Thread: Random popups and cpu running 50%
View Single Post
Old 11-19-2008, 02:00 PM   #8 (permalink)
briang3
Registered User
 
Join Date: Aug 2008
Posts: 21
OS: xp


Re: Random popups and cpu running 50%
Hi, I ran combofix and here's the log:

ComboFix 08-11-18.A2 - Govier 2008-11-19 12:37:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1469 [GMT -8:00]
Running from: c:\documents and settings\Govier\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Govier\Application Data\gadcom
c:\documents and settings\Govier\Application Data\gadcom\gadcom.exe
c:\documents and settings\Govier\Application Data\ShoppingReport
c:\documents and settings\Govier\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Govier\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Govier\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\INSTALL.LOG
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\windows\system32\aqjfkn.dll
c:\windows\system32\byaaun.dll
c:\windows\system32\dcehOqru.ini
c:\windows\system32\dcehOqru.ini2
c:\windows\system32\dzwxze.dll
c:\windows\system32\fcccdARh.dll
c:\windows\system32\fnaskxld.dll
c:\windows\system32\gwmmhtpu.dll
c:\windows\system32\IQrCIkkj.ini
c:\windows\system32\IQrCIkkj.ini2
c:\windows\system32\jkkICrQI.dll
c:\windows\system32\lmmahcfe.dll
c:\windows\system32\msansspc.dll
c:\windows\system32\rqRhiFxx.dll
c:\windows\system32\wkxygsql.dll
c:\windows\system32\wpv274.cpx
c:\windows\system32\wpv964.cpx
c:\windows\wiaserviv.log
c:\windows\wiaservv.log

.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-17 18:13 . 2008-11-17 18:13 120 --ahs---- c:\windows\system32\dlxksanf.ini
2008-11-16 16:56 . 2008-11-19 11:50 250 --a------ c:\windows\gmer.ini
2008-11-10 11:55 . 2008-11-12 21:14 <DIR> d-------- C:\BEES40e
2008-11-10 11:53 . 2008-11-12 17:11 <DIR> d-------- C:\BEES40eSetup
2008-10-25 20:17 . 2008-10-25 20:17 <DIR> d-------- c:\windows\system32\scripting
2008-10-25 20:17 . 2008-10-25 20:17 <DIR> d-------- c:\windows\l2schemas
2008-10-25 20:15 . 2008-10-25 20:17 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-25 19:53 . 2008-04-13 16:11 1,267,200 --a------ c:\windows\system32\SET3DE.tmp
2008-10-25 19:41 . 2008-10-15 08:34 337,408 --------- c:\windows\system32\SET1484.tmp
2008-10-19 20:02 . 2008-10-19 20:02 <DIR> d-------- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 02:12 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-18 00:48 --------- d-----w c:\program files\Enigma Software Group
2008-11-17 22:32 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-17 00:48 --------- d-----w c:\program files\LimeWire
2008-11-16 23:00 --------- d-----w c:\documents and settings\Govier\Application Data\BitTorrent
2008-10-30 21:12 --------- d-----w c:\program files\Dl_cats
2008-10-19 22:53 --------- d-----w c:\documents and settings\Govier\Application Data\LimeWire
2008-08-21 03:11 24,896 ----a-w c:\documents and settings\Govier\Application Data\GDIPFONTCACHEV1.DAT
2008-07-13 01:46 0 --sha-w c:\documents and settings\Govier\Application Data\0000000000CHEV1.dat
2007-02-14 23:53 56 --sh--r c:\windows\system32\6929A60EE9.sys
2007-01-15 02:54 88 --sh--r c:\windows\system32\E90EA62969.sys
2007-02-14 23:53 5,382 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-08-13_13.49.53.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-23 16:01:38 124,928 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll
+ 2008-06-23 16:01:38 347,136 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:01:39 214,528 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll
+ 2008-06-23 16:01:39 132,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll
+ 2008-06-23 16:01:39 63,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll
+ 2008-06-23 08:23:18 70,656 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
+ 2008-06-23 16:01:39 153,088 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll
+ 2008-06-23 16:01:39 230,400 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll
+ 2008-06-21 05:23:53 161,792 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat
+ 2008-06-23 16:01:40 383,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll
+ 2008-06-23 16:01:40 388,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll
+ 2008-06-23 16:01:43 6,068,736 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll
+ 2008-06-23 16:01:43 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll
+ 2008-06-23 16:01:44 267,776 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll
+ 2008-06-23 08:23:18 13,824 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
