Malware installed as Driver

J

Jeremiah

New member
Hello,

I have read the entire prerequisite procedure. And I have attempted to follow them. However, there is a problem. I cannot remove all the threats detected by Spybot. The file name is the following: C:\\WINDOWS\system32\drivers\core.cache.dsk

If I try to remove this threat my computer reads it as a threat and shuts down immediately.

If also have not downloaded a Service Package for the reason that I do not know if I have one. Could I find out how to know whether or not I have one? If so how? Also, if I have posted in the wrong place or left anything else out please let me know. I will include a hijackthis log entry as well:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:09 AM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6DB05E8C-5604-472A-90F1-D040C2EA232F} - C:\WINDOWS\system32\cbXRJAPG.dll (file missing)
O2 - BHO: {5431a53a-8f94-6cfa-6fb4-4a10c687cbd7} - {7dbc786c-01a4-4bf6-afc6-49f8a35a1345} - C:\WINDOWS\system32\skehvd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnnNDtR - nnnnNDtR.dll (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5843 bytes


thank you
 
Hi Jeremiah

We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
 
Thank you for your prompt response. I'm over my head in school right now, so it took me a while to get around to this.

Notes:
I use Firefox (latest edition), not Internet explorer though firefox was just now somehow switched out of being my default browser. I know this because it asked me if I wanted to switch (I said yes).

I have (or had) vundo trojans on my computer. I am still getting internet explorer pop-ups whenever I start up and close firefox.

I installed combofix and a recovery mode and turned off the computer. When I turned it back on it said reference memory 0xdc5da613 could not be written. I debugged. I have had this happen to me several times before.

After combofix rebooted my PC, as it was creating a logfile I received the alert that windows had terminated the program "Generic Host Process for Win32 Services" and clicking OK and don't send made the logfile take forever to be created.

I noticed that combofix also could not delete the ...core.cache file

Here are my logs. I will put the HJT log first because I know combofix logs are really long.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:25 PM, on 9/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\0cefbdfc180e71d69d20de40deb9763f\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5758 bytes
ComboFix 08-09-04.02 - Me 2008-09-04 18:31:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.576 [GMT -4:00]
Running from: C:\Documents and Settings\Me\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Me\LOCALS~1\Temp\tmp2.tmp
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BM8bc4bb44.txt
C:\WINDOWS\BM8bc4bb44.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\b10
C:\WINDOWS\system32\bcylfhvu.dll
C:\WINDOWS\system32\dxldmuot.ini
C:\WINDOWS\system32\fgqiue.dll
C:\WINDOWS\system32\g98.exe
C:\WINDOWS\system32\gipxuhpu.dll
C:\WINDOWS\system32\GPAJRXbc.ini
C:\WINDOWS\system32\GPAJRXbc.ini2
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hpwktufi.dll
C:\WINDOWS\system32\hvesjo.dll
C:\WINDOWS\system32\jnwnw64l.exe
C:\WINDOWS\system32\lqhwaoti.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msewblle.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\munvpjum.dll
C:\WINDOWS\system32\ocntokdm.exe
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\scfbyvst.dll
C:\WINDOWS\system32\skehvd.dll
C:\WINDOWS\system32\toumdlxd.dll
C:\WINDOWS\system32\vkbeugjn.ini
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 05:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-01 04:39 --------- d-----w C:\Program Files\Trend Micro
2008-09-01 03:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-27 18:00 167,976 ------w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-07-26 17:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-07-26 02:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-18 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-10 21:25 --------- d-----w C:\Documents and Settings\Me\Application Data\Webroot
