Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Problem


  • This topic is locked This topic is locked
12 replies to this topic

#1 tester1234

tester1234

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 03 December 2007 - 02:47 PM

I am still having google and yahoo redirect problems through Webcry after running various anti-spyaer including Spy Sweeper and Spyware Doctor.

Here is a copy of the HijackThis log. Your help is much appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:49 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apoint.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 172.25.0.23 bti_oracle
O1 - Hosts: 172.25.0.175 bti_sql
O1 - Hosts: 172.25.0.18 canon3100
O1 - Hosts: 172.25.0.5 pdc
O1 - Hosts: 172.25.0.5 pdc
O2 - BHO: (no name) - {0e573fcf-53ff-4f18-bc45-6ba48648aef1} - C:\WINDOWS\system32\phxpzz.dll
O2 - BHO: (no name) - {28426638-1dd2-11b2-80b6-f9a90ad94da6} - C:\WINDOWS\grctypqf.dll
O2 - BHO: (no name) - {b3080088-1dd1-11b2-bf8c-cda82e4fab02} - C:\WINDOWS\lshcdopk.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [kjyfetqx] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kjyfetqx.dll"
O4 - HKLM\..\Run: [gxgdqpsj] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gxgdqpsj.dll"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: iPassConnect.lnk = C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = btiphotonics.com
O17 - HKLM\Software\..\Telephony: DomainName = btiphotonics.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = btiphotonics.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Secondary Logon seclogonccPwdSvc (seclogonccPwdSvc) - Unknown owner - C:\WINDOWS\system32\2052h.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8654 bytes

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:06:15 PM

Posted 03 December 2007 - 09:16 PM

Hello tester1234 and welcome to BC :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.

Please follow the steps below exactly in the order they are written:

Step #1

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step #2

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
Note: If you don't have HijackThis installed on your computer, dss will prompt you to download and install it for you, please allow this to happen !

In your next post please include the following reports:
  • VundoFix report
  • dss scan reports main.txt and extra.txt
Let me know how the things went.

Regards,
SNOWHITE
Posted Image

#3 tester1234

tester1234
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 04 December 2007 - 10:53 AM

I ran VundoFix and it returned with no infected files found.

Here are the dss scan reports:

main.txt

Deckard's System Scanner v20071014.68
Run by syuen on 2007-12-04 09:47:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
28: 2007-12-04 14:48:23 UTC - RP940 - Deckard's System Scanner Restore Point
27: 2007-12-03 17:57:58 UTC - RP939 - Software Distribution Service 3.0
26: 2007-12-03 17:41:19 UTC - RP938 - Installed Windows Internet Explorer 7.
25: 2007-12-03 17:40:26 UTC - RP937 - Installed Windows IDNMitigationAPIs.
24: 2007-12-03 17:38:38 UTC - RP936 - Installed Windows NLSDownlevelMapping.


-- First Restore Point --
1: 2007-11-08 15:15:31 UTC - RP913 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 1.39 GiB (less than 15%) free.


-- HijackThis (run as syuen.exe) -----------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-04 09:51:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\syuen.BTIPHOTONICS\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O1 - Hosts: 172.25.0.23 bti_oracle
O1 - Hosts: 172.25.0.175 bti_sql
O1 - Hosts: 172.25.0.18 canon3100
O1 - Hosts: 172.25.0.5 pdc
O1 - Hosts: 192.168.172.19 bti_oracle_old
O1 - Hosts: 172.25.0.5 pdc
O2 - BHO: (no name) - {0e573fcf-53ff-4f18-bc45-6ba48648aef1} - C:\WINDOWS\system32\phxpzz.dll
O2 - BHO: (no name) - {28426638-1dd2-11b2-80b6-f9a90ad94da6} - C:\WINDOWS\grctypqf.dll
O2 - BHO: (no name) - {b3080088-1dd1-11b2-bf8c-cda82e4fab02} - C:\WINDOWS\lshcdopk.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [kjyfetqx] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kjyfetqx.dll"
O4 - HKLM\..\Run: [gxgdqpsj] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gxgdqpsj.dll"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: iPassConnect.lnk = ?
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\Software\..\Telephony: DomainName = btiphotonics.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = btiphotonics.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = btiphotonics.com
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Flexlm License Server for VPI - Macrovision Corporation - C:\Program Files\VPI\VPIlicenseServer\lmgrd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Secondary Logon seclogonccPwdSvc (seclogonccPwdSvc) - Unknown owner - C:\WINDOWS\system32\2052h.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 10329 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071203-140924-504 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20071203-140927-490 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
backup-20071203-140927-613 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20071203-140928-669 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20071203-140928-853 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20071203-140929-865 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071203-140929-954 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071203-140930-592 O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
backup-20071203-140931-253 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = btiphotonics.com
backup-20071203-140931-342 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
backup-20071203-140931-582 O17 - HKLM\Software\..\Telephony: DomainName = btiphotonics.com
backup-20071203-140931-852 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = btiphotonics.com
backup-20071203-140931-981 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
backup-20071203-140932-108 O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
backup-20071203-140932-161 O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
backup-20071203-140932-204 O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
backup-20071203-140932-232 O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
backup-20071203-140932-259 O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
backup-20071203-140932-261 O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
backup-20071203-140932-273 O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
backup-20071203-140932-287 O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
backup-20071203-140932-295 O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
backup-20071203-140932-304 O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
backup-20071203-140932-317 O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20071203-140932-321 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
backup-20071203-140932-366 O23 - Service: Flexlm License Server for VPI - Macrovision Corporation - C:\PROGRA~1\VPI\VPILIC~1\lmgrd.exe
backup-20071203-140932-380 O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
backup-20071203-140932-425 O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
backup-20071203-140932-430 O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
backup-20071203-140932-447 O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
backup-20071203-140932-450 O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
backup-20071203-140932-496 O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
backup-20071203-140932-500 O23 - Service: Secondary Logon seclogonccPwdSvc (seclogonccPwdSvc) - Unknown owner - C:\WINDOWS\system32\2052h.exe
backup-20071203-140932-504 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
backup-20071203-140932-515 O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
backup-20071203-140932-556 O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
backup-20071203-140932-571 O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
backup-20071203-140932-588 O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
backup-20071203-140932-594 O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
backup-20071203-140932-600 O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
backup-20071203-140932-665 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
backup-20071203-140932-685 O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
backup-20071203-140932-793 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
backup-20071203-140932-807 O23 - Service: Secondary Logon seclogonccPwdSvc (seclogonccPwdSvc) - Unknown owner - C:\WINDOWS\system32\2052h.exe
backup-20071203-140932-814 O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
backup-20071203-140932-818 O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
backup-20071203-140932-822 O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
backup-20071203-140932-868 O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
backup-20071203-140932-883 O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
backup-20071203-140932-893 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
backup-20071203-140932-972 O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
backup-20071203-140932-978 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
backup-20071203-140932-988 O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
backup-20071203-140932-991 O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v1.4.0.13) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 1.4>

S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 fa410 (NETGEAR FA410TX Fast Ethernet PC Card Driver) - c:\windows\system32\drivers\fa410nd5.sys (file missing)
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 seclogonccPwdSvc (Secondary Logon seclogonccPwdSvc) - c:\windows\system32\2052h.exe srv
S4 Flexlm License Server for VPI - c:\progra~1\vpi\vpilic~1\lmgrd.exe <Not Verified; Macrovision Corporation; >
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ROOT\PORTS\0000
Manufacturer: (Standard port types)
Name: Communications Port (COM5)
PNP Device ID: ROOT\PORTS\0000
Service: Serial


-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-04 09:03:57 0 d-------- C:\VundoFix Backups
2007-12-03 14:06:14 0 d-------- C:\Program Files\Trend Micro
2007-12-03 09:27:33 0 d-------- C:\Program Files\WinPerformance
2007-12-03 08:25:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-03 08:24:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-03 08:22:43 164 --a------ C:\install.dat
2007-12-03 08:18:30 0 d-------- C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\Webroot
2007-11-30 10:33:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 10:22:14 0 d-------- C:\Program Files\Spyware Doctor
2007-11-30 10:22:14 0 d-------- C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\PC Tools
2007-11-29 09:00:38 59904 --a------ C:\WINDOWS\grctypqf.dll
2007-11-29 09:00:38 59904 --a------ C:\Documents and Settings\All Users\Application Data\gxgdqpsj.dll
2007-11-28 13:44:10 68608 --a------ C:\WINDOWS\lshcdopk.dll
2007-11-28 13:44:10 68608 --a------ C:\Documents and Settings\All Users\Application Data\kjyfetqx.dll
2007-11-28 13:43:48 0 d-------- C:\WINDOWS\PerfInfo
2007-11-28 13:40:20 3153 --ah----- C:\WINDOWS\system32\hostwl.exe
2007-11-28 13:36:25 139359 --ah----- C:\WINDOWS\system32\phxpzz.dll
2007-11-27 15:20:23 196 --ahs---- C:\WINDOWS\system32\2562450655.dat
2007-11-27 15:20:18 24630 -r-hs---- C:\WINDOWS\system32\2052h.exe


