Tech Support Forum - View Single Post - I have a weird icon on my toolbar that keeps flashing

HappySupport · 10-22-2007, 07:22 PM

ComboFix 07-10-22.7 - Install 2007-10-22 16:38:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.118 [GMT -4:00]
Running from: C:\Documents and Settings\Install.LALALALA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Install.LALALALA\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\trJ64.exe
C:\WINDOWS\winsys.exe
C:\wuA32.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Install.LALALALA\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\drvtus.dll
C:\WINDOWS\system32\drvtusr.dll
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\vstefyqf.dllbox
C:\WINDOWS\system32\winwly32.dll
C:\WINDOWS\trJ64.exe
C:\WINDOWS\winsys.exe
C:\wuA32.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 )))))))))))))))))))))))))))))))
.

2007-10-22 07:46 340,032 --a------ C:\WINDOWS\system32\vstefyqf.dll
2007-10-22 07:45 340,032 --a------ C:\WINDOWS\system32\gwpusjxs.dll
2007-10-21 19:50 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\Viewpoint
2007-10-21 19:07 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\acccore
2007-10-21 18:08 34,304 --a------ C:\WINDOWS\system32\efcbayx.dll
2007-10-21 11:59 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-10-21 11:58 <DIR> d-------- C:\Q3Ademo
2007-10-12 17:55 <DIR> d-------- C:\wf
2007-10-09 18:10 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 18:13 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2007-10-08 18:12 <DIR> d-------- C:\WINDOWS\system32\Cache
2007-10-08 11:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 09:19 <DIR> d-------- C:\Deckard
2007-10-04 19:48 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-09-30 22:11 <DIR> d-------- C:\Documents and Settings\Rooster\Application Data\Kingsoft
2007-09-30 13:56 1,712,128 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-09-30 13:54 <DIR> d-------- C:\Program Files\Kingsoft
2007-09-30 13:54 <DIR> d-------- C:\Program Files\Common Files\Kingsoft
2007-09-30 12:52 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 01:03 --------- d-----w C:\Program Files\Silkroad
2007-10-20 18:47 --------- d-----w C:\Program Files\Trash
2007-09-22 22:24 --------- d-----w C:\Program Files\Battleships Forever
2007-09-19 19:33 --------- d-----w C:\Program Files\Google
2007-09-18 22:41 --------- d-----w C:\Program Files\DivX
2007-09-18 00:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-18 00:30 --------- d-----w C:\Program Files\Veoh Networks
2007-09-06 03:40 --------- d-----w C:\Program Files\Kodak
2007-08-27 23:47 --------- d-----w C:\Documents and Settings\Rooster\Application Data\Apple Computer
2007-08-22 18:50 --------- d-----w C:\Program Files\Uniblue
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-08-15 22:30 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-08-15 22:30 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-02-04 16:36 40,296 ----a-w C:\Documents and Settings\Rooster\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-10-08_12.21.51.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-28 13

08 135,168 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-20 10:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-06-27 14:34:51 124,928 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
+ 2006-10-17 17:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
+ 2007-06-27 14:34:51 132,608 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
+ 2006-10-17 17:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
+ 2007-06-27 08:27:04 63,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
+ 2007-06-27 14:34:51 153,088 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
+ 2007-06-27 14:34:51 230,400 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
+ 2007-06-27 07:00:33 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
+ 2007-06-27 14:34:51 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
+ 2007-06-27 14:34:51 384,512 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
+ 2007-06-27 14:34:55 6,058,496 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
+ 2007-06-27 14:34:55 44,544 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