+ 2008-06-23 08:23:52 625,664 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
+ 2008-06-23 16:01:46 27,648 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll
+ 2008-06-23 16:01:46 459,264 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll
+ 2008-06-23 16:01:46 52,224 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll
+ 2008-06-23 16:01:49 3,594,240 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
+ 2008-06-23 16:01:49 477,696 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll
+ 2008-06-23 16:01:49 193,024 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll
+ 2008-06-23 16:01:50 671,232 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll
+ 2008-06-23 16:01:50 102,912 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll
+ 2008-06-23 16:01:50 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll
+ 2008-06-23 16:01:50 105,984 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\url.dll
+ 2008-06-23 16:01:51 1,162,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll
+ 2008-06-23 16:01:51 233,472 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll
+ 2008-06-23 16:01:51 827,904 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\updspapi.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2006-10-04 14:05:26 39,424 ----a-w c:\windows\AppPatch\acadproc(2).dll
- 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2007-06-13 10:23:07 1,033,216 ----a-w c:\windows\explorer(2).exe
+ 2008-11-17 00:56:09 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 05:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2008-04-23 04:16:28 124,928 -c----w c:\windows\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w c:\windows\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w c:\windows\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w c:\windows\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w c:\windows\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w c:\windows\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w c:\windows\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w c:\windows\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w c:\windows\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w c:\windows\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w c:\windows\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w c:\windows\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w c:\windows\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w c:\windows\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w c:\windows\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w c:\windows\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w c:\windows\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w c:\windows\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-24 05:16:30 3,591,680 -c----w c:\windows\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w c:\windows\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w c:\windows\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w c:\windows\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w c:\windows\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w c:\windows\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w c:\windows\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 04:16:29 233,472 -c----w c:\windows\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w c:\windows\ie7updates\KB953838-IE7\wininet.dll
- 2000-08-31 15:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 16:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2004-08-10 10:00:00 38,912 ----a-w c:\windows\pchealth\helpctr\binaries\pchsvc(2).dll
- 2006-08-22 17:14:34 89,015 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2008-10-26 04:20:09 89,015 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
- 2006-08-22 17:14:34 5,186 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-10-26 04:20:09 5,924 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2004-08-10 10:00:00 146,432 ----a-w c:\windows\regedit(2).exe
+ 2008-04-14 00:25:26 1,804 ------w c:\windows\ServicePackFiles\i386\dcache.bin
+ 2006-12-31 14:57:08 4,569 ------w c:\windows\ServicePackFiles\i386\secupd.dat
- 2000-08-31 15:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 16:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2004-08-10 10:00:00 114,688 ----a-w c:\windows\system32\aclui(2).dll
+ 2004-08-10 10:00:00 194,048 ----a-w c:\windows\system32\activeds(2).dll
+ 2004-08-10 10:00:00 101,888 ----a-w c:\windows\system32\actxprxy(2).dll