-- Find3M Report ---------------------------------------------------------------

2007-12-03 14:10:10 0 d-------- C:\Program Files\Symantec AntiVirus
2007-11-30 11:40:35 0 d-------- C:\Program Files\SmartDraw 2007
2007-11-28 15:22:48 0 d-------- C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\AdobeUM
2007-11-05 09:11:25 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/19/2003 04:35 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 06:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [06/23/2003 07:32 PM]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 01:29 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/04/2004 11:38 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/14/2004 08:27 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/29/2004 04:44 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/12/2004 03:18 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"kjyfetqx"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\kjyfetqx.dll" []
"gxgdqpsj"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\gxgdqpsj.dll" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [11/02/2007 05:24 PM]
"SysSFGE.exe"="C:\WINDOWS\system32\SysSFGE.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [10/23/2003 11:37:56 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 12:49:24 AM]
iPassConnect.lnk - C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe [7/15/2004 12:52:27 PM]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [11/10/2003 3:14:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logon\0\0]
"Script"=Z:\VPLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logon\0\0]
"Script"=Z:\VPLOGON.BAT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pperez^Start Menu^Programs^Startup^Infotriever.lnk]
path=C:\Documents and Settings\pperez\Start Menu\Programs\Startup\Infotriever.lnk
backup=C:\WINDOWS\pss\Infotriever.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
C:\Program Files\Sony\HotKey Utility\HKserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
c:\program files\sony\vaio survey\surveysa.exe




-- Hosts -----------------------------------------------------------------------

172.25.0.23 bti_oracle
172.25.0.175 bti_sql
172.25.0.18 canon3100
172.25.0.5 pdc
192.168.172.19 bti_oracle_old
172.25.0.5 pdc


-- End of Deckard's System Scanner: finished at 2007-12-04 09:54:39 ------------






Here is the content for extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1500MHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 510.98 MiB / 183.16 MiB
Pagefile Memory (total/avail): 1246.71 MiB / 667.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.22 MiB

C: is Fixed (NTFS) - 13.97 GiB total, 1.39 GiB free.
D: is Fixed (NTFS) - 36.91 GiB total, 32.31 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)
K: is Network (NTFS)
L: is Network (NTFS)
M: is Network (NTFS)
O: is Network (NTFS)

\\.\PHYSICALDRIVE0 - TOSHIBA MK6021GAS - 55.89 GiB - 3 partitions
\PARTITION0 - Unknown - 5.01 GiB
\PARTITION1 (bootable) - Installable File System - 13.97 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 36.91 GiB - D:

\\.\PHYSICALDRIVE1 - Sony MSC-U04 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe:*:Disabled:tgcmd Module"
"C:\\Program Files\\VPI\\VPItransmissionMaker 7.0\\bin\\TMMmain.exe"="C:\\Program Files\\VPI\\VPItransmissionMaker 7.0\\bin\\TMMmain.exe:*:Enabled:TMMmain"
"C:\\Program Files\\VPI\\VPItransmissionMaker 7.0\\bin\\VISmain.exe"="C:\\Program Files\\VPI\\VPItransmissionMaker 7.0\\bin\\VISmain.exe:*:Enabled:VISmain"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Disabled:File Transfer Program"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe:*:Disabled:tgcmd Module"
"C:\\Program Files\\VPI\\VPIplayer 6.5\\bin\\VISmain.exe"="C:\\Program Files\\VPI\\VPIplayer 6.5\\bin\\VISmain.exe:*:Enabled:VISmain"
"C:\\Program Files\\VPI\\VPItransmissionMaker 6.5\\bin\\TMMmain.exe"="C:\\Program Files\\VPI\\VPItransmissionMaker 6.5\\bin\\TMMmain.exe:*:Enabled:TMMmain"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Program Files\\VPI\\VPItransmissionMaker 6.5\\bin\\VISmain.exe"="C:\\Program Files\\VPI\\VPItransmissionMaker 6.5\\bin\\VISmain.exe:*:Enabled:VISmain"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\WINDOWS\\system32\\hostwl.exe"="C:\\WINDOWS\\system32\\hostwl.exe:*:Enabled:explorer"
"C:\\WINDOWS\\TEMP\\ulj83.tmp.exe"="C:\\WINDOWS\\TEMP\\ulj83.tmp.exe:*:Enabled:Enabled"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BTI-24
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GCI_2_1_0=C:\Program Files\Netstender Node Controller 2.1.3
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\syuen.BTIPHOTONICS
LOGONSERVER=\\PDC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SYUEN~1.BTI\LOCALS~1\Temp
TMP=C:\DOCUME~1\SYUEN~1.BTI\LOCALS~1\Temp
USERDNSDOMAIN=BTIPHOTONICS.COM
USERDOMAIN=BTIPHOTONICS
USERNAME=syuen
USERPROFILE=C:\Documents and Settings\syuen.BTIPHOTONICS
VPI_INSTALL=C:\Program Files\VPI
VPI_LICENSE_DIR=C:\PROGRA~1\VPI\VPILIC~1
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Pablo Perez (admin)
syuen (admin)
pperez (admin)
Administrator (admin)
syuen.BTIPHOTONICS (admin)
administrator.BTIPHOTONICS (new local, admin, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Standard --> MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AOL Setup --> "C:\Program Files\Online Services\AOL Setup\unwise.exe" /A "C:\Program Files\Online Services\AOL Setup\install.log" Uninstall AOL Setup
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AttachmentOptions --> MsiExec.exe /I{F700B98F-F7BA-408A-969F-1A05846DCF6A}
Belarc Advisor 7.1 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
dBm Optical Assistant --> MsiExec.exe /I{0ED30D47-55F7-422F-B1CE-796192A4270C}
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\setup.exe" -l0x9
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intellisync Patch for Outlook 2003 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{226E94E3-272C-44B1-B1CA-3CBAE6A771A5}\Setup.exe" -l0x9
InterVideo WinDVD 5 for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPassConnect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000002548}\setup.exe"
iPod Update 2004-04-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB398A5D-24A1-4011-96AA-AAB495AABBAA} /l1033
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{00FC6799-866E-44A1-A60C-DCF394CF56FD}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Standard 2003 --> MsiExec.exe /I{91530409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" -l0x9
Netscape (7.02) --> C:\WINDOWS\NSUninst.exe /ua "7.02 (en)"
Netstender Node Controller 2.1.3 --> "C:\Program Files\Netstender Node Controller 2.1.3\UninstallerData\Uninstall.exe"
NetTest TraceView 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62777D91-3073-11D8-8205-8A1239771855}\Setup.exe"
OpenMG Secure Module 3.3.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}\Setup.exe" -l0x9 UNINSTALL
PA090 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B745C947-0436-41D8-80AE-5EBE3967EA02}\Setup.exe" -l0x9
PictureGear Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\setup.exe"
PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE0F631-6748-4A2F-A409-FA1A287D8075}\Setup.exe" -l0x9
PowerPanel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCB53CB5-E82D-4F5E-BFE2-CBB200E19BEF}\setup.exe" -l0x9
Python 2.2 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Python 2.4.1 --> MsiExec.exe /I{4D4F5346-7E4A-40B5-9387-FDB6181357FC}
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_816A104D\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_816A104D
SonicStage 1.6.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\Setup.exe" -l0x9
Sony USB Mouse --> Pmuninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
VAIO BrightColor Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\setup.exe" -l0x9
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9
VAIO Media Redistribution 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Support --> "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
VPIlicenseServer 2.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4FB194FC-A48F-460E-B1E8-4FE842189785}
VPIplayer 6.5 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C987102-FA15-4B16-AFE1-5F49FB831F1C}
Welcome to VAIO life --> "C:\Program Files\Sony\Welcome to VAIO life\unwise.exe" /A "C:\Program Files\Sony\Welcome to VAIO life\install.log" Uninstall Welcome to VAIO life
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type42449 / Error
Event Submitted/Written: 12/04/2007 08:25:01 AM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script Z:\VPLOGON.BAT. The system cannot find the file specified.
.

Event Record #/Type42441 / Error
Event Submitted/Written: 12/03/2007 02:59:26 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script Z:\VPLOGON.BAT. The system cannot find the file specified.
.

