Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Trojan Showing Up With Pandex.af


  • Please log in to reply
1 reply to this topic

#1 RXDad

RXDad

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 27 January 2008 - 07:00 PM

I've been fighting this for days. The Trojan shows up with Trend Micro Antivirus as:

"Virus Scan Logs" "Jan 27, 2008" ""
"Time" "Detected by" "Source Type" "Threat Name" "Infected File" "First Action" "Second Action"
"16:21" "Manual Scan" "File" "TROJ_PANDEX.AF" "C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP11\A0002337.sys" "Quarantined Success" ""
"16:21" "Manual Scan" "File" "TROJ_PANDEX.AF" "C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP12\A0002571.sys" "Quarantined Success" ""
"16:21" "Manual Scan" "File" "TROJ_PANDEX.AF" "C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP15\A0003014.sys" "Quarantined Success" ""
"16:49" "Manual Scan" "File" "TROJ_PANDEX.AF" "C:\WINDOWS\SYSTEM32\DRIVERS\smtpdrv.sys" "Quarantined Success" ""

I've used ComboFix several times here is the latest log:

ComboFix 08-01-23.1C - Linzy 2008-01-27 16:58:01.3 - NTFSx86
Running from: C:\Documents and Settings\Linzy\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\7_exception.nls
C:\WINDOWS\system32\drivers\Uae72.sys

----- BITS: Possible infected sites -----

hxxp://javadl.sun.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SMTPDRV
-------\LEGACY_UAE72
-------\Uae72