+ 2004-08-10 10:00:00 143,360 ----a-w c:\windows\system32\adsldpc(2).dll
+ 2008-06-23 16:57:27 124,928 ----a-w c:\windows\system32\advpack(2).dll
- 2008-04-23 04:16:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2004-08-10 10:00:00 44,544 ----a-w c:\windows\system32\alg(2).exe
+ 2004-08-10 10:00:00 58,880 ----a-w c:\windows\system32\atl(2).dll
+ 2004-08-10 10:00:00 42,496 ----a-w c:\windows\system32\audiosrv(2).dll
+ 2005-03-02 18:09:29 56,832 ----a-w c:\windows\system32\authz(2).dll
+ 2004-08-10 10:00:00 28,672 ----a-w c:\windows\system32\batmeter(2).dll
+ 2004-08-10 10:00:00 77,312 ----a-w c:\windows\system32\browser(2).dll
+ 2006-09-14 08:31:26 1,022,976 ----a-w c:\windows\system32\browseui(2).dll
+ 2004-08-10 10:00:00 59,904 ----a-w c:\windows\system32\cabinet(2).dll
+ 2005-07-26 04:39:42 225,792 ----a-w c:\windows\system32\catsrv(2).dll
+ 2005-07-26 04:39:43 625,152 ----a-w c:\windows\system32\catsrvut(2).dll
- 2007-07-31 02:19:20 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-07-19 05:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2004-08-10 10:00:00 194,560 ----a-w c:\windows\system32\certcli(2).dll
+ 2004-08-10 10:00:00 16,896 ----a-w c:\windows\system32\cfgmgr32(2).dll
+ 2005-07-26 04:39:43 498,688 ----a-w c:\windows\system32\clbcatq(2).dll
+ 2004-08-10 10:00:00 57,856 ----a-w c:\windows\system32\clusapi(2).dll
+ 2004-08-10 10:00:00 47,104 ----a-w c:\windows\system32\cnbjmon(2).dll
+ 2005-07-26 04:39:43 60,416 ----a-w c:\windows\system32\colbact(2).dll
+ 2004-08-10 10:00:00 792,064 ----a-w c:\windows\system32\comres(2).dll
+ 2004-08-10 10:00:00 163,840 ----a-w c:\windows\system32\credui(2).dll
+ 2004-08-10 10:00:00 597,504 ----a-w c:\windows\system32\crypt32(2).dll
+ 2004-08-10 10:00:00 33,280 ----a-w c:\windows\system32\cryptdll(2).dll
+ 2004-08-10 10:00:00 63,488 ----a-w c:\windows\system32\cryptnet(2).dll
+ 2004-08-10 10:00:00 60,416 ----a-w c:\windows\system32\cryptsvc(2).dll
+ 2004-08-10 10:00:00 512,512 ----a-w c:\windows\system32\cryptui(2).dll
+ 2004-08-10 10:00:00 101,888 ----a-w c:\windows\system32\cscdll(2).dll
+ 2004-08-10 10:00:00 326,656 ----a-w c:\windows\system32\cscui(2).dll
+ 2004-08-10 10:00:00 6,144 ----a-w c:\windows\system32\csrss(2).exe
+ 2004-08-10 10:00:00 15,360 ----a-w c:\windows\system32\ctfmon(2).exe
+ 2004-08-10 10:00:00 24,576 ----a-w c:\windows\system32\davclnt(2).dll
+ 2004-08-10 10:00:00 640,000 ----a-w c:\windows\system32\dbghelp(2).dll
- 2004-08-10 10:00:00 1,788 ----a-w c:\windows\system32\Dcache.bin
+ 2008-04-14 00:25:26 1,804 ----a-w c:\windows\system32\dcache.bin
+ 2004-08-10 10:00:00 8,704 ----a-w c:\windows\system32\dciman32(2).dll
+ 2004-08-10 10:00:00 266,240 ----a-w c:\windows\system32\ddraw(2).dll
+ 2004-08-10 10:00:00 27,136 ----a-w c:\windows\system32\ddrawex(2).dll
+ 2004-08-10 10:00:00 59,904 ----a-w c:\windows\system32\devenum(2).dll
- 2008-04-23 04:16:28 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27 124,928 ------w c:\windows\system32\dllcache\advpack.dll
- 2007-07-31 02:19:20 92,504 ----a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-07-19 05:10:48 94,920 ----a-w c:\windows\system32\dllcache\cdm.dll
- 2008-04-23 04:16:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-04-23 04:16:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-04-23 04:16:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-06-23 16:57:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
- 2008-04-22 07:39:58 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
- 2008-04-23 04:16:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:28 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2008-04-22 07:39:58 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
- 2008-04-22 07:40:18 625,664 ------w c:\windows\system32\dllcache\iexplore.exe
+ 2008-06-23 09:20:52 625,664 ------w c:\windows\system32\dllcache\iexplore.exe
- 2008-04-23 04:16:28 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2008-04-23 04:16:28 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-24 05:16:30 3,591,680 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-06-24 17:57:40 3,592,192 ----a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:39 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-04-23 04:16:28 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40 102,912 ------w c:\windows\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-23 04:16:28 105,984 ------w c:\windows\system32\dllcache\url.dll
