Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Various Trojans Like Virtumonde And Win32/agent


  • This topic is locked This topic is locked
16 replies to this topic

#1 rbailey64

rbailey64

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:08:40 AM

Posted 20 September 2007 - 03:03 PM

Hi!
:thumbsup:
Got infected about two weeks ago.
Being trying ever since to remove various trojans. Tried various tools and manual instructions. None seem to work completely. Need expert help cleaning out all the various trojans and malware. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:10 AM, on 9/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mobipcs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.top-banners.com/tmc/to.php?id=t...TTC=0&GNW=0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe"
O4 - HKLM\..\Run: [HumMeteringClient] rundll32.exe "C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\MeteringClient.dll",RegisterProduct
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - http://216.30.167.159/BusinessPortal/UI/Re...ebBehaviors.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coralwireless.com
O17 - HKLM\Software\..\Telephony: DomainName = coralwireless.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7737D90E-C9C7-49ED-92E9-BE06A5A169CA}: NameServer = 216.30.172.66,10.0.1.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = coralwireless.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Hummingbird HostExplorer Print Services (PESRV) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Hummingbird Proxy Server (ProxyEngine) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\ProxyEngine.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 12312 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:40 PM

Posted 20 September 2007 - 03:37 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 rbailey64

rbailey64
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:08:40 AM

Posted 20 September 2007 - 05:42 PM

Thank you for the quick response. :thumbsup:
Attached is the combofix log.

Attached Files



#4 rbailey64

rbailey64
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:08:40 AM

Posted 20 September 2007 - 05:58 PM

Hey Sam,

Also thought you might want the quaratined file as well. If so, see attached please.
Thanks!
:thumbsup:

Attached Files



#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:40 PM

Posted 21 September 2007 - 08:56 AM

Going forward please copy and paste the text from all logs instead of attaching them. It makes it much easier to review the log if it's right there with your comments and the rest of the thread.



ComboFix 07-09-20.1 - "Administrator" 2007-09-20 12:04:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.108 [GMT -10:00]
Script execution time was exceeded on script "C:\ComboFix\restore_pt.vbs".
Script execution was terminated.
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\MCROSO~1.NET
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\psuvw.bak1
C:\WINDOWS\system32\psuvw.bak2
C:\WINDOWS\system32\psuvw.ini
C:\WINDOWS\system32\psuvw.ini2
C:\WINDOWS\system32\psuvw.tmp
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\system32\wvusp.dll
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 )))))))))))))))))))))))))))))))
.

2007-09-20 12:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-20 09:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-19 19:08 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\DoctorWeb
2007-09-19 17:50 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-19 17:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 16:20 <DIR> d-------- C:\ffdeb9766a8ef5f69d658791544e8824
2007-09-19 11:29 81,024 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2007-09-19 11:29 105,856 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-09-19 11:26 67,784 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2007-09-19 11:10 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-09-19 08:18 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-09-18 16:13 <DIR> d-------- C:\DOCUME~1\RICHAR~1.BAI\.housecall6.6
2007-09-13 13:59 <DIR> d-------- C:\VundoFix Backups
2007-09-13 10:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-13 08:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-12 15:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\.housecall6.6
2007-09-12 09:02 <DIR> d-------- C:\Program Files\Windows Defender
2007-09-11 11:58 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\APPLIC~1\Google
2007-09-11 11:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\APPLIC~1\Symantec
2007-09-11 11:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\APPLIC~1\Sonic
2007-09-10 20:34 <DIR> d--hs---- C:\WINDOWS\SmltIE1jV2hpcnRlcg
2007-09-10 15:59 83,168 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-10 15:59 82,832 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-10 15:16 73,216 --a------ C:\WINDOWS\system32\DWRCST.EXE
2007-09-10 15:16 65,536 --a------ C:\WINDOWS\system32\DWRCShell.dll
2007-09-10 15:16 53,248 --a------ C:\WINDOWS\system32\DWRCK.DLL
2007-09-10 15:16 229,376 --a------ C:\WINDOWS\system32\DWRCSET.DLL
2007-09-10 15:16 221,696 --a------ C:\WINDOWS\system32\DWRCS.EXE
2007-09-10 14:13 <DIR> d-------- C:\WINDOWS\pss
2007-09-10 11:47 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Google
2007-09-08 13:13 <DIR> d-------- C:\WINDOWS\system32\drvr2
2007-09-08 13:13 <DIR> d-------- C:\WINDOWS\system32\cfig322
2007-09-08 13:13 <DIR> d-------- C:\WINDOWS\system32\capcam
2007-09-02 11:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
2007-08-27 23:26 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-08-27 23:26 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-20 12:24 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-19 18:22 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-19 13:46 --------- d-------- C:\Program Files\Nokia
2007-09-19 08:36 --------- d-------- C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\OrgPlus6
2007-09-17 16:12 --------- d-------- C:\Program Files\Hewlett-Packard
2007-09-13 16:40 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-13 16:38 --------- d-------- C:\Program Files\QuickTime
2007-09-13 16:38 --------- d-------- C:\Program Files\Google
2007-09-13 16:38 --------- d-------- C:\Program Files\Digital Line Detect
2007-09-11 11:18 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-10 16:00 --------- d-------- C:\Program Files\Symantec
2007-09-10 15:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-02 09:52 109568 --a--c--- C:\WINDOWS\system32\pxinsi64.exe
2007-09-02 09:52 108544 --a--c--- C:\WINDOWS\system32\pxcpyi64.exe
2007-08-19 21:16 --------- d-------- C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\Skype
2007-08-19 09:09 --------- d-------- C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\AdobeAUM
2007-08-19 09:08 --------- d-------- C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\AdobeUM
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-18 20:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 13:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 04:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 04:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 04:34 6058496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 04:34 52224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 04:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 04:34 459264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 04:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 04:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 04:34 383488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 04:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 04:34 267776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 04:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 04:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 04:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 04:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 04:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 04:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 04:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 04:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 04:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-26 22:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-26 22:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-26 22:27 13824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 21:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-25 20:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 20:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-01-25 10:50 9232 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmmdfl.sys
2007-01-25 10:50 92064 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmmdm.sys
2007-01-25 10:50 79328 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmserd.sys
2007-01-25 10:50 66656 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmbus.sys
2007-01-25 10:50 6208 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmcmnt.sys
2007-01-25 10:50 5936 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmwhnt.sys
2007-01-25 10:50 4048 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmcr.sys
2007-01-25 10:50 25600 -----c--- C:\DOCUME~1\RICHAR~1.BAI\usbsermptxp.sys
2007-01-25 10:50 22768 -----c--- C:\DOCUME~1\RICHAR~1.BAI\usbsermpt.sys
2005-07-12 09:27 7922 --a--c--- C:\Program Files\DEISL1.ISU
2005-06-17 13:39 13824 -----c--- C:\DOCUME~1\RICHAR~1.BAI\atwbxdet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20F72847-731D-4D90-08AB-C353256F24B2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{259B8377-BBCB-4F59-0FBB-1C0EEFDA53F3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{267F7201-0AC0-4DD5-A94D-D6FE63B18825}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{347ADD0D-4FEB-4AEE-AABB-1FDEED358FFD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5541C542-CA61-43E3-83AB-0ED65A238871}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73059F16-5E57-49EB-AA1A-353312E1C4FB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D73E0CA-D120-4D83-ADAF-4DBC499BE90A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-11 21:32 C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-06-16 08:53]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-06-16 08:53]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-30 09:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-30 08:59]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 16:39]
"TpShocks"="TpShocks.exe" [2004-03-26 16:16 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-06 17:26]
"TP4EX"="tp4ex.exe" [2002-09-03 23:05 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 00:04]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [2004-06-25 13:39]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 23:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-01 23:05]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 00:01]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2004-03-19 10:12]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 01:30]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-28 23:37]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-28 23:37]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-28 23:37]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-16 23:50 C:\WINDOWS\LOGI_MWX.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"IPInSightLAN 01"="C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe" [2002-12-26 12:39]
"IPInSightMonitor 01"="C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe" [2002-12-26 12:39]
"HumMeteringClient"="C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\MeteringClient.dll" [2004-07-09 12:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-08-01 15:06]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 22:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 00:01]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 06:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 08:07]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvvtr]
cbxvvtr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2004-08-18 01:30 258048 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^richard.bailey^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\richard.bailey\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^richard.bailey^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\richard.bailey\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;C:\WINDOWS\system32\DRIVERS\dwvkbd.sys
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS
R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R2 PESRV;Hummingbird HostExplorer Print Services;"C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe"
R3 DwMirror;DwMirror;C:\WINDOWS\system32\DRIVERS\DamewareMini.sys
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
S3 ExtranetAccess;Contivity VPN Service;"C:\Program Files\Nortel Networks\Extranet_serv.exe"
S3 ProxyEngine;Hummingbird Proxy Server;"C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\ProxyEngine.exe"
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
S3 U2SP;USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 01:24:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-03-23 11:54:26 C:\WINDOWS\Tasks\BMMTask.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-20 12:25:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-20 12:33:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-20 12:32
.
--- E O F ---
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:40 PM

Posted 21 September 2007 - 09:06 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20F72847-731D-4D90-08AB-C353256F24B2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{259B8377-BBCB-4F59-0FBB-1C0EEFDA53F3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{267F7201-0AC0-4DD5-A94D-D6FE63B18825}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{347ADD0D-4FEB-4AEE-AABB-1FDEED358FFD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5541C542-CA61-43E3-83AB-0ED65A238871}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73059F16-5E57-49EB-AA1A-353312E1C4FB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D73E0CA-D120-4D83-ADAF-4DBC499BE90A}]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvvtr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^richard.bailey^Start Menu^Programs^Startup^TA_Start.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^richard.bailey^Start Menu^Programs^Startup^Think-Adz.lnk]

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 rbailey64

rbailey64
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:08:40 AM

Posted 21 September 2007 - 01:37 PM

Hello Sam,

Okay here are the Combofix and Hijack logs pasted below. They both ran pretty fast and also ran some more spyware scans which are coming back pretty clean lately.