Event Record #/Type42434 / Error
Event Submitted/Written: 12/03/2007 02:17:37 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script Z:\VPLOGON.BAT. The system cannot find the file specified.
.

Event Record #/Type42422 / Error
Event Submitted/Written: 12/03/2007 00:51:46 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script Z:\VPLOGON.BAT. The system cannot find the file specified.
.

Event Record #/Type42414 / Error
Event Submitted/Written: 12/03/2007 11:29:15 AM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script Z:\VPLOGON.BAT. The system cannot find the file specified.
.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type574385 / Warning
Event Submitted/Written: 12/04/2007 08:36:34 AM
Event ID/Source: 11163 / DnsApi
Event Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:


Adapter Name : {C94562AB-2EA4-4D8F-ABF8-45AB133DD3A0}

Host Name : bti-24

Primary Domain Suffix : btiphotonics.com

DNS server list :

172.25.0.4

Sent update to server : 172.1.1.1

IP Address(es) :

172.25.5.192


The reason the system could not register these RRs was because the
DNS server failed the update request. The most likely cause of this
is that the authoritative DNS server required to process this update
request has a lock in place on the zone, probably because a zone
transfer is in progress.


You can manually retry DNS registration of the network adapter and
its settings by typing "ipconfig /registerdns" at the command prompt.
If problems still persist, contact your DNS server or network systems
administrator.

Event Record #/Type574384 / Warning
Event Submitted/Written: 12/04/2007 08:26:33 AM
Event ID/Source: 11163 / DnsApi
Event Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:


Adapter Name : {C94562AB-2EA4-4D8F-ABF8-45AB133DD3A0}

Host Name : bti-24

Primary Domain Suffix : btiphotonics.com

DNS server list :

172.25.0.4

Sent update to server : 172.1.1.1

IP Address(es) :

172.25.5.192


The reason the system could not register these RRs was because the
DNS server failed the update request. The most likely cause of this
is that the authoritative DNS server required to process this update
request has a lock in place on the zone, probably because a zone
transfer is in progress.


You can manually retry DNS registration of the network adapter and
its settings by typing "ipconfig /registerdns" at the command prompt.
If problems still persist, contact your DNS server or network systems
administrator.

Event Record #/Type574366 / Error
Event Submitted/Written: 12/04/2007 08:23:53 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DS1410D service failed to start due to the following error:
%%2

Event Record #/Type574364 / Warning
Event Submitted/Written: 12/04/2007 08:21:32 AM
Event ID/Source: 11163 / DnsApi
Event Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:


Adapter Name : {C94562AB-2EA4-4D8F-ABF8-45AB133DD3A0}

Host Name : bti-24

Primary Domain Suffix : btiphotonics.com

DNS server list :

172.25.0.4

Sent update to server : 172.1.1.1

IP Address(es) :

172.25.5.192


The reason the system could not register these RRs was because the
DNS server failed the update request. The most likely cause of this
is that the authoritative DNS server required to process this update
request has a lock in place on the zone, probably because a zone
transfer is in progress.


You can manually retry DNS registration of the network adapter and
its settings by typing "ipconfig /registerdns" at the command prompt.
If problems still persist, contact your DNS server or network systems
administrator.

Event Record #/Type574354 / Warning
Event Submitted/Written: 12/03/2007 03:23:32 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down



-- End of Deckard's System Scanner: finished at 2007-12-04 09:54:39 ------------

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:06:15 PM

Posted 04 December 2007 - 11:02 AM

Hello tester1234, just of curiosity, what is the version of vundofix you were using to scan with?

Please follow the steps below exactly in the order they are written:
1. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
2. Download combofix from one of these links:
Link1
Link2
3. Double click combofix.exe & follow the prompts.
4. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Note:
Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open task-manager > use the processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.
Post back with Combofix report and new HijackThis report, ran HijackThis after Combofix has done its job.

Regards,
SNOWHITE
Posted Image

#5 tester1234

tester1234
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 04 December 2007 - 01:43 PM

I was running version 6.7.0 of Vundo.

Here is the Combofix log:



ComboFix 07-12-02.6 - syuen 2007-12-04 13:27:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.172 [GMT -5:00]
Running from: C:\Documents and Settings\syuen.BTIPHOTONICS\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\gxgdqpsj.dll
C:\Documents and Settings\All Users\Application Data.\kjyfetqx.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-12-04 09:45 . 2007-12-04 09:45 <DIR> d-------- C:\Deckard
2007-12-04 09:03 . 2007-12-04 09:03 <DIR> d-------- C:\VundoFix Backups
2007-12-03 14:06 . 2007-12-03 14:06 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-03 09:27 . 2007-12-03 10:47 <DIR> d-------- C:\Program Files\WinPerformance
2007-12-03 08:25 . 2007-12-03 08:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-03 08:24 . 2007-12-03 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-03 08:24 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-12-03 08:24 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-03 08:24 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-03 08:24 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-03 08:24 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-03 08:22 . 2007-12-03 08:22 164 --a------ C:\install.dat
2007-12-03 08:18 . 2007-12-03 08:18 <DIR> d-------- C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\Webroot
2007-11-30 10:33 . 2007-11-30 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 10:22 . 2007-12-04 08:43 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-30 10:22 . 2007-11-30 10:22 <DIR> d-------- C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\PC Tools
2007-11-30 10:22 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-30 10:22 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-30 10:22 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-30 10:22 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-30 10:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-29 09:00 . 2007-11-29 09:00 59,904 --a------ C:\WINDOWS\grctypqf.dll
2007-11-28 13:44 . 2007-11-28 13:44 68,608 --a------ C:\WINDOWS\lshcdopk.dll
2007-11-28 13:43 . 2007-11-28 14:06 <DIR> d-------- C:\WINDOWS\PerfInfo
2007-11-28 13:40 . 2007-11-28 13:40 3,153 --ah----- C:\WINDOWS\system32\hostwl.exe
2007-11-28 13:36 . 2007-11-28 13:36 139,359 --ah----- C:\WINDOWS\system32\phxpzz.dll
2007-11-27 15:20 . 2007-11-27 15:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-27 15:20 . 2007-11-27 15:20 24,630 -r-hs---- C:\WINDOWS\system32\2052h.exe
2007-11-27 15:20 . 2007-11-27 15:20 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-27 15:20 . 2007-12-03 12:02 196 --ahs---- C:\WINDOWS\system32\2562450655.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 19:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-30 16:40 --------- d-----w C:\Program Files\SmartDraw 2007
2007-11-28 20:22 --------- d-----w C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\AdobeUM
2007-11-05 14:11 --------- d-----w C:\Program Files\Java
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0e573fcf-53ff-4f18-bc45-6ba48648aef1}]
2007-11-28 13:36 139359 --ah----- C:\WINDOWS\system32\phxpzz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28426638-1dd2-11b2-80b6-f9a90ad94da6}]
2007-11-29 09:00 59904 --a------ C:\WINDOWS\grctypqf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b3080088-1dd1-11b2-bf8c-cda82e4fab02}]
2007-11-28 13:44 68608 --a------ C:\WINDOWS\lshcdopk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-09-19 16:35]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 19:32]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-04 11:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-14 08:27]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SysSFGE.exe"="C:\WINDOWS\system32\SysSFGE.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 23:37:56]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
iPassConnect.lnk - C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe [2004-07-15 12:52:27]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [2003-11-10 15:14:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logon\0\0]
"Script"=Z:\VPLOGON.BAT
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logon\0\0]
"Script"=Z:\VPLOGON.BAT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pperez^Start Menu^Programs^Startup^Infotriever.lnk]
path=C:\Documents and Settings\pperez\Start Menu\Programs\Startup\Infotriever.lnk
backup=C:\WINDOWS\pss\Infotriever.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-31 00:00 335872 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2003-08-25 12:49 53248 --a------ C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 13:29 40960 --a------ C:\WINDOWS\System32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
2003-08-14 13:00 90112 --a------ C:\Program Files\Sony\HotKey Utility\HKserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 00:08 28672 --a------ C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2003-11-03 14:55 1052672 --a------ c:\program files\sony\vaio survey\surveysa.exe

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device;C:\WINDOWS\system32\drivers\yacxgc.sys
S2 seclogonccPwdSvc;Secondary Logon seclogonccPwdSvc;C:\WINDOWS\system32\2052h.exe srv
S3 ADM8511;PA090 USB ETHERNET 10/100 ;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
S3 fa410;NETGEAR FA410TX Fast Ethernet PC Card Driver;C:\WINDOWS\system32\DRIVERS\fa410nd5.sys
S3 U2SP;USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys
S4 Flexlm License Server for VPI;Flexlm License Server for VPI;C:\PROGRA~1\VPI\VPILIC~1\lmgrd.exe