2008-07-10 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-07-10 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-31 20:24 5,562 -c--a-w C:\Program Files\install.log
2006-10-27 05:44 17,177,896 -c--a-w C:\Program Files\Install_Messenger.exe
2006-08-26 14:48 159,443,847 -c--a-w C:\Program Files\Mathematica-Student_5.2.0_Win.EXE
2006-09-30 11:11 88 -csh--r C:\WINDOWS\system32\8E2E9FB9AD.sys
2006-09-30 11:11 2,828 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 06:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Deewoo.lnk]
path=C:\Documents and Settings\Me\Start Menu\Programs\Startup\Deewoo.lnk
backup=C:\WINDOWS\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^DW_Start.lnk]
path=C:\Documents and Settings\Me\Start Menu\Programs\Startup\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 14:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a--c--- 2006-04-06 15:58 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a--c--- 2007-11-15 02:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a--c--- 2007-11-15 02:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-09-13 16:49 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-12-14 12:07 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-10-14 21:46 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-10-14 21:50 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-10-14 21:49 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a--c--- 2004-10-30 15:59 385024 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
-----c--- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
--a--c--- 2006-04-11 11:39 176201 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2005-08-30 17:30 823362 C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-08-15 06:02 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2008-04-03 13:21 1481968 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2006-03-08 19:48 761947 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-28 09:56 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 usbhubb;usbhubb;C:\WINDOWS\system32\drivers\usbhubb.sys [2008-06-20 86144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 SPT2Sp50;SPT2Sp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\SPT2Sp50.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38f8f060-5ab2-11dd-967e-0015c5676bfb}]
\Shell\AutoRun\command - PCConnect.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{609fe6c3-1c69-11dd-9633-0015c5676bfb}]
\Shell\Auto\command - F:\printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74ef47e6-8258-11dc-a2b1-0015c5676bfb}]
\Shell\AutoRun\command - F:\h.cmd
\Shell\explore\Command - F:\h.cmd
\Shell\open\Command - F:\h.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edf7d3aa-28da-11dd-9651-0015c5676bfb}]
\Shell\AutoRun\command - F:\h.cmd
\Shell\explore\Command - F:\h.cmd
\Shell\open\Command - F:\h.cmd
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{6DB05E8C-5604-472A-90F1-D040C2EA232F} - C:\WINDOWS\system32\cbXRJAPG.dll
Notify-nnnnNDtR - nnnnNDtR.dll
MSConfigStartUp-88f788d8 - C:\WINDOWS\system32\ellbwesm.dll
MSConfigStartUp-amva - C:\WINDOWS\system32\amvo.exe
MSConfigStartUp-BM8bc4bb44 - C:\WINDOWS\system32\cmkfomjm.dll
MSConfigStartUp-ExploreUpdSched - C:\WINDOWS\system32\ocntokdm.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-{78-88-87-77-DW} - C:\windows\system32\jnwnw64l.exe
MSConfigStartUp-{bbc1420b-a0bf-8a27-08e4-535a65296547} - C:\WINDOWS\system32\{07273cf2-16f5-061d-26d9-b744b55d2eca}.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\duvuprhx.Default User\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1202.1501\npCIDetect11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPEU32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 18:43:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\WINDOWS\SoftwareDistribution\Download\63344d08c1ecd019651928d3dc605b9a\update\update.exe
.
**************************************************************************
.
Completion time: 2008-09-04 18:57:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-04 22:56:52