Thank you! :thumbsup:

ComboFix 07-09-20.1 - "Administrator" 2007-09-21 8:17:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.156 [GMT -10:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\kexumkcl.ini.bad
C:\VundoFix Backups\pcsjvcmq.ini.bad

.
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-20 12:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-20 09:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-19 19:08 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\DoctorWeb
2007-09-19 17:50 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-19 17:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 16:20 <DIR> d-------- C:\ffdeb9766a8ef5f69d658791544e8824
2007-09-19 11:29 81,024 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2007-09-19 11:29 105,856 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-09-19 11:26 67,784 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2007-09-19 11:10 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-09-19 08:18 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-09-18 16:13 <DIR> d-------- C:\DOCUME~1\RICHAR~1.BAI\.housecall6.6
2007-09-13 10:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-13 08:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-12 15:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\.housecall6.6
2007-09-12 09:02 <DIR> d-------- C:\Program Files\Windows Defender
2007-09-11 11:58 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\APPLIC~1\Google
2007-09-11 11:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\APPLIC~1\Symantec
2007-09-11 11:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\APPLIC~1\Sonic
2007-09-10 20:34 <DIR> d--hs---- C:\WINDOWS\SmltIE1jV2hpcnRlcg
2007-09-10 15:59 83,168 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-10 15:59 82,832 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-10 15:16 73,216 --a------ C:\WINDOWS\system32\DWRCST.EXE
2007-09-10 15:16 65,536 --a------ C:\WINDOWS\system32\DWRCShell.dll
2007-09-10 15:16 53,248 --a------ C:\WINDOWS\system32\DWRCK.DLL
2007-09-10 15:16 229,376 --a------ C:\WINDOWS\system32\DWRCSET.DLL
2007-09-10 15:16 221,696 --a------ C:\WINDOWS\system32\DWRCS.EXE
2007-09-10 14:13 <DIR> d-------- C:\WINDOWS\pss
2007-09-10 11:47 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Google
2007-09-08 13:13 <DIR> d-------- C:\WINDOWS\system32\drvr2
2007-09-08 13:13 <DIR> d-------- C:\WINDOWS\system32\cfig322
2007-09-08 13:13 <DIR> d-------- C:\WINDOWS\system32\capcam
2007-09-02 11:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
2007-08-27 23:26 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-08-27 23:26 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-20 12:24 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-19 18:22 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-19 13:46 --------- d-------- C:\Program Files\Nokia
2007-09-19 08:36 --------- d-------- C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\OrgPlus6
2007-09-17 16:12 --------- d-------- C:\Program Files\Hewlett-Packard
2007-09-13 16:40 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-13 16:38 --------- d-------- C:\Program Files\QuickTime
2007-09-13 16:38 --------- d-------- C:\Program Files\Google
2007-09-13 16:38 --------- d-------- C:\Program Files\Digital Line Detect
2007-09-11 11:18 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-10 16:00 --------- d-------- C:\Program Files\Symantec
2007-09-10 15:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-02 09:52 109568 --a--c--- C:\WINDOWS\system32\pxinsi64.exe
2007-09-02 09:52 108544 --a--c--- C:\WINDOWS\system32\pxcpyi64.exe
2007-08-19 21:16 --------- d-------- C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\Skype
2007-08-19 09:09 --------- d-------- C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\AdobeAUM
2007-08-19 09:08 --------- d-------- C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\AdobeUM
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-18 20:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 13:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 04:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 04:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 04:34 6058496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 04:34 52224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 04:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 04:34 459264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 04:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 04:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 04:34 383488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 04:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 04:34 267776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 04:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 04:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 04:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 04:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 04:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 04:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 04:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 04:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 04:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-26 22:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-26 22:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-26 22:27 13824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 21:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-25 20:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 20:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-01-25 10:50 9232 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmmdfl.sys
2007-01-25 10:50 92064 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmmdm.sys
2007-01-25 10:50 79328 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmserd.sys
2007-01-25 10:50 66656 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmbus.sys
2007-01-25 10:50 6208 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmcmnt.sys
2007-01-25 10:50 5936 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmwhnt.sys
2007-01-25 10:50 4048 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmcr.sys
2007-01-25 10:50 25600 -----c--- C:\DOCUME~1\RICHAR~1.BAI\usbsermptxp.sys
2007-01-25 10:50 22768 -----c--- C:\DOCUME~1\RICHAR~1.BAI\usbsermpt.sys
2005-07-12 09:27 7922 --a--c--- C:\Program Files\DEISL1.ISU
2005-06-17 13:39 13824 -----c--- C:\DOCUME~1\RICHAR~1.BAI\atwbxdet.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-20_123138.37 )))))))))))))))))))))))))))))))))))))))))
.
----atw 16,384 2007-09-21 02:02:47 C:\WINDOWS\TEMP\Perflib_Perfdata_340.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-11 21:32 C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-06-16 08:53]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-06-16 08:53]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-30 09:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-30 08:59]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 16:39]
"TpShocks"="TpShocks.exe" [2004-03-26 16:16 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-06 17:26]
"TP4EX"="tp4ex.exe" [2002-09-03 23:05 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 00:04]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [2004-06-25 13:39]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 23:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-01 23:05]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 00:01]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2004-03-19 10:12]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 01:30]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-28 23:37]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-28 23:37]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-28 23:37]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-16 23:50 C:\WINDOWS\LOGI_MWX.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"IPInSightLAN 01"="C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe" [2002-12-26 12:39]
"IPInSightMonitor 01"="C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe" [2002-12-26 12:39]
"HumMeteringClient"="C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\MeteringClient.dll" [2004-07-09 12:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-08-01 15:06]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 22:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 00:01]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 06:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 08:07]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2004-08-18 01:30 258048 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;C:\WINDOWS\system32\DRIVERS\dwvkbd.sys
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS
R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R2 PESRV;Hummingbird HostExplorer Print Services;"C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe"
R3 DwMirror;DwMirror;C:\WINDOWS\system32\DRIVERS\DamewareMini.sys
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
S3 ExtranetAccess;Contivity VPN Service;"C:\Program Files\Nortel Networks\Extranet_serv.exe"
S3 ProxyEngine;Hummingbird Proxy Server;"C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\ProxyEngine.exe"
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
S3 U2SP;USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 01:24:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-03-23 11:54:26 C:\WINDOWS\Tasks\BMMTask.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 08:21:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 8:22:36
C:\ComboFix-quarantined-files.txt ... 2007-09-21 08:22
C:\ComboFix2.txt ... 2007-09-20 12:33
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:28, on 2007-09-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mobipcs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.top-banners.com/tmc/to.php?id=t...TTC=0&GNW=0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe"
O4 - HKLM\..\Run: [HumMeteringClient] rundll32.exe "C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\MeteringClient.dll",RegisterProduct
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - http://216.30.167.159/BusinessPortal/UI/Re...ebBehaviors.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coralwireless.com
O17 - HKLM\Software\..\Telephony: DomainName = coralwireless.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7737D90E-C9C7-49ED-92E9-BE06A5A169CA}: NameServer = 216.30.172.66,10.0.1.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = coralwireless.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Hummingbird HostExplorer Print Services (PESRV) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Hummingbird Proxy Server (ProxyEngine) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\ProxyEngine.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 12800 bytes

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:40 PM

Posted 22 September 2007 - 05:06 AM

Just a few more and we should be good.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.


Folder::
C:\WINDOWS\system32\drvr2
C:\WINDOWS\system32\cfig322
C:\WINDOWS\system32\capcam

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.

Let me know how things are working. Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 rbailey64

rbailey64
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:08:40 AM

Posted 22 September 2007 - 04:15 PM

Hello Sam,

See logs pasted below please. Things are way much better than when I first contacted you. Thank you!
Expect to see a donation soon! You guys are extraordinary.
:thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04, on 2007-09-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mobipcs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.top-banners.com/tmc/to.php?id=t...TTC=0&GNW=0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20F72847-731D-4D90-08AB-C353256F24B2} - (no file)
O2 - BHO: (no name) - {259B8377-BBCB-4F59-0FBB-1C0EEFDA53F3} - (no file)
O2 - BHO: (no name) - {267F7201-0AC0-4DD5-A94D-D6FE63B18825} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5541C542-CA61-43E3-83AB-0ED65A238871} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {73059F16-5E57-49EB-AA1A-353312E1C4FB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8D73E0CA-D120-4D83-ADAF-4DBC499BE90A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe"
O4 - HKLM\..\Run: [HumMeteringClient] rundll32.exe "C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\MeteringClient.dll",RegisterProduct
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-430603267-1734416022-1497730634-1127\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (User 'richard.bailey')
O4 - HKUS\S-1-5-21-430603267-1734416022-1497730634-1127\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'richard.bailey')
O4 - HKUS\S-1-5-21-430603267-1734416022-1497730634-1127\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'richard.bailey')
O4 - HKUS\S-1-5-21-430603267-1734416022-1497730634-1127\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'richard.bailey')
O4 - HKUS\S-1-5-21-430603267-1734416022-1497730634-1127\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" (User 'richard.bailey')
O4 - S-1-5-21-430603267-1734416022-1497730634-1127 Startup: MXIE User.lnk = C:\Program Files\Zultys\MXIE\bin\MXUser.exe (User 'richard.bailey')
O4 - S-1-5-21-430603267-1734416022-1497730634-1127 User Startup: MXIE User.lnk = C:\Program Files\Zultys\MXIE\bin\MXUser.exe (User 'richard.bailey')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - http://216.30.167.159/BusinessPortal/UI/Re...ebBehaviors.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coralwireless.com
O17 - HKLM\Software\..\Telephony: DomainName = coralwireless.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7737D90E-C9C7-49ED-92E9-BE06A5A169CA}: NameServer = 216.30.172.66,10.0.1.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = coralwireless.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = coralwireless.com
O20 - Winlogon Notify: cbxvvtr - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Hummingbird HostExplorer Print Services (PESRV) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Hummingbird Proxy Server (ProxyEngine) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\ProxyEngine.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 14946 bytes