((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-27 15:26 . 2007-12-16 18:57 138,512 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-01-27 15:26 . 2007-12-16 18:57 52,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmactmon.sys
2008-01-27 15:26 . 2007-12-16 18:57 52,368 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmevtmgr.sys
2008-01-27 09:09 . 2008-01-27 09:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-27 09:09 . 2008-01-27 09:09 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-01-27 09:08 . 2008-01-27 09:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-27 09:05 . 2008-01-27 09:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-27 09:02 . 2008-01-27 09:02 <DIR> dr-h----- C:\MSOCache
2008-01-26 17:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 15:04 . 2008-01-27 17:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-26 15:04 . 2008-01-26 15:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-26 13:58 . 2006-06-08 20:00 116,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys
2008-01-26 13:58 . 2006-06-08 20:00 58,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mvstdi5x.sys
2008-01-25 21:34 . 2008-01-25 21:34 <DIR> d-------- C:\kav
2008-01-21 22:18 . 2008-01-21 22:18 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-21 21:42 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2008-01-21 20:35 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-01-21 20:35 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-01-21 20:35 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-01-21 20:35 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-01-21 20:35 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-01-21 20:35 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-01-21 20:35 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-01-21 20:35 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-01-21 20:35 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-01-20 18:21 . 2007-08-13 18:06 56,700 --a------ C:\WINDOWS\SYSTEM32\ieuinit.inf
2008-01-20 18:21 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\SYSTEM32\secupd.sig
2008-01-20 18:21 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\SYSTEM32\secupd.dat
2008-01-20 15:35 . 2004-08-04 02:56 614,912 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2008-01-20 15:35 . 2004-08-04 02:56 331,264 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2008-01-20 15:35 . 2004-08-04 02:56 265,728 --a------ C:\WINDOWS\SYSTEM32\h323.tsp
2008-01-20 15:35 . 2007-03-08 10:36 40,960 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll
2008-01-20 15:20 . 2005-10-20 17:20 1,082,368 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2008-01-20 14:49 . 2004-08-04 02:56 351,232 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2008-01-20 14:49 . 2004-08-04 02:56 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2008-01-20 14:46 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl
2008-01-20 13:45 . 2008-01-27 17:17 13,030 --a------ C:\PDOXUSRS.NET
2008-01-20 13:30 . 2008-01-20 13:30 <DIR> d--h----- C:\WINDOWS\SYSTEM32\GroupPolicy
2008-01-20 13:26 . 2008-01-20 13:26 14,037 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys
2008-01-20 13:25 . 2004-01-14 05:58 1,648,640 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\w22n51.sys
2008-01-20 13:25 . 2004-01-13 15:07 344,064 --a------ C:\WINDOWS\SYSTEM32\w22NCPA.dll
2008-01-20 13:17 . 2000-03-23 12:50 446,464 -ra------ C:\WINDOWS\SYSTEM32\hhactivex.dll
2008-01-20 13:17 . 1999-05-07 13:24 414,944 --a------ C:\WINDOWS\SYSTEM32\COMCT332.OCX
2008-01-20 13:17 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\SYSTEM32\ssa3d30.ocx
2008-01-20 13:17 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\SYSTEM32\RcdScan.dll
2008-01-20 13:17 . 1998-09-24 12:03 171,967 --a------ C:\WINDOWS\SYSTEM32\Odbcjet.hlp
2008-01-20 13:17 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\SYSTEM32\VB5DB.DLL
2008-01-20 13:17 . 1998-09-24 12:03 7,348 --a------ C:\WINDOWS\SYSTEM32\Odbcjet.cnt
2008-01-20 12:49 . 2004-08-04 01:04 156,672 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\winzm.ime
2008-01-20 12:49 . 2004-08-04 01:04 156,672 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\winsp.ime
2008-01-20 12:49 . 2004-08-04 01:04 156,672 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\winpy.ime
2008-01-20 12:49 . 2004-08-04 01:04 79,360 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\winar30.ime
2008-01-20 12:49 . 2003-07-16 11:17 69,120 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\wingb.ime
2008-01-20 12:49 . 2004-08-04 01:04 65,536 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\winime.ime
2008-01-20 12:47 . 2003-07-16 11:17 1,875,968 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-01-20 12:46 . 2003-07-16 11:16 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-01-20 12:45 . 2003-07-16 11:16 1,677,824 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-01-20 12:44 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpadm.dll
2008-01-20 12:44 . 2003-07-16 11:24 169,984 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\iisui.dll
2008-01-20 12:44 . 2003-07-16 11:19 94,720 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\certmap.ocx
2008-01-20 12:44 . 2003-07-16 11:24 19,968 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\inetsloc.dll
2008-01-20 12:44 . 2003-07-16 11:24 14,336 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\iisreset.exe
2008-01-20 12:44 . 2003-07-16 11:24 7,680 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\inetmgr.exe
2008-01-20 12:44 . 2003-07-16 11:22 6,144 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ftpsapi2.dll
2008-01-20 12:44 . 2003-07-16 11:24 5,632 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\iisrstap.dll
2008-01-20 12:16 . 2004-08-04 01:10 85,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nabtsfec.sys
2008-01-20 12:16 . 2004-08-04 01:10 19,328 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wstcodec.sys
2008-01-20 12:16 . 2004-08-04 01:10 17,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ccdecode.sys
2008-01-20 12:16 . 2004-08-04 00:58 5,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mstee.sys
2008-01-20 12:15 . 2008-01-20 12:15 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-20 12:15 . 2008-01-20 12:15 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-01-20 12:15 . 2008-01-20 12:15 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-01-20 12:15 . 2008-01-20 12:15 749 -rah----- C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
2008-01-20 12:15 . 2008-01-20 12:15 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-01-20 12:15 . 2008-01-20 12:15 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-01-20 12:12 . 2006-03-01 14:42 956,416 --a------ C:\WINDOWS\SYSTEM32\msdtctm.dll
2008-01-20 12:11 . 2007-07-30 19:19 1,712,984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-01-20 12:09 . 2004-08-04 01:07 52,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2008-01-20 12:09 . 2006-06-14 03:47 6,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2008-01-20 12:08 . 2004-08-04 00:59 57,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2008-01-20 12:06 . 2004-08-04 01:01 196,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys
2008-01-20 12:06 . 2004-08-04 02:56 130,048 --a------ C:\WINDOWS\SYSTEM32\ksproxy.ax
2008-01-20 12:06 . 2004-08-04 03:01 40,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2008-01-20 12:06 . 2004-08-04 02:56 4,096 --a------ C:\WINDOWS\SYSTEM32\ksuser.dll
2008-01-20 12:02 . 2003-07-16 11:33 1,086,182 -ra------ C:\WINDOWS\SET141.tmp
2008-01-20 11:59 . 2008-01-20 14:53 1,734,480 --a------ C:\WINDOWS\setupapi.log.0.old
2008-01-20 06:49 . 2008-01-20 06:49 <DIR> d-------- C:\WINDOWS\java
2008-01-20 06:49 . 2008-01-26 15:20 536,162,304 --a------ C:\WINDOWS\MEMORY.DMP
2008-01-18 13:46 . 2008-01-18 13:46 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-18 08:25 . 2008-01-18 14:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-01-18 08:25 . 2008-01-18 14:24 <DIR> d-------- C:\WINDOWS\l2schemas
2008-01-18 08:02 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005853_.tmp
2008-01-18 07:56 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2008-01-18 07:56 . 2004-08-04 00:58 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2008-01-17 17:01 . 2008-01-17 17:01 <DIR> d-------- C:\info