Pre-Run: 42,231,762,944 bytes free
Post-Run: 42,081,902,592 bytes free

239 --- E O F --- 2008-06-20 04:49:44

ComboFix 08-09-04.02 - Me 2008-09-04 18:31:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.576 [GMT -4:00]
Running from: C:\Documents and Settings\Me\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Me\LOCALS~1\Temp\tmp2.tmp
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BM8bc4bb44.txt
C:\WINDOWS\BM8bc4bb44.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\b10
C:\WINDOWS\system32\bcylfhvu.dll
C:\WINDOWS\system32\dxldmuot.ini
C:\WINDOWS\system32\fgqiue.dll
C:\WINDOWS\system32\g98.exe
C:\WINDOWS\system32\gipxuhpu.dll
C:\WINDOWS\system32\GPAJRXbc.ini
C:\WINDOWS\system32\GPAJRXbc.ini2
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hpwktufi.dll
C:\WINDOWS\system32\hvesjo.dll
C:\WINDOWS\system32\jnwnw64l.exe
C:\WINDOWS\system32\lqhwaoti.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msewblle.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\munvpjum.dll
C:\WINDOWS\system32\ocntokdm.exe
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\scfbyvst.dll
C:\WINDOWS\system32\skehvd.dll
C:\WINDOWS\system32\toumdlxd.dll
C:\WINDOWS\system32\vkbeugjn.ini
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 05:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-01 04:39 --------- d-----w C:\Program Files\Trend Micro
2008-09-01 03:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-27 18:00 167,976 ------w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-07-26 17:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-07-26 02:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-18 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-10 21:25 --------- d-----w C:\Documents and Settings\Me\Application Data\Webroot
2008-07-10 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-07-10 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-31 20:24 5,562 -c--a-w C:\Program Files\install.log
2006-10-27 05:44 17,177,896 -c--a-w C:\Program Files\Install_Messenger.exe
2006-08-26 14:48 159,443,847 -c--a-w C:\Program Files\Mathematica-Student_5.2.0_Win.EXE
2006-09-30 11:11 88 -csh--r C:\WINDOWS\system32\8E2E9FB9AD.sys
2006-09-30 11:11 2,828 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 06:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Deewoo.lnk]
path=C:\Documents and Settings\Me\Start Menu\Programs\Startup\Deewoo.lnk
backup=C:\WINDOWS\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^DW_Start.lnk]
path=C:\Documents and Settings\Me\Start Menu\Programs\Startup\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 14:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a--c--- 2006-04-06 15:58 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a--c--- 2007-11-15 02:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a--c--- 2007-11-15 02:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-09-13 16:49 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-12-14 12:07 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-10-14 21:46 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-10-14 21:50 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-10-14 21:49 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a--c--- 2004-10-30 15:59 385024 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
-----c--- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
--a--c--- 2006-04-11 11:39 176201 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2005-08-30 17:30 823362 C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-08-15 06:02 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2008-04-03 13:21 1481968 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2006-03-08 19:48 761947 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-28 09:56 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 usbhubb;usbhubb;C:\WINDOWS\system32\drivers\usbhubb.sys [2008-06-20 86144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 SPT2Sp50;SPT2Sp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\SPT2Sp50.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38f8f060-5ab2-11dd-967e-0015c5676bfb}]
\Shell\AutoRun\command - PCConnect.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{609fe6c3-1c69-11dd-9633-0015c5676bfb}]
\Shell\Auto\command - F:\printer.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74ef47e6-8258-11dc-a2b1-0015c5676bfb}]
\Shell\AutoRun\command - F:\h.cmd
\Shell\explore\Command - F:\h.cmd
\Shell\open\Command - F:\h.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edf7d3aa-28da-11dd-9651-0015c5676bfb}]
\Shell\AutoRun\command - F:\h.cmd
\Shell\explore\Command - F:\h.cmd
\Shell\open\Command - F:\h.cmd
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{6DB05E8C-5604-472A-90F1-D040C2EA232F} - C:\WINDOWS\system32\cbXRJAPG.dll
Notify-nnnnNDtR - nnnnNDtR.dll
MSConfigStartUp-88f788d8 - C:\WINDOWS\system32\ellbwesm.dll
MSConfigStartUp-amva - C:\WINDOWS\system32\amvo.exe
MSConfigStartUp-BM8bc4bb44 - C:\WINDOWS\system32\cmkfomjm.dll
MSConfigStartUp-ExploreUpdSched - C:\WINDOWS\system32\ocntokdm.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-{78-88-87-77-DW} - C:\windows\system32\jnwnw64l.exe
MSConfigStartUp-{bbc1420b-a0bf-8a27-08e4-535a65296547} - C:\WINDOWS\system32\{07273cf2-16f5-061d-26d9-b744b55d2eca}.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\duvuprhx.Default User\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1202.1501\npCIDetect11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPEU32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 18:43:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\WINDOWS\SoftwareDistribution\Download\63344d08c1ecd019651928d3dc605b9a\update\update.exe
.
**************************************************************************
.
Completion time: 2008-09-04 18:57:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-04 22:56:52

Pre-Run: 42,231,762,944 bytes free
Post-Run: 42,081,902,592 bytes free

239 --- E O F --- 2008-06-20 04:49:44

I guess my logs were short enough. I hope that was clear. I psated both logs and then the COmbofix log and 9/10 of the HJT log disappeared so I repasted it.
 
If I'm not mistaken, I think what happened was I pasted the combofix log onto the HJT log while it was still in notepad so I probably double posted the combofix log. sorry.
 
Yes, no problem :)

There is a protecting driver for core.cache.dsk; we will delete it a bit later.

Have you uses any USB sticks lately?

I ask because there are signs of flash infection and in that case those sticks need to be formatted first.
 
Not recently, but in the past 9 months. 1 in particular probably had viruses, though I used Norton Security scan on it...once. I would not be surprised at all at a flash infection.
 
Excuse me, where is the edit button? Does this forum not allow editing? I forgot to mention that on this last boot up, referenced memory 0x01010585 referenced memory at 0x00000000 could not be "written" and then Fax Service encountered an error. If those things are unrelated, tell me and I'll stop listing them.
 
Edit button should be down right.

But there can be a time frame when you can edit your posts.

Thank you for info.

Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\usbhubb.sys

Driver::
usbhubb

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{609fe6c3-1c69-11dd-9633-0015c5676bfb}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74ef47e6-8258-11dc-a2b1-0015c5676bfb}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edf7d3aa-28da-11dd-9651-0015c5676bfb}]

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
My only options in the bottom right, even immediately after posting, are quote and multi-quote.

Is the 20-minute time retrictment from start to the appearance of the logfile. It took 22-23 minutes to appear. I found one process called "Vfind" on taskmanager but did not end it because it's not "find" or "findstr". And no "sed" or "sweg".

No errors upon reboot. Memory nor program. Here are the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:16 AM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5712 bytes

ComboFix 08-09-05.02 - Me 2008-09-06 10:55:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.550 [GMT -4:00]
Running from: C:\Documents and Settings\Me\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Me\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\usbhubb.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USBHUBB
-------\Service_usbhubb


((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.

2008-09-04 19:01 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 05:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-01 04:39 --------- d-----w C:\Program Files\Trend Micro
2008-09-01 03:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-26 17:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-07-26 02:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-18 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-10 21:25 --------- d-----w C:\Documents and Settings\Me\Application Data\Webroot
2008-07-10 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-07-10 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-31 20:24 5,562 -c--a-w C:\Program Files\install.log
2006-10-27 05:44 17,177,896 -c--a-w C:\Program Files\Install_Messenger.exe
2006-08-26 14:48 159,443,847 -c--a-w C:\Program Files\Mathematica-Student_5.2.0_Win.EXE
2006-09-30 11:11 88 -csh--r C:\WINDOWS\system32\8E2E9FB9AD.sys
2006-09-30 11:11 2,828 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-09-04_18.51.45.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-08-15 09:56:43 1,100,392 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-09-04 23:48:07 1,103,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
- 2006-08-15 09:56:44 141,928 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-09-04 23:45:54 144,784 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
- 2006-08-15 09:56:44 408,176 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-09-04 23:49:07 411,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
- 2006-08-15 09:56:44 35,448 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-09-04 23:48:58 38,304 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
- 2006-08-15 09:56:44 461,416 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2008-09-04 23:47:47 464,272 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
- 2006-08-15 09:56:44 20,080 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-09-04 23:47:29 22,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
- 2006-08-15 09:56:44 662,120 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-09-04 23:49:31 664,968 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2006-08-15 09:56:44 371,296 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-09-04 23:45:49 374,152 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
- 2006-08-15 09:56:44 64,088 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-09-04 23:45:20 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2006-08-15 09:56:44 223,800 -c--a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-09-04 23:44:47 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2003-07-14 23:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-14 18:40:16 51,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2007-04-19 18:10:18 45,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\AUTHZAX.DLL
+ 2007-03-22 23:29:56 99,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\AW.DLL
+ 2007-04-19 18:07:38 66,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\BLNMGR.DLL
+ 2007-04-19 18:07:34 52,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\BLNMGRPS.DLL
+ 2007-03-22 23:06:08 355,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\CDLMSO.DLL
+ 2007-04-19 17:55:16 53,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\DFUICOM.EXE
+ 2007-03-22 23:23:32 19,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\DSITF.DLL
+ 2007-05-10 17:44:02 121,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\DSSM.EXE
+ 2007-03-22 23:29:28 43,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\DWDCW20.DLL
+ 2007-03-22 23:29:28 39,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\DWTRIG20.EXE
+ 2001-06-05 13:13:22 289,926 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2001-06-05 13:13:22 34,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2007-06-06 14:53:34 1,195,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2007-05-21 16:43:22 76,632 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\FORM.DLL
+ 2007-04-19 17:47:40 186,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\FPERSON.DLL
+ 2007-04-19 17:47:40 171,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\FPLACE.DLL
+ 2007-05-31 17:50:10 1,168,736 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\FPSRVUTL.DLL
+ 2007-04-19 18:16:14 807,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\FPWEC.DLL
+ 2007-04-19 17:57:32 2,152,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\GRAPH.EXE
+ 2007-04-19 18:10:30 116,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\IEAWSDC.DLL
+ 2001-06-05 13:13:24 18,844 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 13:13:26 65,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2007-04-09 17:24:04 758,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MDIGRAPH.DLL
+ 2007-04-09 17:23:58 231,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MDIINK.DLL
+ 2007-04-09 17:23:54 28,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MDIMON.DLL
+ 2007-04-09 17:23:54 28,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MDIPPR.DLL
+ 2007-04-09 17:23:58 46,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MDIUI.DLL
+ 2007-04-09 17:24:04 453,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MDIVWCTL.DLL
+ 2007-04-19 18:00:48 476,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MODHELP.DLL
+ 2007-04-19 18:10:38 131,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSB1CORE.DLL
+ 2007-04-19 18:10:06 52,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSB1XTOR.DLL
+ 2007-04-19 18:01:52 238,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-05-10 18:35:40 120,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL
+ 2005-05-04 05:06:28 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-04 05:06:32 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2007-04-19 18:00:36 43,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSE7.EXE
+ 2007-04-30 19:11:38 89,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSENCODE.DLL
+ 2005-05-04 05:06:26 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2007-03-22 23:29:16 20,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSMH.DLL
+ 2007-04-19 18:10:34 127,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSOAUTH.DLL
+ 2007-03-22 23:04:52 109,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSOCF.DLL
+ 2007-03-22 23:04:52 130,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSOCFU.DLL
