HJ Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:05 AM, on 6/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 1411 bytes
ComboFix:
ComboFix 08-06-09.3 - Courtenay 2008-06-10 8:22:38.2 -
FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.99 [GMT -5:00]
Running from: C:\Documents and Settings\Courtenay\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\system.exe
C:\WINDOWS\system32\wnsapiisv.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.
2008-06-09 16:59 . 2008-06-09 21:27 354 ---hs---- C:\WINDOWS\system32\wnwgctbr.ini
2008-06-09 10:52 . 2008-06-09 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-09 10:52 . 2007-09-06 16:14 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-06-09 10:52 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-06-09 10:52 . 2008-06-09 10:55 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-09 10:50 . 2008-06-09 10:50 98,544 --a------ C:\WINDOWS\system32\lkleuyra.dll
2008-06-09 10:48 . 2008-06-09 10:48 84,704 --a------ C:\WINDOWS\system32\rbtcgwnw.dll
2008-06-09 10:37 . 2005-10-20 17:33 991,232 --a------ C:\WINDOWS\system32\esent.dll
2008-06-09 10:29 . 2008-06-09 10:29 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-09 10:29 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-09 10:18 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-06-09 10:18 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-06-09 10:18 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-06-09 10:18 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-06-09 10:18 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-06-09 10:18 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-06-09 10:15 . 2005-10-27 14:06 226,816 --a------ C:\WINDOWS\system32\srrstr.dll
2008-06-09 10:11 . 2003-08-01 23:14 25,600 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-06-09 10:03 . 2008-06-09 10:03 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-09 10:03 . 2008-06-09 10:03 <DIR> d-------- C:\WINDOWS\ehome
2008-06-09 09:59 . 2002-08-29 05:41 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-06-09 09:58 . 2002-08-29 05:41 1,004,032 --a------ C:\WINDOWS\explorer.exe
2008-06-06 17:30 . 2008-06-06 17:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-06 16:09 . 2008-06-06 16:09 <DIR> d-------- C:\VundoFix Backups
2008-06-05 22:16 . 2008-06-05 22:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-05 22:15 . 2008-06-05 22:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 22:15 . 2008-06-05 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 21:59 . 2008-06-05 21:59 <DIR> d-------- C:\Downloads
2008-06-05 21:26 . 2008-06-05 21:26 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-05 21:17 . 2004-07-01 17:08 361,984 --a------ C:\WINDOWS\system32\dllcache\qmgr.dll
2008-06-05 21:17 . 2004-07-01 17:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-06-05 21:17 . 2004-07-01 17:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-06-05 21:17 . 2004-07-01 17:08 17,408 --a------ C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-06-05 21:17 . 2004-07-01 17:08 7,680 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-06-05 21:17 . 2004-07-01 17:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-06-05 21:17 . 2004-07-01 17:08 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-06-05 21:17 . 2004-07-01 17:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-06-05 21:13 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-06-05 21:13 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-06-05 21:13 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-06-05 21:13 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-06-05 21:13 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-06-05 21:13 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-06-05 21:13 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-06-05 20:52 . 2008-06-05 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 20:24 . 2008-06-05 20:24 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-05 20:24 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-06-05 17:01 . 2008-06-05 17:01 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-05 16:53 . 2008-06-05 10:44 <DIR> d-------- C:\SDFix
2008-06-05 16:49 . 2008-06-05 16:49 401,978 --a------ C:\Documents and Settings\Courtenay\g22.exe
2008-06-05 16:49 . 2008-06-05 21:00 63,902 --a------ C:\WINDOWS\system32\{35bec6a3-5614-5356-ee5b-0c9d1fbe3d40}.dll-uninst.exe
2008-06-05 16:19 . 2008-06-05 16:20 298,308 --a------ C:\Documents and Settings\Courtenay\gside.exe
2008-06-05 14:58 . 2008-06-05 14:58 <DIR> d-------- C:\Program Files\Zone Labs
2008-06-05 14:53 . 2008-06-05 14:53 <DIR> dr-h----- C:\$VAULT$.AVG
2008-06-05 14:52 . 2008-06-05 14:53 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-06-05 14:51 . 2008-06-05 14:51 <DIR> d-------- C:\Documents and Settings\Courtenay\Application Data\AVG7
2008-06-05 14:50 . 2008-06-05 14:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-05 14:49 . 2008-06-05 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-05 14:49 . 2008-06-05 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-06-05 14:25 . 2008-06-05 14:25 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-05 14:13 . 2001-08-17 13:48 13,952 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-05 14:13 . 2001-08-17 13:48 13,952 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-06-05 14:13 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-05 14:13 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-05 14:12 . 2002-08-29 03:32 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-05 14:12 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-05 14:12 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2005-10-05 22:17 266 --sh--w C:\Program Files\desktop.ini
2005-10-05 22:17 11,079 ---h--w C:\Program Files\folder.htt
.
