Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infested With Ise32 Malware


  • This topic is locked This topic is locked
14 replies to this topic

#1 xiaoleo

xiaoleo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 01 July 2008 - 12:54 PM

Hello,
I have been infested with Ise32 Property window which keep appearing on window start up. I have scan my computer recently with Norton 360 and found out that i have been infected with the following virus: W32.Gammima.AG, W32.SillyDC, W32IRCbot and have subsequently removed it. Despite removing the virus with Norton 360, the Ise32 Property would still continually pop up everytime i start up my computer. Unfortunately, my Norton 360 could not find any problem that resulted in the poping of Ise32 Property window. I have also use Window defender to scan but found nothing.

Is the poping out of Ise32 Property window got to do with the recently virus that i have been infected?

I have also posted a forum at "Am I infected? What do I do?" and have tried the suggestion given by the moderator. I had been suggested to use Autoruns to delete the Ise32 file. However everytime i delete the file, it will still pop up a ISE32 property the very next time i start up my computer. The Ise32 property window show up a few option for me to choose; Restore, ok and cancel. However i did not select any option and close it eventually. Lastly, the moderator had suggested me to post a HijackedThis log over here. Bottom is my HijackedThis log.

I am currently using window vista home. Please advice me what to do. I would appreciate your help to solve the problem.
I am looking forward to your reply.

Thank you,

Best regards

Leo



Deckard's System Scanner v20071014.68
Run by xiaoleo on 2008-07-02 01:22:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
13: 2008-06-30 13:55:56 UTC - RP248 - Scheduled Checkpoint
12: 2008-06-28 08:30:12 UTC - RP247 - After ise32
11: 2008-06-26 17:48:37 UTC - RP246 - ComboFix created restore point
10: 2008-06-26 12:34:59 UTC - RP245 - Windows Update
9: 2008-06-25 19:00:33 UTC - RP244 - Windows Update


-- First Restore Point --
1: 2008-06-17 17:58:05 UTC - RP232 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-02 01:24:17
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\VM331_STI.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Fujitsu\updnavi\updatenv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Users\xiaoleo\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tp.edu.sg:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [331BigDog] C:\Windows\VM331_STI.EXE
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [TvOutSwitch] c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [PSUtility] c:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [SSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe -r
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Internet Security Service] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\System32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\Windows\System32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe


--
End of file - 11909 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 MREMP50 (MREMP50 NDIS Protocol Driver) - \??\c:\progra~1\common~1\motive\mremp50.sys
S3 MRESP50 (MRESP50 NDIS Protocol Driver) - \??\c:\progra~1\common~1\motive\mresp50.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 O2Flash (O2Flash Memory Service) - c:\windows\system32\o2flash.exe <Not Verified; O2Micro International; O2 MS1/MP1 Service>
R2 UpdateNaviInstallService - c:\program files\fujitsu\updnavi\updnvsrv.exe <Not Verified; FUJITSU LIMITED; Fujitsu Update Navi(Service)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi


-- Scheduled Tasks -------------------------------------------------------------

2008-07-02 01:20:08 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{58C6E034-A679-48D2-AB8D-48C5DB2EA99E}.job


-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-06-27 01:48:08 68096 --a------ C:\Windows\zip.exe
2008-06-27 01:48:08 49152 --a------ C:\Windows\VFind.exe
2008-06-27 01:48:08 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-27 01:48:08 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-27 01:48:08 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-27 01:48:08 98816 --a------ C:\Windows\sed.exe
2008-06-27 01:48:08 80412 --a------ C:\Windows\grep.exe
2008-06-27 01:48:08 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-25 19:26:10 0 d-------- C:\Windows\system32\Adobe
2008-06-24 01:48:39 0 d-------- C:\Program Files\Garena
2008-06-23 23:24:51 0 d-------- C:\Program Files\Hamachi


-- Find3M Report ---------------------------------------------------------------

2008-07-02 01:10:36 0 d-------- C:\Users\xiaoleo\AppData\Roaming\Skype
2008-07-02 00:07:35 0 d-------- C:\Users\xiaoleo\AppData\Roaming\skypePM
2008-07-01 19:06:39 0 d-------- C:\Program Files\Norton 360
2008-06-24 21:51:52 0 d-------- C:\Users\xiaoleo\AppData\Roaming\Hamachi
2008-06-24 01:48:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 00:59:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-20 22:09:10 0 d-------- C:\Users\xiaoleo\AppData\Roaming\Fujitsu
2008-06-14 15:07:30 0 d-------- C:\Program Files\Windows Mail
2008-06-03 13:17:01 0 d-------- C:\Program Files\Symantec
2008-05-22 21:20:58 0 d-------- C:\Program Files\Counter-Strike
2008-05-22 00:38:34 0 d-------- C:\Program Files\jGRASP
2008-05-21 20:38:00 0 d-------- C:\Program Files\Microsoft Office Communicator
2008-05-21 19:54:17 0 d-------- C:\Program Files\MSBuild
2008-05-21 19:51:02 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-13 22:55:31 0 d-------- C:\Program Files\Common Files\Motive
2008-05-13 20:39:52 0 d-------- C:\Users\xiaoleo\AppData\Roaming\Motive
2008-05-13 20:15:23 0 d-------- C:\Program Files\Common Files
2008-05-11 00:24:36 0 d-------- C:\Program Files\Microsoft Silverlight


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/17/2008 02:23 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
04/01/2008 06:06 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/17/2008 02:23 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [11/18/2006 07:38 AM]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [11/08/2006 06:45 AM]
"RtHDVCpl"="RtHDVCpl.exe" [09/19/2007 02:50 PM C:\Windows\RtHDVCpl.exe]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [09/21/2007 09:58 AM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [09/21/2007 09:58 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/15/2007 11:53 AM]
"331BigDog"="C:\Windows\VM331_STI.EXE" [07/02/2007 01:59 PM]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"TvOutSwitch"="c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [09/30/2007 11:59 PM]
"PSUtility"="c:\Program Files\Fujitsu\PSUtility\TrayManager.exe" [10/30/2006 12:37 AM]
"SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [11/12/2006 11:02 AM]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [11/26/2006 09:09 AM]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [11/13/2006 08:13 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [03/15/2007 01:01 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [01/09/2007 02:17 PM]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [11/03/2007 05:34 AM]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [04/17/2008 02:14 PM]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updatenv.exe" [08/01/2007 11:18 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/19/2008 03:37 AM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 10:50 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/22/2008 11:40 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 PM]
"Internet Security Service"="c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe" [05/26/2008 03:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"PCDrProfiler"=C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe -r

C:\Users\xiaoleo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2/23/2008 5:14:32 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [8/3/2007 11:41:52 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00dc48d1-4326-11dd-b43b-0017428dfe18}]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d385005-27dd-11dd-90af-0017428dfe18}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99b6ada6-e15d-11dc-a714-00037adc99ae}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e3f8760-e17e-11dc-9c75-00037adc99ae}]
AutoRun\command- G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44f40fc-21a2-11dd-885c-0017428dfe18}]
AutoRun\command- G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44f4101-21a2-11dd-885c-0017428dfe18}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1f8fe00-2e15-11dd-905a-0017428dfe18}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\system.exe
Explore\command- F:\system.exe
Open\command- F:\system.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-02 01:25:28 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T8100 @ 2.10GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 3317.63 MiB / 1630.12 MiB
Pagefile Memory (total/avail): 6806.69 MiB / 5202.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.91 MiB

C: is Fixed (NTFS) - 115.99 GiB total, 53.32 GiB free.
D: is Fixed (NTFS) - 115.92 GiB total, 115.07 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHY2250BH - 232.88 GiB - 3 partitions
\PARTITION0 - Unknown - 1000 MiB
\PARTITION1 (bootable) - Installable File System - 115.99 GiB - C:
\PARTITION2 - Installable File System - 115.92 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton 360 v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\xiaoleo\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=XU3LEO-PC
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\xiaoleo
LOCALAPPDATA=C:\Users\xiaoleo\AppData\Local
LOGONSERVER=\\XU3LEO-PC
NpmLib=C:\Program Files\Norman\Npm\Bin
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\ArcSoft\Bin;C:\Program Files\Softex\OmniPass;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Norman\Npm\Bin;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\xiaoleo\AppData\Local\Temp
TMP=C:\Users\xiaoleo\AppData\Local\Temp
USERDOMAIN=XU3LEO-PC
USERNAME=xiaoleo
USERPROFILE=C:\Users\xiaoleo
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

xiaoleo


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x0009/cont -removeonly
--> C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x0009 -removeonly
--> MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
99bytes DVD to PSP / iPod Video Converter --> MsiExec.exe /I{722BB2FA-B056-42E9-9070-1947D2E365D0}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Agere Systems HDA Modem --> agrsmdel
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft WebCam Companion 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AFCE4BA-2F84-4ED4-8C7E-80B7DC868E81}\Setup.exe" -l0x9
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{B10D407C-75F9-4B5C-999F-E6B75AB31CAB}
Backup --> MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bonus --> MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}
CC_ccProxyExt --> MsiExec.exe /I{779F426C-A8F3-414B-B7AF-B6BDC9B8E040}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
ccPxyCore --> MsiExec.exe /I{AB70ABEC-771B-47CB-9E41-DF77DE4FFC5C}
CIB --> MsiExec.exe /I{E8176C35-0C2D-4142-9ED4-81861ECAB403}
Counter-Strike 1.0 --> C:\Program Files\Counter-Strike\Uninst.exe
Free iPod Video Converter 1.26 --> "C:\Program Files\Free iPod Video Converter\unins000.exe"
Fujitsu Display Manager --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C1D8CEBB-BFEE-4E82-92E0-7579211F3ADF}
Fujitsu Hardware Diagnostics Tool --> C:\Program Files\Fujitsu Hardware Diagnostics Tool\uninst.exe
Fujitsu Hotkey Utility --> C:\Program Files\InstallShield Installation Information\{BA0CC975-682B-4678-A35C-05E607F36387}\setup.exe -runfromtemp -l0x0409
Fujitsu MobilityCenter Extension Utility --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}
Fujitsu System Extension Utility --> C:\Program Files\InstallShield Installation Information\{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}\setup.exe -runfromtemp -l0x0409
Garena --> C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
Inst5657 --> MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123}
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
jGRASP --> "C:\Program Files\jGRASP\uninstall.exe"
LifeBook Application Panel --> C:\Program Files\InstallShield Installation Information\{6226477E-444F-4DFE-BA19-9F4F7D4565BC}\setup.exe -runfromtemp -l0x0409
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MediaCorp MOBTV Download Manager --> MsiExec.exe /I{5F12441C-72CB-4B19-AFF4-F148902A9B90}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Communicator 2007 --> MsiExec.exe /X{E5BA0430-919F-46DD-B656-0796F8A5ADFF}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motive Report Agent --> "C:\Program Files\SingTelACT\McciBrowser.exe" -appkey=SingTelACT -hidden-url=file:///C:\Program Files\SingTelACT\ReportAgent_Remove.html
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
Norton 360 HTMLHelp --> MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton Add-on Pack (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_2_1_0_55\Setup.exe" /X
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus Help --> MsiExec.exe /I{69CCCF13-601F-43FC-A4A7-4A2ADF0821D1}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
O2Micro Flash Memory Card Windows Driver --> C:\Program Files\InstallShield Installation Information\{C667F699-861A-4AB5-AC2C-A8276DCCFDA9}\setup.exe -runfromtemp -l0x0409
OmniPass 5.00.91 --> C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe -runfromtemp -l0x0009 -removeonly
Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
Power Saving Utility --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{46B0B653-2249-42A0-B834-B58126A20D5E}
PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio Activation Module --> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Easy Media Creator Home --> MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shock Sensor Utility --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827517C3-9B89-458E-A8F2-96DD24BDFE29}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Picture Utility --> C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls --> MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update Navi --> MsiExec.exe /X{47BC37A3-35C8-484A-8CBD-851914EB095E}
VC0331 USB2.0 Digital Camera --> vm331Rmv.exe vm331Rmv.ini
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}


-- Application Event Log -------------------------------------------------------

Event Record #/Type17020 / Error
Event Submitted/Written: 07/02/2008 00:24:44 AM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Windows Live OneCare safety scanner - Update '{68F2A089-41B9-49F6-A0A7-FD4D39D10794}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type17016 / Error
Event Submitted/Written: 07/02/2008 00:24:44 AM
Event ID/Source: 1021 / MsiInstaller
Event Description:
Product: Windows Live OneCare safety scanner - Update 'scnAVavdltaComponent-1.27.6968.0' could not be removed. Error code 1649. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type17012 / Error
Event Submitted/Written: 07/02/2008 00:24:44 AM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Windows Live OneCare safety scanner - Update '{E7A5F456-234F-49ED-8039-7D02C6EA61DF}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type17008 / Error
Event Submitted/Written: 07/02/2008 00:24:43 AM
Event ID/Source: 1021 / MsiInstaller
Event Description:
Product: Windows Live OneCare safety scanner - Update 'scnAVavbaseComponent-1.27.6200.0' could not be removed. Error code 1649. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type17004 / Error
Event Submitted/Written: 07/02/2008 00:24:24 AM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Windows Live OneCare safety scanner - Update '{4E968140-AB7B-407B-AEBD-07AF3E503B2A}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32876 / Error
Event Submitted/Written: 07/01/2008 07:07:34 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type32828 / Error
Event Submitted/Written: 07/01/2008 07:06:51 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.100 for the Network Card with network address 001DE06CD0C5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type32827 / Warning
Event Submitted/Written: 07/01/2008 07:06:51 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE06CD0C5. The following error occurred:
%%2163146757. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type32775 / Warning
Event Submitted/Written: 06/30/2008 10:18:17 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type32691 / Error
Event Submitted/Written: 06/30/2008 07:45:45 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058



-- End of Deckard's System Scanner: finished at 2008-07-02 01:25:28 ------------

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:24 PM

Posted 14 July 2008 - 08:17 AM

Hello

Welcome to Bleeping Computer Hijackthis logs and Malware removal. I am farbar. I will assist you with your problem.