+ 2008-06-23 16:57:40 105,984 ------w c:\windows\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-04-23 04:16:29 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:41 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2007-07-31 02:19:36 549,720 ----a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-07-19 05:09:44 563,912 ----a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-31 02:19:16 53,080 ----a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-07-19 05:10:42 53,448 ----a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-31 02:19:42 1,712,984 ----a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-07-19 05:09:42 1,811,656 ----a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-31 02:19:32 325,976 ----a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-07-19 05:09:46 325,832 ----a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-31 02:18:40 33,624 ----a-w c:\windows\system32\dllcache\wups.dll
+ 2008-07-19 05:10:20 36,552 ----a-w c:\windows\system32\dllcache\wups.dll
- 2007-07-31 02:19:28 203,096 ----a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-07-19 05:09:44 205,000 ----a-w c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-10 10:00:00 5,120 ----a-w c:\windows\system32\dllhost(2).exe
+ 2008-06-20 17:41:10 148,992 ----a-w c:\windows\system32\dnsapi(2).dll
+ 2008-02-20 05:32:43 45,568 ----a-w c:\windows\system32\dnsrslvr(2).dll
+ 2008-11-17 00:56:09 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2004-08-10 10:00:00 14,336 ----a-w c:\windows\system32\drprov(2).dll
+ 2004-08-10 10:00:00 137,216 ----a-w c:\windows\system32\dssenh(2).dll
+ 2008-06-23 16:57:27 347,136 ----a-w c:\windows\system32\dxtmsft(2).dll
- 2008-04-23 04:16:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 ----a-w c:\windows\system32\dxtrans(2).dll
- 2008-04-23 04:16:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2004-08-10 10:00:00 23,040 ----a-w c:\windows\system32\ersvc(2).dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es(2).dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es(4).dll
+ 2005-10-20 22:20:03 1,082,368 ----a-w c:\windows\system32\esent(2).dll
+ 2004-08-10 10:00:00 55,808 ----a-w c:\windows\system32\eventlog(2).dll
- 2008-04-23 04:16:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2004-08-10 10:00:00 80,384 ----a-w c:\windows\system32\faultrep(2).dll
- 2008-07-10 16:20:02 128,504 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-26 04:31:57 128,504 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2004-08-10 10:00:00 452,096 ----a-w c:\windows\system32\fxsapi(2).dll
+ 2004-08-10 10:00:00 55,296 ----a-w c:\windows\system32\fxsevent(2).dll
+ 2004-08-10 10:00:00 23,552 ----a-w c:\windows\system32\fxsmon(2).dll
+ 2004-08-10 10:00:00 562,176 ----a-w c:\windows\system32\fxsst(2).dll
+ 2004-08-10 10:00:00 20,992 ----a-w c:\windows\system32\hid(2).dll
+ 2004-08-10 10:00:00 344,064 ----a-w c:\windows\system32\hnetcfg(2).dll
+ 2004-08-10 10:00:00 24,576 ----a-w c:\windows\system32\httpapi(2).dll
+ 2004-08-10 10:00:00 11,264 ----a-w c:\windows\system32\icaapi(2).dll
- 2008-04-23 04:16:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-06-23 16:57:28 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2004-08-10 10:00:00 75,264 ----a-w c:\windows\system32\inetpp(2).dll
+ 2006-05-19 12:59:41 94,720 ----a-w c:\windows\system32\iphlpapi(2).dll
+ 2004-08-10 10:00:00 331,264 ----a-w c:\windows\system32\ipnathlp(2).dll
+ 2004-08-10 10:00:00 182,784 ----a-w c:\windows\system32\ipsecsvc(2).dll
- 2005-11-10 16:27:06 49,248 ----a-w c:\windows\system32\java.exe
+ 2008-06-10 08:21:01 135,168 ----a-w c:\windows\system32\java.exe
- 2005-11-10 16:27:16 49,250 ----a-w c:\windows\system32\javaw.exe
+ 2008-06-10 08:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
- 2005-11-10 18:03:54 127,078 ----a-w c:\windows\system32\javaws.exe
+ 2008-06-10 09:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2006-10-17 20:00:00 491,520 ----a-w c:\windows\system32\jscript(2).dll
- 2008-04-23 04:16:28 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2005-06-15 17:49:30 295,936 ----a-w c:\windows\system32\kerberos(2).dll
+ 2005-09-01 01:41:53 19,968 ----a-w c:\windows\system32\linkinfo(2).dll
+ 2004-08-10 10:00:00 97,280 ----a-w c:\windows\system32\loadperf(2).dll
+ 2004-08-10 10:00:00 13,312 ----a-w c:\windows\system32\lsass(2).exe
+ 2004-08-10 10:00:00 22,528 ----a-w c:\windows\system32\mfcsubs(2).dll
+ 2004-08-10 10:00:00 18,944 ----a-w c:\windows\system32\midimap(2).dll
+ 2004-08-10 10:00:00 586,240 ----a-w c:\windows\system32\mlang(2).dll
+ 2004-08-10 10:00:00 59,904 ----a-w c:\windows\system32\mpr(2).dll
