\system32\icmp.dll
1999-12-07 12:00:00 7,440 ----a-w C:\WINNT\system32\forcedos.exe
1999-12-07 12:00:00 7,440 ----a-w C:\WINNT\system32\fixmapi.exe
1999-12-07 12:00:00 7,168 ----a-w C:\WINNT\system32\msr2cenu.dll
1999-12-07 12:00:00 7,052 ----a-w C:\WINNT\system32\nlsfunc.exe
1999-12-07 12:00:00 69,886 ----a-w C:\WINNT\system32\edit.com
1999-12-07 12:00:00 69,632 ----a-w C:\WINNT\system32\msr2c.dll
1999-12-07 12:00:00 69,584 ----a-w C:\WINNT\system32\avicap.dll
1999-12-07 12:00:00 68,880 ----a-w C:\WINNT\system32\ipxsap.dll
1999-12-07 12:00:00 68,880 ----a-w C:\WINNT\system32\dmusic.dll
1999-12-07 12:00:00 68,624 ----a-w C:\WINNT\system32\mmsystem.dll
1999-12-07 12:00:00 68,368 ----a-w C:\WINNT\system32\sndvol32.exe
1999-12-07 12:00:00 673,088 ----a-w C:\WINNT\system32\mlang.dat
1999-12-07 12:00:00 66,832 ----a-w C:\WINNT\system32\winchat.exe
1999-12-07 12:00:00 66,832 ----a-w C:\WINNT\system32\pidgen.dll
1999-12-07 12:00:00 66,832 ----a-w C:\WINNT\system32\msacm32.dll
1999-12-07 12:00:00 66,320 ----a-w C:\WINNT\system32\sigverif.exe
1999-12-07 12:00:00 65,808 ----a-w C:\WINNT\system32\avicap32.dll
1999-12-07 12:00:00 65,024 ----a-w C:\WINNT\system32\msvcrt40.dll
1999-12-07 12:00:00 641,808 ----a-w C:\WINNT\system32\xiffr3_0.dll
1999-12-07 12:00:00 64,784 ----a-w C:\WINNT\system32\amstream.dll
1999-12-07 12:00:00 64,272 ----a-w C:\WINNT\system32\msidlpm.dll
1999-12-07 12:00:00 63,760 ----a-w C:\WINNT\system32\verifier.exe
1999-12-07 12:00:00 63,248 ----a-w C:\WINNT\system32\ils.dll
1999-12-07 12:00:00 628,496 ----a-w C:\WINNT\system32\ipsecsnp.dll
1999-12-07 12:00:00 61,168 ----a-w C:\WINNT\system32\msacm.dll
1999-12-07 12:00:00 605,456 ----a-w C:\WINNT\system32\dx7vb.dll
1999-12-07 12:00:00 60,688 ----a-w C:\WINNT\system32\wextract.exe
1999-12-07 12:00:00 60,688 ----a-w C:\WINNT\system32\ntlanui.dll
1999-12-07 12:00:00 60,688 ----a-w C:\WINNT\system32\imgcmn.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\tlntsvrp.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\softpub.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\perfnw.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\msidpe.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\msdtc.exe
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\lpq.exe
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdusx.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdsw.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdsp.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdsf.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdpo.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdno.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdne.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdla.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdic.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdgr1.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdgr.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdfr.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdfo.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdfi.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdes.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdda.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdbr.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdbene.dll
1999-12-07 12:00:00 6,928 ----a-w C:\WINNT\system32\kbdbe.dll
1999-12-07 12:00:00 6,512 ----a-w C:\WINNT\system32\drivers\parvdm.sys
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\write.exe
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\wmi.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\tapiperf.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\pautoenr.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\os2ss.exe
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\netdtect.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\msidle.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\kbdusr.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\kbdusl.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\kbdus.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\kbduk.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\kbdmac.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\kbdit142.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\kbdit.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\kbdir.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\kbdgae.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\faxperf.dll
1999-12-07 12:00:00 6,416 ----a-w C:\WINNT\system32\batt.dll
1999-12-07 12:00:00 6,032 ----a-w C:\WINNT\system32\drivers\rootmdm.sys
1999-12-07 12:00:00 591,120 ----a-w C:\WINNT\system32\d3dramp.dll