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04, on 2007-09-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mobipcs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.top-banners.com/tmc/to.php?id=t...TTC=0&GNW=0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20F72847-731D-4D90-08AB-C353256F24B2} - (no file)
O2 - BHO: (no name) - {259B8377-BBCB-4F59-0FBB-1C0EEFDA53F3} - (no file)
O2 - BHO: (no name) - {267F7201-0AC0-4DD5-A94D-D6FE63B18825} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5541C542-CA61-43E3-83AB-0ED65A238871} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {73059F16-5E57-49EB-AA1A-353312E1C4FB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8D73E0CA-D120-4D83-ADAF-4DBC499BE90A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe"
O4 - HKLM\..\Run: [HumMeteringClient] rundll32.exe "C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\MeteringClient.dll",RegisterProduct
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-430603267-1734416022-1497730634-1127\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (User 'richard.bailey')
O4 - HKUS\S-1-5-21-430603267-1734416022-1497730634-1127\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'richard.bailey')
O4 - HKUS\S-1-5-21-430603267-1734416022-1497730634-1127\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'richard.bailey')
O4 - HKUS\S-1-5-21-430603267-1734416022-1497730634-1127\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'richard.bailey')
O4 - HKUS\S-1-5-21-430603267-1734416022-1497730634-1127\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" (User 'richard.bailey')
O4 - S-1-5-21-430603267-1734416022-1497730634-1127 Startup: MXIE User.lnk = C:\Program Files\Zultys\MXIE\bin\MXUser.exe (User 'richard.bailey')
O4 - S-1-5-21-430603267-1734416022-1497730634-1127 User Startup: MXIE User.lnk = C:\Program Files\Zultys\MXIE\bin\MXUser.exe (User 'richard.bailey')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - http://216.30.167.159/BusinessPortal/UI/Re...ebBehaviors.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coralwireless.com
O17 - HKLM\Software\..\Telephony: DomainName = coralwireless.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7737D90E-C9C7-49ED-92E9-BE06A5A169CA}: NameServer = 216.30.172.66,10.0.1.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = coralwireless.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = coralwireless.com
O20 - Winlogon Notify: cbxvvtr - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Hummingbird HostExplorer Print Services (PESRV) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Hummingbird Proxy Server (ProxyEngine) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\ProxyEngine.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 14946 bytes

Thanks!

#10 rbailey64

rbailey64
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:08:40 AM

Posted 22 September 2007 - 04:23 PM

Sorry Sam!
:thumbsup:

Made a mistake and didn't paste the combofix text. Here it is. Forgive me.

Thanks again!


ComboFix 07-09-20.1 - "Administrator" 2007-09-22 10:54:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.116 [GMT -10:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\capcam
C:\WINDOWS\system32\cfig322
C:\WINDOWS\system32\drvr2

.
((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 )))))))))))))))))))))))))))))))
.