+ 2004-08-10 10:00:00 87,040 ----a-w c:\windows\system32\mprapi(2).dll
+ 2007-07-06 12:46:59 95,744 ----a-w c:\windows\system32\mqsec(2).dll
+ 2007-07-06 12:46:59 471,552 ----a-w c:\windows\system32\mqutil(2).dll
+ 2004-08-10 10:00:00 71,680 ----a-w c:\windows\system32\msacm32(2).dll
+ 2004-08-10 10:00:00 57,344 ----a-w c:\windows\system32\msasn1(2).dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms(2).dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms(3).dll
+ 2008-02-26 11:59:50 294,912 ----a-w c:\windows\system32\msctf(2).dll
+ 2004-08-10 10:00:00 14,336 ----a-w c:\windows\system32\msdmo(2).dll
- 2008-04-23 04:16:28 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-04-24 05:16:30 3,591,680 ----a-w c:\windows\system32\mshtml.dll
+ 2008-06-24 17:57:40 3,592,192 ----a-w c:\windows\system32\mshtml.dll
+ 2008-06-23 16:57:39 477,696 ----a-w c:\windows\system32\mshtmled(2).dll
- 2008-04-23 04:16:28 478,208 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2004-08-10 10:00:00 6,656 ----a-w c:\windows\system32\msidle(2).dll
+ 2004-08-10 10:00:00 4,608 ----a-w c:\windows\system32\msimg32(2).dll
+ 2004-08-10 10:00:00 159,232 ----a-w c:\windows\system32\MSIMTF(2).dll
+ 2004-08-10 10:00:00 30,208 ----a-w c:\windows\system32\mspatcha(2).dll
+ 2004-08-10 10:00:00 48,128 ----a-w c:\windows\system32\msprivs(2).dll
- 2008-04-23 04:16:28 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-06-23 16:57:39 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2004-08-10 10:00:00 115,712 ----a-w c:\windows\system32\mstlsapi(2).dll
+ 2004-08-10 10:00:00 195,072 ----a-w c:\windows\system32\msutb(2).dll
+ 2004-08-10 10:00:00 1,392,671 ----a-w c:\windows\system32\msvbvm60(2).dll
+ 2004-08-10 10:00:00 413,696 ----a-w c:\windows\system32\msvcp60(2).dll
+ 2004-08-10 10:00:00 343,040 ----a-w c:\windows\system32\msvcrt(2).dll
+ 2004-08-10 10:00:00 120,832 ----a-w c:\windows\system32\msvfw32(2).dll
+ 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock(2).dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3(2).dll
+ 2006-03-01 19:42:42 66,560 ----a-w c:\windows\system32\mtxclu(2).dll
+ 2004-08-10 10:00:00 90,624 ----a-w c:\windows\system32\mydocs(2).dll
+ 2004-08-10 10:00:00 17,920 ----a-w c:\windows\system32\nddeapi(2).dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32(2).dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32(3).dll
+ 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32(4).dll
+ 2004-08-10 10:00:00 622,080 ----a-w c:\windows\system32\netcfgx(2).dll
+ 2004-08-10 10:00:00 407,040 ----a-w c:\windows\system32\netlogon(2).dll
+ 2005-08-22 18:29:46 197,632 ----a-w c:\windows\system32\netman(2).dll
+ 2004-08-10 10:00:00 12,288 ----a-w c:\windows\system32\netrap(2).dll
+ 2005-06-21 15:00:18 1,705,472 ----a-w c:\windows\system32\netshell(2).dll
+ 2004-08-10 10:00:00 80,896 ----a-w c:\windows\system32\netui0(2).dll
+ 2004-08-10 10:00:00 245,760 ----a-w c:\windows\system32\netui1(2).dll
+ 2004-08-10 10:00:00 248,832 ----a-w c:\windows\system32\newdev(2).dll
+ 2004-08-10 10:00:00 67,072 ----a-w c:\windows\system32\ntdsapi(2).dll
+ 2004-08-10 10:00:00 43,520 ----a-w c:\windows\system32\ntlanman(2).dll
+ 2004-08-10 10:00:00 118,784 ----a-w c:\windows\system32\ntmarta(2).dll
+ 2004-08-10 10:00:00 143,872 ----a-w c:\windows\system32\ntshrui(2).dll
- 2008-08-13 17:07:50 56,321 ----a-w c:\windows\system32\nvModes.dat
+ 2008-11-12 23:20:29 56,321 ----a-w c:\windows\system32\nvModes.dat
+ 2004-08-10 10:00:00 266,752 ----a-w c:\windows\system32\oakley(2).dll
- 2008-04-23 04:16:28 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-06-23 16:57:40 102,912 ----a-w c:\windows\system32\occache.dll
+ 2004-08-10 10:00:00 60,928 ----a-w c:\windows\system32\ocmanage(2).dll
+ 2006-09-20 11:40:23 1,286,656 ----a-w c:\windows\system32\ole32(2).dll
+ 2005-07-26 04:39:48 74,752 ----a-w c:\windows\system32\olecli32(2).dll
+ 2006-10-16 16:15:00 122,880 ----a-w c:\windows\system32\oledlg(2).dll
- 2008-06-19 1829 64,602 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-02 23:04:35 64,602 ----a-w c:\windows\system32\perfc009.dat
- 2008-06-19 1829 408,238 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-02 23:04:35 408,238 ----a-w c:\windows\system32\perfh009.dat
+ 2004-08-10 10:00:00 15,360 ----a-w c:\windows\system32\pjlmon(2).dll
+ 2008-06-23 16:57:40 44,544 ----a-w c:\windows\system32\pngfilt(2).dll
- 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2004-08-10 10:00:00 17,408 ----a-w c:\windows\system32\powrprof(2).dll