1999-12-07 12:00:00 59,664 ----a-w C:\WINNT\system32\gcdef.dll
1999-12-07 12:00:00 59,664 ----a-w C:\WINNT\system32\faxtiff.dll
1999-12-07 12:00:00 59,280 ----a-w C:\WINNT\system32\drivers\vdmindvd.sys
1999-12-07 12:00:00 584,976 ----a-w C:\WINNT\system32\d3dim700.dll
1999-12-07 12:00:00 58,480 ----a-w C:\WINNT\system32\drivers\nwlnkspx.sys
1999-12-07 12:00:00 57,904 ----a-w C:\WINNT\system32\drivers\atmarpc.sys
1999-12-07 12:00:00 57,104 ----a-w C:\WINNT\system32\icwdial.dll
1999-12-07 12:00:00 565,760 ----a-w C:\WINNT\system32\msvcp50.dll
1999-12-07 12:00:00 56,592 ----a-w C:\WINNT\system32\ntdsxds.dll
1999-12-07 12:00:00 56,080 ----a-w C:\WINNT\system32\hpmon.dll
1999-12-07 12:00:00 55,568 ----a-w C:\WINNT\system32\tapiui.dll
1999-12-07 12:00:00 55,568 ----a-w C:\WINNT\system32\setreg.exe
1999-12-07 12:00:00 55,056 ----a-w C:\WINNT\system32\catsrvps.dll
1999-12-07 12:00:00 54,032 ----a-w C:\WINNT\system32\synceng.dll
1999-12-07 12:00:00 53,840 ----a-w C:\WINNT\system32\dosx.exe
1999-12-07 12:00:00 53,520 ----a-w C:\WINNT\system32\msconf.dll
1999-12-07 12:00:00 53,520 ----a-w C:\WINNT\system32\dpserial.dll
1999-12-07 12:00:00 53,008 ----a-w C:\WINNT\system32\dmsynth.dll
1999-12-07 12:00:00 52,496 ----a-w C:\WINNT\system32\shimgvw.dll
1999-12-07 12:00:00 52,496 ----a-w C:\WINNT\system32\ieshwiz.exe
1999-12-07 12:00:00 52,048 ----a-w C:\WINNT\system32\drivers\tosdvd.sys
1999-12-07 12:00:00 51,984 ----a-w C:\WINNT\system32\npptools.dll
1999-12-07 12:00:00 51,472 ----a-w C:\WINNT\system32\icmui.dll
1999-12-07 12:00:00 51,344 ----a-w C:\WINNT\system32\vga256.dll
1999-12-07 12:00:00 50,960 ----a-w C:\WINNT\system32\notepad.exe
1999-12-07 12:00:00 50,960 ----a-w C:\WINNT\NOTEPAD.EXE
1999-12-07 12:00:00 50,448 ----a-w C:\WINNT\system32\msaudite.dll
1999-12-07 12:00:00 5,904 ----a-w C:\WINNT\system32\security.dll
1999-12-07 12:00:00 5,904 ----a-w C:\WINNT\system32\mssip32.dll
1999-12-07 12:00:00 5,904 ----a-w C:\WINNT\system32\kbddv.dll
1999-12-07 12:00:00 5,904 ----a-w C:\WINNT\system32\icfgnt5.dll
1999-12-07 12:00:00 5,904 ----a-w C:\WINNT\system32\ddmprxy.exe
1999-12-07 12:00:00 5,392 ----a-w C:\WINNT\system32\vjoy.dll
1999-12-07 12:00:00 5,392 ----a-w C:\WINNT\system32\regwiz.exe
1999-12-07 12:00:00 5,392 ----a-w C:\WINNT\system32\msimg32.dll
1999-12-07 12:00:00 5,392 ----a-w C:\WINNT\system32\cisvc.exe
1999-12-07 12:00:00 5,392 ----a-w C:\WINNT\system32\bootvrfy.exe
1999-12-07 12:00:00 5,392 ----a-w C:\WINNT\delttsul.exe
1999-12-07 12:00:00 5,120 ----a-w C:\WINNT\system32\winnls.dll
1999-12-07 12:00:00 5,120 ----a-w C:\WINNT\system32\shell.dll
1999-12-07 12:00:00 49,936 ----a-w C:\WINNT\system32\dmcompos.dll
1999-12-07 12:00:00 49,680 ----a-w C:\WINNT\twunk_16.exe
1999-12-07 12:00:00 49,424 ----a-w C:\WINNT\system32\icwphbk.dll
1999-12-07 12:00:00 49,424 ----a-w C:\WINNT\system32\d3dxof.dll
1999-12-07 12:00:00 49,424 ----a-w C:\WINNT\system32\cryptext.dll
1999-12-07 12:00:00 486 ----a-w C:\WINNT\system32\login.cmd
1999-12-07 12:00:00 48,912 ----a-w C:\WINNT\system32\devenum.dll
1999-12-07 12:00:00 48,400 ----a-w C:\WINNT\system32\rasgtwy.dll
1999-12-07 12:00:00 47,952 ----a-w C:\WINNT\system32\jobexec.dll
1999-12-07 12:00:00 47,888 ----a-w C:\WINNT\system32\sti_ci.dll
1999-12-07 12:00:00 47,888 ----a-w C:\WINNT\system32\proquota.exe
1999-12-07 12:00:00 47,888 ----a-w C:\WINNT\system32\ntshrui.dll
1999-12-07 12:00:00 47,808 ----a-w C:\WINNT\system32\user.exe
1999-12-07 12:00:00 47,376 ----a-w C:\WINNT\system32\wupdmgr.exe
1999-12-07 12:00:00 47,376 ----a-w C:\WINNT\system32\faxqueue.exe
1999-12-07 12:00:00 46,592 ----a-w C:\WINNT\system32\pmspl.dll
1999-12-07 12:00:00 46,258 ----a-w C:\WINNT\system32\mib.bin
1999-12-07 12:00:00 446,224 ----a-w C:\WINNT\system32\d3dim.dll
1999-12-07 12:00:00 44,816 ----a-w C:\WINNT\twain_32.dll
1999-12-07 12:00:00 44,816 ----a-w C:\WINNT\system32\sfmmon.dll
1999-12-07 12:00:00 44,816 ----a-w C:\WINNT\system32\rtutils.dll
1999-12-07 12:00:00 44,816 ----a-w C:\WINNT\system32\pax.exe
1999-12-07 12:00:00 44,816 ----a-w C:\WINNT\system32\cnbjmon.dll
1999-12-07 12:00:00 438,032 ----a-w C:\WINNT\system32\ntmsmgr.dll
1999-12-07 12:00:00 43,280 ----a-w C:\WINNT\system32\docprop.dll
1999-12-07 12:00:00 43,280 ----a-w C:\WINNT\system32\console.dll
1999-12-07 12:00:00 42,768 ----a-w C:\WINNT\system32\sysocmgr.exe
1999-12-07 12:00:00 42,768 ----a-w C:\WINNT\system32\net.exe
1999-12-07 12:00:00 42,768 ----a-w C:\WINNT\system32\iaspipe.dll
1999-12-07 12:00:00 42,768 ----a-w C:\WINNT\system32\dpwsock.dll
1999-12-07 12:00:00 42,256 ----a-w C:\WINNT\system32\extrac32.exe
1999-12-07 12:00:00 42,256 ----a-w C:\WINNT\system32\cleanmgr.exe
