Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Rootkit.Agent.ODG trojan


  • Please log in to reply

#1
Roy666

Roy666

    New Member

  • Member
  • Pip
  • 1 posts
Hello Guys.I have Eset Smart Security 4. Recently it has detected Win32/Rootkit.Agent.ODG trojan in my operating Memory. Here is the Log:

Eset Smart Security 4.0:

Scan Log
Version of virus signature database: 4043 (20090429)
Date: 4/29/2009 Time: 10:46:05 PM
Scanned disks, folders and files: Operating memory
Operating memory - Win32/Rootkit.Agent.ODG trojan - unable to clean
Number of scanned objects: 369
Number of threats found: 1
Number of cleaned objects: 0
Time of completion: 10:46:09 PM Total scanning time: 4 sec (00:00:04)

I Scanned with Malware Bytes,Combo Fix,Gmer and also Kaspersky Internet Security 2009.

Malware bytes, Kaspersky internet security and Gmer did not detect anything. Here is the Combofix Log:

----------------------------------------------------------------------------------------------------------------
ComboFix 09-04-28.05 - Roy 04/29/2009 18:34.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3071.1761 [GMT 4:00]
Running from: c:\users\Roy\Desktop\ComboFix.exe
Command switches used :: c:\users\Roy\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point

FILE ::
I:\rtyb.cmd
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-28 14:14 . 2009-04-28 14:14 -------- d-----w c:\program files\Sophos
2009-04-24 12:07 . 2009-04-24 12:08 -------- d-----w c:\program files\Counter-Strike 1.6
2009-04-24 09:03 . 2009-04-24 09:03 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-24 07:07 . 2009-04-24 07:07 687104 ----a-w c:\windows\is-PAC6P.exe
2009-04-24 06:35 . 2009-04-24 06:35 -------- d-----w c:\users\Roy\AppData\Roaming\Malwarebytes
2009-04-24 06:35 . 2009-04-06 11:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-24 06:35 . 2009-04-06 11:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 06:35 . 2009-04-24 06:35 -------- d-----w c:\progra~2\Malwarebytes
2009-04-24 06:35 . 2009-04-24 06:35 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-24 06:35 . 2009-04-24 09:02 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 18:02 . 2009-04-24 07:12 -------- d-----w c:\program files\TCalls
2009-04-22 17:01 . 2009-04-22 17:01 -------- d-----w c:\progra~2\SUPERAntiSpyware.com
2009-04-22 17:01 . 2009-04-22 17:01 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-04-22 17:01 . 2009-04-24 06:38 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-22 17:01 . 2009-04-24 06:38 -------- d-----w c:\users\Roy\AppData\Roaming\SUPERAntiSpyware.com
2009-04-21 17:09 . 2009-04-21 17:35 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-21 17:09 . 2009-04-21 17:35 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-21 17:08 . 2009-04-29 14:31 720928 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-21 17:08 . 2009-04-29 14:06 8146464 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-21 17:08 . 2009-04-21 17:08 -------- d-----w c:\program files\Kaspersky Lab
2009-04-21 17:08 . 2009-04-29 14:10 -------- d-----w c:\progra~2\Kaspersky Lab
2009-04-21 17:08 . 2009-04-29 14:10 -------- d-----w c:\users\All Users\Kaspersky Lab
2009-04-19 10:15 . 2009-04-19 10:18 -------- d-----w c:\program files\MagicISO
2009-04-15 17:43 . 2009-04-15 17:43 643801 ----a-w c:\windows\Condition Zero - Xtreme Edition Uninstaller.exe
2009-04-15 10:09 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-15 10:09 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-15 10:09 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-15 10:09 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-15 10:08 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-15 10:08 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-15 10:08 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-15 10:08 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-15 10:08 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-15 10:08 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-15 10:08 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-15 10:08 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-15 10:08 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-15 10:08 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-15 10:04 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 10:04 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 10:04 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-14 12:44 . 2008-08-18 07:39 117760 ----a-w c:\windows\system32\hpzll64X.dll
2009-04-12 16:55 . 2009-04-18 17:34 -------- d-----w c:\users\Roy\AppData\Local\Fallout3