2007-09-21 17:39 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2007-09-21 16:35 <DIR> d-------- C:\Program Files\MSECache
2007-09-21 14:06 <DIR> d-------- C:\Program Files\Common Files\HP
2007-09-21 14:02 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
2007-09-21 13:57 68,952 --a------ C:\WINDOWS\hpoins05.dat
2007-09-21 13:57 19,696 --------- C:\WINDOWS\hpomdl05.dat
2007-09-21 13:50 581,632 --a------ C:\WINDOWS\system32\hpotscl.dll
2007-09-21 13:50 229,376 --a------ C:\WINDOWS\system32\hpovst08.dll
2007-09-20 12:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-20 09:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-19 19:08 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\DoctorWeb
2007-09-19 17:50 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-19 17:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 16:20 <DIR> d-------- C:\ffdeb9766a8ef5f69d658791544e8824
2007-09-19 11:29 81,024 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2007-09-19 11:29 105,856 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-09-19 11:26 67,784 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2007-09-19 11:10 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-09-19 08:18 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-09-18 16:13 <DIR> d-------- C:\DOCUME~1\RICHAR~1.BAI\.housecall6.6
2007-09-13 10:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-13 08:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-12 15:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\.housecall6.6
2007-09-12 09:02 <DIR> d-------- C:\Program Files\Windows Defender
2007-09-11 11:58 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\APPLIC~1\Google
2007-09-11 11:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\APPLIC~1\Symantec
2007-09-11 11:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1.COR\APPLIC~1\Sonic
2007-09-10 20:34 <DIR> d--hs---- C:\WINDOWS\SmltIE1jV2hpcnRlcg
2007-09-10 15:59 83,168 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-10 15:59 82,832 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-10 15:16 73,216 --a------ C:\WINDOWS\system32\DWRCST.EXE
2007-09-10 15:16 65,536 --a------ C:\WINDOWS\system32\DWRCShell.dll
2007-09-10 15:16 53,248 --a------ C:\WINDOWS\system32\DWRCK.DLL
2007-09-10 15:16 229,376 --a------ C:\WINDOWS\system32\DWRCSET.DLL
2007-09-10 15:16 221,696 --a------ C:\WINDOWS\system32\DWRCS.EXE
2007-09-10 14:13 <DIR> d-------- C:\WINDOWS\pss
2007-09-10 11:47 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Google
2007-09-02 11:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
2007-08-27 23:26 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-08-27 23:26 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-22 10:17 --------- d-------- C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\OrgPlus6
2007-09-22 10:08 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-21 16:05 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-09-21 14:04 --------- d-------- C:\Program Files\Hewlett-Packard
2007-09-19 18:22 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-19 13:46 --------- d-------- C:\Program Files\Nokia
2007-09-13 16:40 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-13 16:38 --------- d-------- C:\Program Files\QuickTime
2007-09-13 16:38 --------- d-------- C:\Program Files\Google
2007-09-13 16:38 --------- d-------- C:\Program Files\Digital Line Detect
2007-09-11 11:18 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-10 16:00 --------- d-------- C:\Program Files\Symantec
2007-09-10 15:59 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-02 09:52 109568 --a--c--- C:\WINDOWS\system32\pxinsi64.exe
2007-09-02 09:52 108544 --a--c--- C:\WINDOWS\system32\pxcpyi64.exe
2007-08-19 21:16 --------- d-------- C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\Skype
2007-08-19 09:09 --------- d-------- C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\AdobeAUM
2007-08-19 09:08 --------- d-------- C:\DOCUME~1\RICHAR~1.BAI\APPLIC~1\AdobeUM
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-18 20:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 13:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 04:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 04:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 04:34 6058496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 04:34 52224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 04:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 04:34 459264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 04:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 04:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 04:34 383488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 04:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 04:34 267776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 04:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 04:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 04:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 04:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 04:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 04:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 04:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 04:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 04:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-26 22:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-26 22:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-26 22:27 13824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 21:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-25 20:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 20:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-01-25 10:50 9232 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmmdfl.sys
2007-01-25 10:50 92064 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmmdm.sys
2007-01-25 10:50 79328 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmserd.sys
2007-01-25 10:50 66656 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmbus.sys
2007-01-25 10:50 6208 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmcmnt.sys
2007-01-25 10:50 5936 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmwhnt.sys
2007-01-25 10:50 4048 -----c--- C:\DOCUME~1\RICHAR~1.BAI\mqdmcr.sys
2007-01-25 10:50 25600 -----c--- C:\DOCUME~1\RICHAR~1.BAI\usbsermptxp.sys
2007-01-25 10:50 22768 -----c--- C:\DOCUME~1\RICHAR~1.BAI\usbsermpt.sys
2005-07-12 09:27 7922 --a--c--- C:\Program Files\DEISL1.ISU
2005-06-17 13:39 13824 -----c--- C:\DOCUME~1\RICHAR~1.BAI\atwbxdet.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-20_123138.37 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 306,688 1998-10-30 02:45:06 C:\WINDOWS\IsUninst.exe
----a-w 77,824 2007-09-22 00:06:41 C:\WINDOWS\assembly\GAC\AxInterop.LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\AxInterop.LTRASTERVIEWLib.dll
----a-w 45,056 2007-09-22 00:07:06 C:\WINDOWS\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\AxInterop.SHDocVw.dll
----a-w 31,744 2007-09-22 00:07:40 C:\WINDOWS\assembly\GAC\hplMosaicNet\1.3.1.0__0d5444959b41355f\hplMosaicNet.dll
----a-w 28,672 2007-09-22 00:06:33 C:\WINDOWS\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\HPODMmcLib.dll
----a-w 131,072 2007-09-22 00:06:45 C:\WINDOWS\assembly\GAC\hpqactiv\3.0.0.0__a53cf5803f4c3827\hpqactiv.dll
----a-w 9,728 2007-09-22 00:06:45 C:\WINDOWS\assembly\GAC\hpqactiv.resources\3.0.0.0_en_a53cf5803f4c3827\hpqactiv.resources.dll
----a-w 28,672 2007-09-22 00:06:30 C:\WINDOWS\assembly\GAC\hpqalb\3.0.0.0__a53cf5803f4c3827\hpqalb.dll
----a-w 24,576 2007-09-22 00:06:29 C:\WINDOWS\assembly\GAC\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
----a-w 237,568 2007-09-22 00:07:40 C:\WINDOWS\assembly\GAC\hpqcalp\3.0.0.0__a53cf5803f4c3827\hpqcalp.dll
----a-w 90,112 2007-09-22 00:07:41 C:\WINDOWS\assembly\GAC\hpqcalp.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcalp.resources.dll
----a-w 24,576 2007-09-22 00:07:41 C:\WINDOWS\assembly\GAC\hpqcalrsc\3.0.0.0__a53cf5803f4c3827\hpqcalrsc.dll
----a-w 4,096 2007-09-22 00:07:41 C:\WINDOWS\assembly\GAC\hpqcalrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcalrsc.resources.dll
----a-w 196,608 2007-09-22 00:04:54 C:\WINDOWS\assembly\GAC\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
----a-w 184,320 2007-09-22 00:04:54 C:\WINDOWS\assembly\GAC\hpqccrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqccrsc.resources.dll
----a-w 475,136 2007-09-22 00:04:53 C:\WINDOWS\assembly\GAC\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
----a-w 98,304 2007-09-22 00:04:53 C:\WINDOWS\assembly\GAC\hpqcmctl.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcmctl.resources.dll
----a-w 32,768 2007-09-22 00:07:38 C:\WINDOWS\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\hpqcpint.dll
----a-w 32,768 2007-09-22 00:07:38 C:\WINDOWS\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
----a-w 7,168 2007-09-22 00:07:38 C:\WINDOWS\assembly\GAC\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
----a-w 94,208 2007-09-22 00:06:42 C:\WINDOWS\assembly\GAC\hpqdcprf\3.0.0.0__a53cf5803f4c3827\hpqdcprf.dll
----a-w 49,152 2007-09-22 00:06:42 C:\WINDOWS\assembly\GAC\hpqdcprf.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdcprf.resources.dll
----a-w 147,456 2007-09-22 00:06:42 C:\WINDOWS\assembly\GAC\hpqdcrsc\3.0.0.0__a53cf5803f4c3827\hpqdcrsc.dll
----a-w 36,864 2007-09-22 00:06:43 C:\WINDOWS\assembly\GAC\hpqdcrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdcrsc.resources.dll
----a-w 98,304 2007-09-22 00:06:46 C:\WINDOWS\assembly\GAC\hpqdocpt\3.0.0.0__a53cf5803f4c3827\hpqdocpt.dll
----a-w 16,384 2007-09-22 00:06:46 C:\WINDOWS\assembly\GAC\hpqdocpt.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdocpt.resources.dll
----a-w 278,528 2007-09-22 00:06:43 C:\WINDOWS\assembly\GAC\hpqdocvw\3.0.0.0__a53cf5803f4c3827\hpqdocvw.dll
----a-w 110,592 2007-09-22 00:06:43 C:\WINDOWS\assembly\GAC\hpqdocvw.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdocvw.resources.dll
----a-w 24,576 2007-09-22 00:06:47 C:\WINDOWS\assembly\GAC\hpqeal\3.0.0.0__a53cf5803f4c3827\hpqeal.dll
----a-w 24,576 2007-09-22 00:07:42 C:\WINDOWS\assembly\GAC\hpqedppi\3.0.0.0__a53cf5803f4c3827\hpqedppi.dll
----a-w 28,672 2007-09-22 00:06:30 C:\WINDOWS\assembly\GAC\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
----a-w 6,656 2007-09-22 00:06:30 C:\WINDOWS\assembly\GAC\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
----a-w 126,976 2007-09-22 00:06:29 C:\WINDOWS\assembly\GAC\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
----a-w 61,440 2007-09-22 00:06:30 C:\WINDOWS\assembly\GAC\hpqgldlg.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgldlg.resources.dll
----a-w 65,536 2007-09-22 00:06:31 C:\WINDOWS\assembly\GAC\hpqglutl\3.0.0.0__a53cf5803f4c3827\hpqglutl.dll
----a-w 32,768 2007-09-22 00:06:31 C:\WINDOWS\assembly\GAC\hpqglutl.resources\3.0.0.0_en_a53cf5803f4c3827\hpqglutl.resources.dll
----a-w 110,592 2007-09-22 00:07:42 C:\WINDOWS\assembly\GAC\hpqgprsc\3.0.0.0__a53cf5803f4c3827\hpqgprsc.dll
----a-w 10,752 2007-09-22 00:07:42 C:\WINDOWS\assembly\GAC\hpqgprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgprsc.resources.dll
----a-w 73,728 2007-09-22 00:04:54 C:\WINDOWS\assembly\GAC\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
----a-w 151,552 2007-09-22 00:07:42 C:\WINDOWS\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\hpqgtpin.dll
----a-w 40,960 2007-09-22 00:07:43 C:\WINDOWS\assembly\GAC\hpqgtpin.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgtpin.resources.dll
----a-w 798,720 2007-09-22 00:07:36 C:\WINDOWS\assembly\GAC\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
----a-w 245,760 2007-09-22 00:07:36 C:\WINDOWS\assembly\GAC\hpqietpz.resources\3.0.0.0_en_a53cf5803f4c3827\hpqietpz.resources.dll
----a-w 16,384 2007-09-22 00:06:31 C:\WINDOWS\assembly\GAC\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
----a-w 167,936 2007-09-22 00:06:31 C:\WINDOWS\assembly\GAC\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
----a-w 24,576 2007-09-22 00:07:34 C:\WINDOWS\assembly\GAC\hpqimgrc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqimgrc.resources.dll
----a-w 49,152 2007-09-22 00:06:45 C:\WINDOWS\assembly\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
----a-w 32,768 2007-09-22 00:07:09 C:\WINDOWS\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
----a-w 229,376 2007-09-22 00:07:09 C:\WINDOWS\assembly\GAC\hpqistab\4.0.0.0__a53cf5803f4c3827\hpqistab.dll
----a-w 20,480 2007-09-22 00:06:45 C:\WINDOWS\assembly\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\hpqltutl.dll
----a-w 65,536 2007-09-22 00:06:37 C:\WINDOWS\assembly\GAC\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
----a-w 8,704 2007-09-22 00:06:37 C:\WINDOWS\assembly\GAC\hpqmdmr.resources\3.0.0.0_en_a53cf5803f4c3827\hpqmdmr.resources.dll
----a-w 36,864 2007-09-22 00:06:37 C:\WINDOWS\assembly\GAC\hpqmpvad\3.0.0.0__a53cf5803f4c3827\hpqmpvad.dll
----a-w 651,264 2007-09-22 00:06:43 C:\WINDOWS\assembly\GAC\hpqmydoc\3.0.0.0__a53cf5803f4c3827\hpqmydoc.dll
----a-w 266,240 2007-09-22 00:06:43 C:\WINDOWS\assembly\GAC\hpqmydoc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqmydoc.resources.dll
----a-w 16,384 2007-09-22 00:07:35 C:\WINDOWS\assembly\GAC\hpqmyint\3.0.0.0__a53cf5803f4c3827\hpqmyint.dll
----a-w 57,344 2007-09-22 00:04:54 C:\WINDOWS\assembly\GAC\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
----a-w 364,544 2007-09-22 00:07:43 C:\WINDOWS\assembly\GAC\hpqpanop\3.0.0.0__a53cf5803f4c3827\hpqpanop.dll
----a-w 77,824 2007-09-22 00:07:43 C:\WINDOWS\assembly\GAC\hpqpanop.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpanop.resources.dll
----a-w 172,032 2007-09-22 00:06:49 C:\WINDOWS\assembly\GAC\hpqpdmdl\3.0.0.0__a53cf5803f4c3827\hpqpdmdl.dll
----a-w 131,072 2007-09-22 00:06:49 C:\WINDOWS\assembly\GAC\hpqpel10\3.0.0.0__a53cf5803f4c3827\hpqpel10.dll
----a-w 13,312 2007-09-22 00:06:49 C:\WINDOWS\assembly\GAC\hpqpel10.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpel10.resources.dll
----a-w 20,480 2007-09-22 00:06:50 C:\WINDOWS\assembly\GAC\hpqprif\3.0.0.0__a53cf5803f4c3827\hpqprif.dll
----a-w 307,200 2007-09-22 00:07:38 C:\WINDOWS\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\hpqprjfx.dll
----a-w 98,304 2007-09-22 00:07:38 C:\WINDOWS\assembly\GAC\hpqprjfx.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprjfx.resources.dll