+ 2007-06-27 14:34:55 267,776 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
+ 2007-06-27 08:27:05 13,824 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
+ 2007-06-27 08:27:30 625,152 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
+ 2007-06-27 14:34:56 27,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
+ 2007-06-27 14:34:56 459,264 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
+ 2007-06-27 14:34:56 52,224 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
+ 2007-07-19 06:59:59 3,583,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
+ 2007-06-27 14:34:57 477,696 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
+ 2007-06-27 14:34:58 193,024 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
+ 2007-06-27 14:34:58 671,232 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
+ 2007-06-27 14:34:58 102,400 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
+ 2007-06-27 14:34:58 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
+ 2007-06-27 14:34:58 1,152,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
+ 2007-06-27 14:34:59 232,960 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
+ 2007-06-27 14:34:59 823,808 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
- 2007-08-15 16:15:19 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2007-10-21 23:09:45 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2007-08-15 16:15:20 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2007-10-21 23:09:45 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2007-08-15 16:15:19 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-10-21 23:09:44 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-08-15 16:15:20 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2007-10-21 23:09:45 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-08-15 16:15:20 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-10-21 23:09:46 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-08-15 16:15:20 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2007-10-21 23:09:46 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2007-08-15 16:15:19 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-10-21 23:09:45 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-08-15 16:15:19 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-10-21 23:09:45 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2007-08-15 16:15:21 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-10-21 23:09:46 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2007-08-15 16:15:18 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2007-10-21 23:09:44 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-08-15 16:15:18 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-10-21 23:09:44 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\admxprox.dll
+ 2001-08-18 02:36:10 5,632 ----a-w C:\WINDOWS\system32\adsiisex.dll
- 2007-06-27 14:34:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2001-08-23 12:00:00 10,240 ----a-w C:\WINDOWS\system32\aspperf.dll
+ 2001-08-23 12:00:00 56,320 ----a-w C:\WINDOWS\system32\convlog.exe
- 2004-08-04 07:56:42 369,664 ----a-w C:\WINDOWS\system32\dllcache\asp51.dll
+ 2006-04-18 04:23:00 369,664 ----a-w C:\WINDOWS\system32\dllcache\asp51.dll
- 2001-08-18 03:36:10 5,632 ----a-w C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
+ 2001-08-18 02:36:10 5,632 ----a-w C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
- 2001-08-18 03:36:10 45,056 ----a-w C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
+ 2001-08-18 02:36:10 45,056 ----a-w C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
- 2001-08-18 03:36:16 43,520 ----a-w C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
+ 2001-08-18 02:36:16 43,520 ----a-w C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
- 2001-08-18 03:36:18 65,536 ----a-w C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
+ 2001-08-18 02:36:18 65,536 ----a-w C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
- 2001-08-18 03:36:28 38,912 ----a-w C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
+ 2001-08-18 02:36:28 38,912 ----a-w C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
- 2001-08-18 03:36:54 23,040 ----a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