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 13:35:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 13:38:16 - machine was rebooted
.
--- E O F ---




****************************************************************************

Here is the HijackThis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43, on 2007-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apoint.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {0e573fcf-53ff-4f18-bc45-6ba48648aef1} - C:\WINDOWS\system32\phxpzz.dll
O2 - BHO: (no name) - {28426638-1dd2-11b2-80b6-f9a90ad94da6} - C:\WINDOWS\grctypqf.dll
O2 - BHO: (no name) - {b3080088-1dd1-11b2-bf8c-cda82e4fab02} - C:\WINDOWS\lshcdopk.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: iPassConnect.lnk = C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = btiphotonics.com
O17 - HKLM\Software\..\Telephony: DomainName = btiphotonics.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = btiphotonics.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Secondary Logon seclogonccPwdSvc (seclogonccPwdSvc) - Unknown owner - C:\WINDOWS\system32\2052h.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7803 bytes

#6 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:06:15 PM

Posted 04 December 2007 - 09:31 PM

Hello tester1234,

Please follow the steps below exactly in the order they are written:

Step #1

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\install.dat
C:\WINDOWS\grctypqf.dll
C:\WINDOWS\lshcdopk.dll
C:\WINDOWS\system32\hostwl.exe
C:\WINDOWS\system32\phxpzz.dll
C:\WINDOWS\system32\2562450655.dat

DirLook::
C:\WINDOWS\PerfInfo

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0e573fcf-53ff-4f18-bc45-6ba48648aef1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28426638-1dd2-11b2-80b6-f9a90ad94da6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b3080088-1dd1-11b2-bf8c-cda82e4fab02}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysSFGE.exe"=-
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Step #2

The next file is looking suspicious, so upload it at VirusTotal and post the results here:

1. Go to this website: www.virustotal.com
2. Upload this file by copy/pasting (Ctrl+C/Ctrl+V) it in to the file box: C:\WINDOWS\system32\2052h.exe
3. Submit the file and copy/paste the results back into this thread.


Post back with ComboFix results, new HijackThis log and VirusTotal results. Let me know how is the computer running.

Regards,
SNOWHITE
Posted Image

#7 tester1234

tester1234
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 05 December 2007 - 09:48 AM

Thanks a million for looking into this. I did a few random searches and so far so good. It was truly a frustrating experience. I beleive I got the virus from a link in a email from a trusted source. It is too bad that virusus existed but I am truly glad that there is help out there. Thanks again.

Have a great day.
Cheers.

Here are the results of the various runs:

#######################################################################

Log file from ComboFix

ComboFix 07-12-02.6 - syuen 2007-12-05 9:03:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.187 [GMT -5:00]
Running from: C:\Documents and Settings\syuen.BTIPHOTONICS\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\syuen.BTIPHOTONICS\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\install.dat
C:\WINDOWS\grctypqf.dll
C:\WINDOWS\lshcdopk.dll
C:\WINDOWS\system32\2562450655.dat
C:\WINDOWS\system32\hostwl.exe
C:\WINDOWS\system32\phxpzz.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.dat
C:\WINDOWS\grctypqf.dll
C:\WINDOWS\lshcdopk.dll
C:\WINDOWS\system32\hostwl.exe
C:\WINDOWS\system32\phxpzz.dll
C:\WINDOWS\system32\2562450655.dat . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.

2007-12-05 09:09 . 2007-12-05 09:09 53 --------- C:\WINDOWS\system32\2562450655.dat
2007-12-04 09:45 . 2007-12-04 09:45 <DIR> d-------- C:\Deckard
2007-12-04 09:03 . 2007-12-04 09:03 <DIR> d-------- C:\VundoFix Backups
2007-12-03 14:06 . 2007-12-03 14:06 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-03 09:27 . 2007-12-03 10:47 <DIR> d-------- C:\Program Files\WinPerformance
2007-12-03 08:25 . 2007-12-03 08:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-03 08:24 . 2007-12-03 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-03 08:24 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-12-03 08:24 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-03 08:24 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-03 08:24 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-03 08:24 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-03 08:18 . 2007-12-03 08:18 <DIR> d-------- C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\Webroot
2007-11-30 10:33 . 2007-11-30 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 10:22 . 2007-12-04 08:43 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-30 10:22 . 2007-11-30 10:22 <DIR> d-------- C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\PC Tools
2007-11-30 10:22 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-30 10:22 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-30 10:22 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-30 10:22 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-30 10:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-28 13:43 . 2007-11-28 14:06 <DIR> d-------- C:\WINDOWS\PerfInfo
2007-11-27 15:20 . 2007-11-27 15:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-27 15:20 . 2007-11-27 15:20 24,630 -r-hs---- C:\WINDOWS\system32\2052h.exe
2007-11-27 15:20 . 2007-11-27 15:20 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 19:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-30 16:40 --------- d-----w C:\Program Files\SmartDraw 2007
2007-11-28 20:22 --------- d-----w C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\AdobeUM
2007-11-05 14:11 --------- d-----w C:\Program Files\Java
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\PerfInfo ----

2007-11-28 14:06 3686389 --a------ C:\WINDOWS\PerfInfo\ZiD86y1pcU.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-09-19 16:35]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 19:32]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-06-04 11:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-14 08:27]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 23:37:56]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
iPassConnect.lnk - C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe [2004-07-15 12:52:27]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [2003-11-10 15:14:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logon\0\0]
"Script"=Z:\VPLOGON.BAT
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logon\0\0]
"Script"=Z:\VPLOGON.BAT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pperez^Start Menu^Programs^Startup^Infotriever.lnk]
path=C:\Documents and Settings\pperez\Start Menu\Programs\Startup\Infotriever.lnk
backup=C:\WINDOWS\pss\Infotriever.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-31 00:00 335872 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2003-08-25 12:49 53248 --a------ C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 13:29 40960 --a------ C:\WINDOWS\System32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
2003-08-14 13:00 90112 --a------ C:\Program Files\Sony\HotKey Utility\HKserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 00:08 28672 --a------ C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2003-11-03 14:55 1052672 --a------ c:\program files\sony\vaio survey\surveysa.exe

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device;C:\WINDOWS\system32\drivers\yacxgc.sys
S2 seclogonccPwdSvc;Secondary Logon seclogonccPwdSvc;C:\WINDOWS\system32\2052h.exe srv
S3 ADM8511;PA090 USB ETHERNET 10/100 ;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
S3 fa410;NETGEAR FA410TX Fast Ethernet PC Card Driver;C:\WINDOWS\system32\DRIVERS\fa410nd5.sys
S3 U2SP;USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys
S4 Flexlm License Server for VPI;Flexlm License Server for VPI;C:\PROGRA~1\VPI\VPILIC~1\lmgrd.exe

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 09:11:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-05 9:13:52 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-04 13:38
.
--- E O F ---

###########################################################################
Results from VirusTotal:

0 bytes size received / Se ha recibido un archivo vacio


##########################################################################
Results from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:17, on 2007-12-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: iPassConnect.lnk = C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = btiphotonics.com
O17 - HKLM\Software\..\Telephony: DomainName = btiphotonics.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = btiphotonics.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Secondary Logon seclogonccPwdSvc (seclogonccPwdSvc) - Unknown owner - C:\WINDOWS\system32\2052h.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7467 bytes

#8 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:06:15 PM

Posted 05 December 2007 - 08:55 PM

Hello tester1234,

Please follow the steps below exactly in the order they are written:

Step #1

Open notepad and copy/paste the text in the codebox below into it:

Folder::
C:\WINDOWS\PerfInfo

Suspect::[29]
C:\WINDOWS\system32\2052h.exe 
C:\WINDOWS\system32\2562450655.dat

Collect::[29]
C:\WINDOWS\PerfInfo\ZiD86y1pcU.exe

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!


Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. Additonally, ComboFix will generate the following files on your desktop
  • A zipped file on your desktop called Submit [Date Time].zip
  • And another file named - CF-Submit.htm
ComboFix may need to reboot to finish its work. Let it.

When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

If CF-Submit.htm is detected, ComboFix will generate this message box:

Posted Image

Clicking OK will cause the machine's browser to load CF-Submit.htm

Posted Image

Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.
  • Click on the file to Select it.
  • Submit the file by clicking "OK"
Once the file has been submitted, please DELETE both files on your desktop.

Step #2

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step #3

Please do an online scan with Kaspersky WebScanner

NOTE: This Scanner will work with Internet Explorer Only!


Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As... button:
  • Under Save as type select Text file write name for the file and save it to your Desktop.
  • Locate the file at the Desktop, open it, then copy and paste that information in your next post.
Post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log (run after ComboFix has finished its work.)
  • Kaspersky report
Best regards :thumbsup:
SNOWHITE
Posted Image

#9 tester1234

tester1234
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 07 December 2007 - 09:19 AM

Thank you for your continual support. I will send the info in separate posts. The files were too long for one post.

Combofix:

ComboFix 07-12-02.6 - syuen 2007-12-06 11:02:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.187 [GMT -5:00]
Running from: C:\Documents and Settings\syuen.BTIPHOTONICS\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\syuen.BTIPHOTONICS\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\ZiD86y1pcU.exe
C:\WINDOWS\system32\drivers\ctl_w32.sys
C:\WINDOWS\system32\drivers\ip6fw.sys

.
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-06 09:36 . 2007-12-06 09:57 <DIR> d-------- C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\OfficeUpdate12
2007-12-06 09:35 . 2007-12-06 09:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-06 09:19 . 2003-11-10 15:14 <DIR> d-------- C:\Documents and Settings\Administrator.BTI-24\Application Data\Sony Corporation
2007-12-06 09:06 . 2007-12-06 09:06 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-05 09:09 . 2007-12-06 08:41 151 --a------ C:\WINDOWS\system32\2562450655.dat
2007-12-04 09:45 . 2007-12-04 09:45 <DIR> d-------- C:\Deckard
2007-12-04 09:03 . 2007-12-04 09:03 <DIR> d-------- C:\VundoFix Backups
2007-12-03 14:06 . 2007-12-03 14:06 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-03 09:27 . 2007-12-05 11:06 <DIR> d-------- C:\Program Files\WinPerformance
2007-12-03 08:25 . 2007-12-03 08:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-03 08:24 . 2007-12-03 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-03 08:24 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-12-03 08:24 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-03 08:24 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-03 08:24 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-03 08:24 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-03 08:18 . 2007-12-03 08:18 <DIR> d-------- C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\Webroot
2007-11-30 10:33 . 2007-11-30 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 10:22 . 2007-12-05 11:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-30 10:22 . 2007-11-30 10:22 <DIR> d-------- C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\PC Tools
2007-11-30 10:22 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-30 10:22 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-30 10:22 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-30 10:22 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-30 10:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-29 09:00 . 2007-11-29 09:00 59,904 --a------ C:\WINDOWS\grctypqf.dll
2007-11-28 13:40 . 2007-11-28 13:40 3,153 --ah----- C:\WINDOWS\system32\hostwl.exe
2007-11-27 15:20 . 2007-11-27 15:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-27 15:20 . 2007-11-27 15:20 24,630 -r-hs---- C:\WINDOWS\system32\2052h.exe
2007-11-27 15:20 . 2007-11-27 15:20 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 15:05 --------- d-----w C:\Documents and Settings\syuen.BTIPHOTONICS\Application Data\AdobeUM
2007-12-03 19:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-30 16:40 --------- d-----w C:\Program Files\SmartDraw 2007
2007-11-05 14:11 --------- d-----w C:\Program Files\Java
2007-10-22 15:57 524,288 ----a-w C:\WINDOWS\opuc.dll
2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-04_13.37.08.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-07-06 15:31:32 1,100,392 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2007-12-06 14:46:53 1,103,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
- 2004-07-06 15:31:33 141,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2007-12-06 14:46:25 144,784 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
- 2004-07-06 15:31:33 408,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2007-12-06 14:47:09 411,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
- 2004-07-06 15:31:33 35,448 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2007-12-06 14:47:03 38,304 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
- 2004-07-06 15:31:33 461,416 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2007-12-06 14:46:43 464,272 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
- 2004-07-14 14:38:07 223,856 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2007-12-06 14:54:41 226,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2004-07-14 14:38:08 211,568 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2007-12-06 14:54:48 214,424 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
- 2004-07-06 15:31:33 20,080 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2007-12-06 14:46:37 22,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
- 2004-07-06 15:31:34 662,120 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2007-12-06 14:47:21 664,968 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2004-07-06 15:31:33 371,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2007-12-06 14:46:23 374,152 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
- 2004-07-06 15:31:33 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2007-12-06 14:46:20 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2004-07-06 15:31:33 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2007-12-06 14:46:13 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2006-10-27 19:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 00:42:36 8,423,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 01:08:00 1,764,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\PPCNV.DLL
+ 2006-10-27 01:07:50 67,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\PXBCOM.EXE
+ 2003-07-15 06:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 06:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 02:53:22 46,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 06:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 06:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 06:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-15 06:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 06:40:12 165,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-06-19 01:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-07-15 06:46:08 176,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-07-15 06:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 06:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-15 06:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 06:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 06:44:06 25,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 06:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-11 10:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 11:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-15 06:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 06:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 06:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 06:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 06:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 06:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-19 01:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-20 00:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 06:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-15 07:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 06:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 06:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-15 11:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 07:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-15 06:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 06:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-15 11:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-15 06:42:26 37,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-05-09 05:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 06:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-07-21 19:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 06:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 06:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 06:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2005-05-04 07:06:27 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-04 07:06:30 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2005-05-04 07:06:24 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2004-07-06 15:31:32 1,100,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL
+ 2002-10-07 13:49:36 192,573 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2004-07-06 15:31:33 371,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL
+ 2004-07-06 15:31:33 141,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL
+ 2003-07-15 02:57:14 124,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-07-15 03:12:22 47,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-07-15 02:56:14 40,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 02:56:16 54,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-15 02:53:00 55,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-06-18 21:31:54 788,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-06-19 20:05:52 128,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-07-15 03:02:42 637,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2004-07-06 15:31:33 20,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL
+ 2003-06-18 21:31:58 6,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
+ 2004-07-06 15:31:33 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2004-07-06 15:31:33 35,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL
+ 2004-07-06 15:31:33 408,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL
+ 2004-07-06 15:31:33 461,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL
+ 2002-10-07 14:11:00 167,997 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2002-10-07 13:49:42 81,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-15 02:57:18 349,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2002-10-07 13:53:04 106,561 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2002-10-07 13:50:44 241,729 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 13:51:04 180,289 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 13:51:14 147,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 13:51:20 102,467 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 13:50:04 118,847 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 13:49:56 81,983 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2002-10-07 13:51:44 221,252 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2003-07-15 02:57:40 59,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2004-07-06 15:31:33 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2004-07-06 15:31:34 662,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL
+ 2002-10-07 14:03:34 1,794,113 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-04-30 15:52:32 1,581,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2003-01-17 18:03:34 59,466 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
+ 2007-03-23 00:07:56 91,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-04-19 19:10:18 45,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\AUTHZAX.DLL
+ 2007-03-23 00:29:56 99,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\AW.DLL
+ 2007-04-19 19:07:38 66,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\BLNMGR.DLL
+ 2007-04-19 19:07:34 52,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\BLNMGRPS.DLL
+ 2007-03-23 00:06:08 355,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\CDLMSO.DLL
+ 2007-04-19 18:55:16 53,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\DFUICOM.EXE
+ 2007-03-23 00:07:54 80,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-23 00:23:32 19,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\DSITF.DLL
+ 2007-05-10 18:44:02 121,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\DSSM.EXE
+ 2007-03-23 00:29:28 43,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\DWDCW20.DLL
+ 2007-03-23 00:29:28 39,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\DWTRIG20.EXE
+ 2001-06-05 12:13:22 289,926 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2001-06-05 12:13:22 34,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2007-04-19 18:53:52 137,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 18:41:06 10,352,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-03-23 00:06:34 17,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\FINDER.EXE
+ 2007-06-06 15:53:34 1,195,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2007-06-06 17:46:12 1,961,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\FPCUTL.DLL
+ 2007-04-19 19:15:26 192,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\FPDTC.DLL
+ 2007-04-19 18:47:40 186,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\FPERSON.DLL
+ 2007-04-19 18:47:40 171,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\FPLACE.DLL
+ 2007-05-31 18:50:10 1,168,736 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\FPSRVUTL.DLL
+ 2007-04-19 19:16:14 807,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\FPWEC.DLL
+ 2007-04-19 18:57:32 2,152,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\GRAPH.EXE
+ 2007-04-19 19:10:30 116,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\IEAWSDC.DLL
+ 2007-04-19 19:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 18:53:52 127,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2001-06-05 12:13:24 18,844 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 12:13:26 65,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2007-04-09 18:24:04 758,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MDIGRAPH.DLL
+ 2007-04-09 18:23:58 231,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MDIINK.DLL
+ 2007-04-09 18:23:54 28,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MDIMON.DLL
+ 2007-04-09 18:23:54 28,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MDIPPR.DLL
+ 2007-04-09 18:23:58 46,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MDIUI.DLL
+ 2007-04-09 18:24:04 453,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MDIVWCTL.DLL
+ 2007-04-19 18:54:04 183,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-04-19 19:01:52 238,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-05-10 19:35:40 120,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL
+ 2005-05-04 07:06:27 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-04 07:06:30 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2007-04-30 20:11:38 89,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSENCODE.DLL
+ 2005-05-04 07:06:24 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2007-03-23 00:29:16 20,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSMH.DLL
+ 2007-06-18 22:16:32 12,259,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-04-19 19:10:34 127,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSOAUTH.DLL
+ 2007-03-23 00:04:52 109,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSOCF.DLL
+ 2007-03-23 00:04:52 130,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSOCFU.DLL
+ 2007-03-23 00:29:22 31,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSODCW.DLL
+ 2007-04-19 18:56:58 29,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSOEURO.DLL
+ 2007-04-19 19:07:38 61,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE
+ 2007-05-02 18:45:26 2,123,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSOLAP80.DLL
+ 2005-09-20 17:33:08 1,293,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSONSEXT.DLL
+ 2007-04-19 18:49:28 383,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSORUN.DLL
+ 2007-04-19 19:07:24 36,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSOSTYLE.DLL
+ 2007-03-23 00:29:24 39,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSOSV.DLL
+ 2007-04-19 19:07:32 45,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSOSVFBR.DLL
+ 2007-03-23 00:13:38 45,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSOXEV.DLL
+ 2007-03-23 00:13:38 58,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSOXMLED.EXE
+ 2007-04-19 18:57:40 46,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSOXMLMF.DLL
+ 2007-04-09 18:24:06 1,025,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSPCORE.DLL
+ 2007-04-09 18:23:52 25,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSPGIMME.DLL
+ 2007-04-09 18:24:00 367,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSPVIEW.EXE
+ 2007-03-23 00:29:32 44,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSSH.DLL
+ 2007-04-19 19:00:30 637,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSTORDB.EXE
+ 2007-04-19 19:00:22 130,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSTORE.EXE
+ 2007-04-19 19:00:30 489,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSTORES.DLL
+ 2007-04-19 19:09:02 157,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\MSWEBCAP.DLL
+ 2007-04-19 19:10:26 80,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\NAME.DLL
+ 2007-03-23 00:23:30 17,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\NPOFFICE.DLL
+ 2001-10-23 04:13:42 53,260 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2001-06-05 12:13:26 40,972 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
+ 2007-03-23 00:06:22 287,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OIS.EXE
+ 2007-04-19 18:50:52 837,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OISAPP.DLL
+ 2007-03-23 00:06:08 46,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OISCTRL.DLL
+ 2007-03-23 00:06:22 245,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OISGRAPH.DLL
+ 2007-04-19 19:09:46 1,061,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2007-04-19 18:52:16 30,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLACCT.DLL
+ 2007-04-19 18:53:48 109,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2007-05-31 18:43:46 7,613,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 18:53:44 106,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 18:42:14 200,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 18:53:56 149,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 18:53:24 69,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-23 00:07:28 52,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OUTLWAB.DLL
+ 2007-05-10 18:45:34 8,069,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-03-23 00:07:10 41,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-06-06 17:07:40 100,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\REFEDIT.DLL
+ 2007-04-19 19:10:18 63,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\REFIEBAR.DLL
+ 2007-03-23 00:07:54 78,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 00:09:02 394,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\RTFHTML.DLL
+ 2007-03-23 00:07:40 69,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\SENDTO.DLL
+ 2007-04-19 19:10:20 65,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\SEQCHK10.DLL
+ 2007-03-23 00:29:16 14,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\SMARTTAGINSTALL.EXE
+ 2007-05-10 18:42:52 2,839,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\STSLIST.DLL
+ 2007-03-23 00:22:02 103,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-09 22:19:48 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 18:37:40 12,310,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040311900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2003-08-16 11:29:36 846,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\AEC.DLL
+ 2003-08-16 11:29:04 567,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\BSTORM.DLL
+ 2003-08-16 11:27:38 309,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\DATAGATH.DLL
+ 2003-08-16 11:29:12 668,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\DBWIZ.DLL
+ 2003-08-16 11:26:52 150,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\DWGCNV.DLL
+ 2003-08-16 11:31:04 2,089,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\DWGDP.DLL
+ 2003-08-16 11:30:34 1,142,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\GANTT.DLL
+ 2003-08-16 11:28:06 339,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\LGND.DLL
+ 2003-08-16 11:26:54 159,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\MPXINT.DLL
+ 2003-08-16 11:26:36 93,304 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\MSOUTLS.DLL
+ 2003-08-16 11:30:04 923,776 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\ORGCHART.DLL
+ 2003-08-16 11:28:34 461,952 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\ORGCHWIZ.DLL
+ 2003-08-16 11:26:18 48,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\ORGWIZ.EXE
+ 2003-08-16 11:26:24 56,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\PROJIMPT.EXE
+ 2003-08-16 11:27:02 156,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\PROJMODL.DLL
+ 2003-08-16 11:29:06 754,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\PROPRPT.DLL
+ 2003-08-16 11:28:34 434,304 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\SAVASWEB.DLL
+ 2003-08-16 11:27:38 313,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\SAVWBHF.DLL
+ 2003-08-16 11:27:34 266,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\SAVWBRAS.DLL
+ 2003-08-16 11:27:34 263,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\SAVWBVML.DLL
+ 2003-08-16 11:31:34 2,641,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\SG.DLL
+ 2003-08-16 11:27:10 191,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\SHAPNUM.DLL
+ 2003-08-16 11:27:16 240,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\SOLUTILS.DLL
+ 2003-08-16 11:29:36 873,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\TIMESOLN.DLL
+ 2003-08-16 11:26:20 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\TLIMPT.EXE
+ 2003-08-16 11:26:38 86,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\VIEWMODL.DLL
+ 2003-08-16 11:31:34 7,799,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\VISBRGR.DLL
+ 2003-08-16 11:27:14 242,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\VISCOLOR.DLL
+ 2003-08-16 11:26:50 148,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\VISDLGU.DLL
+ 2003-08-16 11:31:34 2,271,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\VISFILT.DLL
+ 2003-08-16 11:27:36 308,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\VISGRF.DLL
+ 2003-08-16 11:27:12 186,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\VISIO.EXE
+ 2003-08-16 11:32:04 8,304,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\VISLIB.DLL
+ 2003-08-16 11:26:36 99,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\VISOCX.DLL
+ 2003-08-16 11:26:34 91,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\VISPRX32.DLL
+ 2003-08-16 11:29:34 785,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\VISSHE.DLL
+ 2003-08-16 11:28:10 413,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\VISUTILS.DLL
+ 2003-08-16 11:28:36 524,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040351900063D11C8EF10054038389C\11.0.3216\XFUNC.DLL
+ 2004-07-14 14:38:07 223,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL
+ 2004-07-14 14:38:08 211,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PUBPIA.DLL
+ 2003-07-15 02:40:16 51,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2007-03-23 00:07:56 91,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-04-19 19:10:18 45,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\AUTHZAX.DLL
+ 2007-03-23 00:29:56 99,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\AW.DLL
+ 2007-04-19 19:07:38 66,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\BLNMGR.DLL
+ 2007-04-19 19:07:34 52,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\BLNMGRPS.DLL
+ 2007-03-23 00:06:08 355,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\CDLMSO.DLL
+ 2007-04-19 18:55:16 53,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\DFUICOM.EXE
+ 2007-03-23 00:07:54 80,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-23 00:23:32 19,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\DSITF.DLL
+ 2007-05-10 18:44:02 121,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\DSSM.EXE
+ 2007-03-23 00:29:28 43,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\DWDCW20.DLL
+ 2007-03-23 00:29:28 39,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\DWTRIG20.EXE
+ 2001-06-05 12:13:22 289,926 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2001-06-05 12:13:22 34,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2007-04-19 18:53:52 137,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 18:41:06 10,352,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-03-23 00:06:34 17,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\FINDER.EXE
+ 2007-06-06 15:53:34 1,195,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2007-05-21 17:43:22 76,632 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\FORM.DLL
+ 2007-06-06 17:46:12 1,961,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\FPCUTL.DLL
+ 2007-04-19 19:15:26 192,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\FPDTC.DLL
+ 2007-04-19 18:47:40 186,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\FPERSON.DLL
+ 2007-04-19 18:47:40 171,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\FPLACE.DLL
+ 2007-05-31 18:50:10 1,168,736 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\FPSRVUTL.DLL
+ 2007-04-19 19:16:14 807,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\FPWEC.DLL
+ 2007-04-19 18:57:32 2,152,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\GRAPH.EXE
+ 2007-04-19 19:10:30 116,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\IEAWSDC.DLL
+ 2007-04-19 19:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 18:53:52 127,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2001-06-05 12:13:24 18,844 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 12:13:26 65,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2007-04-09 18:24:04 758,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MDIGRAPH.DLL
+ 2007-04-09 18:23:58 231,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MDIINK.DLL
+ 2007-04-09 18:23:54 28,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MDIMON.DLL
+ 2007-04-09 18:23:54 28,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MDIPPR.DLL
+ 2007-04-09 18:23:58 46,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MDIUI.DLL
+ 2007-04-09 18:24:04 453,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MDIVWCTL.DLL
+ 2007-04-19 18:54:04 183,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-04-19 19:00:48 476,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MODHELP.DLL
+ 2007-04-19 19:10:38 131,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSB1CORE.DLL
+ 2007-04-19 19:10:06 52,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSB1XTOR.DLL
+ 2007-04-19 19:01:52 238,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-05-10 19:35:40 120,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSCONV97.DLL
+ 2005-05-04 07:06:27 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-04 07:06:30 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2007-04-19 19:00:36 43,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSE7.EXE
+ 2007-04-30 20:11:38 89,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSENCODE.DLL
+ 2005-05-04 07:06:24 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2007-03-23 00:29:16 20,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSMH.DLL
+ 2007-06-18 22:16:32 12,259,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-04-19 19:10:34 127,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOAUTH.DLL
+ 2007-03-23 00:04:52 109,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOCF.DLL
+ 2007-03-23 00:04:52 130,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOCFU.DLL
+ 2007-03-23 00:29:22 31,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSODCW.DLL
+ 2007-04-19 18:56:58 29,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOEURO.DLL
+ 2007-04-19 19:07:38 61,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOHTMED.EXE
+ 2007-05-02 18:45:26 2,123,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOLAP80.DLL
+ 2007-03-23 00:16:44 57,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOMSE.DLL
+ 2005-09-20 17:33:08 1,293,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSONSEXT.DLL
+ 2007-04-19 18:49:28 383,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSORUN.DLL
+ 2007-04-19 19:07:24 36,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOSTYLE.DLL
+ 2007-03-23 00:29:24 39,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOSV.DLL
+ 2007-04-19 19:07:34 58,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOSVABW.DLL
+ 2007-04-19 19:07:32 45,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOSVFBR.DLL
+ 2007-03-23 00:13:38 45,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOXEV.DLL
+ 2007-03-23 00:13:38 58,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOXMLED.EXE
+ 2007-04-19 18:57:40 46,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSOXMLMF.DLL
+ 2007-04-09 18:24:06 1,025,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSPCORE.DLL
+ 2007-04-09 18:24:04 793,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSPFILT.DLL
+ 2007-04-09 18:23:52 25,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSPGIMME.DLL
+ 2007-04-09 18:23:58 130,952 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSPSCAN.EXE
+ 2007-04-09 18:24:00 367,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSPVIEW.EXE