((((((((((((((((((((((((((((( snapshot@2008-06-09_16.59.07.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 21:57:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 02:27:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2002-11-18 16:27:40 392,576 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2006-05-05 09:31:04 433,152 ----a-w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2005-03-02 00:36:44 1,900,032 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:36:42 1,955,840 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:36:44 1,928,704 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 01:33:36 2,040,832 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-08-16 09:27:12 11,776 ----a-w C:\WINDOWS\Driver Cache\i386\tunmp.sys
- 2002-09-22 01:13:26 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-25 22:44:32 10,752 ----a-w C:\WINDOWS\hh.exe
- 2001-08-18 17:00:00 50,688 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2005-04-22 05:20:24 51,712 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2002-08-29 10:40:48 59,392 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 12:14:24 95,232 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2001-08-18 17:00:00 51,200 ----a-w C:\WINDOWS\system32\authz.dll
+ 2005-03-02 18:20:04 53,760 ----a-w C:\WINDOWS\system32\authz.dll
- 2002-08-29 10:40:50 1,021,952 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2006-09-04 06:23:54 1,027,072 ----a-w C:\WINDOWS\system32\BROWSEUI.DLL
- 2001-08-18 12:00:00 215,040 ----a-w C:\WINDOWS\system32\catsrv.dll
+ 2005-07-26 04:30:34 220,672 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2002-08-29 10:40:50 582,656 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2005-07-26 04:30:38 581,632 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2001-08-18 17:00:00 142,336 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2004-12-07 23:43:02 143,360 ----a-w C:\WINDOWS\system32\CDFVIEW.DLL
- 2001-08-18 17:00:00 2,028,032 ----a-w C:\WINDOWS\system32\cdosys.dll
+ 2005-09-10 02:04:32 2,025,984 ----a-w C:\WINDOWS\system32\cdosys.dll
- 2002-08-29 10:40:50 64,512 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2006-06-22 05:19:48 64,512 ----a-w C:\WINDOWS\system32\ciodm.dll
- 2001-08-18 12:00:00 100,864 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2005-07-26 04:30:38 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
- 2001-08-18 12:00:00 468,480 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2005-07-26 04:30:42 497,152 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2001-08-18 12:00:00 56,832 ----a-w C:\WINDOWS\system32\colbact.dll
+ 2005-07-26 04:30:42 62,464 ----a-w C:\WINDOWS\system32\colbact.dll
- 2002-08-29 10:40:50 186,880 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2005-07-26 04:30:42 187,392 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2002-08-29 10:40:50 557,056 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2006-08-25 15:53:56 561,664 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2001-08-18 12:00:00 82,432 ----a-w C:\WINDOWS\system32\comrepl.dll
+ 2005-07-26 04:30:42 89,600 ----a-w C:\WINDOWS\system32\comrepl.dll
- 2002-08-29 10:40:50 1,172,992 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2005-07-26 04:30:50 1,179,136 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2001-08-18 12:00:00 495,616 ----a-w C:\WINDOWS\system32\comuid.dll
+ 2005-07-26 04:31:12 499,200 ----a-w C:\WINDOWS\system32\comuid.dll
- 2008-06-09 21:50:30 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-10 13:21:20 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-09 21:50:30 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-10 13:21:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-09 21:50:30 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-10 13:21:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2001-08-18 17:00:00 89,600 ----a-w C:\WINDOWS\system32\cscdll.dll
+ 2004-10-28 01:29:54 92,160 ----a-w C:\WINDOWS\system32\cscdll.dll
- 2002-08-29 10:40:50 986,112 ----a-w C:\WINDOWS\system32\danim.dll
+ 2005-10-21 01:08:44 986,112 ----a-w C:\WINDOWS\system32\DANIM.DLL
- 2002-08-29 10:40:50 99,840 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-05-19 12:15:32 103,936 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-08-16 12:14:24 95,232 ----a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
- 2001-08-18 17:00:00 50,688 ----a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2005-04-22 05:20:24 51,712 ----a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2001-08-18 12:00:00 51,200 ----a-w C:\WINDOWS\system32\dllcache\authz.dll
+ 2005-03-02 18:20:04 53,760 ----a-w C:\WINDOWS\system32\dllcache\authz.dll