+ 2001-08-18 02:36:54 23,040 ----a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
- 2001-08-18 03:36:30 57,856 ----a-w C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
+ 2001-08-18 02:36:30 57,856 ----a-w C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
- 2001-08-18 03:36:30 26,112 ----a-w C:\WINDOWS\system32\dllcache\EXCH_seos.dll
+ 2001-08-18 02:36:30 26,112 ----a-w C:\WINDOWS\system32\dllcache\EXCH_seos.dll
- 2001-08-18 03:36:32 12,288 ----a-w C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
+ 2001-08-18 02:36:32 12,288 ----a-w C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
- 2001-08-18 03:36:32 7,168 ----a-w C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
+ 2001-08-18 02:36:32 7,168 ----a-w C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
- 2004-08-04 07:56:46 363,520 ----a-w C:\WINDOWS\system32\dllcache\w3svc.dll
+ 2007-06-26 08:27:40 363,520 ----a-w C:\WINDOWS\system32\dllcache\w3svc.dll
- 2006-10-17 17:57:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-27 14:34:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2001-08-18 02:36:16 43,520 ----a-w C:\WINDOWS\system32\fcachdll.dll
+ 2001-08-23 12:00:00 7,680 ----a-w C:\WINDOWS\system32\ftpctrs2.dll
+ 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\ftpsapi2.dll
- 2006-10-17 17:58:20 61,952 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-06-27 08:27:04 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-06-27 14:34:51 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-06-27 14:34:51 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-06-27 07:00:33 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-06-27 14:34:51 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-06-27 14:34:51 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-06-27 14:34:55 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-06-27 14:34:55 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-06-27 14:34:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-06-27 08:27:05 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2001-08-23 12:00:00 3,584 ----a-w C:\WINDOWS\system32\iismui.dll
+ 2001-08-23 12:00:00 14,336 ----a-w C:\WINDOWS\system32\iisreset.exe
+ 2001-08-23 12:00:00 5,632 ----a-w C:\WINDOWS\system32\iisrstap.dll
+ 2001-08-23 12:00:00 19,968 ----a-w C:\WINDOWS\system32\inetsloc.dll
+ 2001-08-23 12:00:00 49,664 ----a-w C:\WINDOWS\system32\inetsrv\ADROT.dll
+ 2001-08-18 02:36:10 45,056 ----a-w C:\WINDOWS\system32\inetsrv\aqadmin.dll
+ 2001-08-23 12:00:00 29,184 ----a-w C:\WINDOWS\system32\inetsrv\asptxn.dll
+ 2001-08-23 12:00:00 9,216 ----a-w C:\WINDOWS\system32\inetsrv\authfilt.dll
+ 2001-08-23 12:00:00 45,568 ----a-w C:\WINDOWS\system32\inetsrv\browscap.dll
+ 2001-08-23 12:00:00 33,792 ----a-w C:\WINDOWS\system32\inetsrv\ContRot.dll
+ 2001-08-23 12:00:00 20,480 ----a-w C:\WINDOWS\system32\inetsrv\counters.dll
+ 2001-08-23 12:00:00 60,928 ----a-w C:\WINDOWS\system32\inetsrv\iisclex4.dll
+ 2001-08-23 12:00:00 19,456 ----a-w C:\WINDOWS\system32\inetsrv\iiscrmap.dll
+ 2001-08-23 12:00:00 6,656 ----a-w C:\WINDOWS\system32\inetsrv\iissync.exe
+ 2001-08-23 12:00:00 169,984 ----a-w C:\WINDOWS\system32\inetsrv\iisui.dll
+ 2001-08-23 12:00:00 7,680 ----a-w C:\WINDOWS\system32\inetsrv\inetmgr.exe
+ 2001-08-23 12:00:00 7,168 ----a-w C:\WINDOWS\system32\inetsrv\isapips.dll
+ 2001-08-23 12:00:00 9,216 ----a-w C:\WINDOWS\system32\inetsrv\iwrps.dll
+ 2001-08-23 12:00:00 22,016 ----a-w C:\WINDOWS\system32\inetsrv\logscrpt.dll
+ 2001-08-18 02:36:18 65,536 ----a-w C:\WINDOWS\system32\inetsrv\mailmsg.dll
+ 2001-08-23 12:00:00 26,624 ----a-w C:\WINDOWS\system32\inetsrv\mdsync.dll
+ 2007-10-22 20:51:40 216,767 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2001-08-23 12:00:00 53,248 ----a-w C:\WINDOWS\system32\inetsrv\NEXTLINK.dll
+ 2001-08-18 02:36:28 38,912 ----a-w C:\WINDOWS\system32\inetsrv\ntfsdrv.dll
+ 2001-08-23 12:00:00 31,744 ----a-w C:\WINDOWS\system32\inetsrv\PageCnt.dll
+ 2001-08-23 12:00:00 20,992 ----a-w C:\WINDOWS\system32\inetsrv\PermChk.dll
+ 2001-08-18 02:36:30 57,856 ----a-w C:\WINDOWS\system32\inetsrv\scripto.dll
+ 2001-08-18 02:36:30 26,112 ----a-w C:\WINDOWS\system32\inetsrv\seos.dll
+ 2001-08-23 12:00:00 16,896 ----a-w C:\WINDOWS\system32\inetsrv\status.dll