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
Please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please delete first your copy of dss.exe in order to download a fresh copy.

Download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#3 xiaoleo

xiaoleo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 July 2008 - 01:09 PM

Hello farbar,

I have deleted the previous scanned file(txt) and scanned my laptop with Dss again, however, it does not generate a Extra.txt aparts from the first time. Hence, is it ok to use back the previous Extra.txt? Nevertheless, i have included it.

I have also scanned my laptop using Kaspersky Online Scanner as suggested. Despite following the instruction, i could'nt locate the scanned report from the desktop. Hence i have taken a photo of the scanned result and attach it in my reply. Surprisinly, the scanned report could be found when i try to attach and browse the photo taken for the scanned report in my desktop. However, i did not attach the report because i do not know whether it is still a valid or usable file. I would also appericiated if you could explain what has gone wrong with it. Thank you.

Once again, thank you and sorry for the inconvenient caused.


Best regards
Leo


Deckard's System Scanner v20071014.68
Run by xiaoleo on 2008-07-14 21:40:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as xiaoleo.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:25 PM, on 7/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\VM331_STI.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Fujitsu\updnavi\updatenv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\windows defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\xiaoleo\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\xiaoleo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy-config.tp.edu.sg/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tp.edu.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tp.edu.sg;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [331BigDog] C:\Windows\VM331_STI.EXE
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [TvOutSwitch] c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [PSUtility] c:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [SSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe -r
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Internet Security Service] c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - c:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe

--
End of file - 12039 bytes

-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-14 21:29:51 0 d-------- C:\Program Files\Trend Micro
2008-07-12 03:21:33 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-11 00:53:34 12 --a------ C:\Windows\bthservsdp.dat
2008-07-11 00:09:23 0 d-------- C:\Program Files\Windows Mobile Resources
2008-07-06 17:03:33 0 d-------- C:\Program Files\Sun
2008-06-27 01:48:08 68096 --a------ C:\Windows\zip.exe
2008-06-27 01:48:08 49152 --a------ C:\Windows\VFind.exe
2008-06-27 01:48:08 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-27 01:48:08 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-27 01:48:08 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-27 01:48:08 98816 --a------ C:\Windows\sed.exe
2008-06-27 01:48:08 80412 --a------ C:\Windows\grep.exe
2008-06-27 01:48:08 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-25 19:26:10 0 d-------- C:\Windows\system32\Adobe
2008-06-24 01:48:39 0 d-------- C:\Program Files\Garena
2008-06-23 23:24:51 0 d-------- C:\Program Files\Hamachi


-- Find3M Report ---------------------------------------------------------------

2008-07-14 21:34:51 0 d-------- C:\Users\xiaoleo\AppData\Roaming\Skype
2008-07-14 19:32:57 0 d-------- C:\Users\xiaoleo\AppData\Roaming\skypePM
2008-07-12 03:21:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-10 11:58:43 174 --ahs---- C:\Program Files\desktop.ini
2008-07-10 11:43:54 0 d-------- C:\Program Files\Windows Mail
2008-07-06 17:03:14 0 d-------- C:\Program Files\Java
2008-07-01 19:06:39 0 d-------- C:\Program Files\Norton 360
2008-06-24 21:51:52 0 d-------- C:\Users\xiaoleo\AppData\Roaming\Hamachi
2008-06-21 00:59:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-20 22:09:10 0 d-------- C:\Users\xiaoleo\AppData\Roaming\Fujitsu
2008-06-03 13:17:01 0 d-------- C:\Program Files\Symantec
2008-05-22 21:20:58 0 d-------- C:\Program Files\Counter-Strike
2008-05-22 00:38:34 0 d-------- C:\Program Files\jGRASP
2008-05-21 20:38:00 0 d-------- C:\Program Files\Microsoft Office Communicator
2008-05-21 19:54:17 0 d-------- C:\Program Files\MSBuild
2008-05-21 19:51:02 0 d-------- C:\Program Files\Microsoft Visual Studio 8


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
04/01/2008 06:06 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [11/18/2006 07:38 AM]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [11/08/2006 06:45 AM]
"RtHDVCpl"="RtHDVCpl.exe" [09/19/2007 02:50 PM C:\Windows\RtHDVCpl.exe]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [09/21/2007 09:58 AM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [09/21/2007 09:58 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/15/2007 11:53 AM]
"331BigDog"="C:\Windows\VM331_STI.EXE" [07/02/2007 01:59 PM]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"TvOutSwitch"="c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [09/30/2007 11:59 PM]
"PSUtility"="c:\Program Files\Fujitsu\PSUtility\TrayManager.exe" [10/30/2006 12:37 AM]
"SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [11/12/2006 11:02 AM]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [11/26/2006 09:09 AM]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [11/13/2006 08:13 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [03/15/2007 01:01 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [01/09/2007 02:17 PM]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [11/03/2007 05:34 AM]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [04/17/2008 02:14 PM]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updatenv.exe" [08/01/2007 11:18 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/19/2008 03:37 AM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 10:50 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/22/2008 11:40 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 PM]
"Internet Security Service"="c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe" [05/26/2008 03:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"PCDrProfiler"=C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe -r

C:\Users\xiaoleo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2/23/2008 5:14:32 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [8/3/2007 11:41:52 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00dc48d1-4326-11dd-b43b-0017428dfe18}]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00dc48df-4326-11dd-b43b-0017428dfe18}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d385005-27dd-11dd-90af-0017428dfe18}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99b6ada6-e15d-11dc-a714-00037adc99ae}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dc939d7-4bdc-11dd-a4de-0017428dfe18}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dc939ee-4bdc-11dd-a4de-0017428dfe18}]
AutoRun\command- G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e3f8760-e17e-11dc-9c75-00037adc99ae}]
AutoRun\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2118cd8-4451-11dd-8c8d-0017428dfe18}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44f40fc-21a2-11dd-885c-0017428dfe18}]
AutoRun\command- H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44f4101-21a2-11dd-885c-0017428dfe18}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1f8fe00-2e15-11dd-905a-0017428dfe18}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\system.exe
Explore\command- F:\system.exe
Open\command- F:\system.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-14 21:40:55 ------------


Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T8100 @ 2.10GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 3317.63 MiB / 1630.12 MiB
Pagefile Memory (total/avail): 6806.69 MiB / 5202.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.91 MiB

C: is Fixed (NTFS) - 115.99 GiB total, 53.32 GiB free.
D: is Fixed (NTFS) - 115.92 GiB total, 115.07 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHY2250BH - 232.88 GiB - 3 partitions
\PARTITION0 - Unknown - 1000 MiB
\PARTITION1 (bootable) - Installable File System - 115.99 GiB - C:
\PARTITION2 - Installable File System - 115.92 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton 360 v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\xiaoleo\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=XU3LEO-PC
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\xiaoleo
LOCALAPPDATA=C:\Users\xiaoleo\AppData\Local
LOGONSERVER=\\XU3LEO-PC
NpmLib=C:\Program Files\Norman\Npm\Bin
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\ArcSoft\Bin;C:\Program Files\Softex\OmniPass;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Norman\Npm\Bin;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\xiaoleo\AppData\Local\Temp
TMP=C:\Users\xiaoleo\AppData\Local\Temp
USERDOMAIN=XU3LEO-PC
USERNAME=xiaoleo
USERPROFILE=C:\Users\xiaoleo
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

xiaoleo


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x0009/cont -removeonly
--> C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x0009 -removeonly
--> MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
99bytes DVD to PSP / iPod Video Converter --> MsiExec.exe /I{722BB2FA-B056-42E9-9070-1947D2E365D0}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Agere Systems HDA Modem --> agrsmdel
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft WebCam Companion 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AFCE4BA-2F84-4ED4-8C7E-80B7DC868E81}\Setup.exe" -l0x9
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{B10D407C-75F9-4B5C-999F-E6B75AB31CAB}
Backup --> MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bonus --> MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}
CC_ccProxyExt --> MsiExec.exe /I{779F426C-A8F3-414B-B7AF-B6BDC9B8E040}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
ccPxyCore --> MsiExec.exe /I{AB70ABEC-771B-47CB-9E41-DF77DE4FFC5C}
CIB --> MsiExec.exe /I{E8176C35-0C2D-4142-9ED4-81861ECAB403}
Counter-Strike 1.0 --> C:\Program Files\Counter-Strike\Uninst.exe
Free iPod Video Converter 1.26 --> "C:\Program Files\Free iPod Video Converter\unins000.exe"
Fujitsu Display Manager --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C1D8CEBB-BFEE-4E82-92E0-7579211F3ADF}
Fujitsu Hardware Diagnostics Tool --> C:\Program Files\Fujitsu Hardware Diagnostics Tool\uninst.exe
Fujitsu Hotkey Utility --> C:\Program Files\InstallShield Installation Information\{BA0CC975-682B-4678-A35C-05E607F36387}\setup.exe -runfromtemp -l0x0409
Fujitsu MobilityCenter Extension Utility --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}
Fujitsu System Extension Utility --> C:\Program Files\InstallShield Installation Information\{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}\setup.exe -runfromtemp -l0x0409
Garena --> C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
Inst5657 --> MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123}
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
jGRASP --> "C:\Program Files\jGRASP\uninstall.exe"
LifeBook Application Panel --> C:\Program Files\InstallShield Installation Information\{6226477E-444F-4DFE-BA19-9F4F7D4565BC}\setup.exe -runfromtemp -l0x0409
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MediaCorp MOBTV Download Manager --> MsiExec.exe /I{5F12441C-72CB-4B19-AFF4-F148902A9B90}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Communicator 2007 --> MsiExec.exe /X{E5BA0430-919F-46DD-B656-0796F8A5ADFF}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motive Report Agent --> "C:\Program Files\SingTelACT\McciBrowser.exe" -appkey=SingTelACT -hidden-url=file:///C:\Program Files\SingTelACT\ReportAgent_Remove.html
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
Norton 360 HTMLHelp --> MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton Add-on Pack (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_2_1_0_55\Setup.exe" /X
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus Help --> MsiExec.exe /I{69CCCF13-601F-43FC-A4A7-4A2ADF0821D1}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
O2Micro Flash Memory Card Windows Driver --> C:\Program Files\InstallShield Installation Information\{C667F699-861A-4AB5-AC2C-A8276DCCFDA9}\setup.exe -runfromtemp -l0x0409
OmniPass 5.00.91 --> C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe -runfromtemp -l0x0009 -removeonly
Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
Power Saving Utility --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{46B0B653-2249-42A0-B834-B58126A20D5E}
PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio Activation Module --> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Easy Media Creator Home --> MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shock Sensor Utility --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827517C3-9B89-458E-A8F2-96DD24BDFE29}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Picture Utility --> C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls --> MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update Navi --> MsiExec.exe /X{47BC37A3-35C8-484A-8CBD-851914EB095E}
VC0331 USB2.0 Digital Camera --> vm331Rmv.exe vm331Rmv.ini
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}


-- Application Event Log -------------------------------------------------------

Event Record #/Type17020 / Error
Event Submitted/Written: 07/02/2008 00:24:44 AM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Windows Live OneCare safety scanner - Update '{68F2A089-41B9-49F6-A0A7-FD4D39D10794}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type17016 / Error
Event Submitted/Written: 07/02/2008 00:24:44 AM
Event ID/Source: 1021 / MsiInstaller
Event Description:
Product: Windows Live OneCare safety scanner - Update 'scnAVavdltaComponent-1.27.6968.0' could not be removed. Error code 1649. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type17012 / Error
Event Submitted/Written: 07/02/2008 00:24:44 AM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Windows Live OneCare safety scanner - Update '{E7A5F456-234F-49ED-8039-7D02C6EA61DF}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type17008 / Error
Event Submitted/Written: 07/02/2008 00:24:43 AM
Event ID/Source: 1021 / MsiInstaller
Event Description:
Product: Windows Live OneCare safety scanner - Update 'scnAVavbaseComponent-1.27.6200.0' could not be removed. Error code 1649. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type17004 / Error
Event Submitted/Written: 07/02/2008 00:24:24 AM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Windows Live OneCare safety scanner - Update '{4E968140-AB7B-407B-AEBD-07AF3E503B2A}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32876 / Error
Event Submitted/Written: 07/01/2008 07:07:34 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type32828 / Error
Event Submitted/Written: 07/01/2008 07:06:51 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.100 for the Network Card with network address 001DE06CD0C5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type32827 / Warning
Event Submitted/Written: 07/01/2008 07:06:51 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE06CD0C5. The following error occurred:
%%2163146757. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type32775 / Warning
Event Submitted/Written: 06/30/2008 10:18:17 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type32691 / Error
Event Submitted/Written: 06/30/2008 07:45:45 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058



-- End of Deckard's System Scanner: finished at 2008-07-02 01:25:28 ------------

Attached Files


Edited by xiaoleo, 14 July 2008 - 01:11 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:24 PM

Posted 16 July 2008 - 09:37 AM

Hi,

Sorry for the delay.

One or more of the identified infections is a backdoor trojan.

A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still try to clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to remove the infection please go on with the following steps.


Removal Instructions

You were wondering why DSS did not produce the extra.txt. The reason was that the dss.exe (which is located on your desktop), was not removed. And a fresh dss.exe was not downloaded (you may read the sentence in bold once more). The extra.txt which is posted was already there on your previous post. But you have done your best and I fully understand this is all new to you. However if the instructions are not clear to you please feel free to ask before proceeding.
  • Don't use a Flash Memory on this laptop at this stage. The flash memory you are using might be infected.

  • Please tell me (1)- If this laptop is a personal laptop? (2)- Have you turned off the windows firewall yourself? (3)- Have you set the following proxy.? proxy.tp.edu.sg:8080

  • We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
    • Open Windows Defender.
    • Click on Tools, Options.
    • Scroll down the list of options to select "Real-time Protection Options."
    • Uncheck "Use Real-Time Protection (Recommended)".
    • After you uncheck this, click on the Save button and close Windows Defender.
    After all of the fixes are complete it is very important that you enable Real-time Protection again.