2009-04-11 15:01 . 2009-04-03 18:18 33256 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-04-10 10:22 . 2009-04-10 10:21 737280 ----a-w c:\windows\iun6002.exe
2009-04-08 17:55 . 2009-04-08 17:56 -------- d--h--w c:\progra~2\ActiveSMART
2009-04-08 17:55 . 2009-04-08 17:56 -------- d--h--w c:\users\All Users\ActiveSMART
2009-04-08 17:52 . 2009-04-08 17:52 -------- d-----w c:\users\Roy\AppData\Local\Apple Computer
2009-04-08 17:52 . 2009-04-08 17:52 -------- d-----w c:\users\Roy\AppData\Roaming\Apple Computer
2009-04-06 10:28 . 2009-04-06 10:28 22328 ----a-w c:\users\Roy\AppData\Roaming\PnkBstrK.sys
2009-04-06 10:28 . 2009-04-06 10:28 107832 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-06 10:28 . 2009-04-06 10:28 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-06 10:28 . 2009-04-06 10:28 2250024 ----a-w c:\windows\system32\pbsvc.exe
2009-04-06 10:21 . 2009-04-06 10:21 -------- d-----w c:\program files\Ubisoft
2009-04-06 10:09 . 2009-04-06 10:09 -------- d-----w c:\users\Roy\AppData\Roaming\vlc
2009-04-04 18:23 . 2009-04-04 18:23 -------- d-----w c:\users\Roy\AppData\Roaming\Ethereal
2009-04-04 18:22 . 2009-04-04 18:22 -------- d-----w C:\Temp
2009-04-04 09:47 . 2009-03-09 11:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-04-04 09:47 . 2009-03-09 11:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-04-04 09:47 . 2009-03-09 11:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-04-04 09:47 . 2009-03-16 10:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-04-04 09:47 . 2009-03-16 10:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-04-04 09:47 . 2009-03-16 10:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-04-04 09:47 . 2009-03-16 10:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-04-04 07:03 . 2009-04-24 06:39 -------- d-----w c:\users\Roy\AppData\Roaming\DMCache
2009-04-02 17:16 . 2008-05-07 12:44 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-02 17:16 . 2008-12-11 10:40 15464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-02 16:36 . 2009-04-02 16:36 -------- d-----w c:\users\Roy\AppData\Local\Symantec_Corporation
2009-04-02 15:46 . 2008-01-19 16:12 128104 ----a-w c:\windows\system32\drivers\WimFltr.sys
2009-04-02 15:46 . 2009-04-02 15:46 -------- d-----w C:\Symantec
2009-03-31 19:29 . 2009-03-31 19:29 -------- d-----w c:\users\Roy\Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 14:10 . 2008-12-27 11:00 103792 ----a-w c:\users\Roy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 14:06 . 2009-04-21 17:08 66820 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-29 14:06 . 2009-04-21 17:08 5612 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-29 14:02 . 2008-03-16 19:29 -------- d-----w c:\program files\Microsoft Works
2009-04-27 10:07 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-27 10:07 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-25 12:51 . 2009-04-25 12:51 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-04-25 12:51 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-24 06:38 . 2009-01-30 14:40 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-22 17:10 . 2008-12-28 10:44 -------- d-----w c:\program files\Common Files\Nero
2009-04-22 17:09 . 2008-12-28 10:45 -------- d-----w c:\program files\Nero
2009-04-21 17:35 . 2008-01-29 13:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-19 11:03 . 2008-03-16 19:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-19 10:39 . 2009-01-10 11:54 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-18 10:00 . 2009-03-06 08:06 -------- d-----w c:\program files\Nicknames for Messenger
2009-04-15 10:31 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-11 15:19 . 2008-12-27 12:49 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-11 15:01 . 2008-12-29 17:31 -------- d-----w c:\program files\Hotspot Shield
2009-04-10 12:47 . 2009-03-15 09:03 -------- d-----w c:\program files\Nokia
2009-04-09 10:02 . 2008-12-28 09:23 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-30 08:00 . 2008-12-28 14:07 -------- d-----w c:\program files\Java
2009-03-27 14:48 . 2009-03-27 14:17 253952 ------w c:\windows\Setup1.exe
2009-03-27 14:48 . 2009-03-27 14:17 74752 ----a-w c:\windows\ST6UNST.EXE
2009-03-25 09:53 . 2009-03-25 07:30 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-25 07:32 . 2009-03-25 07:32 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-25 07:03 . 2009-02-25 10:17 -------- d-----w c:\program files\Rockstar Games
2009-03-19 08:27 . 2009-03-19 08:23 -------- d-----w c:\program files\FrostWire
2009-03-19 08:23 . 2009-03-19 08:23 -------- d-----w c:\program files\AskSBar