+ 2006-09-04 06:23:54 1,027,072 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2001-08-18 12:00:00 215,040 ----a-w C:\WINDOWS\system32\dllcache\catsrv.dll
+ 2005-07-26 04:30:34 220,672 ----a-w C:\WINDOWS\system32\dllcache\catsrv.dll
- 2001-08-18 17:00:00 142,336 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2004-12-07 23:43:02 143,360 ----a-w C:\WINDOWS\system32\dllcache\CDFVIEW.DLL
- 2001-08-18 17:00:00 2,028,032 ----a-w C:\WINDOWS\system32\dllcache\cdosys.dll
+ 2005-09-10 02:04:32 2,025,984 ----a-w C:\WINDOWS\system32\dllcache\cdosys.dll
+ 2006-06-22 05:19:48 64,512 ------w C:\WINDOWS\system32\dllcache\ciodm.dll
- 2001-08-18 12:00:00 100,864 ----a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2005-07-26 04:30:38 110,080 ----a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
- 2001-08-18 12:00:00 468,480 ----a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2005-07-26 04:30:42 497,152 ----a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
- 2001-08-18 12:00:00 56,832 ----a-w C:\WINDOWS\system32\dllcache\colbact.dll
+ 2005-07-26 04:30:42 62,464 ----a-w C:\WINDOWS\system32\dllcache\colbact.dll
+ 2006-08-25 15:53:56 561,664 ------w C:\WINDOWS\system32\dllcache\comctl32.dll
- 2001-08-18 12:00:00 82,432 ----a-w C:\WINDOWS\system32\dllcache\comrepl.dll
+ 2005-07-26 04:30:42 89,600 ----a-w C:\WINDOWS\system32\dllcache\comrepl.dll
- 2001-08-18 12:00:00 495,616 ----a-w C:\WINDOWS\system32\dllcache\comuid.dll
+ 2005-07-26 04:31:12 499,200 ----a-w C:\WINDOWS\system32\dllcache\comuid.dll
- 2001-08-18 17:00:00 89,600 ----a-w C:\WINDOWS\system32\dllcache\cscdll.dll
+ 2004-10-28 01:29:54 92,160 ----a-w C:\WINDOWS\system32\dllcache\cscdll.dll
+ 2006-05-19 12:15:32 103,936 ------w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
- 2001-08-18 12:00:00 76,288 ----a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2006-02-27 18:31:38 75,776 ----a-w C:\WINDOWS\system32\dllcache\DIRECTDB.DLL
+ 2006-06-26 17:47:50 140,288 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2001-08-18 12:00:00 1,018,368 ----a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2005-10-20 22:33:08 991,232 ----a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2004-08-20 22:01:16 82,432 ------w C:\WINDOWS\system32\dllcache\fldrclnr.dll
- 2001-08-18 17:00:00 79,360 ----a-w C:\WINDOWS\system32\dllcache\fontsub.dll
+ 2005-10-17 21:29:54 77,824 ----a-w C:\WINDOWS\system32\dllcache\fontsub.dll
- 2001-08-18 17:00:00 77,850 ----a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2006-07-21 08:30:50 72,704 ----a-w C:\WINDOWS\system32\dllcache\hlink.dll
- 2001-08-18 17:00:00 31,232 ----a-w C:\WINDOWS\system32\dllcache\inetmib1.dll
+ 2006-08-16 12:14:24 31,232 ----a-w C:\WINDOWS\system32\dllcache\inetmib1.dll
- 2001-08-18 12:00:00 47,616 ----a-w C:\WINDOWS\system32\dllcache\inetres.dll
+ 2006-02-27 18:31:50 47,616 ----a-w C:\WINDOWS\system32\dllcache\INETRES.DLL
+ 2006-08-16 12:14:24 83,456 ----a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
+ 2006-05-13 10:13:32 74,368 ------w C:\WINDOWS\system32\dllcache\ipsec.sys
- 2001-08-18 17:00:00 332,800 ----a-w C:\WINDOWS\system32\dllcache\ipsecsnp.dll
+ 2006-05-14 09:13:42 334,848 ----a-w C:\WINDOWS\system32\dllcache\ipsecsnp.dll
+ 2006-05-14 09:13:42 159,744 ------w C:\WINDOWS\system32\dllcache\ipsecsvc.dll
- 2001-08-18 17:00:00 364,032 ----a-w C:\WINDOWS\system32\dllcache\ipsmsnap.dll
+ 2006-05-14 09:13:42 364,544 ----a-w C:\WINDOWS\system32\dllcache\ipsmsnap.dll
+ 2006-08-16 09:28:56 48,640 ----a-w C:\WINDOWS\system32\dllcache\ipv6.exe
+ 2006-08-16 12:14:24 54,272 ----a-w C:\WINDOWS\system32\dllcache\ipv6mon.dll
- 2001-08-18 17:00:00 144,896 ----a-w C:\WINDOWS\system32\dllcache\jgdw400.dll
+ 2006-05-27 03:19:50 163,840 ----a-w C:\WINDOWS\system32\dllcache\JGDW400.DLL
- 2001-08-18 17:00:00 42,496 ----a-w C:\WINDOWS\system32\dllcache\jgpl400.dll
+ 2006-04-06 21:15:48 27,648 ----a-w C:\WINDOWS\system32\dllcache\JGPL400.DLL
- 2003-01-13 19:57:58 589,881 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2006-05-18 05:58:56 458,752 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2001-08-18 17:00:00 12,288 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2006-04-28 15:58:48 12,288 ----a-w C:\WINDOWS\system32\dllcache\JSPROXY.DLL
+ 2006-07-05 10:46:36 928,768 ------w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2001-08-18 17:00:00 15,360 ----a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
+ 2005-09-01 01:49:30 16,384 ----a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
- 2001-08-18 17:00:00 35,328 ----a-w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2004-03-30 01:48:36 36,864 ----a-w C:\WINDOWS\system32\dllcache\mf3216.dll