  • Now we need to make sure to turn off UAC ( UAC = User Account Control )
    • Click Start, and then click Control Panel.
    • In Control Panel, click User Accounts.
    • In the User Accounts window, click User Accounts.
    • In the User Accounts tasks window, click Turn User Account Control on or off.
    • If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.
    • Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK. If it is already uncheck, then you should also notice a red shield with an X in it located in your system tray. Ignore any messages about UAC being disabled.
    • Click Restart Now to apply the change right away. (Restart even if you did not make the above change, we need to be sure that a reboot has occurred since the first time that UAC was disabled.)
    NOTE: DO NOT CONTINUE UNTIL UAC has been disabled and you have rebooted.

  • Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Link 1
    Link 2
    Link 3


    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall

Edited by farbar, 16 July 2008 - 09:40 AM.


#5 xiaoleo

xiaoleo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 20 July 2008 - 08:45 AM

Dear farbar,
Sorry for the late reply. This is my personal laptop. Yes, i have turned off the window firewall, because i have already installed norton 360 which also has its own firewall. I heard that two firewalls cannot be turned on at the same time as they will clash. Yes this proxy.tp.edu.sg:8080 is my school's and it had been set up by the school IT technician.




Below is the attached combofix.


ComboFix 08-07-19.1 - xiaoleo 2008-07-20 16:06:02.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2071 [GMT 8:00]
Running from: C:\Users\xiaoleo\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-16 12:13 . 2008-07-16 12:13 <DIR> d-------- C:\Users\xiaoleo\AppData\Roaming\Nexon
2008-07-16 00:28 . 2003-07-21 02:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-07-16 00:28 . 2005-01-04 17:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-07-16 00:25 . 2008-07-16 00:25 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-14 21:29 . 2008-07-14 21:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 03:21 . 2008-07-12 03:21 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-12 01:18 . 2008-06-26 08:33 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-12 01:18 . 2008-06-26 08:33 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 00:53 . 2008-07-20 15:57 12 --a------ C:\Windows\bthservsdp.dat
2008-07-11 00:09 . 2008-07-11 00:09 <DIR> d-------- C:\Program Files\Windows Mobile Resources
2008-07-06 17:03 . 2008-07-06 17:03 <DIR> d-------- C:\Program Files\Sun
2008-07-02 01:22 . 2008-07-02 01:22 <DIR> d-------- C:\Deckard
2008-06-25 19:26 . 2008-06-25 19:26 <DIR> d-------- C:\Windows\System32\Adobe
2008-06-24 01:48 . 2008-07-09 22:29 <DIR> d-------- C:\Program Files\Garena
2008-06-23 23:25 . 2008-06-24 21:51 <DIR> d-------- C:\Users\xiaoleo\AppData\Roaming\Hamachi
2008-06-23 23:24 . 2008-06-23 23:25 <DIR> d-------- C:\Program Files\Hamachi
2008-06-23 23:24 . 2008-06-23 23:24 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-06-20 22:09 . 2008-06-20 22:09 <DIR> d-------- C:\Users\xiaoleo\AppData\Roaming\Fujitsu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 16:42 --------- d-----w C:\Users\xiaoleo\AppData\Roaming\Skype
2008-07-16 15:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-15 09:09 --------- d-----w C:\Users\xiaoleo\AppData\Roaming\skypePM
2008-07-11 19:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-11 17:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 03:58 174 --sha-w C:\Program Files\desktop.ini
2008-07-10 03:43 --------- d-----w C:\Program Files\Windows Mail
2008-07-06 09:03 --------- d-----w C:\Program Files\Java
2008-07-01 11:06 --------- d-----w C:\Program Files\Norton 360
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-20 16:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-13 06:14 24,112 ----a-w C:\Windows\system32\drivers\SymIMV.sys
2008-06-13 06:14 13,093 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-06-13 06:14 1,611 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-06-13 06:13 96,432 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-06-13 06:13 41,008 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-06-13 06:13 38,576 ----a-w C:\Windows\system32\drivers\symids.sys
2008-06-13 06:13 22,320 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-06-13 06:13 184,240 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-06-13 06:13 13,616 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-06-03 05:17 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-03 05:17 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-03 05:17 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-03 05:17 --------- d-----w C:\Program Files\Symantec
2008-05-22 13:20 --------- d-----w C:\Program Files\Counter-Strike
2008-05-21 16:38 --------- d-----w C:\Program Files\jGRASP
2008-05-21 12:38 --------- d-----w C:\Program Files\Microsoft Office Communicator
2008-05-21 11:54 --------- d-----w C:\Program Files\MSBuild
2008-05-21 11:51 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-26 09:45 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-26 09:45 32 ----a-w C:\ProgramData\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-27_ 1.51.45.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-20 17:00:13 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-07-10 16:53:03 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-06-20 17:00:13 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-07-10 16:53:03 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-06-20 17:00:12 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-07-10 16:53:02 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2006-10-27 03:55:38 138,024 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 22:16:36 46,864 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2008-07-10 16:53:38 648,072 ----a-r C:\Windows\Installer\{904CCF62-818D-4675-BC76-D37EB399F917}\wmdc.exe
- 2008-05-29 17:18:50 1,165,584 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-07-11 17:20:54 1,165,584 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-29 17:18:50 20,240 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-11 17:20:55 20,240 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-29 17:18:50 159,504 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-07-11 17:20:54 159,504 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-05-29 17:18:50 184,080 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-07-11 17:20:54 184,080 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-05-29 17:18:50 217,864 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-11 17:20:55 217,864 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-29 17:18:51 18,704 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-11 17:20:55 18,704 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-29 17:18:51 35,088 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-11 17:20:55 35,088 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-29 17:18:50 845,584 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-07-11 17:20:55 845,584 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-29 17:18:50 922,384 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-11 17:20:55 922,384 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-29 17:18:50 272,648 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-07-11 17:20:55 272,648 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-29 17:18:51 888,080 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-11 17:20:55 888,080 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-29 17:18:50 1,172,240 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-11 17:20:54 1,172,240 ----a-r C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-05-14 17:28:00 1,165,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-07-11 17:21:28 1,165,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-14 17:28:00 20,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-11 17:21:29 20,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-14 17:28:00 217,864 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-11 17:21:28 217,864 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-14 17:28:00 18,704 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-11 17:21:29 18,704 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-14 17:28:00 35,088 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-11 17:21:29 35,088 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-14 17:28:00 845,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-07-11 17:21:28 845,584 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-14 17:28:00 922,384 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-11 17:21:28 922,384 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-14 17:28:00 272,648 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-07-11 17:21:29 272,648 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-14 17:28:00 888,080 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-11 17:21:29 888,080 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-14 17:28:00 1,172,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-11 17:21:28 1,172,240 ----a-r C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-06-26 11:50:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-20 07:58:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-26 11:50:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-20 07:58:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-26 11:52:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-20 08:00:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-02-22 15:50:51 1,016,865 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2008-07-10 03:59:04 1,016,865 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2008-06-26 11:52:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-20 08:00:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-05-31 01:21:00 75,144 ----a-w C:\Windows\System32\ceutil.dll
- 2008-06-26 11:50:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-19 14:03:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-26 11:50:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-19 14:03:36 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-26 11:50:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-19 14:03:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-26 17:49:09 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-07-20 08:05:51 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2006-11-02 08:57:47 32,768 ----a-w C:\Windows\System32\drivers\rndismpx.sys
+ 2006-11-02 09:46:14 203,264 ----a-w C:\Windows\System32\drivers\UMDF\WpdRapi.dll
+ 2007-05-31 01:21:18 224,136 ----a-w C:\Windows\System32\drivers\UMDF\WpdRapi2.dll
+ 2006-11-02 08:57:48 14,848 ----a-w C:\Windows\System32\drivers\usb8023x.sys
+ 2006-11-02 08:55:05 31,616 ----a-w C:\Windows\System32\drivers\winusb.sys
+ 2007-05-31 01:20:34 31,624 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\btplugin.dll
+ 2007-05-31 01:21:00 75,144 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\ceutil.dll
+ 2007-05-31 01:20:20 20,360 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\dtptdns.dll
+ 2007-05-31 01:21:04 105,352 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\rapi.dll
+ 2007-05-31 01:21:18 183,688 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\rapimgr.dll
+ 2007-05-31 01:20:24 24,456 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\rapispxy.dll
+ 2007-05-31 01:21:18 223,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\rapistub.dll
+ 2007-05-31 01:21:08 125,320 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\setup.exe
+ 2007-05-31 01:20:30 25,992 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\tcp2udp.dll
+ 2007-05-31 01:21:24 379,784 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\wcescomm.dll
+ 2007-05-31 01:20:28 24,968 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\wcescpxy.dll
+ 2007-05-31 01:20:50 46,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\wmcoinst-070531-0845.dll
+ 2007-05-31 01:21:28 648,072 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcebth.inf_29bdc8e5\wmdc.exe
+ 2007-05-31 01:20:34 31,624 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\btplugin.dll
+ 2007-05-31 01:21:00 75,144 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\ceutil.dll
+ 2007-05-31 01:20:20 20,360 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\dtptdns.dll
+ 2007-05-31 01:21:04 105,352 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\rapi.dll
+ 2007-05-31 01:21:18 183,688 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\rapimgr.dll
+ 2007-05-31 01:20:24 24,456 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\rapispxy.dll
+ 2007-05-31 01:21:18 223,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\rapistub.dll
+ 2007-05-31 01:21:08 125,320 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\setup.exe
+ 2007-05-31 01:20:30 25,992 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\tcp2udp.dll
+ 2007-05-31 01:21:24 379,784 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\wcescomm.dll
+ 2007-05-31 01:20:28 24,968 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\wcescpxy.dll
+ 2007-05-31 01:20:50 46,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\wmcoinst-070531-0845.dll
+ 2007-05-31 01:21:28 648,072 ----a-w C:\Windows\System32\DriverStore\FileRepository\wcerndis.inf_36ff3122\wmdc.exe
+ 2007-05-31 01:20:34 31,624 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\btplugin.dll
+ 2007-05-31 01:21:00 75,144 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\ceutil.dll
+ 2007-05-31 01:20:20 20,360 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\dtptdns.dll
+ 2007-05-31 01:21:04 105,352 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\rapi.dll
+ 2007-05-31 01:21:18 183,688 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\rapimgr.dll
+ 2007-05-31 01:20:24 24,456 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\rapispxy.dll
+ 2007-05-31 01:21:18 223,112 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\rapistub.dll
+ 2007-05-31 01:21:08 125,320 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\setup.exe
+ 2007-05-31 01:20:30 25,992 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\tcp2udp.dll
+ 2007-05-31 01:21:24 379,784 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\wcescomm.dll
+ 2007-05-31 01:20:28 24,968 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\wcescpxy.dll
+ 2007-05-31 01:20:50 46,984 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\wmcoinst-070531-0845.dll
+ 2007-05-31 01:21:28 648,072 ----a-w C:\Windows\System32\DriverStore\FileRepository\wceusbsh.inf_018a6444\wmdc.exe
+ 2007-05-31 01:21:18 224,136 ----a-w C:\Windows\System32\DriverStore\FileRepository\wpdrapi.inf_b2b04810\WpdRapi.dll
- 2008-02-21 17:23:35 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-03-24 17:28:39 135,168 ----a-w C:\Windows\System32\java.exe
- 2008-02-21 17:23:39 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-03-24 17:28:43 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2008-02-21 18:33:32 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-03-24 18:37:01 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-03-20 10:06:36 1,480,232 ----a-w C:\Windows\System32\LegitCheckControl.DLL
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\Windows\System32\mrt.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\Windows\System32\mrt.exe
- 2006-11-02 09:46:11 797,696 ----a-w C:\Windows\System32\NaturalLanguage6.dll
+ 2008-06-26 03:22:33 797,696 ----a-w C:\Windows\System32\NaturalLanguage6.dll
- 2006-11-02 09:46:11 1,523,200 ----a-w C:\Windows\System32\NlsData0000.dll
+ 2008-06-26 03:22:33 1,523,200 ----a-w C:\Windows\System32\NlsData0000.dll
- 2006-11-02 09:46:11 2,597,888 ----a-w C:\Windows\System32\NlsData0001.dll
+ 2008-06-26 03:22:33 2,597,888 ----a-w C:\Windows\System32\NlsData0001.dll
- 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData0002.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0002.dll
- 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData0003.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0003.dll
- 2006-11-02 09:46:11 2,241,024 ----a-w C:\Windows\System32\NlsData0007.dll
+ 2008-06-26 03:22:33 2,241,024 ----a-w C:\Windows\System32\NlsData0007.dll
- 2006-11-02 09:46:11 4,874,240 ----a-w C:\Windows\System32\NlsData0009.dll
+ 2008-06-26 03:22:33 4,874,240 ----a-w C:\Windows\System32\NlsData0009.dll
- 2006-11-02 09:46:11 9,845,248 ----a-w C:\Windows\System32\NlsData000a.dll
+ 2008-06-26 03:22:33 9,845,248 ----a-w C:\Windows\System32\NlsData000a.dll
- 2006-11-02 09:46:11 2,641,408 ----a-w C:\Windows\System32\NlsData000c.dll
+ 2008-06-26 03:22:33 2,641,408 ----a-w C:\Windows\System32\NlsData000c.dll
- 2006-11-02 09:46:11 2,340,864 ----a-w C:\Windows\System32\NlsData000d.dll
+ 2008-06-26 03:22:33 2,340,864 ----a-w C:\Windows\System32\NlsData000d.dll
- 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData000f.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData000f.dll
- 2006-11-02 09:46:11 4,493,312 ----a-w C:\Windows\System32\NlsData0010.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData0010.dll
- 2006-11-02 09:46:11 2,655,232 ----a-w C:\Windows\System32\NlsData0011.dll
+ 2008-06-26 03:22:33 2,655,232 ----a-w C:\Windows\System32\NlsData0011.dll
- 2006-11-02 09:46:11 3,464,704 ----a-w C:\Windows\System32\NlsData0013.dll
+ 2008-06-26 03:22:33 3,464,704 ----a-w C:\Windows\System32\NlsData0013.dll
- 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData0018.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0018.dll
- 2006-11-02 09:46:11 4,495,360 ----a-w C:\Windows\System32\NlsData0019.dll
+ 2008-06-26 03:22:33 4,495,360 ----a-w C:\Windows\System32\NlsData0019.dll
- 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData001a.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData001a.dll
- 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData001b.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData001b.dll
- 2006-11-02 09:46:11 4,493,312 ----a-w C:\Windows\System32\NlsData001d.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData001d.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0020.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0020.dll
- 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData0021.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\System32\NlsData0021.dll
- 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData0022.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\System32\NlsData0022.dll
- 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData0024.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0024.dll
- 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData0026.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0026.dll
- 2006-11-02 09:46:12 1,965,056 ----a-w C:\Windows\System32\NlsData0027.dll
+ 2008-06-26 03:22:33 1,965,056 ----a-w C:\Windows\System32\NlsData0027.dll
- 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData002a.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\System32\NlsData002a.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0039.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0039.dll
- 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData003e.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\System32\NlsData003e.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0045.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0045.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0046.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0046.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0047.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0047.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0049.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0049.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004a.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData004a.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004b.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData004b.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004c.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData004c.dll
- 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004e.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData004e.dll
- 2006-11-02 09:46:12 4,493,312 ----a-w C:\Windows\System32\NlsData0414.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData0414.dll
- 2006-11-02 09:46:12 4,493,312 ----a-w C:\Windows\System32\NlsData0416.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData0416.dll
- 2006-11-02 09:46:12 4,493,312 ----a-w C:\Windows\System32\NlsData0816.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData0816.dll
- 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData081a.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData081a.dll
- 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData0c1a.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0c1a.dll
- 2006-11-02 08:21:55 11,722,752 ----a-w C:\Windows\System32\NlsLexicons0001.dll
+ 2008-06-26 00:33:04 11,722,752 ----a-w C:\Windows\System32\NlsLexicons0001.dll
- 2006-11-02 08:22:34 4,164,096 ----a-w C:\Windows\System32\NlsLexicons0002.dll
+ 2008-06-26 00:34:20 4,164,096 ----a-w C:\Windows\System32\NlsLexicons0002.dll
- 2006-11-02 08:22:13 1,452,544 ----a-w C:\Windows\System32\NlsLexicons0003.dll
+ 2008-06-26 00:33:41 1,452,544 ----a-w C:\Windows\System32\NlsLexicons0003.dll
- 2006-11-02 08:22:06 6,237,696 ----a-w C:\Windows\System32\NlsLexicons000c.dll
+ 2008-06-26 00:33:34 6,237,696 ----a-w C:\Windows\System32\NlsLexicons000c.dll
- 2006-11-02 08:22:09 1,722,368 ----a-w C:\Windows\System32\NlsLexicons000d.dll
+ 2008-06-26 00:33:36 1,722,368 ----a-w C:\Windows\System32\NlsLexicons000d.dll
- 2006-11-02 08:22:17 5,654,528 ----a-w C:\Windows\System32\NlsLexicons000f.dll
+ 2008-06-26 00:33:48 5,654,528 ----a-w C:\Windows\System32\NlsLexicons000f.dll
- 2006-11-02 08:22:18 4,175,872 ----a-w C:\Windows\System32\NlsLexicons0010.dll
+ 2008-06-26 00:33:49 4,175,872 ----a-w C:\Windows\System32\NlsLexicons0010.dll
- 2006-11-02 08:22:10 2,466,816 ----a-w C:\Windows\System32\NlsLexicons0011.dll
+ 2008-06-26 00:33:37 2,466,816 ----a-w C:\Windows\System32\NlsLexicons0011.dll
- 2006-11-02 08:21:58 4,981,248 ----a-w C:\Windows\System32\NlsLexicons0013.dll
+ 2008-06-26 00:33:12 4,981,248 ----a-w C:\Windows\System32\NlsLexicons0013.dll
- 2006-11-02 08:22:25 3,331,072 ----a-w C:\Windows\System32\NlsLexicons0018.dll
+ 2008-06-26 00:34:01 3,331,072 ----a-w C:\Windows\System32\NlsLexicons0018.dll
- 2006-11-02 08:22:26 6,781,440 ----a-w C:\Windows\System32\NlsLexicons0019.dll
+ 2008-06-26 00:34:03 6,781,440 ----a-w C:\Windows\System32\NlsLexicons0019.dll
- 2006-11-02 08:22:14 6,014,976 ----a-w C:\Windows\System32\NlsLexicons001a.dll
+ 2008-06-26 00:33:43 6,014,976 ----a-w C:\Windows\System32\NlsLexicons001a.dll
- 2006-11-02 08:22:47 6,585,856 ----a-w C:\Windows\System32\NlsLexicons001b.dll
+ 2008-06-26 00:34:37 6,585,856 ----a-w C:\Windows\System32\NlsLexicons001b.dll
- 2006-11-02 08:22:31 6,346,240 ----a-w C:\Windows\System32\NlsLexicons001d.dll
+ 2008-06-26 00:34:14 6,346,240 ----a-w C:\Windows\System32\NlsLexicons001d.dll
- 2006-11-02 08:22:45 1,236,992 ----a-w C:\Windows\System32\NlsLexicons0020.dll
+ 2008-06-26 00:34:34 1,236,992 ----a-w C:\Windows\System32\NlsLexicons0020.dll
- 2006-11-02 08:22:12 2,136,064 ----a-w C:\Windows\System32\NlsLexicons0021.dll
+ 2008-06-26 00:33:40 2,136,064 ----a-w C:\Windows\System32\NlsLexicons0021.dll
- 2006-11-02 08:22:44 5,499,904 ----a-w C:\Windows\System32\NlsLexicons0022.dll
+ 2008-06-26 00:34:33 5,499,904 ----a-w C:\Windows\System32\NlsLexicons0022.dll
- 2006-11-02 08:22:42 5,791,232 ----a-w C:\Windows\System32\NlsLexicons0026.dll
+ 2008-06-26 00:34:30 5,791,232 ----a-w C:\Windows\System32\NlsLexicons0026.dll
- 2006-11-02 08:22:19 6,224,896 ----a-w C:\Windows\System32\NlsLexicons0027.dll
+ 2008-06-26 00:33:50 6,224,896 ----a-w C:\Windows\System32\NlsLexicons0027.dll
- 2006-11-02 08:22:41 4,096 ----a-w C:\Windows\System32\NlsLexicons002a.dll
+ 2008-06-26 00:34:26 4,096 ----a-w C:\Windows\System32\NlsLexicons002a.dll
- 2006-11-02 08:22:16 1,782,272 ----a-w C:\Windows\System32\NlsLexicons0039.dll
+ 2008-06-26 00:33:46 1,782,272 ----a-w C:\Windows\System32\NlsLexicons0039.dll
- 2006-11-02 08:22:20 4,045,824 ----a-w C:\Windows\System32\NlsLexicons003e.dll
+ 2008-06-26 00:33:52 4,045,824 ----a-w C:\Windows\System32\NlsLexicons003e.dll
- 2006-11-02 08:22:33 1,793,536 ----a-w C:\Windows\System32\NlsLexicons0045.dll
+ 2008-06-26 00:34:18 1,793,536 ----a-w C:\Windows\System32\NlsLexicons0045.dll
- 2006-11-02 08:22:25 1,808,896 ----a-w C:\Windows\System32\NlsLexicons0046.dll
+ 2008-06-26 00:33:58 1,808,896 ----a-w C:\Windows\System32\NlsLexicons0046.dll
- 2006-11-02 08:22:15 1,411,072 ----a-w C:\Windows\System32\NlsLexicons0047.dll
+ 2008-06-26 00:33:45 1,411,072 ----a-w C:\Windows\System32\NlsLexicons0047.dll
- 2006-11-02 08:22:39 1,558,016 ----a-w C:\Windows\System32\NlsLexicons0049.dll
+ 2008-06-26 00:34:24 1,558,016 ----a-w C:\Windows\System32\NlsLexicons0049.dll
- 2006-11-02 08:22:39 3,419,136 ----a-w C:\Windows\System32\NlsLexicons004a.dll
+ 2008-06-26 00:34:25 3,419,136 ----a-w C:\Windows\System32\NlsLexicons004a.dll
- 2006-11-02 08:22:36 1,702,912 ----a-w C:\Windows\System32\NlsLexicons004b.dll
+ 2008-06-26 00:34:22 1,702,912 ----a-w C:\Windows\System32\NlsLexicons004b.dll
- 2006-11-02 08:22:46 4,093,440 ----a-w C:\Windows\System32\NlsLexicons004c.dll
+ 2008-06-26 00:34:36 4,093,440 ----a-w C:\Windows\System32\NlsLexicons004c.dll
- 2006-11-02 08:22:37 1,972,736 ----a-w C:\Windows\System32\NlsLexicons004e.dll
+ 2008-06-26 00:34:23 1,972,736 ----a-w C:\Windows\System32\NlsLexicons004e.dll
- 2006-11-02 08:22:21 4,616,192 ----a-w C:\Windows\System32\NlsLexicons0414.dll
+ 2008-06-26 00:33:54 4,616,192 ----a-w C:\Windows\System32\NlsLexicons0414.dll
- 2006-11-02 08:22:24 5,090,816 ----a-w C:\Windows\System32\NlsLexicons0416.dll
+ 2008-06-26 00:33:57 5,090,816 ----a-w C:\Windows\System32\NlsLexicons0416.dll
- 2006-11-02 08:22:22 5,031,936 ----a-w C:\Windows\System32\NlsLexicons0816.dll
+ 2008-06-26 00:33:56 5,031,936 ----a-w C:\Windows\System32\NlsLexicons0816.dll
- 2006-11-02 08:22:29 7,042,560 ----a-w C:\Windows\System32\NlsLexicons081a.dll
+ 2008-06-26 00:34:11 7,042,560 ----a-w C:\Windows\System32\NlsLexicons081a.dll
- 2006-11-02 08:22:27 6,917,120 ----a-w C:\Windows\System32\NlsLexicons0c1a.dll
+ 2008-06-26 00:34:09 6,917,120 ----a-w C:\Windows\System32\NlsLexicons0c1a.dll
- 2006-11-02 08:21:54 5,071,872 ----a-w C:\Windows\System32\NlsModels0011.dll
+ 2008-06-26 00:33:01 5,071,872 ----a-w C:\Windows\System32\NlsModels0011.dll
- 2008-06-26 11:57:29 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-20 08:04:56 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-26 11:57:29 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-20 08:04:56 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2007-05-31 01:21:04 105,352 ----a-w C:\Windows\System32\rapi.dll
+ 2007-05-31 01:20:24 24,456 ----a-w C:\Windows\System32\rapiproxystub.dll
+ 2007-05-31 01:21:18 223,112 ----a-w C:\Windows\System32\rapistub.dll
- 2007-11-14 00:04:38 11,315,200 ----a-w C:\Windows\System32\shell32.dll
+ 2008-04-24 04:51:39 11,315,712 ----a-w C:\Windows\System32\shell32.dll
- 2008-06-25 19:41:12 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-07-11 17:25:34 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2007-05-31 01:20:28 24,968 ----a-w C:\Windows\System32\wcescommproxy.dll
- 2008-06-26 11:52:46 8,792 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3046809281-1282097979-3390271499-1000_UserData.bin
+ 2008-07-20 08:00:45 9,404 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3046809281-1282097979-3390271499-1000_UserData.bin
- 2008-06-26 11:52:46 77,250 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-20 08:00:44 78,788 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-26 11:52:44 53,002 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-20 08:00:40 57,332 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-05-31 01:20:50 46,984 ----a-w C:\Windows\System32\wmcoinst-070531-0845.dll
+ 2006-11-02 09:46:14 20,480 ----a-w C:\Windows\System32\wmcoinst.dll
+ 2007-05-31 01:21:28 895,880 ----a-w C:\Windows\WindowsMobile\AirSyncEngine.dll
+ 2007-05-31 01:21:14 148,872 ----a-w C:\Windows\WindowsMobile\AnimationLibrary.dll
+ 2007-05-31 01:20:52 47,496 ----a-w C:\Windows\WindowsMobile\ASDsktpEng.dll
+ 2007-05-31 01:20:40 32,648 ----a-w C:\Windows\WindowsMobile\ASStatusL.dll
+ 2007-05-31 01:20:50 46,472 ----a-w C:\Windows\WindowsMobile\ASSvrEng.dll
+ 2007-05-31 01:21:10 141,704 ----a-w C:\Windows\WindowsMobile\BakRestr.dll
+ 2007-05-31 01:20:34 31,624 ----a-w C:\Windows\WindowsMobile\BthASPlugin.dll
+ 2007-05-31 01:21:04 102,792 ----a-w C:\Windows\WindowsMobile\ceappmgr.exe
+ 2007-05-31 01:20:48 44,936 ----a-w C:\Windows\WindowsMobile\CEFStore.dll
+ 2007-05-31 01:21:14 173,960 ----a-w C:\Windows\WindowsMobile\CertAuth.dll
+ 2007-05-31 00:59:22 352,256 ----a-w C:\Windows\WindowsMobile\cs\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:22 9,728 ----a-w C:\Windows\WindowsMobile\cs\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:59:22 348,160 ----a-w C:\Windows\WindowsMobile\da\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:22 9,728 ----a-w C:\Windows\WindowsMobile\da\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:59:24 356,352 ----a-w C:\Windows\WindowsMobile\de\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:24 10,240 ----a-w C:\Windows\WindowsMobile\de\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 01:20:34 31,624 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\btplugin.dll
+ 2007-05-31 01:21:00 75,144 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\ceutil.dll
+ 2007-05-31 01:20:20 20,360 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\dtptdns.dll
+ 2007-05-31 01:21:04 105,352 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\rapi.dll
+ 2007-05-31 01:21:18 183,688 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\rapimgr.dll
+ 2007-05-31 01:20:24 24,456 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\rapispxy.dll
+ 2007-05-31 01:21:18 223,112 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\rapistub.dll
+ 2007-05-31 01:21:08 125,320 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\setup.exe
+ 2007-05-31 01:20:30 25,992 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\tcp2udp.dll
+ 2007-05-31 01:21:24 379,784 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\wcescomm.dll
+ 2007-05-31 01:20:28 24,968 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\wcescpxy.dll
+ 2007-05-31 01:20:50 46,984 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\wmcoinst-070531-0845.dll
+ 2007-05-31 01:21:28 648,072 ----a-w C:\Windows\WindowsMobile\Drivers\Bluetooth\wmdc.exe
+ 2007-05-31 01:20:34 31,624 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\btplugin.dll
+ 2007-05-31 01:21:00 75,144 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\ceutil.dll
+ 2007-05-31 01:20:20 20,360 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\dtptdns.dll
+ 2007-05-31 01:21:04 105,352 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\rapi.dll
+ 2007-05-31 01:21:18 183,688 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\rapimgr.dll
+ 2007-05-31 01:20:24 24,456 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\rapispxy.dll
+ 2007-05-31 01:21:18 223,112 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\rapistub.dll
+ 2007-05-31 01:21:08 125,320 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\setup.exe
+ 2007-05-31 01:20:30 25,992 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\tcp2udp.dll
+ 2007-05-31 01:21:24 379,784 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\wcescomm.dll
+ 2007-05-31 01:20:28 24,968 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\wcescpxy.dll
+ 2007-05-31 01:20:50 46,984 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\wmcoinst-070531-0845.dll
+ 2007-05-31 01:21:28 648,072 ----a-w C:\Windows\WindowsMobile\Drivers\RNDIS\wmdc.exe
+ 2007-05-31 01:20:34 31,624 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\btplugin.dll
+ 2007-05-31 01:21:00 75,144 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\ceutil.dll
+ 2007-05-31 01:20:20 20,360 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\dtptdns.dll
+ 2007-05-31 01:21:04 105,352 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\rapi.dll
+ 2007-05-31 01:21:18 183,688 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\rapimgr.dll
+ 2007-05-31 01:20:24 24,456 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\rapispxy.dll
+ 2007-05-31 01:21:18 223,112 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\rapistub.dll
+ 2007-05-31 01:21:08 125,320 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\setup.exe
+ 2007-05-31 01:20:30 25,992 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\tcp2udp.dll
+ 2007-05-31 01:21:24 379,784 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\wcescomm.dll
+ 2007-05-31 01:20:28 24,968 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\wcescpxy.dll
+ 2007-05-31 01:20:50 46,984 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\wmcoinst-070531-0845.dll
+ 2007-05-31 01:21:28 648,072 ----a-w C:\Windows\WindowsMobile\Drivers\Serial\wmdc.exe
+ 2007-05-31 01:21:18 224,136 ----a-w C:\Windows\WindowsMobile\Drivers\WPD\wpdrapi.dll
+ 2007-05-31 01:20:20 20,360 ----a-w C:\Windows\WindowsMobile\dtptdns.dll
+ 2007-05-31 00:59:22 380,928 ----a-w C:\Windows\WindowsMobile\el\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:24 12,800 ----a-w C:\Windows\WindowsMobile\el\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:52:08 376,832 ----a-w C:\Windows\WindowsMobile\en\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:50:26 9,728 ----a-w C:\Windows\WindowsMobile\en\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:59:24 356,352 ----a-w C:\Windows\WindowsMobile\es\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:24 9,728 ----a-w C:\Windows\WindowsMobile\es\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:59:24 348,160 ----a-w C:\Windows\WindowsMobile\fi\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:24 9,728 ----a-w C:\Windows\WindowsMobile\fi\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 01:20:58 59,784 ----a-w C:\Windows\WindowsMobile\Formdll.dll
+ 2007-05-31 00:59:22 352,256 ----a-w C:\Windows\WindowsMobile\fr\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:24 10,240 ----a-w C:\Windows\WindowsMobile\fr\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 01:21:02 95,112 ----a-w C:\Windows\WindowsMobile\HttpSys.dll
+ 2007-05-31 00:59:22 360,448 ----a-w C:\Windows\WindowsMobile\hu\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:22 9,728 ----a-w C:\Windows\WindowsMobile\hu\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 01:21:16 176,520 ----a-w C:\Windows\WindowsMobile\INetRepl.dll
+ 2007-05-31 01:21:24 360,840 ----a-w C:\Windows\WindowsMobile\inkeng.dll
+ 2007-05-31 01:20:20 20,872 ----a-w C:\Windows\WindowsMobile\InkForm.exe
+ 2007-05-31 01:21:00 60,296 ----a-w C:\Windows\WindowsMobile\InkProps.dll
+ 2007-05-31 01:20:42 36,232 ----a-w C:\Windows\WindowsMobile\inkres.dll