+ 2004-08-10 10:00:00 27,648 ----a-w c:\windows\system32\profmap(2).dll
+ 2004-08-10 10:00:00 23,040 ----a-w c:\windows\system32\psapi(2).dll
+ 2004-08-10 10:00:00 96,768 ----a-w c:\windows\system32\psbase(2).dll
+ 2004-08-10 10:00:00 34,304 ----a-w c:\windows\system32\pstorsvc(2).dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w c:\windows\system32\quartz(2).dll
+ 2006-06-26 17:37:10 8,192 ----a-w c:\windows\system32\rasadhlp(2).dll
+ 2004-08-10 10:00:00 69,632 ----a-w c:\windows\system32\raschap(2).dll
+ 2006-06-22 10:47:18 181,248 ----a-w c:\windows\system32\rasmans(2).dll
+ 2004-08-10 10:00:00 206,336 ----a-w c:\windows\system32\rasppp(2).dll
+ 2004-08-10 10:00:00 112,128 ----a-w c:\windows\system32\rastls(2).dll
+ 2004-08-10 10:00:00 49,664 ----a-w c:\windows\system32\regapi(2).dll
+ 2004-08-10 10:00:00 59,904 ----a-w c:\windows\system32\regsvc(2).dll
+ 2008-11-16 23:00:30 46,976 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-10 10:00:00 58,880 ----a-w c:\windows\system32\resutils(2).dll
+ 2006-11-27 14:54:06 433,152 ----a-w c:\windows\system32\riched20(2).dll
+ 2007-07-09 13:16:16 582,656 ----a-w c:\windows\system32\rpcrt4(2).dll
+ 2006-09-20 11:40:23 399,360 ----a-w c:\windows\system32\rpcss(2).dll
+ 2004-08-10 10:00:00 152,576 ----a-w c:\windows\system32\rsaenh(2).dll
+ 2004-08-10 10:00:00 44,032 ----a-w c:\windows\system32\rtutils(2).dll
+ 2004-08-10 10:00:00 180,224 ----a-w c:\windows\system32\scecli(2).dll
+ 2004-08-10 10:00:00 313,856 ----a-w c:\windows\system32\scesrv(2).dll
+ 2004-08-10 10:00:00 190,976 ----a-w c:\windows\system32\schedsvc(2).dll
+ 2004-08-10 10:00:00 18,944 ----a-w c:\windows\system32\seclogon(2).dll
+ 2004-08-10 10:00:00 55,808 ----a-w c:\windows\system32\secur32(2).dll
+ 2004-08-10 10:00:00 5,632 ----a-w c:\windows\system32\security(2).dll
+ 2004-08-10 10:00:00 38,912 ----a-w c:\windows\system32\sens(2).dll
+ 2004-08-10 10:00:00 6,656 ----a-w c:\windows\system32\sensapi(2).dll
+ 2004-08-10 10:00:00 259,584 ----a-w c:\windows\system32\Setup\comsetup(2).dll
+ 2004-08-10 10:00:00 32,828 ----a-w c:\windows\system32\Setup\fp40ext(2).dll
+ 2004-08-10 10:00:00 132,608 ----a-w c:\windows\system32\Setup\fxsocm(2).dll
+ 2004-08-10 10:00:00 505,344 ----a-w c:\windows\system32\Setup\iis(2).dll
+ 2004-08-10 10:00:00 115,712 ----a-w c:\windows\system32\Setup\imsinsnt(2).dll
+ 2004-08-10 10:00:00 82,432 ----a-w c:\windows\system32\Setup\msdtcstp(2).dll
+ 2004-08-10 10:00:00 15,360 ----a-w c:\windows\system32\Setup\msgrocm(2).dll
+ 2004-08-10 10:00:00 169,984 ----a-w c:\windows\system32\Setup\msmqocm(2).dll
+ 2004-08-10 10:00:00 77,312 ----a-w c:\windows\system32\Setup\netoc(2).dll
+ 2004-08-10 10:00:00 62,976 ----a-w c:\windows\system32\Setup\ntoc(2).dll
+ 2004-08-10 10:00:00 15,872 ----a-w c:\windows\system32\Setup\ocgen(2).dll
+ 2004-08-10 10:00:00 17,408 ----a-w c:\windows\system32\Setup\ocmsn(2).dll
+ 2004-08-10 10:00:00 101,376 ----a-w c:\windows\system32\Setup\setupqry(2).dll
+ 2004-08-10 10:00:00 33,792 ----a-w c:\windows\system32\Setup\tabletoc(2).dll
+ 2004-08-10 10:00:00 121,856 ----a-w c:\windows\system32\Setup\tsoc(2).dll
+ 2004-08-10 10:00:00 5,120 ----a-w c:\windows\system32\sfc(2).dll
+ 2004-08-10 10:00:00 140,288 ----a-w c:\windows\system32\sfc_os(2).dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w c:\windows\system32\shell32(2).dll
+ 2004-08-10 10:00:00 438,272 ----a-w c:\windows\system32\shimgvw(2).dll
+ 2006-09-14 08:31:29 474,112 ----a-w c:\windows\system32\shlwapi(2).dll
+ 2006-12-19 21:52:18 134,656 ----a-w c:\windows\system32\shsvcs(2).dll
+ 2008-07-19 05:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 05:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2001-08-18 05:36:16 435,200 ----a-w c:\windows\system32\spool\drivers\w32x86\3\HPF900AL.DLL
+ 2001-08-18 05:36:16 1,853,952 ----a-w c:\windows\system32\spool\drivers\w32x86\3\HPFIMG50.DLL
+ 2004-08-04 07:56:44 87,552 ----a-w c:\windows\system32\spool\drivers\w32x86\3\HPFUD50.DLL
+ 2001-08-18 05:36:16 32,768 ----a-w c:\windows\system32\spool\drivers\w32x86\3\HPFUI50.DLL
+ 2004-08-04 07:56:48 264,704 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2004-08-04 07:56:48 197,120 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2004-08-04 07:56:36 619,520 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2004-08-10 10:00:00 74,752 ----a-w c:\windows\system32\spoolss(2).dll
+ 2005-06-10 23:53:32 57,856 ----a-w c:\windows\system32\spoolsv(2).exe
+ 2004-08-10 10:00:00 67,584 ----a-w c:\windows\system32\srclient(2).dll
+ 2004-08-10 10:00:00 170,496 ----a-w c:\windows\system32\srsvc(2).dll