- 2001-08-18 12:00:00 6,656 ----a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2005-07-22 23:03:38 7,680 ----a-w C:\WINDOWS\system32\dllcache\migregdb.exe
- 2001-08-18 17:00:00 172,672 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2005-04-26 01:58:04 173,312 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2006-05-05 09:31:04 433,152 ------w C:\WINDOWS\system32\dllcache\mrxsmb.sys
- 2001-08-18 12:00:00 869,376 ----a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2006-03-01 19:44:40 974,336 ----a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
- 2001-08-18 12:00:00 151,040 ----a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2006-03-01 19:44:40 150,528 ----a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
- 2001-08-18 17:00:00 44,032 ----a-w C:\WINDOWS\system32\dllcache\msident.dll
+ 2006-02-27 18:29:32 44,032 ----a-w C:\WINDOWS\system32\dllcache\MSIDENT.DLL
- 2001-08-18 12:00:00 2,479,104 ----a-w C:\WINDOWS\system32\dllcache\msoeres.dll
+ 2006-02-27 18:32:08 2,479,616 ----a-w C:\WINDOWS\system32\dllcache\MSOERES.DLL
+ 2006-09-13 05:09:16 1,110,528 ------w C:\WINDOWS\system32\dllcache\msxml3.dll
- 2001-08-18 17:00:00 61,440 ----a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
+ 2006-03-01 19:44:40 64,512 ----a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
- 2001-08-18 12:00:00 83,968 ----a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
+ 2006-03-01 19:44:40 83,456 ----a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
+ 2006-07-14 15:53:28 307,200 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2001-08-18 17:00:00 82,944 ----a-w C:\WINDOWS\system32\dllcache\netsh.exe
+ 2006-08-16 09:27:50 83,456 ----a-w C:\WINDOWS\system32\dllcache\netsh.exe
+ 2006-05-14 09:13:42 257,536 ------w C:\WINDOWS\system32\dllcache\oakley.dll
- 2001-08-18 12:00:00 92,672 ----a-w C:\WINDOWS\system32\dllcache\oeimport.dll
+ 2006-02-27 18:31:58 93,184 ----a-w C:\WINDOWS\system32\dllcache\OEIMPORT.DLL
- 2001-08-18 12:00:00 55,808 ----a-w C:\WINDOWS\system32\dllcache\oemig50.exe
+ 2006-02-27 18:32:08 55,808 ----a-w C:\WINDOWS\system32\dllcache\OEMIG50.EXE
- 2001-08-18 12:00:00 32,256 ----a-w C:\WINDOWS\system32\dllcache\oemiglib.dll
+ 2006-02-27 18:32:10 31,744 ----a-w C:\WINDOWS\system32\dllcache\OEMIGLIB.DLL
- 2001-08-18 12:00:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\olecli32.dll
+ 2005-07-26 04:31:14 68,608 ----a-w C:\WINDOWS\system32\dllcache\olecli32.dll
- 2001-08-18 12:00:00 34,304 ----a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2005-07-26 04:31:14 35,328 ----a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
- 2001-08-18 17:00:00 87,552 ----a-w C:\WINDOWS\system32\dllcache\polstore.dll
+ 2006-05-14 09:13:42 98,304 ----a-w C:\WINDOWS\system32\dllcache\polstore.dll
- 2003-05-30 14:00:02 1,962,496 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2005-08-30 14:14:00 1,227,776 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2006-06-22 05:19:50 1,350,144 ------w C:\WINDOWS\system32\dllcache\query.dll
- 2001-08-18 17:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2006-06-26 17:47:50 6,144 ----a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2006-06-22 10:59:18 169,984 ------w C:\WINDOWS\system32\dllcache\rasmans.dll
+ 2006-05-05 09:40:32 166,656 ------w C:\WINDOWS\system32\dllcache\rdbss.sys
- 2001-08-18 17:00:00 200,064 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2006-07-13 08:41:42 199,936 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2006-09-04 06:23:54 1,351,680 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2006-07-13 13:46:56 8,353,280 ------w C:\WINDOWS\system32\dllcache\shell32.dll
- 2001-08-18 17:00:00 51,200 ----a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
+ 2005-06-10 23:55:46 53,248 ----a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
- 2002-12-20 17:36:00 322,048 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2006-08-14 08:59:20 321,536 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2001-08-18 17:00:00 87,040 ----a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
+ 2004-12-07 19:34:38 79,872 ----a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
+ 2004-08-20 22:01:16 700,928 ------w C:\WINDOWS\system32\dllcache\sxs.dll
- 2001-08-18 17:00:00 198,656 ----a-w C:\WINDOWS\system32\dllcache\t2embed.dll
+ 2005-10-17 21:29:54 111,616 ----a-w C:\WINDOWS\system32\dllcache\t2embed.dll
+ 2006-04-20 11:38:44 340,480 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2006-08-16 09:28:58 205,120 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2006-08-16 09:27:12 11,776 ----a-w C:\WINDOWS\system32\dllcache\tunmp.sys