+ 2007-05-31 01:21:14 160,648 ----a-w C:\Windows\WindowsMobile\InkStore.dll
+ 2007-05-31 01:20:36 32,136 ----a-w C:\Windows\WindowsMobile\Inkx.dll
+ 2007-05-31 01:20:40 33,672 ----a-w C:\Windows\WindowsMobile\inplace.dll
+ 2007-05-31 01:20:38 32,648 ----a-w C:\Windows\WindowsMobile\InstallForm.exe
+ 2007-05-31 01:20:24 24,456 ----a-w C:\Windows\WindowsMobile\IrmActivate.dll
+ 2007-05-31 00:59:22 352,256 ----a-w C:\Windows\WindowsMobile\it\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:22 9,728 ----a-w C:\Windows\WindowsMobile\it\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:59:20 352,256 ----a-w C:\Windows\WindowsMobile\ja\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:20 10,240 ----a-w C:\Windows\WindowsMobile\ja\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:59:20 348,160 ----a-w C:\Windows\WindowsMobile\ko\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:20 9,728 ----a-w C:\Windows\WindowsMobile\ko\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 01:21:24 228,744 ----a-w C:\Windows\WindowsMobile\legacysyncengine.dll
+ 2007-05-31 01:21:04 100,232 ----a-w C:\Windows\WindowsMobile\mailsync.dll
+ 2007-05-31 01:21:10 132,488 ----a-w C:\Windows\WindowsMobile\Microsoft.WindowsMobile.Common.dll
+ 2007-05-31 01:21:30 2,061,704 ----a-w C:\Windows\WindowsMobile\Microsoft.WindowsMobile.DeviceCenter.dll
+ 2007-05-31 01:21:26 382,344 ----a-w C:\Windows\WindowsMobile\Microsoft.WindowsMobile.DeviceManager.dll
+ 2007-05-31 01:21:10 128,392 ----a-w C:\Windows\WindowsMobile\Microsoft.WindowsMobile.Rapi.dll
+ 2007-05-31 00:59:24 360,448 ----a-w C:\Windows\WindowsMobile\nl\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:24 9,728 ----a-w C:\Windows\WindowsMobile\nl\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:59:22 348,160 ----a-w C:\Windows\WindowsMobile\no\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:22 9,216 ----a-w C:\Windows\WindowsMobile\no\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 01:20:20 18,824 ----a-w C:\Windows\WindowsMobile\olregdll.dll
+ 2007-05-31 01:21:24 270,728 ----a-w C:\Windows\WindowsMobile\outstore.dll
+ 2007-05-31 00:59:22 356,352 ----a-w C:\Windows\WindowsMobile\pl\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:22 10,240 ----a-w C:\Windows\WindowsMobile\pl\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:59:22 348,160 ----a-w C:\Windows\WindowsMobile\pt-BR\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:22 9,728 ----a-w C:\Windows\WindowsMobile\pt-BR\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:59:22 348,160 ----a-w C:\Windows\WindowsMobile\pt\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:22 9,728 ----a-w C:\Windows\WindowsMobile\pt\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 01:21:18 183,688 ----a-w C:\Windows\WindowsMobile\rapimgr.dll
+ 2007-05-31 01:21:18 206,728 ----a-w C:\Windows\WindowsMobile\richink.dll
+ 2007-05-31 01:20:42 36,232 ----a-w C:\Windows\WindowsMobile\riresdll.dll
+ 2007-05-31 00:59:20 356,352 ----a-w C:\Windows\WindowsMobile\ro\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:20 9,728 ----a-w C:\Windows\WindowsMobile\ro\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:59:20 368,640 ----a-w C:\Windows\WindowsMobile\ru\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:20 12,288 ----a-w C:\Windows\WindowsMobile\ru\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 01:21:08 125,320 ----a-w C:\Windows\WindowsMobile\setup.exe
+ 2007-05-31 00:59:20 352,256 ----a-w C:\Windows\WindowsMobile\sk\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:20 9,728 ----a-w C:\Windows\WindowsMobile\sk\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:59:24 344,064 ----a-w C:\Windows\WindowsMobile\sv\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:24 9,728 ----a-w C:\Windows\WindowsMobile\sv\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 01:20:48 41,352 ----a-w C:\Windows\WindowsMobile\SyncStat.dll
+ 2007-05-31 01:20:30 25,992 ----a-w C:\Windows\WindowsMobile\tcp2udp.dll
+ 2007-05-31 00:59:24 348,160 ----a-w C:\Windows\WindowsMobile\tr\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:24 9,728 ----a-w C:\Windows\WindowsMobile\tr\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 01:20:30 29,576 ----a-w C:\Windows\WindowsMobile\updatewmc.exe
+ 2007-05-31 01:21:00 70,536 ----a-w C:\Windows\WindowsMobile\VCOMCtl.dll
+ 2007-05-31 01:20:46 38,792 ----a-w C:\Windows\WindowsMobile\VoiceBar.dll
+ 2007-05-31 01:20:20 20,872 ----a-w C:\Windows\WindowsMobile\VoiceFrm.exe
+ 2007-05-31 01:21:24 379,784 ----a-w C:\Windows\WindowsMobile\wcescomm.dll
+ 2007-05-31 01:21:28 648,072 ----a-w C:\Windows\WindowsMobile\wmdc.exe
+ 2007-05-31 01:21:28 648,072 ----a-w C:\Windows\WindowsMobile\wmdcBase.exe
+ 2007-05-31 01:20:54 50,568 ----a-w C:\Windows\WindowsMobile\WmdHost.exe
+ 2006-11-02 09:45:59 215,552 ----a-w C:\Windows\WindowsMobile\wmdSync.exe
+ 2007-05-31 01:20:56 58,248 ----a-w C:\Windows\WindowsMobile\wmdsyncman.dll
+ 2007-05-31 01:20:34 31,624 ----a-w C:\Windows\WindowsMobile\wmdsyncproxy.dll
+ 2007-05-31 00:59:24 344,064 ----a-w C:\Windows\WindowsMobile\zh-CHS\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:24 9,216 ----a-w C:\Windows\WindowsMobile\zh-CHS\Microsoft.WindowsMobile.DeviceManager.resources.dll
+ 2007-05-31 00:59:20 348,160 ----a-w C:\Windows\WindowsMobile\zh-CHT\Microsoft.WindowsMobile.DeviceCenter.resources.dll
+ 2007-05-31 00:59:20 9,216 ----a-w C:\Windows\WindowsMobile\zh-CHT\Microsoft.WindowsMobile.DeviceManager.resources.dll
- 2008-06-25 19:01:05 42,308,015 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-11 17:16:42 97,613,130 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-06-26 03:22:33 797,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NaturalLanguage6.dll
+ 2008-06-26 03:22:33 1,523,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0000.dll
+ 2008-06-26 03:22:33 2,597,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0001.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0002.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0003.dll
+ 2008-06-26 03:22:33 2,241,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0007.dll
+ 2008-06-26 03:22:33 4,874,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0009.dll
+ 2008-06-26 03:22:33 9,845,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000a.dll
+ 2008-06-26 03:22:33 2,641,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000c.dll
+ 2008-06-26 03:22:33 2,340,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000d.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000f.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0010.dll
+ 2008-06-26 03:22:33 2,655,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0011.dll
+ 2008-06-26 03:22:33 3,464,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0013.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0018.dll
+ 2008-06-26 03:22:33 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0019.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData001a.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData001b.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData001d.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0020.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0021.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0022.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0024.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0026.dll
+ 2008-06-26 03:22:33 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0027.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData002a.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0039.dll
+ 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData003e.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0045.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0046.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0047.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0049.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004a.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004b.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004c.dll
+ 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004e.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0414.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0416.dll
+ 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0816.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData081a.dll
+ 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0c1a.dll
+ 2008-06-26 00:33:04 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0001.dll
+ 2008-06-26 00:34:20 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0002.dll
+ 2008-06-26 00:33:41 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0003.dll
+ 2008-06-26 00:33:35 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0007.dll
+ 2008-06-26 00:33:33 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0009.dll
+ 2008-06-26 00:33:39 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000a.dll
+ 2008-06-26 00:33:34 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000c.dll
+ 2008-06-26 00:33:36 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000d.dll
+ 2008-06-26 00:33:48 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000f.dll
+ 2008-06-26 00:33:49 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0010.dll
+ 2008-06-26 00:33:37 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0011.dll
+ 2008-06-26 00:33:12 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0013.dll
+ 2008-06-26 00:34:01 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0018.dll
+ 2008-06-26 00:34:03 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0019.dll
+ 2008-06-26 00:33:43 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons001a.dll
+ 2008-06-26 00:34:37 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons001b.dll
+ 2008-06-26 00:34:14 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons001d.dll
+ 2008-06-26 00:34:34 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0020.dll
+ 2008-06-26 00:33:40 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0021.dll
+ 2008-06-26 00:34:33 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0022.dll
+ 2008-06-26 00:34:39 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0024.dll
+ 2008-06-26 00:34:30 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0026.dll
+ 2008-06-26 00:33:50 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0027.dll
+ 2008-06-26 00:34:26 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons002a.dll
+ 2008-06-26 00:33:46 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0039.dll
+ 2008-06-26 00:33:52 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons003e.dll
+ 2008-06-26 00:34:18 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0045.dll
+ 2008-06-26 00:33:58 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0046.dll
+ 2008-06-26 00:33:45 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0047.dll
+ 2008-06-26 00:34:24 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0049.dll
+ 2008-06-26 00:34:25 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004a.dll
+ 2008-06-26 00:34:22 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004b.dll
+ 2008-06-26 00:34:36 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004c.dll
+ 2008-06-26 00:34:23 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004e.dll
+ 2008-06-26 00:33:54 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0414.dll
+ 2008-06-26 00:33:57 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0416.dll
+ 2008-06-26 00:33:56 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0816.dll
+ 2008-06-26 00:34:11 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons081a.dll
+ 2008-06-26 00:34:09 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0c1a.dll
+ 2008-06-26 00:33:01 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsModels0011.dll
+ 2008-06-26 03:18:12 797,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NaturalLanguage6.dll
+ 2008-06-26 03:18:18 1,523,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0000.dll
+ 2008-06-26 03:18:19 2,597,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0001.dll
+ 2008-06-26 03:18:20 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0002.dll
+ 2008-06-26 03:18:21 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0003.dll
+ 2008-06-26 03:18:21 2,241,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0007.dll
+ 2008-06-26 03:18:22 4,874,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0009.dll
+ 2008-06-26 03:18:24 9,845,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000a.dll
+ 2008-06-26 03:18:24 2,641,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000c.dll
+ 2008-06-26 03:18:26 2,340,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000d.dll
+ 2008-06-26 03:18:26 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000f.dll
+ 2008-06-26 03:18:30 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0010.dll
+ 2008-06-26 03:18:32 2,655,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0011.dll
+ 2008-06-26 03:18:33 3,464,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0013.dll
+ 2008-06-26 03:18:34 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0018.dll
+ 2008-06-26 03:18:38 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0019.dll
+ 2008-06-26 03:18:38 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData001a.dll
+ 2008-06-26 03:18:40 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData001b.dll
+ 2008-06-26 03:18:42 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData001d.dll
+ 2008-06-26 03:18:43 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0020.dll
+ 2008-06-26 03:18:44 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0021.dll
+ 2008-06-26 03:18:44 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0022.dll
+ 2008-06-26 03:18:44 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0024.dll
+ 2008-06-26 03:18:45 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0026.dll
+ 2008-06-26 03:18:45 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0027.dll
+ 2008-06-26 03:18:46 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData002a.dll
+ 2008-06-26 03:18:46 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0039.dll
+ 2008-06-26 03:18:47 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData003e.dll
+ 2008-06-26 03:18:49 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0045.dll
+ 2008-06-26 03:18:51 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0046.dll
+ 2008-06-26 03:18:52 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0047.dll
+ 2008-06-26 03:18:53 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0049.dll
+ 2008-06-26 03:18:54 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004a.dll
+ 2008-06-26 03:18:54 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004b.dll
+ 2008-06-26 03:18:57 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004c.dll
+ 2008-06-26 03:18:58 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004e.dll
+ 2008-06-26 03:19:00 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0414.dll
+ 2008-06-26 03:19:01 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0416.dll
+ 2008-06-26 03:19:04 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0816.dll
+ 2008-06-26 03:19:04 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData081a.dll
+ 2008-06-26 03:19:05 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0c1a.dll
+ 2008-06-26 00:30:04 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0001.dll
+ 2008-06-26 00:31:26 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0002.dll
+ 2008-06-26 00:30:49 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0003.dll
+ 2008-06-26 00:30:39 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0007.dll
+ 2008-06-26 00:30:36 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0009.dll
+ 2008-06-26 00:30:47 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000a.dll
+ 2008-06-26 00:30:37 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000c.dll
+ 2008-06-26 00:30:43 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000d.dll
+ 2008-06-26 00:30:54 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000f.dll
+ 2008-06-26 00:30:55 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0010.dll
+ 2008-06-26 00:30:45 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0011.dll
+ 2008-06-26 00:30:11 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0013.dll
+ 2008-06-26 00:31:06 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0018.dll
+ 2008-06-26 00:31:09 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0019.dll
+ 2008-06-26 00:30:50 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons001a.dll
+ 2008-06-26 00:31:46 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons001b.dll
+ 2008-06-26 00:31:23 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons001d.dll
+ 2008-06-26 00:31:44 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0020.dll
+ 2008-06-26 00:30:48 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0021.dll
+ 2008-06-26 00:31:40 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0022.dll
+ 2008-06-26 00:31:48 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0024.dll
+ 2008-06-26 00:31:35 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0026.dll
+ 2008-06-26 00:30:57 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0027.dll
+ 2008-06-26 00:31:34 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons002a.dll
+ 2008-06-26 00:30:53 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0039.dll
+ 2008-06-26 00:30:59 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons003e.dll
+ 2008-06-26 00:31:25 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0045.dll
+ 2008-06-26 00:31:04 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0046.dll
+ 2008-06-26 00:30:52 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0047.dll
+ 2008-06-26 00:31:32 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0049.dll
+ 2008-06-26 00:31:33 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004a.dll
+ 2008-06-26 00:31:29 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004b.dll
+ 2008-06-26 00:31:45 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004c.dll
+ 2008-06-26 00:31:30 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004e.dll
+ 2008-06-26 00:31:00 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0414.dll
+ 2008-06-26 00:31:03 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0416.dll
+ 2008-06-26 00:31:02 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0816.dll
+ 2008-06-26 00:31:22 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons081a.dll
+ 2008-06-26 00:31:16 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0c1a.dll
+ 2008-06-26 00:30:01 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsModels0011.dll
+ 2008-06-26 03:29:06 801,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NaturalLanguage6.dll
+ 2008-01-19 07:35:38 1,523,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0000.dll
+ 2008-01-19 07:35:39 2,599,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0001.dll
+ 2008-01-19 07:35:39 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0002.dll
+ 2008-01-19 07:35:40 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0003.dll
+ 2008-01-19 07:35:40 2,243,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0007.dll
+ 2008-01-19 07:35:42 4,875,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0009.dll
+ 2008-01-19 07:35:44 9,847,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000a.dll
+ 2008-01-19 07:35:45 2,643,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000c.dll
+ 2008-01-19 07:35:46 2,342,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000d.dll
+ 2008-01-19 07:35:46 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000f.dll
+ 2008-01-19 07:35:46 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0010.dll
+ 2008-01-19 07:35:46 2,657,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0011.dll
+ 2008-01-19 07:35:47 3,466,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0013.dll
+ 2008-01-19 07:35:47 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0018.dll
+ 2008-01-19 07:35:47 4,497,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0019.dll
+ 2008-01-19 07:35:48 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData001a.dll
+ 2008-01-19 07:35:48 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData001b.dll
+ 2008-01-19 07:35:49 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData001d.dll
+ 2008-01-19 07:35:49 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0020.dll
+ 2008-01-19 07:35:49 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0021.dll
+ 2008-01-19 07:35:49 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0022.dll
+ 2008-01-19 07:35:50 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0024.dll
+ 2008-01-19 07:35:50 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0026.dll
+ 2008-01-19 07:35:50 1,966,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0027.dll
+ 2008-01-19 07:35:50 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData002a.dll
+ 2008-01-19 07:35:51 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0039.dll
+ 2008-01-19 07:35:51 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData003e.dll
+ 2008-01-19 07:35:51 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0045.dll
+ 2008-01-19 07:35:52 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0046.dll
+ 2008-01-19 07:35:52 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0047.dll
+ 2008-01-19 07:35:53 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0049.dll
+ 2008-01-19 07:35:53 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData004a.dll
+ 2008-01-19 07:35:54 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData004b.dll
+ 2008-01-19 07:35:54 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData004c.dll
+ 2008-01-19 07:35:54 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData004e.dll
+ 2008-01-19 07:35:55 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0414.dll
+ 2008-01-19 07:35:56 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0416.dll
+ 2008-01-19 07:35:57 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0816.dll
+ 2008-01-19 07:35:57 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData081a.dll
+ 2008-01-19 07:35:57 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0c1a.dll
+ 2006-11-02 08:21:55 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0001.dll
+ 2006-11-02 08:22:34 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0002.dll
+ 2006-11-02 08:22:13 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0003.dll
+ 2008-06-26 01:45:43 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0007.dll
+ 2008-06-26 01:45:55 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0009.dll
+ 2006-11-02 08:22:11 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons000a.dll
+ 2006-11-02 08:22:06 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons000c.dll
+ 2006-11-02 08:22:09 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons000d.dll
+ 2006-11-02 08:22:17 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons000f.dll
+ 2006-11-02 08:22:18 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0010.dll
+ 2006-11-02 08:22:10 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0011.dll
+ 2006-11-02 08:21:58 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0013.dll
+ 2006-11-02 08:22:25 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0018.dll
+ 2006-11-02 08:22:26 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0019.dll
+ 2006-11-02 08:22:14 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons001a.dll
+ 2006-11-02 08:22:47 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons001b.dll
+ 2006-11-02 08:22:31 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons001d.dll
+ 2006-11-02 08:22:45 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0020.dll
+ 2006-11-02 08:22:12 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0021.dll
+ 2006-11-02 08:22:44 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0022.dll
+ 2006-11-02 08:22:49 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0024.dll
+ 2006-11-02 08:22:42 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0026.dll
+ 2006-11-02 08:22:19 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0027.dll
+ 2006-11-02 08:22:41 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons002a.dll
+ 2006-11-02 08:22:16 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0039.dll
+ 2006-11-02 08:22:20 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons003e.dll
+ 2006-11-02 08:22:33 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0045.dll
+ 2006-11-02 08:22:25 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0046.dll
+ 2006-11-02 08:22:15 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0047.dll
+ 2006-11-02 08:22:39 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0049.dll
+ 2006-11-02 08:22:39 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons004a.dll
+ 2006-11-02 08:22:36 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons004b.dll
+ 2006-11-02 08:22:46 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons004c.dll
+ 2006-11-02 08:22:37 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons004e.dll
+ 2006-11-02 08:22:21 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0414.dll
+ 2006-11-02 08:22:24 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0416.dll
+ 2006-11-02 08:22:22 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0816.dll
+ 2006-11-02 08:22:29 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons081a.dll
+ 2006-11-02 08:22:27 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0c1a.dll
+ 2006-11-02 08:21:54 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsModels0011.dll
+ 2008-06-26 03:19:03 801,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NaturalLanguage6.dll
+ 2008-06-26 03:19:12 1,523,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0000.dll
+ 2008-06-26 03:19:16 2,599,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0001.dll
+ 2008-06-26 03:19:20 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0002.dll
+ 2008-06-26 03:19:22 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0003.dll
+ 2008-06-26 03:19:23 2,243,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0007.dll
+ 2008-06-26 03:19:24 4,875,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0009.dll
+ 2008-06-26 03:19:27 9,847,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData000a.dll
+ 2008-06-26 03:19:27 2,643,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData000c.dll
+ 2008-06-26 03:19:31 2,342,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData000d.dll
+ 2008-06-26 03:19:32 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData000f.dll
+ 2008-06-26 03:19:32 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0010.dll
+ 2008-06-26 03:19:32 2,657,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0011.dll
+ 2008-06-26 03:19:34 3,466,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0013.dll
+ 2008-06-26 03:19:35 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0018.dll
+ 2008-06-26 03:19:36 4,497,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0019.dll
+ 2008-06-26 03:19:37 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData001a.dll
+ 2008-06-26 03:19:38 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData001b.dll
+ 2008-06-26 03:19:40 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData001d.dll
+ 2008-06-26 03:19:41 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0020.dll
+ 2008-06-26 03:19:42 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0021.dll
+ 2008-06-26 03:19:43 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0022.dll
+ 2008-06-26 03:19:44 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0024.dll
+ 2008-06-26 03:19:44 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0026.dll
+ 2008-06-26 03:19:45 1,966,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0027.dll
+ 2008-06-26 03:19:46 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData002a.dll
+ 2008-06-26 03:19:48 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0039.dll
+ 2008-06-26 03:19:48 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData003e.dll
+ 2008-06-26 03:19:50 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0045.dll
+ 2008-06-26 03:19:51 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0046.dll
+ 2008-06-26 03:19:52 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0047.dll
+ 2008-06-26 03:19:54 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0049.dll
+ 2008-06-26 03:19:56 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData004a.dll
+ 2008-06-26 03:19:57 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData004b.dll
+ 2008-06-26 03:19:58 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData004c.dll
+ 2008-06-26 03:20:00 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData004e.dll
+ 2008-06-26 03:20:04 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0414.dll
+ 2008-06-26 03:20:05 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0416.dll
+ 2008-06-26 03:20:07 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0816.dll
+ 2008-06-26 03:20:08 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData081a.dll
+ 2008-06-26 03:20:09 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0c1a.dll
+ 2008-06-26 01:42:33 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0001.dll
+ 2008-06-26 01:42:55 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0002.dll
+ 2008-06-26 01:42:31 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0003.dll
+ 2008-06-26 01:42:38 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0007.dll
+ 2008-06-26 01:42:38 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0009.dll
+ 2008-06-26 01:42:38 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000a.dll
+ 2008-06-26 01:42:31 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000c.dll
+ 2008-06-26 01:42:27 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000d.dll
+ 2008-06-26 01:42:40 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000f.dll
+ 2008-06-26 01:42:38 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0010.dll
+ 2008-06-26 01:42:29 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0011.dll
+ 2008-06-26 01:42:27 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0013.dll
+ 2008-06-26 01:42:48 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0018.dll
+ 2008-06-26 01:42:54 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0019.dll
+ 2008-06-26 01:42:36 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons001a.dll
+ 2008-06-26 01:43:07 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons001b.dll
+ 2008-06-26 01:42:55 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons001d.dll
+ 2008-06-26 01:43:07 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0020.dll
+ 2008-06-26 01:42:31 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0021.dll
+ 2008-06-26 01:43:07 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0022.dll
+ 2008-06-26 01:43:14 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0024.dll
+ 2008-06-26 01:43:07 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0026.dll
+ 2008-06-26 01:42:41 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0027.dll
+ 2008-06-26 01:42:55 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons002a.dll
+ 2008-06-26 01:42:35 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0039.dll
+ 2008-06-26 01:42:41 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons003e.dll
+ 2008-06-26 01:42:51 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0045.dll
+ 2008-06-26 01:42:43 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0046.dll
+ 2008-06-26 01:42:33 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0047.dll
+ 2008-06-26 01:42:56 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0049.dll
+ 2008-06-26 01:42:58 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons004a.dll
+ 2008-06-26 01:42:53 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons004b.dll
+ 2008-06-26 01:43:07 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons004c.dll
+ 2008-06-26 01:42:56 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons004e.dll
+ 2008-06-26 01:42:43 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0414.dll
+ 2008-06-26 01:42:47 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0416.dll
+ 2008-06-26 01:42:44 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0816.dll
+ 2008-06-26 01:42:57 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons081a.dll
+ 2008-06-26 01:42:57 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0c1a.dll
+ 2008-06-26 01:42:23 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsModels0011.dll
+ 2008-06-09 22:40:17 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16699_none_f0498ecc6e94a1be\OESpamFilter.dat
+ 2008-06-09 22:37:40 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20855_none_f0fa6c058795698f\OESpamFilter.dat
+ 2008-06-11 00:28:21 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18088_none_f2399d146bb3fd67\OESpamFilter.dat
+ 2008-06-09 22:36:23 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22200_none_f311b8d58497f018\OESpamFilter.dat
+ 2008-04-24 04:51:39 11,315,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll
+ 2008-04-24 04:40:28 11,319,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20822_none_6ab8eba52e01644f\shell32.dll
+ 2008-04-24 04:58:20 11,580,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\shell32.dll
+ 2008-04-24 04:45:45 11,581,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22166_none_6c77e9dd2b44cd39\shell32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 16:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 16:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 16:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-22 23:40 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 20:35 125440]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 20:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-18 07:38 80688]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-08 06:45 97072]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-21 09:58 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-21 09:58 129560]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-15 11:53 894512]
"331BigDog"="C:\Windows\VM331_STI.EXE" [2007-07-02 13:59 192512]
"TvOutSwitch"="c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2007-09-30 23:59 106496]
"PSUtility"="c:\Program Files\Fujitsu\PSUtility\TrayManager.exe" [2006-10-30 00:37 136744]
"SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-11-12 11:02 239144]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 09:09 260912]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-13 08:13 68400]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 13:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 14:17 52256]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2007-11-03 05:34 2564096]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 14:14 98616]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updatenv.exe" [2007-08-01 23:18 167936]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-19 03:37 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 22:50 988512]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 14:50 4702208 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" [2007-10-05 01:28 73728]