----a-w 53,248 2007-09-22 00:06:49 C:\WINDOWS\assembly\GAC\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
----a-w 11,264 2007-09-22 00:06:49 C:\WINDOWS\assembly\GAC\hpqprrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprrsc.resources.dll
----a-w 294,912 2007-09-22 00:06:50 C:\WINDOWS\assembly\GAC\hpqprutl\3.0.0.0__a53cf5803f4c3827\hpqprutl.dll
----a-w 86,016 2007-09-22 00:06:50 C:\WINDOWS\assembly\GAC\hpqprutl.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprutl.resources.dll
----a-w 16,384 2007-09-22 00:04:56 C:\WINDOWS\assembly\GAC\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
----a-w 1,044,480 2007-09-22 00:06:47 C:\WINDOWS\assembly\GAC\hpqptfx\3.0.0.0__a53cf5803f4c3827\hpqptfx.dll
----a-w 303,104 2007-09-22 00:06:48 C:\WINDOWS\assembly\GAC\hpqptfx.resources\3.0.0.0_en_a53cf5803f4c3827\hpqptfx.resources.dll
----a-w 61,440 2007-09-22 00:06:48 C:\WINDOWS\assembly\GAC\hpqptint\3.0.0.0__a53cf5803f4c3827\hpqptint.dll
----a-w 8,192 2007-09-22 00:06:49 C:\WINDOWS\assembly\GAC\hpqptint.resources\3.0.0.0_en_a53cf5803f4c3827\hpqptint.resources.dll
----a-w 77,824 2007-09-22 00:06:44 C:\WINDOWS\assembly\GAC\hpqshfop\3.0.0.0__a53cf5803f4c3827\hpqshfop.dll
----a-w 49,152 2007-09-22 00:06:44 C:\WINDOWS\assembly\GAC\hpqshfop.resources\3.0.0.0_en_a53cf5803f4c3827\hpqshfop.resources.dll
----a-w 28,672 2007-09-22 00:06:32 C:\WINDOWS\assembly\GAC\hpqthrsc\3.0.0.0__a53cf5803f4c3827\hpqthrsc.dll
----a-w 3,584 2007-09-22 00:06:32 C:\WINDOWS\assembly\GAC\hpqthrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqthrsc.resources.dll
----a-w 45,056 2007-09-22 00:06:32 C:\WINDOWS\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
----a-w 229,376 2007-09-22 00:06:32 C:\WINDOWS\assembly\GAC\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
----a-w 86,016 2007-09-22 00:06:32 C:\WINDOWS\assembly\GAC\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
----a-w 163,840 2007-09-22 00:04:54 C:\WINDOWS\assembly\GAC\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
----a-w 73,728 2007-09-22 00:06:39 C:\WINDOWS\assembly\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
----a-w 36,864 2007-09-22 00:04:56 C:\WINDOWS\assembly\GAC\Interop.HPDarc\1.0.0.0__19565c63d39c2842\Interop.hpdarc.dll
----a-w 98,304 2007-09-22 00:04:55 C:\WINDOWS\assembly\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\Interop.hpocxi08.dll
----a-w 24,576 2007-09-22 00:06:33 C:\WINDOWS\assembly\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\interop.hpodae.dll
----a-w 53,248 2007-09-22 00:06:33 C:\WINDOWS\assembly\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\interop.hpodai.dll
----a-w 12,800 2007-09-22 00:06:33 C:\WINDOWS\assembly\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\interop.hpodaud.dll
----a-w 94,208 2007-09-22 00:04:55 C:\WINDOWS\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\Interop.hpodeb08.dll
----a-w 10,240 2007-09-22 00:04:55 C:\WINDOWS\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\Interop.hpodev08.dll
----a-w 172,032 2007-09-22 00:04:55 C:\WINDOWS\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\Interop.hpodio08.dll
----a-w 15,360 2007-09-22 00:06:33 C:\WINDOWS\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\interop.hpodmmc.dll
----a-w 6,656 2007-09-22 00:06:33 C:\WINDOWS\assembly\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\interop.hpodmp.dll
----a-w 7,680 2007-09-22 00:06:34 C:\WINDOWS\assembly\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\interop.hpodmpv.dll
----a-w 12,800 2007-09-22 00:06:34 C:\WINDOWS\assembly\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\interop.hpodmpv_md.dll
----a-w 4,608 2007-09-22 00:07:39 C:\WINDOWS\assembly\GAC\interop.hpodprint2\4.0.0.0__a53cf5803f4c3827\interop.hpodprint2.dll
----a-w 13,312 2007-09-22 00:06:34 C:\WINDOWS\assembly\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\interop.hpodtrk.dll
----a-w 13,312 2007-09-22 00:06:34 C:\WINDOWS\assembly\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\interop.hpodvid.dll
----a-w 15,872 2007-09-22 00:06:34 C:\WINDOWS\assembly\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827\interop.hpodxmlutil.dll
----a-w 5,632 2007-09-22 00:06:33 C:\WINDOWS\assembly\GAC\interop.hpqcldat\1.0.0.0__a53cf5803f4c3827\interop.hpqcldat.dll
----a-w 36,864 2007-09-22 00:04:55 C:\WINDOWS\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\Interop.hpqcxm08.dll
----a-w 28,672 2007-09-22 00:04:54 C:\WINDOWS\assembly\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\Interop.hpqdstcp.dll
----a-w 10,240 2007-09-22 00:06:33 C:\WINDOWS\assembly\GAC\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
----a-w 7,680 2007-09-22 00:06:34 C:\WINDOWS\assembly\GAC\Interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\Interop.hpqvideo.dll
----a-w 4,096 2007-09-22 00:07:34 C:\WINDOWS\assembly\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\Interop.hprblog.dll
----a-w 90,112 2007-09-22 00:06:40 C:\WINDOWS\assembly\GAC\Interop.LTANNLib\1.0.0.0__a53cf5803f4c3827\Interop.LTANNLib.dll
----a-w 18,944 2007-09-22 00:07:07 C:\WINDOWS\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\Interop.MsHtmHst.dll
----a-w 126,976 2007-09-22 00:07:06 C:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\Interop.SHDocVw.dll
----a-w 77,824 2007-09-22 00:06:36 C:\WINDOWS\assembly\GAC\LEAD\13.0.0.89__9cf889f53ea9b907\LEAD.dll
----a-w 86,016 2007-09-22 00:06:35 C:\WINDOWS\assembly\GAC\LEAD.Drawing\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.dll
----a-w 81,920 2007-09-22 00:06:34 C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.Imaging.Codecs.dll
----a-w 90,112 2007-09-22 00:06:35 C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.Imaging.ImageProcessing.dll
----a-w 102,400 2007-09-22 00:06:35 C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.Imaging.Twain.dll
----a-w 40,960 2007-09-22 00:06:36 C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms\13.0.0.89__9cf889f53ea9b907\LEAD.Windows.Forms.dll
----a-w 106,496 2007-09-22 00:06:36 C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.89__9cf889f53ea9b907\LEAD.Windows.Forms.CommonDialogs.dll
----a-w 69,632 2007-09-22 00:06:36 C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.89__9cf889f53ea9b907\LEAD.Windows.Forms.DrawingContainer.dll
----a-w 430,080 2007-09-22 00:06:36 C:\WINDOWS\assembly\GAC\LEAD.Wrapper\13.0.0.89__9cf889f53ea9b907\LEAD.Wrapper.dll
----a-w 73,728 2007-09-22 00:06:40 C:\WINDOWS\assembly\GAC\LTRASTERIOLib\1.0.0.0__a53cf5803f4c3827\LTRASTERIOLib.dll
----a-w 40,960 2007-09-22 00:06:41 C:\WINDOWS\assembly\GAC\LTRASTERLib\1.0.0.0__a53cf5803f4c3827\LTRASTERLib.dll
----a-w 90,112 2007-09-22 00:06:41 C:\WINDOWS\assembly\GAC\LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\LTRASTERVIEWLib.dll
----a-w 8,007,680 2007-09-22 00:07:07 C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
----a-w 1,103,248 2007-09-22 02:03:31 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
----a-w 144,784 2007-09-22 02:02:55 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
----a-w 411,024 2007-09-22 02:04:10 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
----a-w 38,304 2007-09-22 02:04:02 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
----a-w 464,272 2007-09-22 01:57:13 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
----a-w 226,712 2007-09-22 02:04:46 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
----a-w 214,424 2007-09-22 02:05:04 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
----a-w 22,928 2007-09-22 02:03:09 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
----a-w 664,968 2007-09-22 02:04:28 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
----a-w 66,936 2007-09-22 01:56:25 C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
----a-w 374,152 2007-09-22 02:02:52 C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
----a-w 226,656 2007-09-22 01:56:12 C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
----a-w 3,072 2007-09-22 00:06:36 C:\WINDOWS\assembly\GAC\policy.13.0.LEAD\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.dll
----a-w 3,072 2007-09-22 00:06:36 C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.dll
----a-w 3,584 2007-09-22 00:06:37 C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.Codecs.dll
----a-w 3,584 2007-09-22 00:06:37 C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing.dll
----a-w 3,072 2007-09-22 00:06:37 C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.dll
----a-w 3,584 2007-09-22 00:06:37 C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.CommonDialogs.dll
----a-w 3,584 2007-09-22 00:06:37 C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.DrawingContainer.dll
----a-w 3,072 2007-09-22 00:06:37 C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Wrapper\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Wrapper.dll
----a-r 14,677,368 2007-05-10 20:25:40 C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE
----a-r 309,888 2003-08-16 16:27:38 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\DATAGATH.DLL
----a-r 668,216 2003-08-16 16:29:12 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\DBWIZ.DLL
----a-r 1,142,840 2003-08-16 16:30:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\GANTT.DLL
----a-r 339,000 2003-08-16 16:28:06 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\LGND.DLL
----a-r 159,288 2003-08-16 16:26:54 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\MPXINT.DLL
----a-r 93,304 2003-08-16 16:26:36 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\MSOUTLS.DLL
----a-r 48,184 2003-08-16 16:26:18 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\ORGWIZ.EXE
----a-r 56,896 2003-08-16 16:26:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\PROJIMPT.EXE
----a-r 156,224 2003-08-16 16:27:02 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\PROJMODL.DLL
----a-r 754,232 2003-08-16 16:29:06 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\PROPRPT.DLL
----a-r 434,304 2003-08-16 16:28:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\SAVASWEB.DLL
----a-r 313,912 2003-08-16 16:27:38 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\SAVWBHF.DLL
----a-r 266,816 2003-08-16 16:27:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\SAVWBRAS.DLL
----a-r 263,744 2003-08-16 16:27:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\SAVWBVML.DLL
----a-r 2,641,456 2003-08-16 16:31:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\SG.DLL
----a-r 191,032 2003-08-16 16:27:10 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\SHAPNUM.DLL
----a-r 47,160 2003-08-16 16:26:20 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\TLIMPT.EXE
----a-r 86,080 2003-08-16 16:26:38 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\VIEWMODL.DLL
----a-r 242,816 2003-08-16 16:27:14 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\VISCOLOR.DLL
----a-r 148,088 2003-08-16 16:26:50 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\VISDLGU.DLL
----a-r 2,271,800 2003-08-16 16:31:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\VISFILT.DLL
----a-r 308,856 2003-08-16 16:27:36 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\VISGRF.DLL
----a-r 99,384 2003-08-16 16:26:36 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\VISOCX.DLL
----a-r 91,200 2003-08-16 16:26:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\VISPRX32.DLL
----a-r 785,464 2003-08-16 16:29:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\VISSHE.DLL
----a-r 413,248 2003-08-16 16:28:10 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\VISUTILS.DLL
----a-r 524,344 2003-08-16 16:28:36 C:\WINDOWS\Installer\$PatchCache$\Managed\9040350900063D11C8EF10054038389C\11.0.3216\XFUNC.DLL
----a-r 38,968 2003-07-15 06:57:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
----a-r 94,768 2003-07-15 06:53:06 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\AW.DLL
----a-r 46,144 2003-07-15 06:53:22 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
----a-r 14,904 2003-07-15 06:56:54 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
----a-r 98,360 2003-07-15 06:57:14 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
----a-r 124,480 2003-07-15 06:57:14 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
----a-r 47,872 2003-07-15 07:12:22 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
----a-r 87,104 2003-07-15 06:51:44 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
----a-r 17,464 2003-07-15 06:52:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
----a-r 120,888 2003-07-15 06:57:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
----a-r 27,704 2003-07-15 06:52:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
----a-r 55,360 2003-07-15 06:52:56 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
----a-r 1,292,872 2003-07-11 10:15:48 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
----a-r 376,888 2003-07-15 11:18:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
----a-r 28,224 2003-07-15 06:52:54 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
----a-r 35,896 2003-07-15 06:52:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
----a-r 42,040 2003-07-15 06:46:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
----a-r 55,360 2003-07-15 06:45:12 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
----a-r 39,488 2003-07-15 06:45:12 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
----a-r 41,528 2003-07-15 06:52:58 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
----a-r 145,984 2003-07-15 07:00:54 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
----a-r 56,888 2003-07-15 06:57:10 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\NAME.DLL
----a-r 13,888 2003-07-15 06:56:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
----a-r 223,800 2005-03-23 18:54:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
----a-r 242,240 2003-07-15 11:14:26 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
----a-r 461,416 2005-03-23 18:54:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL
----a-r 77,824 2003-05-09 05:54:00 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
----a-r 40,512 2003-07-15 06:57:08 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
----a-r 58,944 2003-07-15 06:57:08 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
----a-r 11,848 2003-07-15 06:53:14 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
----a-r 64,088 2005-03-23 18:54:26 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