- 2001-08-18 17:00:00 90,624 ----a-w C:\WINDOWS\system32\dllcache\txflog.dll
+ 2005-07-26 04:31:14 97,280 ----a-w C:\WINDOWS\system32\dllcache\txflog.dll
- 2001-08-18 12:00:00 43,008 ----a-w C:\WINDOWS\system32\dllcache\wab.exe
+ 2006-02-27 18:31:46 42,496 ----a-w C:\WINDOWS\system32\dllcache\WAB.EXE
- 2001-08-18 12:00:00 30,720 ----a-w C:\WINDOWS\system32\dllcache\wabfind.dll
+ 2006-02-27 18:31:48 30,208 ----a-w C:\WINDOWS\system32\dllcache\WABFIND.DLL
- 2001-08-18 12:00:00 76,800 ----a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2006-02-27 18:31:44 77,824 ----a-w C:\WINDOWS\system32\dllcache\WABIMP.DLL
- 2001-08-18 12:00:00 27,648 ----a-w C:\WINDOWS\system32\dllcache\wabmig.exe
+ 2006-02-27 18:31:42 27,648 ----a-w C:\WINDOWS\system32\dllcache\WABMIG.EXE
- 2001-08-18 17:00:00 25,600 ----a-w C:\WINDOWS\system32\dllcache\winipsec.dll
+ 2006-05-14 09:13:42 29,184 ----a-w C:\WINDOWS\system32\dllcache\winipsec.dll
- 2001-08-18 12:00:00 75,264 ----a-w C:\WINDOWS\system32\dllcache\ws2_32.dll
+ 2006-08-16 12:14:24 70,656 ----a-w C:\WINDOWS\system32\dllcache\ws2_32.dll
+ 2006-08-16 12:14:24 13,312 ----a-w C:\WINDOWS\system32\dllcache\wship6.dll
- 2001-08-18 12:00:00 9,728 ----a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
+ 2006-03-01 19:44:40 11,776 ----a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
- 2002-08-29 10:40:50 139,264 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2006-06-26 17:47:50 140,288 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2002-08-29 09:07:22 57,984 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
+ 2006-05-13 10:13:32 74,368 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
- 2001-08-18 17:00:00 172,672 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2005-04-26 01:58:04 173,312 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2002-11-18 16:27:40 392,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2006-05-05 09:31:04 433,152 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2002-08-29 08:58:50 163,328 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2006-05-05 09:40:32 166,656 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2002-08-29 10:46:44 115,976 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2005-06-10 04:30:16 116,104 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
- 2001-08-18 17:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2006-07-13 08:41:42 199,936 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
- 2002-12-20 17:36:00 322,048 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 08:59:20 321,536 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2002-08-29 08:58:12 332,928 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2006-04-20 11:38:44 340,480 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2002-08-29 08:37:54 196,288 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2006-08-16 09:28:58 205,120 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2002-08-29 08:35:44 9,856 ------w C:\WINDOWS\system32\drivers\tunmp.sys
+ 2006-08-16 09:27:12 11,776 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
- 2002-08-29 10:40:52 337,920 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2006-06-09 19:35:50 351,744 ----a-w C:\WINDOWS\system32\DXTMSFT.DLL
- 2002-08-29 10:40:52 194,560 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2006-06-09 19:35:30 192,512 ----a-w C:\WINDOWS\system32\DXTRANS.DLL
- 2002-08-29 10:40:52 225,280 ----a-w C:\WINDOWS\system32\es.dll
+ 2005-07-26 04:31:12 227,328 ----a-w C:\WINDOWS\system32\es.dll
- 2002-08-29 10:40:54 82,432 ----a-w C:\WINDOWS\system32\fldrclnr.dll
+ 2004-08-20 22:01:16 82,432 ----a-w C:\WINDOWS\system32\fldrclnr.dll
- 2008-06-09 15:07:16 214,472 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-10 02:27:10 214,472 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2001-08-18 17:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
+ 2005-10-17 21:29:54 77,824 ----a-w C:\WINDOWS\system32\fontsub.dll
- 2002-08-29 10:40:56 250,368 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2006-01-02 22:38:04 260,608 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2003-01-10 19:43:46 37,888 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2005-05-27 01:59:52 38,912 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2001-08-18 17:00:00 77,850 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2006-07-21 08:30:50 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
- 2001-08-18 12:00:00 489,984 ----a-w C:\WINDOWS\system32\hypertrm.dll
+ 2004-11-17 17:57:02 493,056 ----a-w C:\WINDOWS\system32\hypertrm.dll
- 2002-08-29 10:40:56 236,032 ----a-w C:\WINDOWS\system32\icm32.dll