+ 2004-08-10 10:00:00 34,816 ----a-w c:\windows\system32\ssdpapi(2).dll
+ 2004-08-10 10:00:00 71,680 ----a-w c:\windows\system32\ssdpsrv(2).dll
+ 2004-08-10 10:00:00 121,856 ----a-w c:\windows\system32\stobject(2).dll
+ 2004-08-10 10:00:00 75,776 ----a-w c:\windows\system32\strmfilt(2).dll
+ 2004-08-10 10:00:00 14,336 ----a-w c:\windows\system32\svchost(2).exe
+ 2006-10-19 13:56:32 713,216 ----a-w c:\windows\system32\sxs(2).dll
+ 2004-08-10 10:00:00 181,760 ----a-w c:\windows\system32\tapi32(2).dll
+ 2005-07-08 16:27:56 249,344 ----a-w c:\windows\system32\tapisrv(2).dll
+ 2004-08-10 10:00:00 45,568 ----a-w c:\windows\system32\tcpmon(2).dll
+ 2005-03-10 00:49:52 295,424 ----a-w c:\windows\system32\termsrv(2).dll
+ 2004-08-10 10:00:00 385,536 ----a-w c:\windows\system32\themeui(2).dll
+ 2004-08-10 10:00:00 90,624 ----a-w c:\windows\system32\trkwks(2).dll
+ 2005-07-26 04:39:49 101,376 ----a-w c:\windows\system32\txflog(2).dll
+ 2005-08-23 03:35:42 123,392 ----a-w c:\windows\system32\umpnpmgr(2).dll
+ 2004-08-10 10:00:00 132,608 ----a-w c:\windows\system32\upnp(2).dll
+ 2008-06-23 16:57:40 105,984 ----a-w c:\windows\system32\url(2).dll
- 2008-04-23 04:16:28 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\system32\urlmon(2).dll
- 2008-04-23 04:16:29 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2004-08-10 10:00:00 16,896 ----a-w c:\windows\system32\usbmon(2).dll
+ 2004-08-10 10:00:00 406,528 ----a-w c:\windows\system32\usp10(2).dll
+ 2004-08-10 10:00:00 218,624 ----a-w c:\windows\system32\uxtheme(2).dll
+ 2006-11-08 05:03:36 413,696 ----a-w c:\windows\system32\vbscript(2).dll
+ 2004-08-10 10:00:00 18,944 ----a-w c:\windows\system32\version(2).dll
+ 2004-08-10 10:00:00 430,592 ----a-w c:\windows\system32\vssapi(2).dll
+ 2004-08-10 10:00:00 174,592 ----a-w c:\windows\system32\w32time(2).dll
+ 2004-08-10 10:00:00 15,872 ----a-w c:\windows\system32\w3ssl(2).dll
+ 2004-08-10 10:00:00 185,856 ----a-w c:\windows\system32\wbem\framedyn(2).dll
+ 2004-08-10 10:00:00 18,944 ----a-w c:\windows\system32\wbem\wbemprox(2).dll
+ 2004-08-10 10:00:00 49,152 ----a-w c:\windows\system32\wdigest(2).dll
+ 2004-08-10 10:00:00 23,552 ----a-w c:\windows\system32\wdmaud(2).drv
+ 2008-06-23 16:57:41 233,472 ----a-w c:\windows\system32\webcheck(2).dll
- 2008-04-23 04:16:29 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2006-01-04 03:35:05 68,096 ----a-w c:\windows\system32\webclnt(2).dll
+ 2006-12-19 18:16:47 333,824 ----a-w c:\windows\system32\wiaservc(2).dll
+ 2004-08-10 10:00:00 351,232 ----a-w c:\windows\system32\winhttp(2).dll
+ 2008-06-23 16:57:41 826,368 ----a-w c:\windows\system32\wininet(2).dll
- 2008-04-23 04:16:29 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-06-23 16:57:41 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2004-08-10 10:00:00 32,768 ----a-w c:\windows\system32\winipsec(2).dll
+ 2004-08-10 10:00:00 176,128 ----a-w c:\windows\system32\winmm(2).dll
+ 2004-08-10 10:00:00 16,896 ----a-w c:\windows\system32\winrnr(2).dll
+ 2004-08-10 10:00:00 99,328 ----a-w c:\windows\system32\winscard(2).dll
+ 2004-08-10 10:00:00 176,640 ----a-w c:\windows\system32\wintrust(2).dll
+ 2004-08-10 10:00:00 172,032 ----a-w c:\windows\system32\wldap32(2).dll
+ 2004-08-10 10:00:00 92,672 ----a-w c:\windows\system32\wlnotify(2).dll
+ 2004-08-10 10:00:00 5,632 ----a-w c:\windows\system32\wmi(2).dll
+ 2004-08-10 10:00:00 264,192 ----a-w c:\windows\system32\wow32(2).dll
+ 2004-08-10 10:00:00 82,944 ----a-w c:\windows\system32\ws2_32(2).dll
+ 2004-08-10 10:00:00 19,968 ----a-w c:\windows\system32\ws2help(2).dll
+ 2004-08-10 10:00:00 81,408 ----a-w c:\windows\system32\wscsvc(2).dll
+ 2004-08-10 10:00:00 19,968 ----a-w c:\windows\system32\wshtcpip(2).dll
+ 2004-08-10 10:00:00 22,528 ----a-w c:\windows\system32\wsock32(2).dll
+ 2004-08-10 10:00:00 18,432 ----a-w c:\windows\system32\wtsapi32(2).dll
- 2007-07-31 02:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-07-19 05:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-31 02:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-07-19 05:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-31 02:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-07-19 05:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2004-08-10 10:00:00 6,656 ----a-w c:\windows\system32\wuauserv(2).dll
- 2007-07-31 02:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-07-19 05:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
- 2007-07-31 02:18:40 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-07-19 05:10:20 36,552 ----a-w c:\windows\system32\wups.dll