+ 2007-03-22 23:29:22 31,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSODCW.DLL
+ 2007-04-19 17:56:58 29,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSOEURO.DLL
+ 2007-04-19 18:07:38 61,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE
+ 2007-05-02 17:45:26 2,123,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSOLAP80.DLL
+ 2007-03-22 23:16:44 57,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSOMSE.DLL
+ 2005-09-20 16:33:08 1,293,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSONSEXT.DLL
+ 2007-04-19 17:49:28 383,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSORUN.DLL
+ 2007-04-19 18:07:24 36,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSOSTYLE.DLL
+ 2007-03-22 23:29:24 39,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSOSV.DLL
+ 2007-03-22 23:13:38 45,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSOXEV.DLL
+ 2007-03-22 23:13:38 58,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSOXMLED.EXE
+ 2007-04-19 17:57:40 46,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSOXMLMF.DLL
+ 2007-04-09 17:24:06 1,025,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSPCORE.DLL
+ 2007-04-09 17:24:04 793,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSPFILT.DLL
+ 2007-04-09 17:23:52 25,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSPGIMME.DLL
+ 2007-04-09 17:23:58 130,952 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSPSCAN.EXE
+ 2007-04-09 17:24:00 367,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSPVIEW.EXE
+ 2007-04-19 18:03:54 648,544 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSQRY32.EXE
+ 2007-03-22 23:29:32 44,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSSH.DLL
+ 2007-04-19 18:00:30 637,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSTORDB.EXE
+ 2007-04-19 18:00:22 130,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSTORE.EXE
+ 2007-04-19 18:00:30 489,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSTORES.DLL
+ 2007-04-19 18:09:02 157,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\MSWEBCAP.DLL
+ 2007-04-19 18:10:26 80,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\NAME.DLL
+ 2007-03-22 23:23:30 17,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\NPOFFICE.DLL
+ 2001-10-23 05:13:42 53,260 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2007-03-05 13:47:10 6,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OCRPS.DLL
+ 2001-06-05 13:13:26 40,972 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
+ 2007-03-22 23:06:22 287,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OIS.EXE
+ 2007-04-19 17:50:52 837,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OISAPP.DLL
+ 2007-03-22 23:06:08 46,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OISCTRL.DLL
+ 2007-03-22 23:06:22 245,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OISGRAPH.DLL
+ 2007-03-22 23:30:30 99,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OSA.EXE
+ 2007-05-10 17:45:34 8,069,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-05-31 17:35:22 6,420,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-21 16:43:22 72,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\PSOM.DLL
+ 2007-06-06 16:07:40 100,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\REFEDIT.DLL
+ 2007-04-19 18:10:18 63,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\REFIEBAR.DLL
+ 2007-05-21 16:43:04 20,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\REVERSE.DLL
+ 2007-04-19 18:10:44 355,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\SELFCERT.EXE
+ 2007-04-19 18:10:20 65,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\SEQCHK10.DLL
+ 2007-04-19 18:04:10 390,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\SETLANG.EXE
+ 2007-03-22 23:29:16 14,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\SMARTTAGINSTALL.EXE
+ 2007-05-10 17:42:52 2,839,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\STSLIST.DLL
+ 2007-05-21 16:43:10 30,048 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\THOCRAPI.DLL
+ 2007-05-21 16:43:28 125,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\TWCUTCHR.DLL
+ 2007-05-21 16:43:28 89,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\TWCUTLIN.DLL
+ 2007-05-21 16:43:16 58,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\TWLAY32.DLL
+ 2007-05-21 16:43:10 28,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\TWORIENT.DLL
+ 2007-05-21 16:43:14 51,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\TWRECE.DLL
+ 2007-05-21 16:43:06 20,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\TWRECS.DLL
+ 2007-05-21 16:43:22 77,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\TWSTRUCT.DLL
+ 2007-04-19 18:10:22 71,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\UNBIND.EXE
+ 2007-05-21 16:43:34 1,209,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\XIMAGE3B.DLL
+ 2007-05-21 16:43:32 504,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\XPAGE3C.DLL
+ 2007-03-05 13:20:22 61,110 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.8173\XSCAN32.DAT
+ 2003-07-15 03:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 03:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 03:53:22 46,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 03:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 03:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2006-08-15 09:56:43 1,100,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL
+ 2003-07-15 03:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2002-10-07 14:49:36 192,573 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2006-08-15 09:56:44 371,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL
+ 2003-07-15 03:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 03:40:12 165,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2006-08-15 09:56:44 141,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL
+ 2003-06-18 22:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-07-15 03:57:14 124,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-07-15 04:12:22 47,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-07-15 03:56:14 40,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 03:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 03:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-15 03:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 03:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 03:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 03:56:16 54,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-11 07:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 08:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-15 03:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 03:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 03:53:00 55,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-07-15 03:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 03:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 03:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 03:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-18 22:31:54 788,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-06-18 22:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 21:05:52 128,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-06-19 21:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 04:02:42 637,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-07-15 03:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2006-08-15 09:56:44 20,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL
+ 2003-07-15 04:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 03:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 03:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-06-18 22:31:58 6,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