+ 2005-06-29 01:54:58 237,056 ----a-w C:\WINDOWS\system32\icm32.dll
- 2002-08-29 10:40:56 231,424 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2006-02-24 20:24:42 236,032 ----a-w C:\WINDOWS\system32\IEPEERS.DLL
- 2002-08-29 10:40:56 587,776 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2006-02-27 18:31:54 596,480 ----a-w C:\WINDOWS\system32\INETCOMM.DLL
- 2001-08-18 17:00:00 31,232 ----a-w C:\WINDOWS\system32\inetmib1.dll
+ 2006-08-16 12:14:24 31,232 ----a-w C:\WINDOWS\system32\inetmib1.dll
- 2001-08-18 12:00:00 47,616 ----a-w C:\WINDOWS\system32\inetres.dll
+ 2006-02-27 18:31:50 47,616 ----a-w C:\WINDOWS\system32\INETRES.DLL
- 2002-08-29 10:40:58 69,632 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2004-08-26 15:53:48 69,632 ----a-w C:\WINDOWS\system32\INSENG.DLL
- 2002-08-29 10:40:58 82,944 ----a-w C:\WINDOWS\system32\iphlpapi.dll
+ 2006-08-16 12:14:24 83,456 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2001-08-18 17:00:00 332,800 ----a-w C:\WINDOWS\system32\ipsecsnp.dll
+ 2006-05-14 09:13:42 334,848 ----a-w C:\WINDOWS\system32\ipsecsnp.dll
- 2002-08-29 10:40:58 155,648 ----a-w C:\WINDOWS\system32\ipsecsvc.dll
+ 2006-05-14 09:13:42 159,744 ----a-w C:\WINDOWS\system32\ipsecsvc.dll
- 2001-08-18 17:00:00 364,032 ----a-w C:\WINDOWS\system32\ipsmsnap.dll
+ 2006-05-14 09:13:42 364,544 ----a-w C:\WINDOWS\system32\ipsmsnap.dll
- 2002-08-29 10:41:26 60,928 ----a-w C:\WINDOWS\system32\ipv6.exe
+ 2006-08-16 09:28:56 48,640 ----a-w C:\WINDOWS\system32\ipv6.exe
- 2002-08-29 10:40:58 134,144 ----a-w C:\WINDOWS\system32\ipv6mon.dll
+ 2006-08-16 12:14:24 54,272 ----a-w C:\WINDOWS\system32\ipv6mon.dll
- 2003-01-10 19:43:48 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2005-05-27 01:59:52 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
- 2003-01-10 19:43:48 122,368 ----a-w C:\WINDOWS\system32\itss.dll
+ 2005-05-27 01:59:52 128,000 ----a-w C:\WINDOWS\system32\itss.dll
- 2001-08-18 17:00:00 144,896 ----a-w C:\WINDOWS\system32\jgdw400.dll
+ 2006-05-27 03:19:50 163,840 ----a-w C:\WINDOWS\system32\JGDW400.DLL
- 2001-08-18 17:00:00 42,496 ----a-w C:\WINDOWS\system32\jgpl400.dll
+ 2006-04-06 21:15:48 27,648 ----a-w C:\WINDOWS\system32\JGPL400.DLL
- 2003-01-13 19:57:58 589,881 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2006-05-18 05:58:56 458,752 ----a-w C:\WINDOWS\system32\jscript.dll
- 2001-08-18 17:00:00 12,288 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2006-04-28 15:58:48 12,288 ----a-w C:\WINDOWS\system32\JSPROXY.DLL
- 2002-08-29 10:41:00 272,896 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2005-06-15 17:50:24 285,184 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2002-08-29 10:41:00 930,304 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2006-07-05 10:46:36 928,768 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2001-08-18 17:00:00 15,360 ----a-w C:\WINDOWS\system32\linkinfo.dll
+ 2005-09-01 01:49:30 16,384 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2002-08-29 10:41:00 671,744 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2004-10-28 01:29:54 681,984 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2001-08-18 17:00:00 35,328 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2004-03-30 01:48:36 36,864 ----a-w C:\WINDOWS\system32\mf3216.dll
- 2002-08-29 10:41:02 68,096 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2005-06-29 01:54:58 68,608 ----a-w C:\WINDOWS\system32\mscms.dll
- 2002-08-29 10:41:04 359,936 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:44:40 368,640 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2001-08-18 12:00:00 869,376 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:44:40 974,336 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2001-08-18 12:00:00 151,040 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:44:40 150,528 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2002-08-29 10:41:04 2,833,920 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2006-06-30 15:28:26 2,703,872 ----a-w C:\WINDOWS\system32\MSHTML.DLL
- 2001-08-18 17:00:00 44,032 ----a-w C:\WINDOWS\system32\msident.dll
+ 2006-02-27 18:29:32 44,032 ----a-w C:\WINDOWS\system32\MSIDENT.DLL
- 2002-08-29 10:41:04 229,888 ----a-w C:\WINDOWS\system32\msieftp.dll
+ 2005-08-05 17:23:28 230,400 ----a-w C:\WINDOWS\system32\msieftp.dll
- 2002-08-29 10:41:06 228,864 ----a-w C:\WINDOWS\system32\msoeacct.dll
+ 2006-02-27 18:31:40 229,376 ----a-w C:\WINDOWS\system32\MSOEACCT.DLL
- 2002-08-29 10:41:06 81,408 ----a-w C:\WINDOWS\system32\msoert2.dll
+ 2006-02-27 18:31:36 91,136 ----a-w C:\WINDOWS\system32\MSOERT2.DLL