2008-01-17 16:57 . 2008-01-17 16:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\AU_Backup
2008-01-17 16:57 . 2007-09-17 14:39 263,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Tmfilter.sys
2008-01-17 16:57 . 2007-10-06 16:38 12,358 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmfilter.cat
2008-01-17 16:57 . 2007-09-17 14:41 3,418 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmpreflt.inf
2008-01-17 16:57 . 2007-09-17 14:41 2,557 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmxpflt.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 20:26 --------- d-----w C:\Program Files\Trend Micro
2008-01-27 19:22 50,816 ----a-w C:\WINDOWS\system32\drivers\nkv2.sys
2008-01-27 13:54 --------- d-----w C:\Program Files\Java
2008-01-26 21:37 --------- d-----w C:\Program Files\Common Files\Network Associates
2008-01-20 18:27 --------- d-----w C:\Program Files\Intel
2008-01-20 18:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 20:48 21,760 ----a-w C:\WINDOWS\Lpt72.sys
2007-12-28 21:02 --------- d-----w C:\Program Files\Panasonic
2007-12-25 19:20 --------- d-----w C:\Program Files\SPSS Student
2007-12-20 01:43 21,760 ----a-w C:\WINDOWS\system32\drivers\Lpt72.sys
2007-12-16 23:57 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2007-12-16 23:57 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-12-16 23:57 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-12-16 23:57 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-12-09 20:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-09 18:14 --------- d-----w C:\Program Files\Dell AIO Printer A920
2007-11-28 22:09 --------- d-----w C:\Program Files\QuickTime
2007-11-28 22:09 --------- d-----w C:\Program Files\iTunes
2007-11-28 15:46 --------- d-----w C:\Program Files\iPod
2007-05-31 00:44 86,528 --sh--r C:\WINDOWS\Media\aolspy.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-26_18.41.49.74 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-27 14:08:57 110,592 ----a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2008-01-27 14:08:57 65,536 ----a-w C:\WINDOWS\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2008-01-27 14:47:12 1,000,848 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2008-01-27 14:49:27 1,103,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-01-27 14:48:03 144,784 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2008-01-27 14:50:35 91,488 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-01-27 14:50:35 103,776 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2008-01-27 14:49:54 411,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2008-01-27 14:49:44 38,304 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2008-01-27 14:49:10 464,272 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2008-01-27 14:50:20 226,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-01-27 14:50:28 214,424 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2008-01-27 14:49:04 22,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2008-01-27 14:50:09 664,968 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2008-01-27 14:48:02 374,152 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-01-27 14:47:47 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-01-27 14:08:57 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2008-01-27 14:08:57 4,096 ----a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2008-01-27 14:47:30 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-01-27 14:08:57 16,384 ----a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2008-01-27 14:08:53 997,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\ACCESS.DLL
+ 2003-07-15 08:13:58 166,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL
+ 2003-07-15 03:43:20 87,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2003-07-15 03:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 03:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 03:53:24 60,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\BLNMGR.DLL
+ 2003-07-15 03:53:22 46,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 08:14:28 350,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 08:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-25 23:57:20 75,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-15 03:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 03:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-31 20:19:52 131,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-08-13 07:34:38 10,073,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2008-01-27 14:08:54 1,100,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL
+ 2003-07-15 03:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2002-10-07 14:49:36 192,573 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2008-01-27 14:08:54 371,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL
+ 2003-07-24 04:01:40 1,949,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-07-15 04:36:14 186,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-15 03:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 03:40:12 165,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-15 04:11:42 2,139,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2008-01-27 14:08:55 141,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL
+ 2003-07-15 03:57:44 87,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-24 03:32:32 121,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-08-01 20:07:36 4,815,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\INFOPATH.EXE
+ 2003-07-15 03:45:14 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
+ 2003-06-18 22:31:44 758,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-06-18 22:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-18 22:31:48 17,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-06-18 22:31:48 18,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-18 22:31:46 35,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 22:31:34 443,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-07-15 03:46:08 176,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-07-15 04:01:44 445,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MODHELP.DLL
+ 2003-08-15 05:54:08 6,627,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE
+ 2003-07-15 08:13:58 130,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL
+ 2003-07-15 03:57:14 124,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-07-15 04:12:22 47,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-07-15 03:58:04 230,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-15 03:56:14 40,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 08:14:00 139,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL
+ 2003-07-15 03:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-08-08 05:23:16 12,172,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-07-15 03:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 08:14:18 106,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-24 03:35:26 127,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 03:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 03:44:06 25,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 03:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 03:56:16 54,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-15 08:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-15 03:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 03:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 03:53:00 55,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-07-15 03:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 03:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 03:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 03:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-18 22:31:24 1,033,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-06-18 22:31:54 788,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-06-18 22:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 21:05:52 128,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-07-28 17:24:40 5,677,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSPUB.EXE
+ 2003-06-19 21:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 04:02:42 637,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-07-15 03:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2008-01-27 14:08:55 20,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL
+ 2003-07-15 04:02:14 627,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-15 03:56:24 124,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-24 03:40:00 482,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 04:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 03:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 03:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-06-18 22:31:58 6,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
+ 2008-01-27 14:08:55 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 08:14:26 283,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 08:14:26 828,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 08:14:26 27,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 08:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2008-01-27 14:08:55 35,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL
+ 2003-07-15 04:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-15 04:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OMFC.DLL_0002
+ 2003-07-15 03:53:08 95,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OSA.EXE
+ 2003-07-15 03:41:56 24,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-07-15 03:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-07 18:36:00 2,058,343 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-08 16:48:00 115,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
+ 2003-08-10 04:06:42 7,522,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-15 03:44:32 88,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-15 03:45:18 196,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-15 03:43:48 139,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2008-01-27 14:08:56 408,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL
+ 2003-07-15 03:43:18 64,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-15 03:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-08-04 18:19:34 7,330,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
+ 2003-08-01 20:09:04 8,086,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2008-01-27 14:08:55 461,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL
+ 2003-07-30 17:40:40 6,133,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-07-15 08:18:54 430,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 08:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2008-01-27 14:08:56 223,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL
+ 2003-07-31 20:21:08 1,782,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-15 03:40:26 130,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\PRTF9.DLL
+ 2002-10-07 15:11:00 167,997 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2003-07-15 03:51:12 604,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\PTXT9.DLL
+ 2003-07-15 03:50:26 551,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\PUBCONV.DLL
+ 2008-01-27 14:08:56 211,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\PUBPIA.DLL
+ 2003-07-15 03:40:16 51,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-07-15 03:42:26 37,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-05-09 02:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 03:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2002-10-07 14:49:42 81,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-15 03:43:30 74,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2003-07-21 16:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 03:57:18 349,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-15 03:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 03:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-08-06 18:31:22 362,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\SETLANG.EXE
+ 2003-07-15 03:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-08-06 18:26:18 445,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\SOA.DLL
+ 2003-08-03 15:52:32 2,808,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2002-10-07 14:53:04 106,561 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2003-07-15 04:00:22 99,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2002-10-07 14:50:44 241,729 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 14:51:04 180,289 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 14:51:14 147,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 14:51:20 102,467 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 14:50:04 118,847 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 14:49:56 81,983 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2002-10-07 14:51:44 221,252 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2003-07-15 03:57:40 59,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2003-07-03 20:19:36 2,502,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2008-01-27 14:08:56 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-08-06 18:24:20 12,037,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2008-01-27 14:08:57 662,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL
+ 2002-10-07 15:03:34 1,794,113 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-04-30 16:52:32 1,581,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2003-01-17 19:03:34 59,466 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\90403E1900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
+ 2008-01-27 18:55:19 593,920 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-01-27 18:55:19 12,288 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-01-27 18:55:19 86,016 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-01-27 18:55:18 135,168 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-01-27 18:55:20 11,264 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-01-27 18:55:20 27,136 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-01-27 18:55:20 4,096 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-01-27 18:55:20 794,624 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-01-27 18:55:19 249,856 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-01-27 18:55:19 61,440 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-01-27 18:55:20 23,040 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-01-27 18:55:18 286,720 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-01-27 18:55:18 409,600 ----a-r C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-10-22 15:57:52 524,288 ----a-w C:\WINDOWS\opuc.dll
- 2008-01-26 13:52:48 320,336 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-01-27 15:02:43 375,264 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2002-08-21 10:10:16 204,800 ----a-w C:\WINDOWS\SYSTEM32\INKED.DLL
- 2007-07-12 05:22:00 135,168 -c--a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
- 2007-07-12 05:22:04 135,168 -c--a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
- 2007-07-12 06:22:38 139,264 -c--a-w C:\WINDOWS\SYSTEM32\javaws.exe
+ 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
+ 2007-03-05 18:34:28 676,224 ----a-w C:\WINDOWS\SYSTEM32\OGACheckControl.DLL
- 2008-01-22 13:17:39 65,736 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2008-01-27 15:11:09 65,736 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2008-01-22 13:17:39 408,496 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2008-01-27 15:11:10 408,496 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 1998-03-25 02:54:08 15,872 ----a-w C:\WINDOWS\SYSTEM32\SCP32.DLL
+ 2007-04-09 18:24:04 758,664 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdigraph.dll
+ 2007-04-09 18:23:58 46,472 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\mdiui.dll
+ 2007-04-09 18:24:04 758,664 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\mdigraph.dll
+ 2007-04-09 18:23:58 46,472 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\mdiui.dll
+ 1999-11-24 23:40:50 40,960 ----a-w C:\WINDOWS\SYSTEM32\VBAME.DLL
+ 2002-08-21 10:13:12 189,952 ----a-w C:\WINDOWS\SYSTEM32\WISPTIS.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 200704]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 16:46 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 15:32 155648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 20:05 339968]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-06-02 09:52 26112]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 03:32 270336]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-19 12:49 86016]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 10:27 28672]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-12-16 18:57 1393928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 00:59 44544]