+ 2006-08-15 09:56:44 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 08:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2006-08-15 09:56:44 35,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL
+ 2003-07-15 04:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-15 03:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2006-08-15 09:56:44 408,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL
+ 2003-07-15 03:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2006-08-15 09:56:44 461,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL
+ 2002-10-07 15:11:00 167,997 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2003-05-09 02:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 03:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2002-10-07 14:49:42 81,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-21 16:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 03:57:18 349,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-15 03:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 03:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 03:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2002-10-07 14:53:04 106,561 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2002-10-07 14:50:44 241,729 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 14:51:04 180,289 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 14:51:14 147,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 14:51:20 102,467 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 14:50:04 118,847 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 14:49:56 81,983 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2002-10-07 14:51:44 221,252 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2003-07-15 03:57:40 59,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2006-08-15 09:56:44 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2006-08-15 09:56:44 662,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL
+ 2002-10-07 15:03:34 1,794,113 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-04-30 16:52:32 1,581,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2003-01-17 19:03:34 59,466 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
+ 2007-03-22 15:07:56 91,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2001-06-05 13:13:22 289,926 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2001-06-05 13:13:22 34,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2007-04-19 09:53:52 127,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2001-06-05 13:13:24 18,844 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 13:13:26 65,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2005-05-04 05:06:28 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-04 05:06:32 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2005-05-04 05:06:26 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2001-10-23 05:13:42 53,260 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2001-06-05 13:13:26 40,972 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
+ 2007-04-19 09:53:44 106,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-03-22 15:07:10 41,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 15:07:54 78,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 15:22:02 103,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
- 2008-06-12 23:15:56 593,920 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-09-05 21:39:40 593,920 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-06-12 23:15:56 12,288 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-09-05 21:39:41 12,288 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-06-12 23:15:53 135,168 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-09-05 21:39:40 135,168 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-12 23:15:57 11,264 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-09-05 21:39:41 11,264 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-06-12 23:15:57 27,136 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-09-05 21:39:41 27,136 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-12 23:15:57 4,096 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-09-05 21:39:41 4,096 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-06-12 23:15:59 794,624 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-09-05 21:39:41 794,624 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-06-12 23:15:55 249,856 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-09-05 21:39:40 249,856 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-06-12 23:15:54 61,440 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-09-05 21:39:40 61,440 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-06-12 23:15:59 23,040 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-09-05 21:39:41 23,040 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-06-12 23:15:53 286,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-09-05 21:39:40 286,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-06-12 23:15:51 409,600 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-09-05 21:39:40 409,600 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-06-12 23:14:33 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-09-05 21:38:19 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-06-12 23:14:33 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-09-05 21:38:19 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-12 23:14:33 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-09-05 21:38:19 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-06-12 23:14:34 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-09-05 21:38:19 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-12 23:14:34 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-09-05 21:38:20 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-06-12 23:14:35 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-09-05 21:38:20 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-06-12 23:14:35 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-09-05 21:38:20 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-06-12 23:14:33 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-09-05 21:38:19 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-06-12 23:14:32 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-09-05 21:38:18 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-09-14 08:31:26 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-06-23 16:11:40 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2006-09-14 08:31:26 151,040 -c--a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-06-23 16:11:40 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2006-09-14 08:31:26 1,054,208 -c--a-w C:\WINDOWS\system32\danim.dll
+ 2008-06-23 16:11:42 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2004-08-04 10:00:00 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2006-09-14 08:31:26 1,022,976 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-06-23 16:11:40 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2006-09-14 08:31:26 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-06-23 16:11:40 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2006-09-14 08:31:26 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-06-23 16:11:42 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2006-09-14 08:31:26 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:11:43 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2006-09-14 08:31:26 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:11:43 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