+ 2001-08-23 12:00:00 31,232 ----a-w C:\WINDOWS\system32\inetsrv\tools.dll
+ 2001-08-23 12:00:00 73,728 ----a-w C:\WINDOWS\system32\inetsrv\w3ext.dll
- 2004-08-04 07:56:46 363,520 ----a-w C:\WINDOWS\system32\inetsrv\w3svc.dll
+ 2007-06-26 08:27:40 363,520 ----a-w C:\WINDOWS\system32\inetsrv\w3svc.dll
+ 2001-08-23 12:00:00 9,216 ----a-w C:\WINDOWS\system32\inetsrv\wamps.dll
+ 2001-08-23 12:00:00 8,704 ----a-w C:\WINDOWS\system32\infoctrs.dll
- 2007-06-27 14:34:56 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-27 14:34:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-06-27 14:34:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-07-19 06:59:59 3,583,488 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-20 10:04:41 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-27 14:34:57 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-27 14:34:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-27 14:34:58 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-06-27 14:34:58 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-06-20 02:24:28 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-08 23:12:02 55,556 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-06-20 02:24:28 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-08 23:12:02 358,344 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2001-08-18 02:36:54 23,040 ----a-w C:\WINDOWS\system32\regtrace.exe
- 2004-08-04 07:56:44 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2001-08-18 02:36:32 12,288 ----a-w C:\WINDOWS\system32\smtpctrs.dll
+ 2001-08-18 02:36:32 7,168 ----a-w C:\WINDOWS\system32\snprfdll.dll
- 2007-10-05 14:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-04-02 18:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-06-27 14:34:58 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-06-27 14:34:58 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2001-08-23 12:00:00 4,608 ----a-w C:\WINDOWS\system32\w3ctrs.dll
+ 2001-08-23 12:00:00 5,632 ----a-w C:\WINDOWS\system32\w3svapi.dll
+ 2001-08-23 12:00:00 7,168 ----a-w C:\WINDOWS\system32\wamregps.dll
- 2007-06-27 14:34:59 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-06-27 14:34:59 823,808 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-03-09 11:28:00 248,320 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-22 07:46 340032 --a------ C:\WINDOWS\system32\vstefyqf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6B1F430-52B5-4478-9FC6-A94F79D423C3}]
2007-10-21 18:08 34304 --a------ C:\WINDOWS\system32\efcbayx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vstefyqf.dll [2007-10-22 07:46 340032]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vstefyqf.dll [2007-10-22 07:46 340032]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 01:31]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-04 16:52]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-12 18:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-09-12 19:33]
"Aim6"="" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F6B1F430-52B5-4478-9FC6-A94F79D423C3}"= C:\WINDOWS\system32\efcbayx.dll [2007-10-21 18:08 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbayx]
efcbayx.dll 2007-10-21 18:08 34304 C:\WINDOWS\system32\efcbayx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vstefyqf]
vstefyqf.dll 2007-10-22 07:46 340032 C:\WINDOWS\system32\vstefyqf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqpm.dll

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
S3 s3chipid;s3chipid;\??\C:\DOCUME~1\Install\LOCALS~1\Temp\s3chipid.sys

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E05704FA-C2DA-F00E-B900-B714060870F0}]
C:\Documents and Settings\Install\Application Data\mako.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-17 02:02:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
"2007-08-08 01:54:04 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-08 13:04:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-08-08 13:01:42 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-22 16:55:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-22 16:59:09 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 12:24
C:\ComboFix2.txt ... 2007-10-08 12:24
.