C:\Documents and Settings\Linzy\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-09-26 15:21:36 45056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Corel Family and Friends Reminders.LNK - C:\Corel\Print House Magic\cffrem.exe [2004-08-15 10:49:00 114176]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 01:22:40 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2004-01-13 15:17 110592 c:\WINDOWS\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ :\WINDOWS\system32\srr

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qwd52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uae72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xek85.sys]
@="Driver"

R0 Lpt72;Lpt72;C:\WINDOWS\system32\Drivers\Lpt72.sys [2007-12-19 20:43]
R0 ZetSFD;ZetSFD;C:\WINDOWS\system32\DRIVERS\ZetSFD.sys [2006-04-19 09:34]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;C:\WINDOWS\system32\drivers\sfsz.sys [2006-04-18 17:54]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2003-12-11 12:53]
R3 ZetBus;Zetera Virtual Bus;C:\WINDOWS\system32\DRIVERS\ZetBus.sys [2006-04-19 09:34]
S2 AOL-SPYWare_Service;AOL-SPYWare_Service;C:\WINDOWS\TEMP\147151.exe []
S2 Zetera;Zetera;C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe []
S3 USB2_04;USB2_04 driver;C:\WINDOWS\system32\drivers\nkv2.sys [2008-01-27 14:22]
S3 VM30xx86;Vimicro USB PC Camera (ZC030x);C:\WINDOWS\system32\Drivers\vm30xx86.sys []
S3 ZetMPD;ZetMPD;C:\WINDOWS\system32\DRIVERS\ZetMPD.sys [2006-04-19 09:34]
S4 eopiioyw4ajuhza2;eopiioyw4ajuhza2;C:\WINDOWS\system32\yigh.exe [2007-11-30 07:48]
S4 nsmss;nsmss;C:\system32\nsmss.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07409bf1-9dae-11dc-916d-000e3516c18d}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{151d28a8-a388-11dc-9189-00038a000015}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{970b9670-9c1a-11dc-9166-00038a000015}]
\Shell\AutoRun\command - E:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FE2480A7-A6F0-E0B3-F837-C49E5829BE08}]
C:\WINDOWS\system32\winddl32.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-23 02:29:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 17:17:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-27 17:22:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 22:21:55
ComboFix2.txt 2008-01-26 23:42:27
.
2008-01-27 18:55:26 --- E O F ---