- 2006-09-14 08:31:26 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:11:43 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-09-13 09:10:27 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-06-23 09:53:58 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-09-14 08:31:27 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-06-23 16:11:52 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2006-09-14 08:31:27 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-06-23 16:11:52 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2006-09-14 08:31:27 15,872 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:11:52 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2005-06-29 01:46:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2006-09-14 06:31:30 3,058,688 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-23 16:11:58 3,067,392 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2006-09-14 08:31:28 448,512 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:12:00 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-09-14 08:31:28 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:12:02 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2006-09-14 08:31:29 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:12:02 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-20 17:41:10 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2006-09-14 08:31:29 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:12:02 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-09-04 06:12:56 1,497,088 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-06-23 16:12:05 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-09-14 08:31:29 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-06-23 16:12:05 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2006-09-14 08:31:30 615,936 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:12:06 618,496 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-04 10:00:00 417,792 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2006-09-14 08:31:30 664,576 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:12:08 667,136 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 10:00:00 138,496 -c--a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2006-09-14 08:31:26 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:11:43 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2006-09-14 08:31:26 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:11:43 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll
- 2006-09-14 08:31:26 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:11:43 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2005-03-17 19:39:58 1,146,320 -c--a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-06-06 14:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2003-07-15 03:57:04 32,584 -c--a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2007-03-22 23:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-04-10 03:05:59 234,368 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-09-05 20:13:20 234,368 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-09-14 08:31:27 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-06-23 16:11:52 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2006-09-14 08:31:27 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-06-23 16:11:52 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2006-09-14 08:31:27 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:11:52 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-03-22 20:17:06 24,816 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2007-04-09 17:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll
- 2005-06-29 01:46:00 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2006-09-14 06:31:30 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-23 16:11:58 3,067,392 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-09-14 08:31:28 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:12:00 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2006-09-14 08:31:28 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:12:02 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2006-09-14 08:31:29 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:12:02 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 10:00:00 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
- 2006-09-14 08:31:29 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:12:02 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-09-04 06:12:56 1,497,088 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-06-23 16:12:05 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-09-14 08:31:29 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-06-23 16:12:05 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-03-22 20:17:04 765,680 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 17:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2004-03-22 20:17:10 42,224 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 17:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
- 2004-03-22 20:17:04 765,680 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 17:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
- 2004-03-22 20:17:10 42,224 -c--a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 17:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2004-03-22 20:17:08 25,840 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 17:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
- 2007-11-13 11:31:11 60,416 -c--a-w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2006-09-14 08:31:30 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:12:06 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 10:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2006-09-14 08:31:30 664,576 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 16:12:08 667,136 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-10-29 10:04:03 350,720 -c--a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-07-03 09:14:02 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 06:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^Deewoo.lnk]
path=C:\Documents and Settings\Me\Start Menu\Programs\Startup\Deewoo.lnk
backup=C:\WINDOWS\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Me^Start Menu^Programs^Startup^DW_Start.lnk]
path=C:\Documents and Settings\Me\Start Menu\Programs\Startup\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 14:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a--c--- 2006-04-06 15:58 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a--c--- 2007-11-15 02:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a--c--- 2007-11-15 02:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-09-13 16:49 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-12-14 12:07 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-10-14 21:46 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-10-14 21:50 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-10-14 21:49 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a--c--- 2004-10-30 15:59 385024 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
-----c--- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
--a--c--- 2006-04-11 11:39 176201 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2005-08-30 17:30 823362 C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-08-15 06:02 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2008-04-03 13:21 1481968 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2006-03-08 19:48 761947 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-28 09:56 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 SPT2Sp50;SPT2Sp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\SPT2Sp50.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38f8f060-5ab2-11dd-967e-0015c5676bfb}]
\Shell\AutoRun\command - PCConnect.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 11:12:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-09-06 11:19:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 15:19:17
ComboFix2.txt 2008-09-04 22:57:32