1999-12-07 12:00:00 417,040 ----a-w C:\WINNT\system32\setupdll.dll
1999-12-07 12:00:00 41,744 ----a-w C:\WINNT\system32\vdmredir.dll
1999-12-07 12:00:00 41,744 ----a-w C:\WINNT\system32\ipxrtmgr.dll
1999-12-07 12:00:00 41,744 ----a-w C:\WINNT\discover.exe
1999-12-07 12:00:00 406,800 ----a-w C:\WINNT\system32\getuname.dll
1999-12-07 12:00:00 40,720 ----a-w C:\WINNT\system32\htui.dll
1999-12-07 12:00:00 40,720 ----a-w C:\WINNT\system32\esentprf.dll
1999-12-07 12:00:00 40,432 ----a-w C:\WINNT\system32\drivers\ndproxy.sys
1999-12-07 12:00:00 40,208 ----a-w C:\WINNT\system32\dataclen.dll
1999-12-07 12:00:00 4,880 ----a-w C:\WINNT\system32\unlodctr.exe
1999-12-07 12:00:00 4,880 ----a-w C:\WINNT\system32\iprtprio.dll
1999-12-07 12:00:00 4,880 ----a-w C:\WINNT\system32\bootok.exe
1999-12-07 12:00:00 4,768 ----a-w C:\WINNT\system32\himem.sys
1999-12-07 12:00:00 4,656 ----a-w C:\WINNT\system32\ds16gt.dLL
1999-12-07 12:00:00 4,368 ----a-w C:\WINNT\system32\mll_hp.dll
1999-12-07 12:00:00 4,368 ----a-w C:\WINNT\system32\localmon.dll
1999-12-07 12:00:00 4,368 ----a-w C:\WINNT\system32\acsetupc.dll
1999-12-07 12:00:00 4,240 ----a-w C:\WINNT\system32\drivers\wmilib.sys
1999-12-07 12:00:00 4,240 ----a-w C:\WINNT\system32\drivers\mnmdd.sys
1999-12-07 12:00:00 4,208 ----a-w C:\WINNT\system32\storage.dll
1999-12-07 12:00:00 4,080 ----a-w C:\WINNT\system32\drivers\beep.sys
1999-12-07 12:00:00 399,120 ----a-w C:\WINNT\system32\os2.exe
1999-12-07 12:00:00 39,936 ----a-w C:\WINNT\system32\ddeml.dll
1999-12-07 12:00:00 39,728 ----a-w C:\WINNT\system32\ole2.dll
1999-12-07 12:00:00 39,696 ----a-w C:\WINNT\system32\sfmapi.dll
1999-12-07 12:00:00 39,696 ----a-w C:\WINNT\system32\msports.dll
1999-12-07 12:00:00 39,386 ----a-w C:\WINNT\system32\mem.exe
1999-12-07 12:00:00 39,184 ----a-w C:\WINNT\system32\ntmsevt.dll
1999-12-07 12:00:00 39,184 ----a-w C:\WINNT\system32\admparse.dll
1999-12-07 12:00:00 380,688 ----a-w C:\WINNT\system32\dxtmsft3.dll
1999-12-07 12:00:00 38,672 ----a-w C:\WINNT\system32\cmdl32.exe
1999-12-07 12:00:00 38,160 ----a-w C:\WINNT\system32\jpeg2x32.dll
1999-12-07 12:00:00 37,648 ----a-w C:\WINNT\system32\pstorec.dll
1999-12-07 12:00:00 37,648 ----a-w C:\WINNT\system32\d3dpmesh.dll
1999-12-07 12:00:00 37,136 ----a-w C:\WINNT\system32\syskey.exe
1999-12-07 12:00:00 37,136 ----a-w C:\WINNT\system32\pifmgr.dll
1999-12-07 12:00:00 37,040 ----a-w C:\WINNT\system32\drivers\npfs.sys
1999-12-07 12:00:00 366,864 ----a-w C:\WINNT\welcome.exe
1999-12-07 12:00:00 365,328 ----a-w C:\WINNT\system32\regwizc.dll
1999-12-07 12:00:00 364,816 ----a-w C:\WINNT\system32\d3drm.dll
1999-12-07 12:00:00 36,624 ----a-w C:\WINNT\system32\slbkygen.dll
Destination
2007-05-30, 00:19
1999-12-07 12:00:00 36,112 ----a-w C:\WINNT\system32\br549.dll
1999-12-07 12:00:00 35,600 ----a-w C:\WINNT\TASKMAN.EXE
1999-12-07 12:00:00 35,600 ----a-w C:\WINNT\system32\taskman.exe
1999-12-07 12:00:00 35,600 ----a-w C:\WINNT\system32\ipconfig.exe
1999-12-07 12:00:00 35,600 ----a-w C:\WINNT\system32\cmcfg32.dll
1999-12-07 12:00:00 35,344 ----a-w C:\WINNT\system32\drivers\nwlnkfwd.sys
1999-12-07 12:00:00 35,024 ----a-w C:\WINNT\system32\drivers\rawwan.sys
1999-12-07 12:00:00 34,576 ----a-w C:\WINNT\system32\mciqtz32.dll
1999-12-07 12:00:00 34,576 ----a-w C:\WINNT\system32\graftabl.com
1999-12-07 12:00:00 34,416 ----a-w C:\WINNT\system32\drivers\ipfltdrv.sys
1999-12-07 12:00:00 34,064 ----a-w C:\WINNT\system32\sol.exe
1999-12-07 12:00:00 34,064 ----a-w C:\WINNT\system32\iashlpr.dll
1999-12-07 12:00:00 34,064 ----a-w C:\WINNT\system32\freecell.exe
1999-12-07 12:00:00 34,064 ----a-w C:\WINNT\system32\cmmon32.exe
1999-12-07 12:00:00 34,064 ----a-w C:\WINNT\system32\ccfgnt.dll
1999-12-07 12:00:00 338,432 ----a-w C:\WINNT\system32\ir41_qcx.dll
1999-12-07 12:00:00 337,680 ----a-w C:\WINNT\system32\lmrt.dll
1999-12-07 12:00:00 337,680 ----a-w C:\WINNT\system32\cdplayer.exe
1999-12-07 12:00:00 33,552 ----a-w C:\WINNT\system32\tifflt.dll
1999-12-07 12:00:00 33,552 ----a-w C:\WINNT\system32\efsadu.dll
1999-12-07 12:00:00 33,456 ----a-w C:\WINNT\system32\drivers\netbios.sys
1999-12-07 12:00:00 33,040 ----a-w C:\WINNT\system32\dplay.dll
1999-12-07 12:00:00 32,880 ----a-w C:\WINNT\system32\mnmdd.dll
1999-12-07 12:00:00 32,829 ----a-w C:\WINNT\system32\mmfutil.dll
1999-12-07 12:00:00 32,768 ----a-w C:\WINNT\system32\imeshare.dll
1999-12-07 12:00:00 32,016 ----a-w C:\WINNT\system32\syncapp.exe
1999-12-07 12:00:00 32,016 ----a-w C:\WINNT\system32\rasphone.exe
1999-12-07 12:00:00 32,016 ----a-w C:\WINNT\system32\psxdll.dll
1999-12-07 12:00:00 32,016 ----a-w C:\WINNT\system32\aaaamon.dll
1999-12-07 12:00:00 317,712 ----a-w C:\WINNT\system32\ippromon.dll
1999-12-07 12:00:00 31,504 ----a-w C:\WINNT\system32\mmdet.dll