--- E O F ---

10-22-2007, 07:22 PM	#11 (permalink)
HappySupport Registered User Join Date: Oct 2007 Posts: 34 OS: xpsp2	Re: I have a weird icon on my toolbar that keeps flashing ComboFix 07-10-22.7 - Install 2007-10-22 16:38:20.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.118 [GMT -4:00] Running from: C:\Documents and Settings\Install.LALALALA\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Install.LALALALA\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\trJ64.exe C:\WINDOWS\winsys.exe C:\wuA32.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Install.LALALALA\Favorites\Online Security Guide.lnk C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe C:\WINDOWS\Casino.ico C:\WINDOWS\Free Online Dating.ico C:\WINDOWS\Spyware Remover.ico C:\WINDOWS\system32\drvtus.dll C:\WINDOWS\system32\drvtusr.dll C:\WINDOWS\system32\mpqss.bak1 C:\WINDOWS\system32\mpqss.bak2 C:\WINDOWS\system32\mpqss.ini C:\WINDOWS\system32\ssqpm.dll C:\WINDOWS\system32\vstefyqf.dllbox C:\WINDOWS\system32\winwly32.dll C:\WINDOWS\trJ64.exe C:\WINDOWS\winsys.exe C:\wuA32.exe . ((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 ))))))))))))))))))))))))))))))) . 2007-10-22 07:46 340,032 --a------ C:\WINDOWS\system32\vstefyqf.dll 2007-10-22 07:45 340,032 --a------ C:\WINDOWS\system32\gwpusjxs.dll 2007-10-21 19:50 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\Viewpoint 2007-10-21 19:07 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\acccore 2007-10-21 18:08 34,304 --a------ C:\WINDOWS\system32\efcbayx.dll 2007-10-21 11:59 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-10-21 11:58 <DIR> d-------- C:\Q3Ademo 2007-10-12 17:55 <DIR> d-------- C:\wf 2007-10-09 18:10 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-08 18:13 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files 2007-10-08 18:12 <DIR> d-------- C:\WINDOWS\system32\Cache 2007-10-08 11:15 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-08 09:19 <DIR> d-------- C:\Deckard 2007-10-04 19:48 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2007-09-30 22:11 <DIR> d-------- C:\Documents and Settings\Rooster\Application Data\Kingsoft 2007-09-30 13:56 1,712,128 --a------ C:\WINDOWS\system32\GdiPlus.dll 2007-09-30 13:54 <DIR> d-------- C:\Program Files\Kingsoft 2007-09-30 13:54 <DIR> d-------- C:\Program Files\Common Files\Kingsoft 2007-09-30 12:52 <DIR> d-------- C:\Program Files\MSECache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-21 01:03 --------- d-----w C:\Program Files\Silkroad 2007-10-20 18:47 --------- d-----w C:\Program Files\Trash 2007-09-22 22:24 --------- d-----w C:\Program Files\Battleships Forever 2007-09-19 19:33 --------- d-----w C:\Program Files\Google 2007-09-18 22:41 --------- d-----w C:\Program Files\DivX 2007-09-18 00:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-18 00:30 --------- d-----w C:\Program Files\Veoh Networks 2007-09-06 03:40 --------- d-----w C:\Program Files\Kodak 2007-08-27 23:47 --------- d-----w C:\Documents and Settings\Rooster\Application Data\Apple Computer 2007-08-22 18:50 --------- d-----w C:\Program Files\Uniblue 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:04 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:21 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-08-15 22:33 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-08-15 22:30 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-08-15 22:30 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2007-02-04 16:36 40,296 ----a-w C:\Documents and Settings\Rooster\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2007-10-08_12.21.51.15 ))))))))))))))))))))))))))))))))))))))))) . - 2007-09-28 1308 135,168 ----a-w C:\WINDOWS\catchme.exe + 2007-10-20 10:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe + 2007-06-27 14:34:51 124,928 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll + 2006-10-17 17:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll + 2007-06-27 14:34:51 132,608 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll + 2006-10-17 17:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll + 2007-06-27 08:27:04 63,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe + 2007-06-27 14:34:51 153,088 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll + 2007-06-27 14:34:51 230,400 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll + 2007-06-27 07:00:33 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll + 2007-06-27 14:34:51 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll + 2007-06-27 14:34:51 384,512 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll + 2007-06-27 14:34:55 6,058,496 