I then used SDFix in Safe Mode. Here is the resulting log:

SDFix: Version 1.131

Run by Linzy on Sun 01/27/2008 at 05:36 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\3_exception.nls - Deleted





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\explorer.exe
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 17:52:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 30 May 2007 86,528 ..SHR --- "C:\WINDOWS\Media\aolspy.exe"
Sat 25 Mar 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 15 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT5.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BITE.tmp"
Sun 20 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT706.tmp"
Sat 25 Mar 2006 4,348 ...H. --- "C:\Documents and Settings\Linzy\My Documents\My Music\License Backup\drmv1key.bak"
Sun 17 Sep 2006 20 A..H. --- "C:\Documents and Settings\Linzy\My Documents\My Music\License Backup\drmv1lic.bak"
Fri 10 Jun 2005 400 ...H. --- "C:\Documents and Settings\Linzy\My Documents\My Music\License Backup\drmv2key.bak"
Sun 17 Sep 2006 1,536 A..H. --- "C:\Documents and Settings\Linzy\My Documents\My Music\License Backup\drmv2lic.bak"
Wed 23 May 2007 8 A..H. --- "C:\Documents and Settings\Linzy\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Wed 30 May 2007 8 A..H. --- "C:\Documents and Settings\Linzy\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Wed 30 May 2007 8 A..H. --- "C:\Documents and Settings\Linzy\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Wed 30 May 2007 8 A..H. --- "C:\Documents and Settings\Linzy\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

I then ran Hijack this with this as the resultant log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:34 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Corel Family and Friends Reminders.LNK = C:\Corel\Print House Magic\cffrem.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://mail.udel.edu
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199224306106
O17 - HKLM\System\CCS\Services\Tcpip\..\{55E53FA9-BDE8-4513-9D14-4EB952D05007}: NameServer = 85.255.114.54,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{61D8EA03-3DDD-4DDF-BF23-1D7AF486B4B3}: NameServer = 85.255.114.54,85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD5F0C7B-1AEC-445C-B142-39DFA9083121}: NameServer = 85.255.114.54,85.255.112.92
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.92
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.92
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.92
O23 - Service: AOL ACS - Unknown owner - C:\WINDOWS\TEMP\147161.exe (file missing)
O23 - Service: AOL-SPYWare_Service - Unknown owner - C:\WINDOWS\TEMP\147151.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IDriverT - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: S24EventMonitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WANMiniportService - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Zetera - Unknown owner - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe (file missing)

--
End of file - 8891 bytes

Have I ripped this thing out by the roots or do I have more digging to do.

Any advice is greatly appreciated!!!! Thank you in advance. RXDad

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:30 AM

Posted 09 February 2008 - 10:43 AM

Hi RXDad, :thumbsup:

Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.

If you still need help please post a new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide for use before posting a HijackThis Log , and I'll be happy to look at it for you.

Thanks for your patience. :blink:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users