1999-12-07 12:00:00 31,504 ----a-w C:\WINNT\system32\clipsrv.exe
1999-12-07 12:00:00 31,504 ----a-w C:\WINNT\system32\cabview.dll
1999-12-07 12:00:00 304,912 ----a-w C:\WINNT\system32\docprop2.dll
1999-12-07 12:00:00 30,480 ----a-w C:\WINNT\system32\rtipxmib.dll
1999-12-07 12:00:00 30,480 ----a-w C:\WINNT\system32\mbslgn32.dll
1999-12-07 12:00:00 30,480 ----a-w C:\WINNT\system32\lights.exe
1999-12-07 12:00:00 30,160 ----a-w C:\WINNT\system32\compobj.dll
1999-12-07 12:00:00 3,856 ----a-w C:\WINNT\system32\systray.exe
1999-12-07 12:00:00 3,856 ----a-w C:\WINNT\system32\riched32.dll
1999-12-07 12:00:00 3,856 ----a-w C:\WINNT\system32\mtxex.dll
1999-12-07 12:00:00 3,728 ----a-w C:\WINNT\system32\drivers\swenum.sys
1999-12-07 12:00:00 3,708 ----a-w C:\WINNT\system32\pubprn.vbs
1999-12-07 12:00:00 3,338 ----a-w C:\WINNT\system32\redir.exe
1999-12-07 12:00:00 3,312 ----a-w C:\WINNT\system32\wowfax.dll
1999-12-07 12:00:00 3,252 ----a-w C:\WINNT\system32\nw16.exe
1999-12-07 12:00:00 3,072 ----a-w C:\WINNT\system32\nmevtmsg.dll
1999-12-07 12:00:00 298,256 ----a-w C:\WINNT\system32\dsound.dll
1999-12-07 12:00:00 297,744 ----a-w C:\WINNT\system32\glmf32.dll
1999-12-07 12:00:00 29,968 ----a-w C:\WINNT\system32\dplaysvr.exe
1999-12-07 12:00:00 29,968 ----a-w C:\WINNT\system32\comaddin.dll
1999-12-07 12:00:00 29,370 ----a-w C:\WINNT\system32\ntdos411.sys
1999-12-07 12:00:00 29,274 ----a-w C:\WINNT\system32\ntdos412.sys
1999-12-07 12:00:00 29,146 ----a-w C:\WINNT\system32\ntdos804.sys
1999-12-07 12:00:00 29,146 ----a-w C:\WINNT\system32\ntdos404.sys
1999-12-07 12:00:00 286,992 ----a-w C:\WINNT\system32\netui2.dll
1999-12-07 12:00:00 28,944 ----a-w C:\WINNT\system32\psapi.dll
1999-12-07 12:00:00 28,944 ----a-w C:\WINNT\system32\msrecr40.dll
1999-12-07 12:00:00 28,944 ----a-w C:\WINNT\system32\dbmssocn.dll
1999-12-07 12:00:00 28,432 ----a-w C:\WINNT\system32\xcopy.exe
1999-12-07 12:00:00 28,432 ----a-w C:\WINNT\system32\mpnotify.exe
1999-12-07 12:00:00 28,304 ----a-w C:\WINNT\system32\drwatson.exe
1999-12-07 12:00:00 28,288 ----a-w C:\WINNT\system32\commdlg.dll
1999-12-07 12:00:00 28,270 ----a-w C:\WINNT\system32\perfd009.dat
1999-12-07 12:00:00 28,160 ----a-w C:\WINNT\system32\dfrgres.dll
1999-12-07 12:00:00 272,496 ----a-w C:\WINNT\system32\drivers\cinemst2.sys
1999-12-07 12:00:00 272,492 ----a-w C:\WINNT\system32\perfi009.dat
1999-12-07 12:00:00 271,632 ----a-w C:\WINNT\system32\qdvd.dll
1999-12-07 12:00:00 27,920 ----a-w C:\WINNT\system32\setup.exe
1999-12-07 12:00:00 27,920 ----a-w C:\WINNT\system32\msvidc32.dll
1999-12-07 12:00:00 27,920 ----a-w C:\WINNT\system32\jpeg1x32.dll
1999-12-07 12:00:00 27,920 ----a-w C:\WINNT\system32\faxxp32.dll
1999-12-07 12:00:00 27,920 ----a-w C:\WINNT\system32\ddeshare.exe
1999-12-07 12:00:00 27,408 ----a-w C:\WINNT\system32\adptif.dll
1999-12-07 12:00:00 27,200 ----a-w C:\WINNT\system32\ctl3dv2.dll
1999-12-07 12:00:00 27,136 ----a-w C:\WINNT\system32\ctl3d32.dll
1999-12-07 12:00:00 266,512 ----a-w C:\WINNT\system32\ddraw.dll
1999-12-07 12:00:00 26,896 ----a-w C:\WINNT\system32\sethc.exe
1999-12-07 12:00:00 26,896 ----a-w C:\WINNT\system32\mfcsubs.dll
1999-12-07 12:00:00 26,896 ----a-w C:\WINNT\system32\dmband.dll
1999-12-07 12:00:00 26,384 ----a-w C:\WINNT\twunk_32.exe
1999-12-07 12:00:00 26,384 ----a-w C:\WINNT\system32\actmovie.exe
1999-12-07 12:00:00 26,224 ----a-w C:\WINNT\system32\odbc16gt.dll
1999-12-07 12:00:00 256,192 ----a-w C:\WINNT\winhelp.exe
1999-12-07 12:00:00 255,760 ----a-w C:\WINNT\system32\neth.dll
1999-12-07 12:00:00 253,952 ----a-w C:\WINNT\system32\msvcrt20.dll
1999-12-07 12:00:00 251,152 ----a-w C:\WINNT\system32\inetcfg.dll
1999-12-07 12:00:00 25,872 ----a-w C:\WINNT\system32\oitwa400.dll
1999-12-07 12:00:00 25,872 ----a-w C:\WINNT\system32\iaspolcy.dll
1999-12-07 12:00:00 25,360 ----a-w C:\WINNT\system32\tcpsvcs.exe
1999-12-07 12:00:00 25,360 ----a-w C:\WINNT\system32\iasrecst.dll
1999-12-07 12:00:00 24,848 ----a-w C:\WINNT\system32\win.com
1999-12-07 12:00:00 24,848 ----a-w C:\WINNT\system32\rassauth.dll
1999-12-07 12:00:00 24,848 ----a-w C:\WINNT\system32\mmcshext.dll
1999-12-07 12:00:00 24,576 ----a-w C:\WINNT\system32\gdi.exe
1999-12-07 12:00:00 24,336 ----a-w C:\WINNT\system32\sort.exe
1999-12-07 12:00:00 24,336 ----a-w C:\WINNT\system32\sendcmsg.dll
1999-12-07 12:00:00 24,336 ----a-w C:\WINNT\system32\ddrawex.dll
1999-12-07 12:00:00 24,064 ----a-w C:\WINNT\system32\olesvr.dll
1999-12-07 12:00:00 23,888 ----a-w C:\WINNT\system32\drivers\usbcamd.sys
1999-12-07 12:00:00 23,824 ----a-w C:\WINNT\system32\rasrad.dll
1999-12-07 12:00:00 23,824 ----a-w C:\WINNT\system32\dmocx.dll
1999-12-07 12:00:00 23,312 ----a-w C:\WINNT\system32\shscrap.dll