- 2002-08-29 10:41:06 132,096 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2005-02-24 17:54:42 132,096 ----a-w C:\WINDOWS\system32\MSRATING.DLL
- 2002-08-29 10:41:08 496,128 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-03-03 21:13:30 498,176 ----a-w C:\WINDOWS\system32\MSTIME.DLL
- 2002-08-29 10:41:08 1,122,304 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2006-09-13 05:09:16 1,110,528 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2001-08-18 17:00:00 61,440 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2006-03-01 19:44:40 64,512 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2001-08-18 12:00:00 83,968 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2006-03-01 19:44:40 83,456 ----a-w C:\WINDOWS\system32\mtxoci.dll
- 2002-08-29 10:41:08 309,248 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-07-14 15:53:28 307,200 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2002-08-29 10:41:08 154,112 ----a-w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:36:34 154,624 ----a-w C:\WINDOWS\system32\netman.dll
- 2001-08-18 17:00:00 82,944 ----a-w C:\WINDOWS\system32\netsh.exe
+ 2006-08-16 09:27:50 83,456 ----a-w C:\WINDOWS\system32\netsh.exe
- 2002-08-29 08:04:56 1,947,904 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2005-03-02 00:36:42 1,955,840 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2002-08-29 09:03:30 2,042,240 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2005-03-02 01:33:36 2,040,832 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2002-08-29 10:41:10 328,704 ----a-w C:\WINDOWS\system32\oakley.dll
+ 2006-05-14 09:13:42 257,536 ----a-w C:\WINDOWS\system32\oakley.dll
- 2002-08-29 10:41:10 1,169,920 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-07-26 04:31:14 1,190,400 ----a-w C:\WINDOWS\system32\ole32.dll
- 2001-08-18 17:00:00 68,608 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2005-07-26 04:31:14 68,608 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2001-08-18 17:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2005-07-26 04:31:14 35,328 ----a-w C:\WINDOWS\system32\olecnv32.dll
- 2002-08-29 10:41:10 34,304 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2005-04-27 15:53:06 34,816 ----a-w C:\WINDOWS\system32\PNGFILT.DLL
- 2001-08-18 17:00:00 87,552 ----a-w C:\WINDOWS\system32\polstore.dll
+ 2006-05-14 09:13:42 98,304 ----a-w C:\WINDOWS\system32\polstore.dll
- 2003-05-30 14:00:02 1,962,496 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2005-08-30 14:14:00 1,227,776 ----a-w C:\WINDOWS\system32\quartz.dll
- 2002-08-29 10:41:10 1,349,120 ----a-w C:\WINDOWS\system32\query.dll
+ 2006-06-22 05:19:50 1,350,144 ----a-w C:\WINDOWS\system32\query.dll
- 2001-08-18 17:00:00 6,144 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:47:50 6,144 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2002-08-29 10:41:10 158,720 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:59:18 169,984 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2002-08-29 10:41:10 530,432 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2004-03-06 02:16:12 535,552 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2002-08-29 10:41:10 260,608 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-07-26 04:31:14 276,992 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2002-08-29 10:41:12 1,341,440 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2006-09-04 06:23:54 1,351,680 ----a-w C:\WINDOWS\system32\SHDOCVW.DLL
- 2002-08-29 10:41:12 8,336,384 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2006-07-13 13:46:56 8,353,280 ----a-w C:\WINDOWS\system32\shell32.dll
- 2002-08-29 10:41:12 401,920 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2005-09-01 01:49:30 409,088 ----a-w C:\WINDOWS\system32\SHLWAPI.DLL
- 2002-08-29 10:41:12 116,224 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2004-10-28 01:29:54 116,736 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2005-05-04 19:45:26 13,536 ------w C:\WINDOWS\system32\spmsg.dll
+ 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2001-08-18 17:00:00 51,200 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:55:46 53,248 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2001-08-18 17:00:00 87,040 ----a-w C:\WINDOWS\system32\srvsvc.dll
+ 2004-12-07 19:34:38 79,872 ----a-w C:\WINDOWS\system32\srvsvc.dll
- 2002-08-29 10:41:18 674,816 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2004-08-20 22:01:16 700,928 ----a-w C:\WINDOWS\system32\sxs.dll
- 2001-08-18 17:00:00 198,656 ----a-w C:\WINDOWS\system32\t2embed.dll
+ 2005-10-17 21:29:54 111,616 ----a-w C:\WINDOWS\system32\t2embed.dll
- 2002-08-29 10:41:18 233,984 ----a-w C:\WINDOWS\system32\tapisrv.dll