+ 2007-04-19 19:03:54 648,544 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSQRY32.EXE
+ 2007-03-23 00:29:32 44,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSSH.DLL
+ 2007-04-19 19:00:30 637,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSTORDB.EXE
+ 2007-04-19 19:00:22 130,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSTORE.EXE
+ 2007-04-19 19:00:30 489,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSTORES.DLL
+ 2007-04-19 19:09:02 157,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSWEBCAP.DLL
+ 2007-04-19 19:10:26 80,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\NAME.DLL
+ 2007-03-23 00:23:30 17,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\NPOFFICE.DLL
+ 2001-10-23 04:13:42 53,260 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2007-03-05 14:47:10 6,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OCRPS.DLL
+ 2001-06-05 12:13:26 40,972 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
+ 2007-03-23 00:06:22 287,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OIS.EXE
+ 2007-04-19 18:50:52 837,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OISAPP.DLL
+ 2007-03-23 00:06:08 46,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OISCTRL.DLL
+ 2007-03-23 00:06:22 245,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OISGRAPH.DLL
+ 2007-04-19 19:09:46 1,061,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2007-03-23 00:30:30 99,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OSA.EXE
+ 2007-04-19 18:52:16 30,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLACCT.DLL
+ 2007-04-19 18:53:48 109,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2007-05-31 18:43:46 7,613,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 18:53:44 106,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 18:42:14 200,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 18:53:56 149,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 18:53:24 69,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-23 00:07:28 52,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLWAB.DLL
+ 2007-05-10 18:45:34 8,069,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-05-31 18:35:22 6,420,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-03-23 00:05:34 434,016 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\PP4X322.DLL
+ 2007-03-23 00:05:22 97,632 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 18:49:56 1,661,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2007-05-21 17:43:22 72,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\PSOM.DLL
+ 2007-03-23 00:07:10 41,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-06-06 17:07:40 100,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\REFEDIT.DLL
+ 2007-04-19 19:10:18 63,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\REFIEBAR.DLL
+ 2007-05-21 17:43:04 20,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\REVERSE.DLL
+ 2007-03-23 00:07:54 78,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 00:09:02 394,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\RTFHTML.DLL
+ 2007-04-19 19:10:44 355,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\SELFCERT.EXE
+ 2007-03-23 00:07:40 69,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\SENDTO.DLL
+ 2007-04-19 19:10:20 65,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\SEQCHK10.DLL
+ 2007-04-19 19:04:10 390,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\SETLANG.EXE
+ 2007-03-23 00:29:16 14,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\SMARTTAGINSTALL.EXE
+ 2007-05-10 18:42:52 2,839,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\STSLIST.DLL
+ 2007-05-21 17:43:10 30,048 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\THOCRAPI.DLL
+ 2007-03-23 00:22:02 103,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-21 17:43:28 125,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\TWCUTCHR.DLL
+ 2007-05-21 17:43:28 89,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\TWCUTLIN.DLL
+ 2007-05-21 17:43:16 58,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\TWLAY32.DLL
+ 2007-05-21 17:43:10 28,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\TWORIENT.DLL
+ 2007-05-21 17:43:14 51,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\TWRECE.DLL
+ 2007-05-21 17:43:06 20,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\TWRECS.DLL
+ 2007-05-21 17:43:22 77,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\TWSTRUCT.DLL
+ 2007-04-19 19:10:22 71,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\UNBIND.EXE
+ 2007-05-09 22:19:48 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 18:37:40 12,310,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-05-21 17:43:34 1,209,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\XIMAGE3B.DLL
+ 2007-05-21 17:43:32 504,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\XPAGE3C.DLL
+ 2007-03-05 14:20:22 61,110 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\XSCAN32.DAT
- 2006-07-21 15:23:28 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-06 14:44:09 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-07-21 15:23:28 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-06 14:44:09 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-07-21 15:23:28 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-06 14:44:09 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-07-21 15:23:28 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-06 14:44:09 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-07-21 15:23:28 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-12-06 14:44:09 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-07-21 15:23:28 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-06 14:44:09 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-07-21 15:23:28 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-12-06 14:44:09 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-07-21 15:23:28 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-12-06 14:44:10 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-07-21 15:23:28 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-12-06 14:44:09 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-07-21 15:23:28 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-06 14:44:08 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-07-21 15:26:30 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-06 14:48:41 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-07-21 15:26:30 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-06 14:48:41 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-07-21 15:26:30 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-06 14:48:41 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-07-21 15:26:30 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-06 14:48:41 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-07-21 15:26:30 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-12-06 14:48:41 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-07-21 15:26:31 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-06 14:48:41 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-07-21 15:26:31 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-12-06 14:48:41 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-07-21 15:26:30 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-12-06 14:48:41 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-07-21 15:26:30 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-06 14:48:41 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-11-20 17:09:05 12,288 ----a-r C:\WINDOWS\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-06 14:50:11 12,288 ----a-r C:\WINDOWS\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-11-20 17:09:05 135,168 ----a-r C:\WINDOWS\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-06 14:50:11 135,168 ----a-r C:\WINDOWS\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-11-20 17:09:05 4,096 ----a-r C:\WINDOWS\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-12-06 14:50:11 4,096 ----a-r C:\WINDOWS\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-11-20 17:09:05 176,128 ----a-r C:\WINDOWS\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2007-12-06 14:50:11 176,128 ----a-r C:\WINDOWS\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\visicon.exe
- 2006-07-21 15:29:36 12,288 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-06 14:56:27 12,288 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-07-21 15:29:36 135,168 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-12-06 14:56:27 135,168 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-07-21 15:29:36 11,264 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-12-06 14:56:27 11,264 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-07-21 15:29:36 27,136 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-12-06 14:56:27 27,136 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-07-21 15:29:36 4,096 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-12-06 14:56:28 4,096 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-07-21 15:29:36 794,624 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-12-06 14:56:28 794,624 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-07-21 15:29:36 249,856 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-12-06 14:56:27 249,856 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-07-21 15:29:36 61,440 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-12-06 14:56:27 61,440 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-07-21 15:29:36 23,040 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-12-06 14:56:28 23,040 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-07-21 15:29:36 286,720 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-12-06 14:56:27 286,720 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-07-21 15:29:36 409,600 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-12-06 14:56:27 409,600 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-06-09 18:12:22 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2007-12-06 14:57:07 49,936 ----a-r C:\WINDOWS\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2004-10-05 13:03:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-06 14:17:42 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2004-10-05 13:03:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-06 14:17:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-06 13:37:05 78,924 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
- 2004-10-05 13:03:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-06 14:17:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-02-06 22:05:06 8,704 --s-a-w C:\WINDOWS\system32\cryptssl32.dll
+ 2004-08-04 06:00:06 29,056 -c--a-w C:\WINDOWS\system32\dllcache\ip6fw.sys
- 2005-03-17 21:39:56 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-06-06 15:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2003-07-15 06:57:04 32,584 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2007-03-23 00:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2007-06-13 13:16:41 291,680 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-12-06 14:59:21 291,680 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-02-15 23:01:04 1,476,992 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 19:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2004-03-22 22:17:05 24,816 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2007-04-09 18:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2007-03-05 18:34:28 676,224 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
+ 2007-12-06 14:24:35 304,476 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2006-11-17 20:14:30 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 19:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-03-22 22:17:02 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 18:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2004-03-22 22:17:08 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 18:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
- 2004-03-22 22:17:02 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 18:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
- 2004-03-22 22:17:08 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 18:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2004-03-22 22:17:06 25,840 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 18:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-09-19 16:35]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 19:32]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SysSFGE.exe"="C:\WINDOWS\system32\SysSFGE.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 23:37:56]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
iPassConnect.lnk - C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe [2004-07-15 12:52:27]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [2003-11-10 15:14:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1616270311-1088797121-1230010805-1005\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1225\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-1407\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1914444697-168523554-617630493-500\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-1228\Scripts\Logon\0\0]
"Script"=Z:\VPLOGON.BAT
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Extension-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Extension-List\{00000000-0000-0000-0000-000000000000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPLink-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPLink-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPO-List\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\GPO-List\1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Loopback-GPLink-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Loopback-GPO-List]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logon\0]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2698640863-512426676-1488895510-500\Scripts\Logon\0\0]
"Script"=Z:\VPLOGON.BAT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pperez^Start Menu^Programs^Startup^Infotriever.lnk]
path=C:\Documents and Settings\pperez\Start Menu\Programs\Startup\Infotriever.lnk
backup=C:\WINDOWS\pss\Infotriever.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-07-31 00:00 335872 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2003-08-25 12:49 53248 --a------ C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 13:29 40960 --a------ C:\WINDOWS\System32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
2003-08-14 13:00 90112 --a------ C:\Program Files\Sony\HotKey Utility\HKserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 00:08 28672 --a------ C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2003-11-03 14:55 1052672 --a------ c:\program files\sony\vaio survey\surveysa.exe