1999-12-07 12:00:00 23,312 ----a-w C:\WINNT\system32\sefilshr.dll
1999-12-07 12:00:00 23,312 ----a-w C:\WINNT\system32\rasmxs.dll
1999-12-07 12:00:00 23,312 ----a-w C:\WINNT\system32\mciwave.dll
1999-12-07 12:00:00 22,800 ----a-w C:\WINNT\system32\olesvr32.dll
1999-12-07 12:00:00 22,800 ----a-w C:\WINNT\system32\ipxrip.dll
1999-12-07 12:00:00 22,288 ----a-w C:\WINNT\system32\routemon.exe
1999-12-07 12:00:00 22,288 ----a-w C:\WINNT\system32\mciseq.dll
1999-12-07 12:00:00 22,288 ----a-w C:\WINNT\system32\ipxroute.exe
1999-12-07 12:00:00 22,288 ----a-w C:\WINNT\system32\dpmodemx.dll
1999-12-07 12:00:00 22,000 ----a-w C:\WINNT\system32\drivers\tsbvcap.sys
1999-12-07 12:00:00 217,360 ----a-w C:\WINNT\system32\slbcsp.dll
1999-12-07 12:00:00 217,360 ----a-w C:\WINNT\system32\compstui.dll
1999-12-07 12:00:00 217,359 ----a-w C:\WINNT\system32\dssec.dat
1999-12-07 12:00:00 215,312 ----a-w C:\WINNT\system32\netui1.dll
1999-12-07 12:00:00 214,288 ----a-w C:\WINNT\system32\qdv.dll
1999-12-07 12:00:00 21,776 ----a-w C:\WINNT\system32\perfos.dll
1999-12-07 12:00:00 21,776 ----a-w C:\WINNT\system32\oislb400.dll
1999-12-07 12:00:00 21,776 ----a-w C:\WINNT\system32\mnmsrvc.exe
1999-12-07 12:00:00 21,776 ----a-w C:\WINNT\system32\ipxwan.dll
1999-12-07 12:00:00 21,712 ----a-w C:\WINNT\system32\drivers\rca.sys
1999-12-07 12:00:00 21,344 ----a-w C:\WINNT\system32\tapi.dll
1999-12-07 12:00:00 21,328 ----a-w C:\WINNT\system32\drivers\msfs.sys
1999-12-07 12:00:00 21,264 ----a-w C:\WINNT\system32\rsvpmsg.dll
1999-12-07 12:00:00 21,264 ----a-w C:\WINNT\system32\netdet.dll
1999-12-07 12:00:00 21,264 ----a-w C:\WINNT\system32\migpwd.exe
1999-12-07 12:00:00 21,264 ----a-w C:\WINNT\system32\licmgr10.dll
1999-12-07 12:00:00 21,264 ----a-w C:\WINNT\system32\dmloader.dll
1999-12-07 12:00:00 21,264 ----a-w C:\WINNT\system32\comclust.exe
1999-12-07 12:00:00 207,120 ----a-w C:\WINNT\system32\tlntadmn.exe
1999-12-07 12:00:00 204,863 ----a-w C:\WINNT\system32\logdrive.dll
1999-12-07 12:00:00 200,192 ----a-w C:\WINNT\system32\ir50_qc.dll
1999-12-07 12:00:00 20,752 ----a-w C:\WINNT\system32\route.exe
1999-12-07 12:00:00 20,752 ----a-w C:\WINNT\system32\plustab.dll
1999-12-07 12:00:00 20,752 ----a-w C:\WINNT\system32\nwcfg.dll
1999-12-07 12:00:00 20,752 ----a-w C:\WINNT\system32\mode.com
1999-12-07 12:00:00 20,752 ----a-w C:\WINNT\system32\lnkstub.exe
1999-12-07 12:00:00 20,752 ----a-w C:\WINNT\system32\internat.exe
1999-12-07 12:00:00 20,634 ----a-w C:\WINNT\system32\debug.exe
1999-12-07 12:00:00 20,240 ----a-w C:\WINNT\vmmreg32.dll
1999-12-07 12:00:00 20,240 ----a-w C:\WINNT\system32\rcp.exe
1999-12-07 12:00:00 2,864 ----a-w C:\WINNT\system32\winsock.dll
1999-12-07 12:00:00 2,800 ----a-w C:\WINNT\system32\drivers\null.sys
1999-12-07 12:00:00 2,768 ----a-w C:\WINNT\system32\wowdeb.exe
1999-12-07 12:00:00 2,112 ----a-w C:\WINNT\system32\winspool.exe
1999-12-07 12:00:00 199,168 ----a-w C:\WINNT\system32\ir32_32.dll
1999-12-07 12:00:00 195,584 ----a-w C:\WINNT\system32\netevent.dll
1999-12-07 12:00:00 19,984 ----a-w C:\WINNT\system32\drivers\ipinip.sys
1999-12-07 12:00:00 19,728 ----a-w C:\WINNT\system32\winstrm.dll
1999-12-07 12:00:00 19,728 ----a-w C:\WINNT\system32\faxevent.dll
1999-12-07 12:00:00 19,728 ----a-w C:\WINNT\system32\arp.exe
1999-12-07 12:00:00 19,694 ----a-w C:\WINNT\system32\graphics.com
1999-12-07 12:00:00 19,216 ----a-w C:\WINNT\system32\winrnr.dll
1999-12-07 12:00:00 19,216 ----a-w C:\WINNT\system32\midimap.dll
1999-12-07 12:00:00 19,088 ----a-w C:\WINNT\system32\drivers\cdaudio.sys
1999-12-07 12:00:00 189,200 ----a-w C:\WINNT\system32\winmm.dll
1999-12-07 12:00:00 186,640 ----a-w C:\WINNT\system32\ftsrch.dll
1999-12-07 12:00:00 183,808 ----a-w C:\WINNT\system32\ir50_qcx.dll
1999-12-07 12:00:00 18,896 ----a-w C:\WINNT\system32\sysedit.exe
1999-12-07 12:00:00 18,704 ----a-w C:\WINNT\system32\ureg.dll
1999-12-07 12:00:00 18,192 ----a-w C:\WINNT\system32\ws2help.dll
1999-12-07 12:00:00 18,192 ----a-w C:\WINNT\system32\pathping.exe
1999-12-07 12:00:00 18,192 ----a-w C:\WINNT\system32\nwapi16.dll
1999-12-07 12:00:00 18,192 ----a-w C:\WINNT\system32\msfaxmon.dll
1999-12-07 12:00:00 18,192 ----a-w C:\WINNT\system32\mcicda.dll
1999-12-07 12:00:00 18,192 ----a-w C:\WINNT\system32\dsctl.dll
1999-12-07 12:00:00 18,192 ----a-w C:\WINNT\system32\compact.exe
1999-12-07 12:00:00 18,192 ----a-w C:\WINNT\system32\alrsvc.dll
1999-12-07 12:00:00 18,128 ----a-w C:\WINNT\system32\vga64k.dll
1999-12-07 12:00:00 177,856 ----a-w C:\WINNT\system32\typelib.dll
1999-12-07 12:00:00 176,400 ----a-w C:\WINNT\system32\qcut.dll
1999-12-07 12:00:00 176,400 ----a-w C:\WINNT\system32\EqnClass.Dll