C:\Users\xiaoleo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-23 17:14:32 368640]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-08-03 11:41:52 2760704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{42CA7ED3-1CDF-4F96-BDF5-ADE68EE3D41A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D94B800C-6A79-45A2-9F9D-FC5754391E8E}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8DEFCEEC-4149-4A64-8B71-CFE40E5149A6}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{6A0AA60D-D6D0-4058-8BCB-13C0E65A9160}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C8C716B9-DB44-40AC-8A41-D3D856867DFB}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{9E5FDAA2-0E1D-4320-8710-D45AFF20421C}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{CB185D18-C492-4720-9DC9-D11DE0AC915E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{56A1F001-85FB-4D52-AD54-CD95DAFBB161}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7FE14F8C-B5BC-44CC-AF3B-CBA3DC99168E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2A453B3F-09CF-4A48-9425-9AD3B7C1E3CF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0FD3FA6B-6754-4F36-B8CD-AA8E1A7561B0}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0EB8B3AF-07DB-41E9-8A48-40EDF577ACC6}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{37723FA4-0C70-426A-A73A-A53F63DEEF56}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4AAF87EF-FA13-4C63-902A-1CA19DA8C6AE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5142AE1F-075F-4D52-9610-B2D3DD14047C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FD859AFF-632D-41F6-AFA2-54CDE4A41964}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)