+ 2005-07-08 16:09:48 238,592 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2002-08-29 10:41:28 71,168 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2005-05-11 00:09:48 72,192 ----a-w C:\WINDOWS\system32\telnet.exe
- 2001-08-18 17:00:00 90,624 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2005-07-26 04:31:14 97,280 ----a-w C:\WINDOWS\system32\txflog.dll
- 2002-08-29 10:41:18 107,008 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2005-08-23 03:51:10 111,104 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2002-08-29 10:41:18 455,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2006-08-31 01:42:56 461,824 ----a-w C:\WINDOWS\system32\URLMON.DLL
- 2002-08-29 10:41:18 560,128 ----a-w C:\WINDOWS\system32\user32.dll
+ 2005-03-02 18:20:04 561,152 ----a-w C:\WINDOWS\system32\user32.dll
+ 2006-03-17 00:49:30 25,600 ------w C:\WINDOWS\system32\verclsid.exe
- 2002-08-29 10:41:18 61,952 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2006-01-04 03:37:34 64,000 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2002-08-29 09:14:20 1,813,632 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2005-10-04 01:38:18 1,799,552 ----a-w C:\WINDOWS\system32\win32k.sys
- 2002-08-29 10:41:18 99,328 ----a-w C:\WINDOWS\system32\win32spl.dll
+ 2005-06-11 02:41:12 102,400 ----a-w C:\WINDOWS\system32\win32spl.dll
- 2002-08-29 10:41:18 599,040 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-06-23 16:33:58 575,488 ----a-w C:\WINDOWS\system32\WININET.DLL
- 2001-08-18 17:00:00 25,600 ----a-w C:\WINDOWS\system32\winipsec.dll
+ 2006-05-14 09:13:42 29,184 ----a-w C:\WINDOWS\system32\winipsec.dll
- 2002-08-29 10:41:18 276,480 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2005-09-01 01:49:32 278,016 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2002-08-29 10:41:18 1,404,928 ----a-w C:\WINDOWS\system32\wmpui.dll
+ 2006-04-24 21:17:14 1,425,680 ----a-w C:\WINDOWS\system32\wmpui.dll
- 2001-08-18 17:00:00 75,264 ----a-w C:\WINDOWS\system32\ws2_32.dll
+ 2006-08-16 12:14:24 70,656 ----a-w C:\WINDOWS\system32\ws2_32.dll
- 2002-08-29 10:41:20 13,312 ----a-w C:\WINDOWS\system32\wship6.dll
+ 2006-08-16 12:14:24 13,312 ----a-w C:\WINDOWS\system32\wship6.dll
- 2001-08-18 12:00:00 9,728 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-03-01 19:44:40 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
- 2004-06-30 23:59:26 158,720 ------w C:\WINDOWS\system32\xpob2res.dll
+ 2006-08-16 09:42:14 159,232 ----a-w C:\WINDOWS\system32\xpob2res.dll
+ 2006-08-25 09:14:18 595,968 ----a-w C:\WINDOWS\system32\xpsp2res.dll
+ 2005-05-17 00:43:40 7,168 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2005-08-31 23:49:28 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44\comctl32.dll
+ 2006-03-17 05:04:12 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
+ 2006-07-13 13:46:54 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1873_x-ww_7d39bb85\comctl32.dll
+ 2006-08-25 15:53:52 925,184 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1e31bacd-3eb5-4e4c-a714-1fe931341f84}]
2008-06-09 10:50 98544 --a------ C:\WINDOWS\System32\lkleuyra.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88B68482-AE05-47F5-8FED-8925E4290C4B}]
C:\WINDOWS\System32\byXPFxwv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2001-07-25 10:00 184376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 15:31 655360]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 16:52 331830]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00 241714]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-05 14:49 579072]
"200518a9"="C:\WINDOWS\System32\rbtcgwnw.dll" [2008-06-09 10:48 84704]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-06-05 14:49 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18:06:54 24633]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-10-06 11:43:24 127488]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88B68482-AE05-47F5-8FED-8925E4290C4B}"= C:\WINDOWS\System32\byXPFxwv.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPFxwv]
byXPFxwv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcywtt]
ddcywtt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebca]
C:\WINDOWS\System32\gebca.dll
R3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-17 12:48]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2005-10-06 02:58:34 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-10 08:25:00
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-10 8:25:47
ComboFix-quarantined-files.txt 2008-06-10 13:25:46
ComboFix2.txt 2008-06-09 21:59:46
Pre-Run: 28,737,634,304 bytes free
Post-Run: 28,717,088,768 bytes free
554 --- E O F --- 2008-06-10 01:57:43