1999-12-07 12:00:00 17,680 ----a-w C:\WINNT\system32\ups.exe
1999-12-07 12:00:00 17,680 ----a-w C:\WINNT\system32\sfmatmsg.dll
1999-12-07 12:00:00 17,680 ----a-w C:\WINNT\system32\prflbmsg.dll
1999-12-07 12:00:00 17,680 ----a-w C:\WINNT\system32\perfnet.dll
1999-12-07 12:00:00 17,424 ----a-w C:\WINNT\system32\drivers\lvsound.sys
1999-12-07 12:00:00 17,168 ----a-w C:\WINNT\system32\faxroute.dll
1999-12-07 12:00:00 17,168 ----a-w C:\WINNT\system32\faxext32.dll
1999-12-07 12:00:00 17,168 ----a-w C:\WINNT\system32\cfgmgr32.dll
1999-12-07 12:00:00 17,168 ----a-w C:\WINNT\system32\avmeter.dll
1999-12-07 12:00:00 169,520 ----a-w C:\WINNT\system32\ole2disp.dll
1999-12-07 12:00:00 166,672 ----a-w C:\WINNT\system32\syncui.dll
1999-12-07 12:00:00 163,600 ----a-w C:\WINNT\system32\ntsd.exe
1999-12-07 12:00:00 162,064 ----a-w C:\WINNT\system32\progman.exe
1999-12-07 12:00:00 16,880 ----a-w C:\WINNT\system32\drivers\raspti.sys
1999-12-07 12:00:00 16,656 ----a-w C:\WINNT\system32\sysinv.dll
1999-12-07 12:00:00 16,656 ----a-w C:\WINNT\system32\more.com
1999-12-07 12:00:00 16,656 ----a-w C:\WINNT\system32\feclient.dll
1999-12-07 12:00:00 16,384 ----a-w C:\WINNT\system32\msobjs.dll
1999-12-07 12:00:00 16,144 ----a-w C:\WINNT\system32\tsd32.dll
1999-12-07 12:00:00 16,144 ----a-w C:\WINNT\system32\serwvdrv.dll
1999-12-07 12:00:00 16,144 ----a-w C:\WINNT\system32\ping.exe
1999-12-07 12:00:00 16,144 ----a-w C:\WINNT\system32\pentnt.exe
1999-12-07 12:00:00 16,144 ----a-w C:\WINNT\system32\fc.exe
1999-12-07 12:00:00 16,144 ----a-w C:\WINNT\system32\comp.exe
1999-12-07 12:00:00 16,144 ----a-w C:\WINNT\system32\cmpbk32.dll
1999-12-07 12:00:00 158,992 ----a-w C:\WINNT\system32\faxcover.exe
1999-12-07 12:00:00 157,968 ----a-w C:\WINNT\system32\ipmontr.dll
1999-12-07 12:00:00 157,968 ----a-w C:\WINNT\system32\datime.dll
1999-12-07 12:00:00 156,160 ----a-w C:\WINNT\system32\netmsg.dll
1999-12-07 12:00:00 153,360 ----a-w C:\WINNT\system32\cards.dll
1999-12-07 12:00:00 153,008 ----a-w C:\WINNT\system32\ole2nls.dll
1999-12-07 12:00:00 15,632 ----a-w C:\WINNT\system32\perfmon.exe
1999-12-07 12:00:00 15,632 ----a-w C:\WINNT\system32\ntlanui2.dll
1999-12-07 12:00:00 15,632 ----a-w C:\WINNT\system32\expand.exe
1999-12-07 12:00:00 15,120 ----a-w C:\WINNT\upwizun.exe
1999-12-07 12:00:00 15,120 ----a-w C:\WINNT\system32\serialui.dll
1999-12-07 12:00:00 15,120 ----a-w C:\WINNT\system32\drivers\usbintel.sys
1999-12-07 12:00:00 149,776 ----a-w C:\WINNT\system32\sdpblb.dll
1999-12-07 12:00:00 149,264 ----a-w C:\WINNT\system32\crtdll.dll
1999-12-07 12:00:00 148,992 ----a-w C:\WINNT\system32\spxcoins.dll
1999-12-07 12:00:00 148,752 ----a-w C:\WINNT\system32\msls31.dll
1999-12-07 12:00:00 148,752 ----a-w C:\WINNT\system32\drmclien.dll
1999-12-07 12:00:00 147,216 ----a-w C:\WINNT\system32\DComExt.dll
1999-12-07 12:00:00 146,192 ----a-w C:\WINNT\system32\comsnap.dll
1999-12-07 12:00:00 143,632 ----a-w C:\WINNT\system32\rcamsp.dll
1999-12-07 12:00:00 143,632 ----a-w C:\WINNT\system32\nwscript.exe
1999-12-07 12:00:00 14,832 ----a-w C:\WINNT\system32\drivers\smclib.sys
1999-12-07 12:00:00 14,710 ----a-w C:\WINNT\system32\kb16.com
1999-12-07 12:00:00 14,608 ----a-w C:\WINNT\system32\wtsapi32.dll
1999-12-07 12:00:00 14,608 ----a-w C:\WINNT\system32\wowfaxui.dll
1999-12-07 12:00:00 14,608 ----a-w C:\WINNT\system32\faxmapi.dll
1999-12-07 12:00:00 14,608 ----a-w C:\WINNT\system32\asfsipc.dll
1999-12-07 12:00:00 14,096 ----a-w C:\WINNT\system32\senscfg.dll
1999-12-07 12:00:00 14,096 ----a-w C:\WINNT\system32\rasser.dll
1999-12-07 12:00:00 14,096 ----a-w C:\WINNT\system32\deskperf.dll
1999-12-07 12:00:00 14,096 ----a-w C:\WINNT\system32\deskmon.dll
Destination
2007-05-30, 00:20
1999-12-07 12:00:00 138,000 ----a-w C:\WINNT\system32\cnetcfg.dll
1999-12-07 12:00:00 134,144 ----a-w C:\WINNT\system32\moricons.dll
1999-12-07 12:00:00 131,856 ----a-w C:\WINNT\system32\acledit.dll
1999-12-07 12:00:00 131,072 ----a-w C:\WINNT\system32\mapistub.dll
1999-12-07 12:00:00 131,072 ----a-w C:\WINNT\system32\mapi32.dll
1999-12-07 12:00:00 13,968 ----a-w C:\WINNT\system32\drivers\vga.sys
1999-12-07 12:00:00 13,888 ----a-w C:\WINNT\system32\toolhelp.dll
1999-12-07 12:00:00 13,824 ----a-w C:\WINNT\system32\iologmsg.dll
1999-12-07 12:00:00 13,584 ----a-w C:\WINNT\system32\mrinfo.exe
1999-12-07 12:00:00 13,584 ----a-w C:\WINNT\system32\mcastmib.dll
1999-12-07 12:00:00 13,584 ----a-w C:\WINNT\system32\irclass.dll
1999-12-07 12:00:00 13,584 ----a-w C:\WINNT\system32\imgshl.dll
1999-12-07 12:00:00 13,312 ----a-w C:\WINNT\system32\win87em.dll
1999-12-07 12:00:00 13,312 ----a-w C:\WINNT\system32\slbrsrc.dll
1999-12-07 12:00:00 13,072 ----a-w C:\WINNT\system32\umdmxfrm.dll