- 2007-07-31 02:19:12 43,352 ----a-w c:\windows\system32\wups2.dll
+ 2008-07-19 05:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
- 2007-07-31 02:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2008-07-19 05:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2005-06-21 15:00:18 52,736 ----a-w c:\windows\system32\wzcsapi(2).dll
+ 2005-06-21 15:00:18 474,624 ----a-w c:\windows\system32\wzcsvc(2).dll
+ 2006-07-14 15:51:51 121,856 ----a-w c:\windows\system32\xmllite(2).dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2008-08-06 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-08-06 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-08-06 81920]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-07 73728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-06 761947]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-06 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-06 385024]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-03-19 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-03-19 16624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dzwxze.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= c:\windows\system32\i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm
"vidc.i263"= c:\windows\system32\i263_32.drv
"msacm.imc"= c:\windows\system32\imc32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Govier^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Govier\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-08-06 13:36 288576 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2008-08-06 14:03 1347584 c:\windows\system32\wltray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 02:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2008-08-06 13:35 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2008-08-06 14:02 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 17:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 11:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-08-06 13:37 267048 c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--a------ 2008-08-06 13:40 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-03-21 03:03 7557120 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-06 13:12 385024 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-10 12:37 1271032 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
--a------ 2007-01-18 12:20 190008 c:\program files\Seagate\SystemTray\StxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-06 13:12 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
braviax.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2006-03-21 03:03 73728 c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-08-06 14:03 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Dell V305\\dldtamon.exe"=
"c:\\Program Files\\Dell V305\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtwbgw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15402:TCP"= 15402:TCP:BND
"10046:TCP"= 10046:TCP:BND
"13500:TCP"= 13500:TCP:BND
"14502:TCP"= 14502:TCP:BND
"33227:TCP"= 33227:TCP:BND

R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service []
R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2008-07-11 99568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20a266e9-bd70-11db-bfbe-0015c5b0a027}]
\Shell\AutoRun\command - F:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{048457E0-E8EA-4BA5-886D-CF5F4FC93B2A} - (no file)
BHO-{1D143A0E-F1AD-46D8-9456-160F3AE3487A} - c:\windows\system32\urqOhecd.dll
BHO-{398c02aa-25b4-4d4f-9470-cf9eccecd6c4} - c:\windows\system32\dzwxze.dll
BHO-{513CF211-F103-49C5-8799-E43398C5F91F} - (no file)
BHO-{A63E645F-13BD-45ED-B15F-6E8C1BD57279} - (no file)
BHO-{BEAEB54B-EC1C-4546-8AEE-308FC6F30C13} - c:\windows\system32\jkkICrQI.dll
HKLM-Run-aca38e8f - c:\windows\system32\fnaskxld.dll
Notify-rqRhiFxx - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 12:43:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe
c:\windows\system32\dldtcoms.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Dell V305\dldtmsdmon.exe
.
**************************************************************************
.
Completion time: 2008-11-19 12:49:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-19 20:49:34
ComboFix2.txt 2008-08-13 20:50:36
ComboFix3.txt 2008-08-12 20:57:57

Pre-Run: 22,568,599,552 bytes free
Post-Run: 22,790,975,488 bytes free

722 --- E O F --- 2008-08-14 15:57:34
Attached Files
File Type: txt log.txt (50.3 KB, 2 views)
briang3 is offline