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll + 2007-06-27 14:34:55 44,544 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll + 2007-06-27 14:34:55 267,776 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll + 2007-06-27 08:27:05 13,824 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe + 2007-06-27 08:27:30 625,152 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe + 2007-06-27 14:34:56 27,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll + 2007-06-27 14:34:56 459,264 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll + 2007-06-27 14:34:56 52,224 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll + 2007-07-19 06:59:59 3,583,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll + 2007-06-27 14:34:57 477,696 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll + 2007-06-27 14:34:58 193,024 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll + 2007-06-27 14:34:58 671,232 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll + 2007-06-27 14:34:58 102,400 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll + 2007-06-27 14:34:58 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll + 2007-06-27 14:34:58 1,152,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll + 2007-06-27 14:34:59 232,960 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll + 2007-06-27 14:34:59 823,808 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll - 2007-08-15 16:15:19 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe + 2007-10-21 23:09:45 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe - 2007-08-15 16:15:20 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe + 2007-10-21 23:09:45 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe - 2007-08-15 16:15:19 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe + 2007-10-21 23:09:44 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe - 2007-08-15 16:15:20 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe + 2007-10-21 23:09:45 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe - 2007-08-15 16:15:20 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe + 2007-10-21 23:09:46 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe - 2007-08-15 16:15:20 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe + 2007-10-21 23:09:46 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe - 2007-08-15 16:15:19 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe + 2007-10-21 23:09:45 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe - 2007-08-15 16:15:19 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe + 2007-10-21 23:09:45 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe - 2007-08-15 16:15:21 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe + 2007-10-21 23:09:46 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe - 2007-08-15 16:15:18 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe + 2007-10-21 23:09:44 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe - 2007-08-15 16:15:18 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe + 2007-10-21 23:09:44 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe + 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\admxprox.dll + 2001-08-18 02:36:10 5,632 ----a-w C:\WINDOWS\system32\adsiisex.dll - 2007-06-27 14:34:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2001-08-23 12:00:00 10,240 ----a-w C:\WINDOWS\system32\aspperf.dll + 2001-08-23 12:00:00 56,320 ----a-w C:\WINDOWS\system32\convlog.exe - 2004-08-04 07:56:42 369,664 ----a-w C:\WINDOWS\system32\dllcache\asp51.dll + 2006-04-18 04:23:00 369,664 ----a-w C:\WINDOWS\system32\dllcache\asp51.dll - 2001-08-18 03:36:10 5,632 ----a-w C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll + 2001-08-18 02:36:10 5,632 ----a-w C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll - 2001-08-18 03:36:10 45,056 ----a-w C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll + 2001-08-18 02:36:10 45,056 ----a-w C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll - 2001-08-18 03:36:16 43,520 ----a-w C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll + 2001-08-18 02:36:16 43,520 ----a-w C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll - 2001-08-18 03:36:18 65,536 ----a-w C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll + 2001-08-18 02:36:18 65,536 ----a-w C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll - 2001-08-18 03:36:28 38,912 ----a-w C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll + 2001-08-18 02:36:28 38,912 ----a-w C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll - 2001-08-18 03:36:54 23,040 ----a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe + 2001-08-18 02:36:54 23,040 ----a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe - 2001-08-18 03:36:30 57,856 ----a-w C:\WINDOWS\system32\dllcache\EXCH_scripto.dll + 2001-08-18 02:36:30 57,856 ----a-w C:\WINDOWS\system32\dllcache\EXCH_scripto.dll - 2001-08-18 03:36:30 26,112 ----a-w C:\WINDOWS\system32\dllcache\EXCH_seos.dll + 2001-08-18 02:36:30 26,112 ----a-w C:\WINDOWS\system32\dllcache\EXCH_seos.dll - 2001-08-18 03:36:32 12,288 ----a-w C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll + 2001-08-18 02:36:32 12,288 ----a-w C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll - 2001-08-18 03:36:32 7,168 ----a-w C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll + 2001-08-18 02:36:32 7,168 ----a-w C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll - 2004-08-04 07:56:46 363,520 ----a-w C:\WINDOWS\system32\dllcache\w3svc.dll + 2007-06-26 08:27:40 363,520 ----a-w C:\WINDOWS\system32\dllcache\w3svc.dll - 2006-10-17 17:57:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2007-06-27 14:34:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll + 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll + 2001-08-18 02:36:16 43,520 ----a-w C:\WINDOWS\system32\fcachdll.dll + 2001-08-23 12:00:00 7,680 ----a-w C:\WINDOWS\system32\ftpctrs2.dll + 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\ftpsapi2.dll - 2006-10-17 17:58:20 61,952 ----a-w C:\WINDOWS\system32\icardie.dll + 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2007-06-27 08:27:04 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2007-06-27 14:34:51 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2007-06-27 14:34:51 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2007-06-27 07:00:33 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2007-06-27 14:34:51 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2007-06-27 14:34:51 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2007-06-27 14:34:55 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll + 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-06-27 14:34:55 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2007-06-27 14:34:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2007-06-27 08:27:05 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2001-08-23 12:00:00 3,584 ----a-w C:\WINDOWS\system32\iismui.dll + 2001-08-23 12:00:00 14,336 ----a-w C:\WINDOWS\system32\iisreset.exe + 2001-08-23 12:00:00 5,632 ----a-w C:\WINDOWS\system32\iisrstap.dll + 2001-08-23 12:00:00 19,968 ----a-w C:\WINDOWS\system32\inetsloc.dll + 2001-08-23 12:00:00 49,664 ----a-w C:\WINDOWS\system32\inetsrv\ADROT.dll + 2001-08-18 02:36:10 45,056 ----a-w C:\WINDOWS\system32\inetsrv\aqadmin.dll + 2001-08-23 12:00:00 29,184 ----a-w C:\WINDOWS\system32\inetsrv\asptxn.dll + 2001-08-23 12:00:00 9,216 ----a-w C:\WINDOWS\system32\inetsrv\authfilt.dll + 2001-08-23 12:00:00 45,568 ----a-w C:\WINDOWS\system32\inetsrv\browscap.dll + 2001-08-23 12:00:00 33,792 ----a-w C:\WINDOWS\system32\inetsrv\ContRot.dll + 2001-08-23 12:00:00 20,480 ----a-w C:\WINDOWS\system32\inetsrv\counters.dll + 2001-08-23 12:00:00 60,928 ----a-w C:\WINDOWS\system32\inetsrv\iisclex4.dll + 2001-08-23 12:00:00 19,456 ----a-w C:\WINDOWS\system32\inetsrv\iiscrmap.dll + 2001-08-23 12:00:00 6,656 ----a-w C:\WINDOWS\system32\inetsrv\iissync.exe + 2001-08-23 12:00:00 169,984 ----a-w C:\WINDOWS\system32\inetsrv\iisui.dll + 2001-08-23 12:00:00 7,680 ----a-w C:\WINDOWS\system32\inetsrv\inetmgr.exe + 2001-08-23 12:00:00 7,168 ----a-w C:\WINDOWS\system32\inetsrv\isapips.dll + 2001-08-23 12:00:00 9,216 ----a-w C:\WINDOWS\system32\inetsrv\iwrps.dll + 2001-08-23 12:00:00 22,016 ----a-w C:\WINDOWS\system32\inetsrv\logscrpt.dll + 2001-08-18 02:36:18 65,536 ----a-w C:\WINDOWS\system32\inetsrv\mailmsg.dll + 2001-08-23 12:00:00 26,624 ----a-w C:\WINDOWS\system32\inetsrv\mdsync.dll + 2007-10-22 20:51:40 216,767 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2001-08-23 12:00:00 53,248 ----a-w C:\WINDOWS\system32\inetsrv\NEXTLINK.dll + 2001-08-18 02:36:28 38,912 ----a-w C:\WINDOWS\system32\inetsrv\ntfsdrv.dll + 2001-08-23 12:00:00 31,744 ----a-w C:\WINDOWS\system32\inetsrv\PageCnt.dll + 2001-08-23 12:00:00 20,992 ----a-w C:\WINDOWS\system32\inetsrv\PermChk.dll + 2001-08-18 02:36:30 57,856 ----a-w C:\WINDOWS\system32\inetsrv\scripto.dll + 2001-08-18 02:36:30 26,112 ----a-w C:\WINDOWS\system32\inetsrv\seos.dll + 2001-08-23 12:00:00 16,896 ----a-w C:\WINDOWS\system32\inetsrv\status.dll + 2001-08-23 12:00:00 31,232 ----a-w C:\WINDOWS\system32\inetsrv\tools.dll + 2001-08-23 12:00:00 73,728 ----a-w C:\WINDOWS\system32\inetsrv\w3ext.dll - 2004-08-04 