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device;C:\WINDOWS\system32\drivers\yacxgc.sys
S2 seclogonccPwdSvc;Secondary Logon seclogonccPwdSvc;C:\WINDOWS\system32\2052h.exe srv
S3 ADM8511;PA090 USB ETHERNET 10/100 ;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
S3 fa410;NETGEAR FA410TX Fast Ethernet PC Card Driver;C:\WINDOWS\system32\DRIVERS\fa410nd5.sys
S3 U2SP;USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys
S4 Flexlm License Server for VPI;Flexlm License Server for VPI;C:\PROGRA~1\VPI\VPILIC~1\lmgrd.exe

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 11:11:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 11:14:01 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-05 09:13
C:\ComboFix3.txt ... 2007-12-04 13:38
.
--- E O F ---

#10 tester1234

tester1234
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 07 December 2007 - 09:21 AM

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:42, on 2007-12-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apoint.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: iPassConnect.lnk = C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = btiphotonics.com
O17 - HKLM\Software\..\Telephony: DomainName = btiphotonics.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = btiphotonics.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Secondary Logon seclogonccPwdSvc (seclogonccPwdSvc) - Unknown owner - C:\WINDOWS\system32\2052h.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7499 bytes

###################################################################
Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-12-07 08:40
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/12/2007
Kaspersky Anti-Virus database records: 474054
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\
K:\
L:\
M:\
O:\

Scan Statistics:
Total number of scanned objects: 338869
Number of viruses found: 13
Number of infected objects: 50
Number of suspicious objects: 0
Duration of the scan process: 17:16:02

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\History\History.IE5\MSHist012007120620071207\index.dat Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Temp\~DFB814.tmp Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\ntuser.dat Object is locked skipped
C:\Documents and Settings\syuen.BTIPHOTONICS\ntuser.dat.LOG Object is locked skipped
C:\Program Files\iPass\iPassConnect\log\Engine.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hostwl.exe.vir Infected: Trojan-Spy.Win32.BZub.bqc skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AE287FCA-AF9F-44E4-98E6-7BBF764F865D}\RP942\A0110516.exe Infected: Trojan-Spy.Win32.BZub.bqc skipped
C:\System Volume Information\_restore{AE287FCA-AF9F-44E4-98E6-7BBF764F865D}\RP948\A0121268.sys Infected: Rootkit.Win32.Agent.pr skipped
C:\System Volume Information\_restore{AE287FCA-AF9F-44E4-98E6-7BBF764F865D}\RP948\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ329048$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329115$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329115$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329390$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329834$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\2052h.exe Object is locked skipped
C:\WINDOWS\system32\2562450655.dat Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hostwl.exe Infected: Trojan-Spy.Win32.BZub.bqc skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\tracing\EAPOL.LOG Object is locked skipped
C:\WINDOWS\tracing\RASTLS.LOG Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Outlook Maildata\04_Q3.pst/04_Q3/Sent Items/05 Jul 2004 14:12 to Jeff Smiley:FW: /05 Jul 2004 13:59 to Syuen:RE: Message Notify/text_document.zip Infected: Email-Worm.Win32.Bagle.gen skipped
D:\Outlook Maildata\04_Q3.pst/04_Q3/Sent Items/05 Jul 2004 14:12 to Jeff Smiley:FW: /05 Jul 2004 13:59 to Syuen:RE: Message Notify/Sources.zip Infected: Email-Worm.Win32.Bagle.src skipped
D:\Outlook Maildata\04_Q3.pst Mail MS Mail: infected - 2 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{AE287FCA-AF9F-44E4-98E6-7BBF764F865D}\RP948\change.log Object is locked skipped


Scan was interrupted by user!

#11 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:06:15 PM

Posted 07 December 2007 - 06:01 PM

Hello tester1234,

Scan was interrupted by user!


The Kaspersky scan was not whole. :thumbsup:

Any reason that the scan was interrupted?

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER



Please follow the steps below exactly in the order they are written:

Step #1

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\hostwl.exe
C:\WINDOWS\grctypqf.dll
C:\WINDOWS\TEMP\ulj83.tmp.exe
C:\WINDOWS\system32\2052h.exe
C:\WINDOWS\system32\2562450655.dat

Folder::
C:\Program Files\WinPerformance

Driver::
seclogonccPwdSvc

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysSFGE.exe"=-
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\hostwl.exe"=-
"C:\\WINDOWS\\TEMP\\ulj83.tmp.exe"=-
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!


Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Step #2

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Step #3

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Post back with Combofix report, DrWeb-CureIt report, GMER report and new HijackThis log.

Regards,
SNOWHITE
Posted Image

#12 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:06:15 PM

Posted 07 December 2007 - 06:29 PM

And additional instructions :

Older Java versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components from your computer:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_01
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1



OPTIONAL:

Viewpoint Manager (Remove Only) - This program is used to update the Viewpoint Media Player. This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

Please note any other programs that you don't recognize in that list in your next response

Regards,
SNOWHITE
Posted Image

#13 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:06:15 PM

Posted 15 December 2007 - 08:39 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users