1999-12-07 12:00:00 13,072 ----a-w C:\WINNT\system32\tcmsetup.exe
1999-12-07 12:00:00 13,072 ----a-w C:\WINNT\system32\rexec.exe
1999-12-07 12:00:00 13,072 ----a-w C:\WINNT\system32\replace.exe
1999-12-07 12:00:00 13,072 ----a-w C:\WINNT\system32\pjlmon.dll
1999-12-07 12:00:00 13,072 ----a-w C:\WINNT\system32\oissq400.dll
1999-12-07 12:00:00 13,072 ----a-w C:\WINNT\system32\oiprt400.dll
1999-12-07 12:00:00 13,072 ----a-w C:\WINNT\system32\deskadp.dll
1999-12-07 12:00:00 126,912 ----a-w C:\WINNT\system32\msvideo.dll
1999-12-07 12:00:00 126,224 ----a-w C:\WINNT\system32\termmgr.dll
1999-12-07 12:00:00 123,904 ----a-w C:\WINNT\system32\dgrpsetu.dll
1999-12-07 12:00:00 123,152 ----a-w C:\WINNT\system32\scardssp.dll
1999-12-07 12:00:00 121,616 ----a-w C:\WINNT\system32\os2srv.exe
1999-12-07 12:00:00 120,592 ----a-w C:\WINNT\system32\dvdplay.exe
1999-12-07 12:00:00 120,320 ----a-w C:\WINNT\system32\ir41_qc.dll
1999-12-07 12:00:00 12,880 ----a-w C:\WINNT\system32\drivers\class2.sys
1999-12-07 12:00:00 12,642 ----a-w C:\WINNT\system32\edlin.exe
1999-12-07 12:00:00 12,560 ----a-w C:\WINNT\system32\wshisn.dll
1999-12-07 12:00:00 12,560 ----a-w C:\WINNT\system32\w32topl.dll
1999-12-07 12:00:00 12,560 ----a-w C:\WINNT\system32\tsbyuv.dll
1999-12-07 12:00:00 12,560 ----a-w C:\WINNT\system32\tree.com
1999-12-07 12:00:00 12,560 ----a-w C:\WINNT\system32\sigtab.dll
1999-12-07 12:00:00 12,560 ----a-w C:\WINNT\system32\rasdial.exe
1999-12-07 12:00:00 12,560 ----a-w C:\WINNT\system32\rasctrs.dll
1999-12-07 12:00:00 12,560 ----a-w C:\WINNT\system32\nmmkcert.dll
1999-12-07 12:00:00 12,560 ----a-w C:\WINNT\system32\drivers\nwlnkflt.sys
1999-12-07 12:00:00 12,560 ----a-w C:\WINNT\system32\doskey.exe
1999-12-07 12:00:00 12,498 ----a-w C:\WINNT\system32\append.exe
1999-12-07 12:00:00 12,368 ----a-w C:\WINNT\system32\drivers\fsvga.sys
1999-12-07 12:00:00 12,048 ----a-w C:\WINNT\system32\mmdrv.dll
1999-12-07 12:00:00 12,048 ----a-w C:\WINNT\system32\attrib.exe
1999-12-07 12:00:00 12,016 ----a-w C:\WINNT\system32\drivers\ws2ifsl.sys
1999-12-07 12:00:00 119,568 ----a-w C:\WINNT\system32\glu32.dll
1999-12-07 12:00:00 119,056 ----a-w C:\WINNT\system32\mmutilse.dll
1999-12-07 12:00:00 118,032 ----a-w C:\WINNT\system32\rasadmin.exe
1999-12-07 12:00:00 118,032 ----a-w C:\WINNT\system32\mplay32.exe
1999-12-07 12:00:00 118,032 ----a-w C:\WINNT\system32\iexpress.exe
1999-12-07 12:00:00 116,272 ----a-w C:\WINNT\system32\msnsspc.dll
1999-12-07 12:00:00 113,936 ----a-w C:\WINNT\system32\oleacc.dll
1999-12-07 12:00:00 111,376 ----a-w C:\WINNT\system32\ifmon.dll
1999-12-07 12:00:00 110,592 ----a-w C:\WINNT\system32\iccvid.dll
1999-12-07 12:00:00 11,717 ----a-w C:\WINNT\system32\setver.exe
1999-12-07 12:00:00 11,536 ----a-w C:\WINNT\system32\winmsd.exe
1999-12-07 12:00:00 11,536 ----a-w C:\WINNT\system32\rasgprxy.dll
1999-12-07 12:00:00 11,536 ----a-w C:\WINNT\system32\netrap.dll
1999-12-07 12:00:00 11,536 ----a-w C:\WINNT\system32\indicdll.dll
1999-12-07 12:00:00 11,536 ----a-w C:\WINNT\system32\help.exe
1999-12-07 12:00:00 11,536 ----a-w C:\WINNT\system32\cmmgr32.exe
1999-12-07 12:00:00 11,536 ----a-w C:\WINNT\system32\acsmib.dll
1999-12-07 12:00:00 11,264 ----a-w C:\WINNT\system32\oleaccrc.dll
1999-12-07 12:00:00 11,024 ----a-w C:\WINNT\system32\rsvpperf.dll
1999-12-07 12:00:00 11,024 ----a-w C:\WINNT\system32\panmap.dll
1999-12-07 12:00:00 11,024 ----a-w C:\WINNT\system32\mcd32.dll
1999-12-07 12:00:00 11,024 ----a-w C:\WINNT\system32\clb.dll
1999-12-07 12:00:00 11,024 ----a-w C:\WINNT\system32\atmadm.exe
1999-12-07 12:00:00 109,328 ----a-w C:\WINNT\system32\dfrgui.dll
1999-12-07 12:00:00 108,464 ----a-w C:\WINNT\system32\netapi.dll
1999-12-07 12:00:00 107,984 ----a-w C:\WINNT\system32\avifile.dll
1999-12-07 12:00:00 107,792 ----a-w C:\WINNT\system32\apcups.dll
1999-12-07 12:00:00 105,840 ----a-w C:\WINNT\system32\drivers\streams.sys
1999-12-07 12:00:00 102,160 ----a-w C:\WINNT\system32\drivers\nbf.sys
1999-12-07 12:00:00 101,648 ----a-w C:\WINNT\system32\cic.dll
1999-12-07 12:00:00 100,112 ----a-w C:\WINNT\system32\mprmsg.dll
1999-12-07 12:00:00 10,784 ----a-w C:\WINNT\system32\bootvid.dll
1999-12-07 12:00:00 10,688 ----a-w C:\WINNT\system32\mcdsrv32.dll
1999-12-07 12:00:00 10,512 ----a-w C:\WINNT\system32\tracert.exe
1999-12-07 12:00:00 10,512 ----a-w C:\WINNT\system32\runonce.exe
1999-12-07 12:00:00 10,512 ----a-w C:\WINNT\system32\pschdprf.dll
1999-12-07 12:00:00 10,512 ----a-w C:\WINNT\system32\dlcapi.dll
1999-12-07 12:00:00 10,368 ----a-w C:\WINNT\system32\wowexec.exe
1999-12-07 12:00:00 10,064 ----a-w C:\WINNT\system32\drivers\dxapi.sys
1999-12-07 12:00:00 10,032 ----a-w C:\WINNT\system32\modex.dll
1999-12-07 12:00:00 10,000 ----a-w C:\WINNT\system32\sfc.exe