----a-r 174,696 2003-08-16 11:03:04 C:\WINDOWS\Installer\$PatchCache$\Managed\9040A30900063D11C8EF10054038389C\11.0.5614\PJCALEND.DLL
----a-r 146,024 2003-08-16 11:02:46 C:\WINDOWS\Installer\$PatchCache$\Managed\9040A30900063D11C8EF10054038389C\11.0.5614\PJMSGMGR.DLL
----a-r 166,504 2003-08-16 11:02:48 C:\WINDOWS\Installer\$PatchCache$\Managed\9040A30900063D11C8EF10054038389C\11.0.5614\PJMSGSDR.DLL
----a-r 1,100,392 2005-03-23 18:54:20 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL
----a-r 13,368 2003-07-15 06:41:44 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
----a-r 192,573 2002-10-07 17:49:36 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FORM.DLL
----a-r 371,296 2005-03-23 18:54:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL
----a-r 179,768 2003-07-15 06:40:12 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
----a-r 165,944 2003-07-15 06:40:12 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
----a-r 141,928 2005-03-23 18:54:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL
----a-r 252,928 2003-06-19 01:31:10 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
----a-r 40,504 2003-07-15 06:56:14 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
----a-r 54,328 2003-07-15 06:56:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
----a-r 55,872 2003-07-15 06:53:00 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
----a-r 39,488 2003-07-15 06:53:20 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
----a-r 788,480 2003-06-19 01:31:54 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
----a-r 16,384 2003-06-19 01:31:50 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
----a-r 128,104 2003-06-20 00:05:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
----a-r 364,648 2003-06-20 00:05:50 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
----a-r 637,496 2003-07-15 07:02:42 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
----a-r 20,080 2005-03-23 18:54:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL
----a-r 6,144 2003-06-19 01:31:58 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
----a-r 35,448 2005-03-23 18:54:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL
----a-r 1,054,264 2003-07-15 07:05:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
----a-r 102,968 2003-07-15 06:44:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
----a-r 408,176 2005-03-23 18:54:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL
----a-r 49,208 2003-07-15 06:43:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
----a-r 93,752 2003-07-15 11:18:44 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
----a-r 223,856 2005-03-23 18:54:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL
----a-r 167,997 2002-10-07 18:11:00 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
----a-r 211,568 2005-03-23 18:54:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PUBPIA.DLL
----a-r 51,256 2003-07-15 06:40:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
----a-r 81,984 2002-10-07 17:49:42 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
----a-r 390,712 2003-07-21 19:46:38 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
----a-r 349,248 2003-07-15 06:57:18 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
----a-r 66,616 2003-07-15 06:44:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
----a-r 106,561 2002-10-07 17:53:04 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
----a-r 241,729 2002-10-07 17:50:44 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
----a-r 180,289 2002-10-07 17:51:04 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
----a-r 147,520 2002-10-07 17:51:14 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
----a-r 102,467 2002-10-07 17:51:20 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
----a-r 118,847 2002-10-07 17:50:04 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
----a-r 81,983 2002-10-07 17:49:56 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
----a-r 221,252 2002-10-07 17:51:44 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
----a-r 59,960 2003-07-15 06:57:40 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
----a-r 662,120 2005-03-23 18:54:26 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL
----a-r 1,794,113 2002-10-07 18:03:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
----a-r 1,581,120 2003-04-30 19:52:32 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
----a-r 59,466 2003-01-17 22:03:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
----a-r 45,920 2007-04-20 00:10:18 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\AUTHZAX.DLL
----a-r 99,160 2007-03-23 05:29:56 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\AW.DLL
----a-r 66,400 2007-04-20 00:07:38 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\BLNMGR.DLL
----a-r 52,064 2007-04-20 00:07:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\BLNMGRPS.DLL
----a-r 355,168 2007-03-23 05:06:08 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\CDLMSO.DLL
----a-r 53,088 2007-04-19 23:55:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\DFUICOM.EXE
----a-r 19,800 2007-03-23 05:23:32 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\DSITF.DLL
----a-r 121,688 2007-05-10 23:44:02 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\DSSM.EXE
----a-r 43,360 2007-03-23 05:29:28 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\DWDCW20.DLL
----a-r 39,264 2007-03-23 05:29:28 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\DWTRIG20.EXE
----a-r 289,926 2001-06-05 16:13:22 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
----a-r 34,168 2001-06-05 16:13:22 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
----a-r 1,195,888 2007-06-06 20:53:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\FM20.DLL
----a-r 1,168,736 2007-05-31 23:50:10 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\FPSRVUTL.DLL
----a-r 807,256 2007-04-20 00:16:14 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\FPWEC.DLL
----a-r 2,152,792 2007-04-19 23:57:32 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\GRAPH.EXE
----a-r 116,576 2007-04-20 00:10:30 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\IEAWSDC.DLL
----a-r 167,256 2007-04-20 00:09:30 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
----a-r 18,844 2001-06-05 16:13:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
----a-r 65,536 2001-06-05 16:13:26 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
----a-r 131,424 2007-04-20 00:10:38 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSB1CORE.DLL
----a-r 52,576 2007-04-20 00:10:06 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSB1XTOR.DLL
----a-r 238,424 2007-04-20 00:01:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
----a-r 120,160 2007-05-11 00:35:40 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL
----a-r 465,640 2005-05-04 10:06:28 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
----a-r 1,411,816 2005-05-04 10:06:32 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
----a-r 89,440 2007-05-01 01:11:38 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSENCODE.DLL
----a-r 199,408 2005-05-04 10:06:26 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
----a-r 20,824 2007-03-23 05:29:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSMH.DLL
----a-r 127,840 2007-04-20 00:10:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOAUTH.DLL
----a-r 109,912 2007-03-23 05:04:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOCF.DLL
----a-r 130,912 2007-03-23 05:04:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOCFU.DLL
----a-r 31,072 2007-03-23 05:29:22 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSODCW.DLL
----a-r 29,024 2007-04-19 23:56:58 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOEURO.DLL
----a-r 61,280 2007-04-20 00:07:38 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE
----a-r 2,123,104 2007-05-02 23:45:26 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOLAP80.DLL
----a-r 1,293,008 2005-09-20 22:33:08 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSONSEXT.DLL
----a-r 383,328 2007-04-19 23:49:28 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSORUN.DLL
----a-r 36,192 2007-04-20 00:07:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOSTYLE.DLL
----a-r 39,256 2007-03-23 05:29:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOSV.DLL
----a-r 45,408 2007-03-23 05:13:38 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOXEV.DLL
----a-r 58,720 2007-03-23 05:13:38 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOXMLED.EXE
----a-r 46,432 2007-04-19 23:57:40 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOXMLMF.DLL
----a-r 44,888 2007-03-23 05:29:32 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSSH.DLL
----a-r 637,792 2007-04-20 00:00:30 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSTORDB.EXE
----a-r 130,912 2007-04-20 00:00:22 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSTORE.EXE
----a-r 489,824 2007-04-20 00:00:30 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSTORES.DLL
----a-r 157,024 2007-04-20 00:09:02 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSWEBCAP.DLL
----a-r 80,216 2007-04-20 00:10:26 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\NAME.DLL
----a-r 17,248 2007-03-23 05:23:30 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\NPOFFICE.DLL
----a-r 53,260 2001-10-23 08:13:42 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
----a-r 40,972 2001-06-05 16:13:26 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
----a-r 287,576 2007-03-23 05:06:22 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OIS.EXE
----a-r 837,472 2007-04-19 23:50:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OISAPP.DLL
----a-r 46,432 2007-03-23 05:06:08 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OISCTRL.DLL
----a-r 245,600 2007-03-23 05:06:22 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OISGRAPH.DLL
----a-r 99,672 2007-03-23 05:30:30 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OSA.EXE
----a-r 8,069,464 2007-05-10 23:45:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
----a-r 100,192 2007-06-06 22:07:40 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\REFEDIT.DLL
----a-r 63,840 2007-04-20 00:10:18 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\REFIEBAR.DLL
----a-r 65,888 2007-04-20 00:10:20 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\SEQCHK10.DLL
----a-r 390,496 2007-04-20 00:04:10 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\SETLANG.EXE
----a-r 14,704 2007-03-23 05:29:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\SMARTTAGINSTALL.EXE
----a-r 2,839,904 2007-05-10 23:42:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\STSLIST.DLL
----a-r 49,152 2007-09-22 00:04:33 C:\WINDOWS\Installer\{17293791-C82E-476C-9997-9A0FF234A19B}\NewShortcut1_17293791C82E476C99979A0FF234A19B.exe
----a-r 40,960 2007-09-22 00:04:37 C:\WINDOWS\Installer\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
----a-r 38,240 2007-09-22 20:49:54 C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
----a-r 593,920 2007-09-22 01:57:31 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2007-09-22 01:57:31 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2007-09-22 01:57:31 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 27,136 2007-09-22 01:57:31 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-09-22 01:57:32 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 135,168 2007-09-22 02:09:19 C:\WINDOWS\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 4,096 2007-09-22 02:09:19 C:\WINDOWS\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 147,456 2007-09-22 02:09:19 C:\WINDOWS\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
----a-r 12,288 2007-09-22 02:10:55 C:\WINDOWS\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2007-09-22 02:10:56 C:\WINDOWS\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 4,096 2007-09-22 02:10:56 C:\WINDOWS\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 176,128 2007-09-22 02:10:55 C:\WINDOWS\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\visicon.exe
----a-r 12,288 2007-09-22 02:05:52 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2007-09-22 02:05:51 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-09-22 02:05:52 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-09-22 02:05:52 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-09-22 02:05:52 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-09-22 02:05:52 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-09-22 02:05:52 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2007-09-22 02:05:52 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2007-09-22 02:05:53 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-09-22 02:05:51 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-09-22 02:05:51 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-w 1,195,888 2007-06-06 20:53:34 C:\WINDOWS\system32\FM20.DLL
----a-w 35,440 2007-03-23 05:17:04 C:\WINDOWS\system32\FM20ENU.DLL
----a-w 294,864 2007-09-22 03:27:24 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 1,700,352 2001-09-06 08:00:58 C:\WINDOWS\system32\gdiplus.dll
----a-w 278,528 2004-09-30 23:44:49 C:\WINDOWS\system32\hpgwiamd.dll
----a-r 118,784 2004-06-11 22:27:32 C:\WINDOWS\system32\HPODXPAT.DLL
----a-w 274,432 2004-10-04 23:29:01 C:\WINDOWS\system32\HPZc3212.dll
----a-w 196,608 2004-09-30 23:46:36 C:\WINDOWS\system32\hpzcoi12.dll
----a-w 393,216 2004-09-30 23:46:41 C:\WINDOWS\system32\hpzcon12.dll
----a-w 28,040 2007-04-09 23:23:54 C:\WINDOWS\system32\mdimon.dll
----a-w 40,960 2003-03-19 06:44:36 C:\WINDOWS\system32\MFC71CHS.DLL
----a-w 45,056 2003-03-19 06:44:36 C:\WINDOWS\system32\MFC71CHT.DLL
----a-w 65,536 2003-03-19 06:44:34 C:\WINDOWS\system32\MFC71DEU.DLL
----a-w 57,344 2003-03-19 06:44:38 C:\WINDOWS\system32\MFC71ENU.DLL
----a-w 61,440 2003-03-19 06:44:36 C:\WINDOWS\system32\MFC71ESP.DLL
----a-w 61,440 2003-03-19 06:44:34 C:\WINDOWS\system32\MFC71FRA.DLL
----a-w 61,440 2003-03-19 06:44:36 C:\WINDOWS\system32\MFC71ITA.DLL
----a-w 49,152 2003-03-19 06:44:34 C:\WINDOWS\system32\MFC71JPN.DLL
----a-w 49,152 2003-03-19 06:44:38 C:\WINDOWS\system32\MFC71KOR.DLL
----a-w 71,240 2007-09-22 02:28:28 C:\WINDOWS\system32\perfc009.dat
----a-w 422,366 2007-09-22 02:28:28 C:\WINDOWS\system32\perfh009.dat