07:56:46 363,520 ----a-w C:\WINDOWS\system32\inetsrv\w3svc.dll + 2007-06-26 08:27:40 363,520 ----a-w C:\WINDOWS\system32\inetsrv\w3svc.dll + 2001-08-23 12:00:00 9,216 ----a-w C:\WINDOWS\system32\inetsrv\wamps.dll + 2001-08-23 12:00:00 8,704 ----a-w C:\WINDOWS\system32\infoctrs.dll - 2007-06-27 14:34:56 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe + 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe - 2007-06-27 14:34:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2007-06-27 14:34:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2007-07-19 06:59:59 3,583,488 ----a-w C:\WINDOWS\system32\mshtml.dll + 2007-08-20 10:04:41 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-06-27 14:34:57 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2007-06-27 14:34:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2007-06-27 14:34:58 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2007-06-27 14:34:58 102,400 ----a-w C:\WINDOWS\system32\occache.dll + 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\system32\occache.dll - 2007-06-20 02:24:28 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-10-08 23:12:02 55,556 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-06-20 02:24:28 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-10-08 23:12:02 358,344 ----a-w C:\WINDOWS\system32\perfh009.dat + 2001-08-18 02:36:54 23,040 ----a-w C:\WINDOWS\system32\regtrace.exe - 2004-08-04 07:56:44 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll + 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll + 2001-08-18 02:36:32 12,288 ----a-w C:\WINDOWS\system32\smtpctrs.dll + 2001-08-18 02:36:32 7,168 ----a-w C:\WINDOWS\system32\snprfdll.dll - 2007-10-05 14:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe + 2007-04-02 18:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe - 2007-06-27 14:34:58 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-06-27 14:34:58 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll + 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll + 2001-08-23 12:00:00 4,608 ----a-w C:\WINDOWS\system32\w3ctrs.dll + 2001-08-23 12:00:00 5,632 ----a-w C:\WINDOWS\system32\w3svapi.dll + 2001-08-23 12:00:00 7,168 ----a-w C:\WINDOWS\system32\wamregps.dll - 2007-06-27 14:34:59 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll + 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll - 2007-06-27 14:34:59 823,808 ----a-w C:\WINDOWS\system32\wininet.dll + 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll - 2007-03-09 11:28:00 248,320 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-10-22 07:46 340032 --a------ C:\WINDOWS\system32\vstefyqf.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6B1F430-52B5-4478-9FC6-A94F79D423C3}] 2007-10-21 18:08 34304 --a------ C:\WINDOWS\system32\efcbayx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vstefyqf.dll [2007-10-22 07:46 340032] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vstefyqf.dll [2007-10-22 07:46 340032] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:32] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 01:31] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-04 16:52] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-12 18:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-09-12 19:33] "Aim6"="" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{F6B1F430-52B5-4478-9FC6-A94F79D423C3}"= C:\WINDOWS\system32\efcbayx.dll [2007-10-21 18:08 34304] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbayx] efcbayx.dll 2007-10-21 18:08 34304 C:\WINDOWS\system32\efcbayx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vstefyqf] vstefyqf.dll 2007-10-22 07:46 340032 C:\WINDOWS\system32\vstefyqf.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqpm.dll R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys S3 s3chipid;s3chipid;\??\C:\DOCUME~1\Install\LOCALS~1\Temp\s3chipid.sys [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E05704FA-C2DA-F00E-B900-B714060870F0}] C:\Documents and Settings\Install\Application Data\mako.exe . Contents of the 'Scheduled Tasks' folder "2007-10-17 02:02:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" "2007-08-08 01:54:04 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-08-08 13:04:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2007-08-08 13:01:42 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************ catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-22 16:55:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-22 16:59:09 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-08 12:24 C:\ComboFix2.txt ... 2007-10-08 12:24 . --- E O F ---