R0 FJGSDisk;G-Sensor Application Filter Driver;C:\Windows\system32\DRIVERS\FJGSDisk.sys [2007-12-22 08:02]
R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2006-10-03 13:23]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-05-11 16:56]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080716.001\IDSvix86.sys [2008-02-15 14:56]
R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 14:14]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-19 03:37]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\Program Files\Fujitsu\PSUtility\PSUService.exe [2006-10-30 00:37]
R2 UpdateNaviInstallService;UpdateNaviInstallService;C:\Program Files\Fujitsu\updnavi\updnvsrv.exe [2007-08-01 23:20]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 03:59]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
R3 vm331avs;VC0334 USB2.0 Digital Camera;C:\Windows\system32\Drivers\vm331avs.sys [2007-09-28 19:05]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-18 10:24]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-02-05 14:21]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-02-05 14:30]
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 15:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00dc48d1-4326-11dd-b43b-0017428dfe18}]
\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d385005-27dd-11dd-90af-0017428dfe18}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44f4101-21a2-11dd-885c-0017428dfe18}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1f8fe00-2e15-11dd-905a-0017428dfe18}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\system.exe
\shell\Explore\command - F:\system.exe
\shell\Open\command - F:\system.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-07-20 08:10:22 C:\Windows\Tasks\User_Feed_Synchronization-{58C6E034-A679-48D2-AB8D-48C5DB2EA99E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 16:10:02
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\xiaoleo\AppData\Local\Temp\~DF5622.tmp 16384 bytes
C:\Users\xiaoleo\AppData\Local\Temp\~DF5728.tmp 512 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Softex\OmniPass\SCUREDLL.dll
-> ?:\Windows\system32\LINKINFO.dll
.
Completion time: 2008-07-20 16:11:37
ComboFix-quarantined-files.txt 2008-07-20 08:11:27