----a-w 6,784 2001-08-17 23:53:32 C:\WINDOWS\system32\dllcache\serscan.sys
-c--a-w 40,960 2006-07-28 18:12:52 C:\WINDOWS\system32\DRVSTORE\motodrv_ED9E1D4513602E79A5042AFB15EEC838CFBAC867\motodrv.sys
-c--a-w 6,144 2006-07-28 18:10:08 C:\WINDOWS\system32\DRVSTORE\motodrv_ED9E1D4513602E79A5042AFB15EEC838CFBAC867\mot_ci.dll
-c--a-w 66,656 2006-07-13 23:58:00 C:\WINDOWS\system32\DRVSTORE\mqdmbus_67BFC2D4F617F4A83E5FE336D4307F6F95FE4E00\mqdmbus.sys
-c--a-w 5,936 2006-07-14 00:04:28 C:\WINDOWS\system32\DRVSTORE\mqdmbus_67BFC2D4F617F4A83E5FE336D4307F6F95FE4E00\mqdmwhnt.sys
-c--a-w 6,208 2006-07-14 00:01:08 C:\WINDOWS\system32\DRVSTORE\mqdmmdm2_75AAF2CA26CF3703C13B577BBE817D563D7966FA\mqdmcmnt.sys
-c--a-w 9,232 2006-07-14 00:02:40 C:\WINDOWS\system32\DRVSTORE\mqdmmdm2_75AAF2CA26CF3703C13B577BBE817D563D7966FA\mqdmmdfl.sys
-c--a-w 92,064 2006-07-14 00:03:12 C:\WINDOWS\system32\DRVSTORE\mqdmmdm2_75AAF2CA26CF3703C13B577BBE817D563D7966FA\mqdmmdm.sys
-c--a-w 6,208 2006-07-14 00:01:08 C:\WINDOWS\system32\DRVSTORE\mqdmsdm2_B99C1600798545A9297697879B75F0817487FB09\mqdmcmnt.sys
-c--a-w 79,328 2006-07-14 00:03:48 C:\WINDOWS\system32\DRVSTORE\mqdmsdm2_B99C1600798545A9297697879B75F0817487FB09\mqdmserd.sys
-c--a-w 5,632 2006-06-09 04:55:50 C:\WINDOWS\system32\DRVSTORE\p2k_CAF1F26ACCF59AE0A4B67F47D45C4BC1E949295B\motswch.sys
-c--a-w 6,144 2006-07-28 18:10:08 C:\WINDOWS\system32\DRVSTORE\p2k_CAF1F26ACCF59AE0A4B67F47D45C4BC1E949295B\mot_ci.dll
-c--a-w 40,960 2006-07-28 18:10:18 C:\WINDOWS\system32\DRVSTORE\p2k_CAF1F26ACCF59AE0A4B67F47D45C4BC1E949295B\P2k.sys
-c--a-w 5,632 2006-06-09 04:55:50 C:\WINDOWS\system32\DRVSTORE\USBMOT2000_84241E2FE12D013C6AC7003BDD7F6B1C631E8C47\motswch.sys
----a-w 185,913 2004-09-30 23:43:16 C:\WINDOWS\system32\spool\drivers\w32x86\hpof7312.dat
----a-w 40,960 2004-09-30 23:42:43 C:\WINDOWS\system32\spool\drivers\w32x86\hpofax08.dll
----a-w 185,832 2004-09-30 23:44:28 C:\WINDOWS\system32\spool\drivers\w32x86\hpop7312.dat
----a-w 299,008 2004-10-01 00:03:40 C:\WINDOWS\system32\spool\drivers\w32x86\hpzcfg12.exe
----a-w 196,608 2004-09-30 23:46:36 C:\WINDOWS\system32\spool\drivers\w32x86\hpzcoi12.dll
----a-w 393,216 2004-09-30 23:46:41 C:\WINDOWS\system32\spool\drivers\w32x86\hpzcon12.dll
----a-w 2,150,400 2004-10-01 00:03:14 C:\WINDOWS\system32\spool\drivers\w32x86\hpzims12.dll
----a-w 143,360 2004-10-01 00:03:24 C:\WINDOWS\system32\spool\drivers\w32x86\hpzpcl12.dll
----a-w 331,776 2004-10-01 00:03:46 C:\WINDOWS\system32\spool\drivers\w32x86\hpzpre12.exe
----a-w 679,936 2004-10-01 00:03:30 C:\WINDOWS\system32\spool\drivers\w32x86\hpzslk12.dll
----a-w 401,408 2004-10-01 00:03:49 C:\WINDOWS\system32\spool\drivers\w32x86\hpzstc12.exe
----a-w 180,224 2004-10-01 00:03:53 C:\WINDOWS\system32\spool\drivers\w32x86\hpzstw12.exe
----a-w 61,440 2004-10-01 00:03:34 C:\WINDOWS\system32\spool\drivers\w32x86\hpztbi12.dll
----a-w 176,128 2004-10-01 00:03:56 C:\WINDOWS\system32\spool\drivers\w32x86\hpztbu12.exe
----a-w 7,348,224 2004-10-01 00:03:59 C:\WINDOWS\system32\spool\drivers\w32x86\hpztbx12.exe
----a-w 176,188 2004-10-01 00:03:37 C:\WINDOWS\system32\spool\drivers\w32x86\hpzvip12.dll
----a-w 758,664 2007-04-09 23:24:04 C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
----a-w 46,472 2007-04-09 23:23:58 C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
----a-w 185,913 2004-09-30 23:43:16 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpof7312.dat
----a-w 40,960 2004-09-30 23:42:43 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpofax08.dll
----a-w 185,832 2004-09-30 23:44:28 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpop7312.dat
----a-w 262,144 2004-12-14 15:08:22 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpqip09.dll
----a-w 206,088 2004-12-14 15:38:40 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpqish09.dat
----a-w 28,672 2004-12-14 15:33:39 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpqish09.dll
----a-w 299,008 2004-10-01 00:03:40 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg12.exe
----a-w 196,608 2004-09-30 23:46:36 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcoi12.dll
----a-w 393,216 2004-09-30 23:46:41 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcon12.dll
----a-w 659,456 2004-10-01 00:03:43 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng12.exe
----a-w 69,632 2004-10-01 00:02:57 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzflt12.dll
----a-w 1,597,440 2004-10-01 00:03:03 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzimc12.dll
----a-w 352,256 2004-10-01 00:03:07 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzime12.dll
----a-w 2,150,400 2004-10-01 00:03:14 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzims12.dll
----a-w 225,280 2004-10-01 00:03:21 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzjui12.dll
----a-w 139,345 2004-10-01 00:01:33 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzlnt12.dll
----a-w 143,360 2004-10-01 00:03:24 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpcl12.dll
----a-w 331,776 2004-10-01 00:03:46 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre12.exe
----a-w 3,203,072 2004-09-30 23:59:03 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzr3212.dll
----a-w 372,736 2004-10-01 00:03:27 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzres12.dll
----a-w 1,761,280 2004-09-30 23:59:07 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzrm312.dll
----a-w 679,936 2004-10-01 00:03:30 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzslk12.dll
----a-w 180,315 2004-10-01 00:01:39 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzsnt12.dll
----a-w 401,408 2004-10-01 00:03:49 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc12.exe
----a-w 180,224 2004-10-01 00:03:53 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw12.exe
----a-w 61,440 2004-10-01 00:03:34 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbi12.dll
----a-w 176,128 2004-10-01 00:03:56 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu12.exe
----a-w 7,348,224 2004-10-01 00:03:59 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx12.exe
----a-w 176,188 2004-10-01 00:03:37 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzvip12.dll
----a-w 758,664 2007-04-09 23:24:04 C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
----a-w 46,472 2007-04-09 23:23:58 C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
----a-w 28,552 2007-04-09 23:23:54 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
.
-c--a-w 306,688 1998-10-30 02:45:06 C:\WINDOWS\IsUninst.exe
----a-w 1,100,392 2005-03-23 18:54:20 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
----a-w 141,928 2005-03-23 18:54:24 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
----a-w 408,176 2005-03-23 18:54:24 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
----a-w 35,448 2005-03-23 18:54:24 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
----a-w 461,416 2005-03-23 18:54:24 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
----a-w 223,856 2005-03-23 18:54:24 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
----a-w 211,568 2005-03-23 18:54:24 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
----a-w 20,080 2005-03-23 18:54:24 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
----a-w 662,120 2005-03-23 18:54:26 C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
----a-w 64,088 2005-03-23 18:54:26 C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
----a-w 371,296 2005-03-23 18:54:24 C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
----a-w 223,800 2005-03-23 18:54:24 C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
----a-r 593,920 2007-08-14 21:06:23 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2007-08-14 21:06:23 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2007-08-14 21:06:23 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 27,136 2007-08-14 21:06:23 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-08-14 21:06:24 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 135,168 2007-08-14 21:07:01 C:\WINDOWS\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 4,096 2007-08-14 21:07:01 C:\WINDOWS\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 147,456 2007-08-14 21:07:00 C:\WINDOWS\Installer\{903A0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
----a-r 12,288 2007-08-14 21:07:12 C:\WINDOWS\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2007-08-14 21:07:12 C:\WINDOWS\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 4,096 2007-08-14 21:07:12 C:\WINDOWS\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 176,128 2007-08-14 21:07:12 C:\WINDOWS\Installer\{90530409-6000-11D3-8CFE-0150048383C9}\visicon.exe
----a-r 12,288 2007-09-19 01:56:07 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2007-09-19 01:56:06 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2007-09-19 01:56:07 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2007-09-19 01:56:07 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2007-09-19 01:56:07 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2007-09-19 01:56:07 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2007-09-19 01:56:07 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 61,440 2007-09-19 01:56:06 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
----a-r 23,040 2007-09-19 01:56:07 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2007-09-19 01:56:06 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2007-09-19 01:56:06 C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-w 1,146,320 2005-03-18 00:39:58 C:\WINDOWS\system32\FM20.DLL
----a-w 32,584 2003-07-15 06:57:04 C:\WINDOWS\system32\FM20ENU.DLL
----a-w 275,760 2007-09-03 02:53:45 C:\WINDOWS\system32\FNTCACHE.DAT
----a-r 278,528 2004-09-30 23:44:49 C:\WINDOWS\system32\hpgwiamd.dll
----a-r 274,432 2004-10-04 23:29:01 C:\WINDOWS\system32\HPZc3212.dll
-c--a-w 196,608 2004-09-30 23:46:36 C:\WINDOWS\system32\hpzcoi12.dll
-c--a-w 393,216 2004-09-30 23:46:41 C:\WINDOWS\system32\hpzcon12.dll
----a-w 24,816 2004-03-22 22:17:05 C:\WINDOWS\system32\mdimon.dll
----a-w 71,240 2007-09-20 13:39:52 C:\WINDOWS\system32\perfc009.dat
----a-w 422,366 2007-09-20 13:39:52 C:\WINDOWS\system32\perfh009.dat
-c--a-w 6,784 2001-08-17 23:53:32 C:\WINDOWS\system32\dllcache\serscan.sys
-c--a-r 185,832 2004-09-30 23:44:28 C:\WINDOWS\system32\spool\drivers\w32x86\hpop7312.dat
----a-w 765,680 2004-03-22 22:17:02 C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
----a-w 42,224 2004-03-22 22:17:08 C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
----a-w 765,680 2004-03-22 22:17:02 C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
----a-w 42,224 2004-03-22 22:17:08 C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
----a-w 25,840 2004-03-22 22:17:06 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20F72847-731D-4D90-08AB-C353256F24B2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{259B8377-BBCB-4F59-0FBB-1C0EEFDA53F3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{267F7201-0AC0-4DD5-A94D-D6FE63B18825}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5541C542-CA61-43E3-83AB-0ED65A238871}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73059F16-5E57-49EB-AA1A-353312E1C4FB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D73E0CA-D120-4D83-ADAF-4DBC499BE90A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-11 21:32 C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-06-16 08:53]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-06-16 08:53]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-30 09:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-30 08:59]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 16:39]
"TpShocks"="TpShocks.exe" [2004-03-26 16:16 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-06 17:26]
"TP4EX"="tp4ex.exe" [2002-09-03 23:05 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 00:04]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [2004-06-25 13:39]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 23:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-01 23:05]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 00:01]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2004-03-19 10:12]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 01:30]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-28 23:37]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-28 23:37]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-28 23:37]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-16 23:50 C:\WINDOWS\LOGI_MWX.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"IPInSightLAN 01"="C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe" [2002-12-26 12:39]
"IPInSightMonitor 01"="C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe" [2002-12-26 12:39]
"HumMeteringClient"="C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\MeteringClient.dll" [2004-07-09 12:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-08-01 15:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 00:01]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 06:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 08:07]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvvtr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2004-08-18 01:30 258048 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;C:\WINDOWS\system32\DRIVERS\dwvkbd.sys
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS
R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R2 PESRV;Hummingbird HostExplorer Print Services;"C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe"
R3 DwMirror;DwMirror;C:\WINDOWS\system32\DRIVERS\DamewareMini.sys
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
S3 ExtranetAccess;Contivity VPN Service;"C:\Program Files\Nortel Networks\Extranet_serv.exe"
S3 ProxyEngine;Hummingbird Proxy Server;"C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\ProxyEngine.exe"
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
S3 U2SP;USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 01:24:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-03-23 11:54:26 C:\WINDOWS\Tasks\BMMTask.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-22 11:00:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-22 11:02:38
C:\ComboFix-quarantined-files.txt ... 2007-09-22 11:02
C:\ComboFix2.txt ... 2007-09-21 08:22
C:\ComboFix3.txt ... 2007-09-20 12:33
.
--- E O F ---