1999-12-07 12:00:00 10,000 ----a-w C:\WINNT\system32\rundll32.exe
1999-12-07 12:00:00 10,000 ----a-w C:\WINNT\system32\print.exe
1999-12-07 12:00:00 10,000 ----a-w C:\WINNT\system32\mstinit.exe
1999-12-07 12:00:00 10,000 ----a-w C:\WINNT\system32\lprmonui.dll
1999-12-07 12:00:00 10,000 ----a-w C:\WINNT\system32\lprhelp.dll
1999-12-07 12:00:00 10,000 ----a-w C:\WINNT\system32\iissuba.dll
1999-12-07 12:00:00 10,000 ----a-w C:\WINNT\system32\finger.exe
1999-12-07 12:00:00 1,355,776 ----a-w C:\WINNT\system32\msvbvm50.dll
1999-12-07 12:00:00 1,296,144 ----a-w C:\WINNT\system32\dsound3d.dll
1999-12-07 12:00:00 1,131 ----a-w C:\WINNT\system32\loadfix.com
1999-12-07 12:00:00 1,129 ----a-w C:\WINNT\system32\vwipxspx.exe
1999-12-01 05:39:14 4,880 ----a-w C:\WINNT\system32\ksuser.dll
1999-11-30 23:39:50 59,664 ----a-w C:\WINNT\system32\usbui.dll
1999-11-10 15:34:08 71,632 ----a-w C:\WINNT\system32\drivers\atimpab.sys
1999-10-28 21:24:20 51,152 ----a-w C:\WINNT\system32\drivers\DMusic.sys
1999-09-25 10:36:32 6,640 ----a-w C:\WINNT\system32\drivers\MSKSSRV.sys
1999-09-25 10:36:32 5,008 ----a-w C:\WINNT\system32\drivers\MSPCLOCK.sys
1999-09-25 10:36:32 4,816 ----a-w C:\WINNT\system32\drivers\MSPQM.sys
1999-09-25 10:35:34 2,896 ----a-w C:\WINNT\system32\drivers\audstub.sys
1999-09-25 10:34:58 16,144 ----a-w C:\WINNT\system32\drivers\MODEMCSA.sys
1998-06-17 05:00:00 401,462 ------w C:\WINNT\system32\MSVCP60.DLL
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00F148E4-E01B-4164-9772-ADE1123BD83C}=C:\WINNT\system32\mljhh.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [05/31/05 01:04a]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [03/14/07 03:43a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe]
"AWLGTSTA.exe"="C:\WINNT\system32\AWLGTSTA.exe" [11/06/03 08:46p]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/07 03:43a]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [10/07/06 07:20a]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [06/14/05 10:05a]
"WebCheck"="C:\Windows\loadwc.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [09/28/06 09:13a]
*Newly Created Service* -PROCEXP90
********************************************************************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 16:35:37
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 05/29/2007 16:36:25
C:\ComboFix-quarantined-files.txt ... 05/29/07 04:36p
--- E O F ---
----------------------------------
WOW!!! thats a huge log but yeah thats what came up.
Hi again, we'll continue :)
You should print these instructions or save these to a text file. Follow these instructions carefully.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
==================
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {00F148E4-E01B-4164-9772-ADE1123BD83C} - C:\WINNT\system32\mljhh.dll (file missing)
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================
When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
Destination
2007-05-31, 03:11
The AVG Anti-Spyware didn't find anything. Not sure if you wanted me to do the hijackthis scan when I was in Safe mode or Normal mode, but I did it in Safe mode.
Logfile of HijackThis v1.99.1
Scan saved at 7:56:54 PM, on 5/30/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\derek\Desktop\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AWLGTSTA.exe] "C:\WINNT\system32\AWLGTSTA.exe" /START
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WebCheck] C:\Windows\loadwc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174707452167
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:54:47 PM 5/30/2007
+ Scan result:
Nothing found.
::Report end
Hello :)
Please do the hijackThis scan in normal mode. Post the log to here. How is the computer running?
Destination
2007-05-31, 23:31
Logfile of HijackThis v1.99.1
Scan saved at 4:28:34 PM, on 5/31/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\AWLGTSTA.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\derek\Desktop\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AWLGTSTA.exe] "C:\WINNT\system32\AWLGTSTA.exe" /START
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WebCheck] C:\Windows\loadwc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174707452167
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
and the computer seems to be running a bit better.
OK we may run one more scanner just to be sure :)
Please go HERE (http://www.pandasoftware.com/products/activescan.htm) to run PandaActiveScan...
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.
Due to lack of a response, this topic has been archived.
If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.