Pre-Run: 41,261,207,552 bytes free
Post-Run: 41,247,633,408 bytes free

565 --- E O F --- 2008-09-05 21:41:05

thanks
 
Yes, combofix can do it.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Then download and install Java Runtime Environment (JRE) 6 Update 7.

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

Post:

- javara log
- kaspersky log
- a fresh HijackThis log
 
I was supposed to install JRE 6 update 7 not just download it right?

I am having trouble connecting with kaspersky.com. The server is taking too long to respond. I guess it's pretty popular...
 
Yes as said here :)

"Then download and install Java Runtime Environment (JRE) 6 Update 7."

If no, you can try this instead:

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
 
Thanks, I used eset scanner. 13 threats. By the way, a Geek Squad emplyee told me my PC needs to be "optimized" because it constantly runs at 100% and so it takes forever to do anything. Is there a way to do that myself? The virus scan took 4:53.

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Sep 06 13:04:38 2008

Found and removed: C:\Windows\System32\jpicpl32.cpl

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

------------------------------------

Finished reporting.



# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3423 (20080906)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=903e738d2cd18e478ecd9d2dd88bb94e
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-09-06 11:08:50
# local_time=2008-09-06 07:08:50 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=288650
# found=13
# scan_time=17638
C:\QooBox\Quarantine\C\WINDOWS\system32\bcylfhvu.dll.vir Win32/Adware.AdMedia application 7D219172E837D3BB8B0946E39707BCDD
C:\QooBox\Quarantine\C\WINDOWS\system32\g98.exe.vir Win32/Adware.GooochiBiz application E95C937059B82C51A8FDA6A98A305FF1
C:\QooBox\Quarantine\C\WINDOWS\system32\g98.exe.vir »NSIS »ýª€ Win32/Adware.GooochiBiz application 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\hpwktufi.dll.vir Win32/BHO.NFH trojan 7CB60915F4D2A21F12A9A13CC223DAED
C:\QooBox\Quarantine\C\WINDOWS\system32\hvesjo.dll.vir Win32/BHO.NFH trojan 7CB60915F4D2A21F12A9A13CC223DAED
C:\QooBox\Quarantine\C\WINDOWS\system32\jnwnw64l.exe.vir Win32/Adware.ZenoSearch application 8C88382D4473858F893C6EA15CFDB904
C:\QooBox\Quarantine\C\WINDOWS\system32\ocntokdm.exe.vir a variant of Win32/Adware.ZenoSearch application 314BA58B089AF7B95F4B726EC04C353F
C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir Win32/Adware.ZenoSearch application 336CBB5980F858769BF2059D743BA96A
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\usbhubb.sys.vir Win32/Rootkit.TniDrive.B trojan 2821055C7534A7EE868CBA8EFA2BFD33
C:\Spyware\backups\backup-20080725-214446-234.dll a variant of Win32/Adware.Virtumonde application FCA577B9C4679E4FDF886171EAEB9D4C
C:\Spyware\backups\backup-20080725-214446-420.dll a variant of Win32/Adware.GooochiBiz application 3F911C21DBA6C1E200B07292AD86085A
C:\WINDOWS\system32\hfxcjficppmarp.exe Win32/Adware.GooochiBiz application 609FF6888F75691467A59EE5835B224E
C:\WINDOWS\system32\mir\snktrax.exe Win32/TrojanDownloader.Small.IAW trojan E9F973CC0830A7CC3292346417A4BB82

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:04 PM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6219 bytes

thanks
 
Sorry. Not constantly. But anytime a new program begins running. WMP for example. It spikes to 90-100%....and I just tested that. It used to stay elevated and the sound would be choppy but not anymore. I think this clean-up (spy-bot) is partly to thank for that. But sometimes with no programs running, every now and then it goes up to 20-30 percent for a second and the processes switch their orders around but then reorganize and I can't find what it was that was at 35% because it's already gone.

And during start up my computer is slow to the point that the classic windows XP chime is mutilated. But if I just wait it settles down to 0-5%.
 
You must log in or register to reply here.
Back
Top