Pre-Run: 50,283,180,032 bytes free
Post-Run: 50,880,978,944 bytes free

993 --- E O F --- 2008-07-16 17:42:52




Below is HijackThislog


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:35 PM, on 7/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\VM331_STI.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Fujitsu\updnavi\updatenv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy-config.tp.edu.sg/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tp.edu.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tp.edu.sg;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [331BigDog] C:\Windows\VM331_STI.EXE
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [TvOutSwitch] c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [PSUtility] c:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [SSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe -r
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - c:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe

--
End of file - 11704 bytes

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:24 PM

Posted 20 July 2008 - 01:03 PM

Hi Leo,


The the traces of ise32.exe in the registry are gone. We need to remove another infection which is not detected by Norton.
  • I see Windows Defender is running. Please follow the instructions in the previous post to make sure it is turned off. Do the same for User Account Control (UAC).

  • Close any open browsers.

    Open notepad and copy/paste the text in the quote box below into it:

    File::
    F:\system.exe

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1f8fe00-2e15-11dd-905a-0017428dfe18}]


    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • We need to repair the file associations
    • Click Start and then Run to bring up the Run box.
    • Copy and paste the contents of this quote box into the run box:

      "%userprofile%\desktop\dss.exe" /daft

    • Click OK.
    • Click OK to the prompt from Deckard's System Scanner.
    • Click Scan.
    • Place a tick next to the following entries (if they are present):
      .cpl
    • Click Fix
    • Reboot and repeat the procedure just to make sure there is no entry when you click Scan.
  • Please copy and paste a fresh Hijackthis log along with the Combofix log to your reply.


#7 xiaoleo

xiaoleo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 23 July 2008 - 02:42 PM

Dear farbar,

I would appreciate it if you could explain to me how the traces of ise32.exe in the registry are gone. What should I do if a similar virus infects my computer again? Despite paying quite a sum for Norton 360, why is the programme unable to detect such virus? Is there another programme better than Norton or do all programmes have their limitations? And since I have invested in Norton 360, is there anything I need to take note in future to prevent such problems from recurring?

Thank you so much for your help!

Best regard,
LeO


HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:07 AM, on 7/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\VM331_STI.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Fujitsu\updnavi\updatenv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy-config.tp.edu.sg/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tp.edu.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tp.edu.sg;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [331BigDog] C:\Windows\VM331_STI.EXE
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [TvOutSwitch] c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [PSUtility] c:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [SSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe -r
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - c:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe

--
End of file - 11660 bytes









ComboFix Log

ComboFix 08-07-19.1 - xiaoleo 2008-07-24 2:37:29.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2040 [GMT 8:00]
Running from: C:\Users\xiaoleo\Desktop\ComboFix.exe
Command switches used :: C:\Users\xiaoleo\Desktop\CFScript.txt
* Created a new restore point

FILE ::
F:\system.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-16 12:13 . 2008-07-16 12:13 <DIR> d-------- C:\Users\xiaoleo\AppData\Roaming\Nexon
2008-07-16 00:28 . 2003-07-21 02:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-07-16 00:28 . 2005-01-04 17:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-07-16 00:25 . 2008-07-16 00:25 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-14 21:29 . 2008-07-14 21:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 03:21 . 2008-07-12 03:21 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-12 01:18 . 2008-06-26 08:33 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-12 01:18 . 2008-06-26 08:33 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 00:53 . 2008-07-24 02:31 12 --a------ C:\Windows\bthservsdp.dat
2008-07-11 00:09 . 2008-07-11 00:09 <DIR> d-------- C:\Program Files\Windows Mobile Resources
2008-07-06 17:03 . 2008-07-06 17:03 <DIR> d-------- C:\Program Files\Sun
2008-07-02 01:22 . 2008-07-02 01:22 <DIR> d-------- C:\Deckard
2008-06-25 19:26 . 2008-06-25 19:26 <DIR> d-------- C:\Windows\System32\Adobe
2008-06-24 01:48 . 2008-07-09 22:29 <DIR> d-------- C:\Program Files\Garena
2008-06-23 23:25 . 2008-06-24 21:51 <DIR> d-------- C:\Users\xiaoleo\AppData\Roaming\Hamachi
2008-06-23 23:24 . 2008-06-23 23:25 <DIR> d-------- C:\Program Files\Hamachi
2008-06-23 23:24 . 2008-06-23 23:24 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 00:28 --------- d-----w C:\Program Files\Java
2008-07-16 16:42 --------- d-----w C:\Users\xiaoleo\AppData\Roaming\Skype
2008-07-16 15:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-15 09:09 --------- d-----w C:\Users\xiaoleo\AppData\Roaming\skypePM
2008-07-11 19:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-11 17:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 03:58 174 --sha-w C:\Program Files\desktop.ini
2008-07-10 03:43 --------- d-----w C:\Program Files\Windows Mail
2008-07-01 11:06 --------- d-----w C:\Program Files\Norton 360
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-20 16:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-20 14:09 --------- d-----w C:\Users\xiaoleo\AppData\Roaming\Fujitsu
2008-06-13 06:14 24,112 ----a-w C:\Windows\system32\drivers\SymIMV.sys
2008-06-13 06:14 13,093 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-06-13 06:14 1,611 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-06-13 06:13 96,432 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-06-13 06:13 41,008 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-06-13 06:13 38,576 ----a-w C:\Windows\system32\drivers\symids.sys
2008-06-13 06:13 22,320 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-06-13 06:13 184,240 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-06-13 06:13 13,616 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-06-03 05:17 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-03 05:17 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-03 05:17 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-03 05:17 --------- d-----w C:\Program Files\Symantec
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-26 09:45 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-26 09:45 32 ----a-w C:\ProgramData\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot_2008-07-20_16.10.46.94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-20 07:58:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-23 18:33:01 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-20 07:58:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-23 18:33:01 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-20 08:00:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-23 18:34:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-07-20 08:00:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-23 18:34:38 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-07-19 14:03:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-23 18:25:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-19 14:03:36 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-23 18:25:45 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-19 14:03:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-23 18:25:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-24 17:28:39 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-06-09 17:21:01 135,168 ----a-w C:\Windows\System32\java.exe
- 2008-03-24 17:28:43 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-06-09 17:21:04 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2008-03-24 18:37:01 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-06-09 18:32:34 139,264 ----a-w C:\Windows\System32\javaws.exe
- 2008-07-20 08:04:56 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-23 18:30:54 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-20 08:04:56 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-23 18:30:54 618,648 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-20 08:00:45 9,404 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3046809281-1282097979-3390271499-1000_UserData.bin
+ 2008-07-23 18:34:56 9,436 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3046809281-1282097979-3390271499-1000_UserData.bin
- 2008-07-20 08:00:44 78,788 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-23 18:34:56 78,984 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-20 08:00:40 57,332 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-23 18:35:02 57,614 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 16:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 16:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 16:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-22 23:40 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 20:35 125440]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 20:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-18 07:38 80688]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-08 06:45 97072]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-21 09:58 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-21 09:58 129560]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-15 11:53 894512]
"331BigDog"="C:\Windows\VM331_STI.EXE" [2007-07-02 13:59 192512]
"TvOutSwitch"="c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2007-09-30 23:59 106496]
"PSUtility"="c:\Program Files\Fujitsu\PSUtility\TrayManager.exe" [2006-10-30 00:37 136744]
"SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-11-12 11:02 239144]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 09:09 260912]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-13 08:13 68400]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 13:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 14:17 52256]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2007-11-03 05:34 2564096]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 14:14 98616]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updatenv.exe" [2007-08-01 23:18 167936]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-19 03:37 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 22:50 988512]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 14:50 4702208 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" [2007-10-05 01:28 73728]