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:40 PM

Posted 23 September 2007 - 06:25 AM

Just a little more cleaning up and we should be done.

You must disable Spybot's Teatimer function before proceeding with this fix. Otherwise it will intefere with hijackthis.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

===========


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {20F72847-731D-4D90-08AB-C353256F24B2} - (no file)
O2 - BHO: (no name) - {259B8377-BBCB-4F59-0FBB-1C0EEFDA53F3} - (no file)
O2 - BHO: (no name) - {267F7201-0AC0-4DD5-A94D-D6FE63B18825} - (no file)
O2 - BHO: (no name) - {5541C542-CA61-43E3-83AB-0ED65A238871} - (no file)
O2 - BHO: (no name) - {73059F16-5E57-49EB-AA1A-353312E1C4FB} - (no file)
O2 - BHO: (no name) - {8D73E0CA-D120-4D83-ADAF-4DBC499BE90A} - (no file)
O20 - Winlogon Notify: cbxvvtr - C:\WINDOWS\



Reboot and post one last hijackthis log.
Let me know of any problems that you might still be having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 rbailey64

rbailey64
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:08:40 AM

Posted 24 September 2007 - 04:13 PM

Hello Sam,

The instructions were a little tricky, but I think I did it correctly. Below is the log and I will let you know how it goes after a day or two of using it. For the last few days it has been working great ever since you first ran that Combofix on it actually. Hasn't really mishbehaved since then, whereas before it was a nightmare to use.

Thanks again!
:thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54, on 2007-09-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZinw12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mobipcs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.top-banners.com/tmc/to.php?id=t...TTC=0&GNW=0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Nortel\IPMon32.exe"
O4 - HKLM\..\Run: [HumMeteringClient] rundll32.exe "C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\MeteringClient.dll",RegisterProduct
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - http://216.30.167.159/BusinessPortal/UI/Re...ebBehaviors.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coralwireless.com
O17 - HKLM\Software\..\Telephony: DomainName = coralwireless.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7737D90E-C9C7-49ED-92E9-BE06A5A169CA}: NameServer = 216.30.172.66,10.0.1.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = coralwireless.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Hummingbird HostExplorer Print Services (PESRV) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\10.00\HostExplorer\PrintServices\PESRV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Hummingbird Proxy Server (ProxyEngine) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\10.00\Accessories\ProxyEngine.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 13313 bytes

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:40 PM

Posted 24 September 2007 - 06:03 PM

Looks good to me! :blink:


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :wacko:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 rbailey64

rbailey64
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hawaii
  • Local time:08:40 AM

Posted 26 September 2007 - 05:11 AM

Hello Sam,

I did come across one odd problem it seems.
I am not sure if it is related to the virus cleaning we did, but I was able to use my VPN connection with no issues before being infected.
Now it seems to fail when I try to use it to log in. I used another laptop and was able to log in from that one, so it appears to be something on this computer that is causing it to fail.
I rebuilt the connection and the same thing happens.
Any idea what it could be?

Everything else seems fine. :thumbsup:
Thanks!

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:40 PM

Posted 26 September 2007 - 09:19 AM

I'm not too familiar with VPN myself, but I did go back through and review everything that we did and I don't see anything that would have affected your VPN connection. If you continue to have problems with it, you may want to start a new thread here.

http://www.bleepingcomputer.com/forums/f/14/web-browsingemail-and-other-internet-applications/

It doesn't appear, from what I see to have a direct connection to your malware issue.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users