C:\Users\xiaoleo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-23 17:14:32 368640]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-08-03 11:41:52 2760704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{42CA7ED3-1CDF-4F96-BDF5-ADE68EE3D41A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D94B800C-6A79-45A2-9F9D-FC5754391E8E}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8DEFCEEC-4149-4A64-8B71-CFE40E5149A6}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{6A0AA60D-D6D0-4058-8BCB-13C0E65A9160}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C8C716B9-DB44-40AC-8A41-D3D856867DFB}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{9E5FDAA2-0E1D-4320-8710-D45AFF20421C}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{CB185D18-C492-4720-9DC9-D11DE0AC915E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{56A1F001-85FB-4D52-AD54-CD95DAFBB161}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7FE14F8C-B5BC-44CC-AF3B-CBA3DC99168E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2A453B3F-09CF-4A48-9425-9AD3B7C1E3CF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0FD3FA6B-6754-4F36-B8CD-AA8E1A7561B0}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0EB8B3AF-07DB-41E9-8A48-40EDF577ACC6}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{37723FA4-0C70-426A-A73A-A53F63DEEF56}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4AAF87EF-FA13-4C63-902A-1CA19DA8C6AE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5142AE1F-075F-4D52-9610-B2D3DD14047C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FD859AFF-632D-41F6-AFA2-54CDE4A41964}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)

R0 FJGSDisk;G-Sensor Application Filter Driver;C:\Windows\system32\DRIVERS\FJGSDisk.sys [2007-12-22 08:02]
R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2006-10-03 13:23]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-05-11 16:56]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080722.002\IDSvix86.sys [2008-02-15 14:56]
R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 14:14]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-19 03:37]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\Program Files\Fujitsu\PSUtility\PSUService.exe [2006-10-30 00:37]
R2 UpdateNaviInstallService;UpdateNaviInstallService;C:\Program Files\Fujitsu\updnavi\updnvsrv.exe [2007-08-01 23:20]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 03:59]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
R3 vm331avs;VC0334 USB2.0 Digital Camera;C:\Windows\system32\Drivers\vm331avs.sys [2007-09-28 19:05]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-18 10:24]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-02-05 14:21]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-02-05 14:30]
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 15:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00dc48d1-4326-11dd-b43b-0017428dfe18}]
\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d385005-27dd-11dd-90af-0017428dfe18}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44f4101-21a2-11dd-885c-0017428dfe18}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-07-23 18:40:05 C:\Windows\Tasks\User_Feed_Synchronization-{58C6E034-A679-48D2-AB8D-48C5DB2EA99E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 02:40:17
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Softex\OmniPass\SCUREDLL.dll
.
Completion time: 2008-07-24 2:41:46
ComboFix-quarantined-files.txt 2008-07-23 18:41:29
ComboFix2.txt 2008-07-20 08:11:38

Pre-Run: 47,971,123,200 bytes free
Post-Run: 48,059,629,568 bytes free

245 --- E O F --- 2008-07-23 16:46:48

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:24 PM

Posted 24 July 2008 - 01:15 AM

Hi Leo,


Your log looks clean.
  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
  • Go to start > run and copy and paste next command in the field:

    ComboFix /u

    Make sure there's a space between Combofix and /
    Then hit enter.

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

I would appreciate it if you could explain to me how the traces of ise32.exe in the registry are gone.


That is hard to say with certainty as we don't see on the log of Combofix when registry items are removed. My guess is that Norton had removed the trojan file (ise32.exe) but the registry items pointing to the file were not removed. Combofix removed the registry items to finish up the job.


Despite paying quite a sum for Norton 360, why is the programme unable to detect such virus? Is there another programme better than Norton or do all programmes have their limitations?


There is actually no perfect Antivirus program, but IMO there are better programs than Norton. You may consult this forum fore more information: AntiVirus, Firewall and Privacy Products and Protection Methods


What should I do if a similar virus infects my computer again?


First of all you should be alert when your Antivirus keeps finding malware. When you notice irregularity or suspect something is wrong, you may visit the Bleeping Computer Am I infected? What do I do? Forum to determine if you are infected.


is there anything I need to take note in future to prevent such problems from recurring?



Besides visiting the above mentioned forum, in order to reduce the possible infection in the future, you may follow the following steps:
  • First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Right-click Computer > Properties > In the left pane click on System Protection. All the drives should have a checkmark next to them.
    • Choose the radio button marked "Create ".
    • Give the Restore Point a name. The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Click "Create" and OK twice.
    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore and Shadow Copies section to remove all previous restore points except the newly created one.
    • Click OK.
  • Change the settings we have changed during our fixes to its previous settings: You may enable Windows Defender again and set User Account Control to its default.

  • Sometimes the Privacy and Security are altered by the malware. Check and if needed reset them to default:
    • Open Internet explorer > Tools menu > Internet options.
    • Under privacy tab press default.
    • Under security tab press default.
  • Update your Anti Virus Software definitions and run the program on a regular basis.

  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office.
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC.
    Go here to check for & install updates to Microsoft applications.

  • Install Javacools© SpywareBlaster -
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. You can find more information and a download link here.

  • Besides your Antivirus make use of Antispyware programs. I recommend the following antispyware programs to protect yourself against spyware, make sure you only use one real-time antispyware protection program besides your antivirus teal-time protection as running more than one real-time antispyware program may cause compatibility problems and effect the performance of your system negatively:
    SUPERAntiSpyware
    Spybot - Search and Destroy
    Ad-Aware 2007 Free


#9 xiaoleo

xiaoleo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 24 July 2008 - 12:41 PM

Dear farbar,
Very recently, there is a widespread of virus in the computers in my school. The virus seems to be passed through thumb drives. I found another new problem in my lap top. When I plug in my thumb drive, under 'My Computer', it would show a folder. Instead of the usual icon that represents the removable disk, it now shows the picture of a folder. Only when I click on the picture of the folder would I see the icon for the removable disk. I heard from my IT teacher that if it shows a folder, it means that there is a virus. Ever since my lap top was infected by the virus, the auto pop-up window that announces the presence of the thumb drive and what I want to do (eg. open to view file) does not appear anymore. At first, I thought my settings from 'Autoplay' in the Control Panel has changed. However, I reset the settings but this pop-up window still does not pop up.
Thank you so much for your help, sorry to keep troubling you.

Best regard,
LeO

Attached Files



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:24 PM

Posted 25 July 2008 - 02:21 AM

Hi LeO,

It doesn't surprise me at all as I informed you after going through your log the first time:

Don't use a Flash Memory on this laptop at this stage. The flash memory you are using might be infected.


I hope you haven't double click the thumb drive or the files or folders inside it. Please read this carefully: http://www.zyxware.com/articles/2007/08/14...virus-infection
Please keep in mind that from safety point of view it is a good thing that auto play, which opens the thump drive by inserting it, doesn't work. Besides, it is important not to open the thump drive by double clicking. Instead right click it and select Explore.


We have to take a look at the content of the thump drive and check your laptop once more to make sure it is not infected.
  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    @echo off
    dir /a /s F:\ > c:\drivelist.txt
    start c:\drivelist.txt
    exit
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: dirlook.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Insert your thumb drive into the laptop.
    • Locate and double-click dirlook.bat on the desktop.
    • Copy and paste the content of drivelist.txt to your reply.
  • Please make a fresh DSS log and copy and paste it into your replay.


#11 xiaoleo

xiaoleo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 27 July 2008 - 09:30 AM

Dear Farbar,
As it is inevitable that I have to use my thumb drive in school, I think I might have double clicked on the thumb drive. I tried to follow your step 1 but the C drive cannot locate the file and there was a pop-up window that said "C drive cannot locate the file. You might have typed in the wrong name". I have also attached the picture for you to have a clearly ideal.
In step 2, I have tried many times to follow the instruction and download a fresh copy of dss. However, it did not provide extra.txt.

Thank you

Best regards,
LeO


Deckard's System Scanner v20071014.68
Run by xiaoleo on 2008-07-27 22:13:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as xiaoleo.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:28 PM, on 7/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\VM331_STI.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Fujitsu\updnavi\updatenv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\xiaoleo\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\xiaoleo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy-config.tp.edu.sg/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tp.edu.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tp.edu.sg;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [331BigDog] C:\Windows\VM331_STI.EXE
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [TvOutSwitch] c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [PSUtility] c:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [SSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe -r
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - c:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe

--
End of file - 12072 bytes

-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-25 02:10:50 0 d-------- C:\Users\All Users\TEMP
2008-07-25 02:10:44 0 d-------- C:\Program Files\SpywareBlaster
2008-07-25 02:08:17 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-07-25 02:08:07 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-25 02:07:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-25 00:47:41 0 d-------- C:\Program Files\Common Files\Java
2008-07-16 00:28:26 4682 --a------ C:\Windows\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-07-16 00:25:48 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-07-14 21:29:51 0 d-------- C:\Program Files\Trend Micro
2008-07-12 03:21:33 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-11 00:53:34 12 --a------ C:\Windows\bthservsdp.dat
2008-07-11 00:09:23 0 d-------- C:\Program Files\Windows Mobile Resources


-- Find3M Report ---------------------------------------------------------------

2008-07-25 02:08:07 0 d-------- C:\Users\xiaoleo\AppData\Roaming\SUPERAntiSpyware.com
2008-07-25 02:07:48 0 d-------- C:\Program Files\Common Files
2008-07-25 00:49:11 0 d-------- C:\Program Files\Java
2008-07-17 00:42:09 0 d-------- C:\Users\xiaoleo\AppData\Roaming\Skype
2008-07-16 23:07:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-16 12:13:52 0 d-------- C:\Users\xiaoleo\AppData\Roaming\Nexon
2008-07-15 17:09:37 0 d-------- C:\Users\xiaoleo\AppData\Roaming\skypePM
2008-07-12 03:21:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-10 11:58:43 174 --ahs---- C:\Program Files\desktop.ini
2008-07-10 11:43:54 0 d-------- C:\Program Files\Windows Mail
2008-07-09 22:29:12 0 d-------- C:\Program Files\Garena
2008-07-01 19:06:39 0 d-------- C:\Program Files\Norton 360
2008-06-24 21:51:52 0 d-------- C:\Users\xiaoleo\AppData\Roaming\Hamachi
2008-06-23 23:25:35 0 d-------- C:\Program Files\Hamachi
2008-06-21 00:59:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-20 22:09:10 0 d-------- C:\Users\xiaoleo\AppData\Roaming\Fujitsu
2008-06-03 13:17:01 0 d-------- C:\Program Files\Symantec


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
04/01/2008 06:06 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [11/18/2006 07:38 AM]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [11/08/2006 06:45 AM]
"RtHDVCpl"="RtHDVCpl.exe" [09/19/2007 02:50 PM C:\Windows\RtHDVCpl.exe]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [09/21/2007 09:58 AM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [09/21/2007 09:58 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/15/2007 11:53 AM]
"331BigDog"="C:\Windows\VM331_STI.EXE" [07/02/2007 01:59 PM]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"TvOutSwitch"="c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [09/30/2007 11:59 PM]
"PSUtility"="c:\Program Files\Fujitsu\PSUtility\TrayManager.exe" [10/30/2006 12:37 AM]
"SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [11/12/2006 11:02 AM]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [11/26/2006 09:09 AM]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [11/13/2006 08:13 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [03/15/2007 01:01 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [01/09/2007 02:17 PM]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [11/03/2007 05:34 AM]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [04/17/2008 02:14 PM]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updatenv.exe" [08/01/2007 11:18 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/19/2008 03:37 AM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 10:50 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/22/2008 11:40 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"PCDrProfiler"=C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe -r

C:\Users\xiaoleo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2/23/2008 5:14:32 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [8/3/2007 11:41:52 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00dc48c6-4326-11dd-b43b-0017428dfe18}]
AutoRun\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00dc48d1-4326-11dd-b43b-0017428dfe18}]
AutoRun\command- .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00dc48df-4326-11dd-b43b-0017428dfe18}]
AutoRun\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d385005-27dd-11dd-90af-0017428dfe18}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99b6ada6-e15d-11dc-a714-00037adc99ae}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e3f8760-e17e-11dc-9c75-00037adc99ae}]
AutoRun\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2118cd8-4451-11dd-8c8d-0017428dfe18}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44f40fc-21a2-11dd-885c-0017428dfe18}]
AutoRun\command- H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
open\command- H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44f4101-21a2-11dd-885c-0017428dfe18}]
AutoRun\command- G:\LaunchU3.exe -a

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-27 22:13:57 ------------

Attached Files

  • Attached File  LOL.jpg   162.58KB   10 downloads

Edited by xiaoleo, 27 July 2008 - 09:33 AM.


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:24 PM

Posted 27 July 2008 - 10:46 AM

Hi LeO,
  • Please don't use the thumb drive at this stage. The malware registry items are back. We have to take care of them first. Then we attend the thumb drive issue. Tell me if you have data on thumb drive you want to keep.

  • Important: Follow the instructions in previous posts to disable User Account Control. This is required prior to all fixes.

  • Please download ComboFix.exe. Visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    • When the tool is finished, it will produce a report for you.
    • Please copy and paste the content of C:\ComboFix.txt to your reply.
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • Please copy and paste the Combofix log into your replay.


#13 xiaoleo

xiaoleo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 01 August 2008 - 12:15 PM

Dear farbar,
Sorry for the late reply as I have been very busy with school. And in these few days, I really have no choice but to use my thumb drive. I have followed your step and instruction and downloarded combo fix but I seem to be having difficulties in running it. I have attached a pic of it.

Thank you

Best regards,
LeO

Attached Files



#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:24 PM

Posted 02 August 2008 - 05:07 AM

Hi LeO,

Thanks for replying.

It seems you have at the moment obligations to attend to and you have to use the thumb driver back and fort between the school network and your laptop. We can clean your laptop and the thumb driver. But then the question is if they remain clean considering you have to use thumb driver again on the school's infected network.


Therefore I suggest you to give it a little thought as how to proceed. Is now the right time to remove the infection or we can stop now and reopen the topic when the time is right.

#15 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:10:24 AM

Posted 08 August 2008 - 11:19 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users