2009-03-18 06:55 . 2009-03-18 06:54 -------- d-----w c:\program files\Microsoft Virtual PC
2009-03-17 03:38 . 2009-04-15 10:09 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-16 14:04 . 2009-03-16 14:04 -------- d-----w c:\program files\EA GAMES
2009-03-15 13:14 . 2009-03-15 13:14 -------- d-----w c:\program files\ESET
2009-03-15 09:19 . 2009-03-15 09:19 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-15 09:11 . 2009-03-15 09:11 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-03-15 09:10 . 2009-03-15 09:10 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-15 09:07 . 2009-03-15 09:07 -------- d-----w c:\program files\DIFX
2009-03-15 09:06 . 2009-03-15 09:06 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-11 12:46 . 2009-03-11 12:46 -------- d-----w c:\program files\VideoLAN
2009-03-11 09:28 . 2009-02-03 16:46 -------- d-----w c:\program files\Sony
2009-03-09 01:19 . 2008-12-28 14:07 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-03-31 19:26 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-31 19:26 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-31 19:26 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-31 19:26 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-31 19:26 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-31 19:26 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-31 19:26 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-31 19:26 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-31 19:26 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-31 19:26 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-31 19:26 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-31 19:26 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-31 19:26 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-31 19:26 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-31 19:26 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-31 19:26 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-31 19:26 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-31 19:26 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 05:40 . 2009-01-30 14:43 7592 ----a-w c:\users\Roy\AppData\Local\d3d9caps.dat
2009-03-03 15:11 . 2009-03-03 15:11 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-03 04:10 . 2009-03-02 18:10 -------- d-----w c:\program files\Winamp
2009-02-15 14:37 . 2009-02-15 11:09 1752 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-02-09 18:56 . 2009-02-14 14:21 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 03:10 . 2009-03-11 02:45 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 14:52 . 2009-02-06 14:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 14:08 . 2009-02-21 09:27 55280 ----a-w c:\windows\system32\drivers\fssfltr.sys
2009-02-06 10:24 . 2009-02-06 10:24 38240 ----a-w c:\windows\system32\drivers\epfwwfp.sys
2009-02-06 10:24 . 2009-02-06 10:24 130952 ----a-w c:\windows\system32\drivers\epfw.sys
2009-02-06 10:23 . 2009-02-06 10:23 106208 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-02-06 10:19 . 2009-02-06 10:19 113448 ----a-w c:\windows\system32\drivers\eamon.sys
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-12-29 18:34 . 2008-12-28 09:19 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-12-29 18:34 . 2008-12-28 09:19 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.

((((((((((((((((((((((((((((( [email protected]_10.14.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 14:14 . 2009-04-11 06:28 51712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wrpint.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 83968 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wmiutils.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 30208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemprox.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 35328 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mspatcha.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 22016 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsMsg.dll
+ 2008-01-21 01:58 . 2009-04-29 14:11 58922 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-29 14:11 88296 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-27 11:00 . 2009-04-29 14:11 10538 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1627708264-3230918077-3475700443-1000_UserData.bin
+ 2008-03-16 19:29 . 2008-11-10 07:41 67472 c:\windows\System32\spool\drivers\w32x86\msonpui.dll
+ 2008-03-16 19:29 . 2008-11-10 07:41 67472 c:\windows\System32\spool\drivers\w32x86\3\msonpui.dll
+ 2008-03-16 19:29 . 2008-11-10 07:41 32656 c:\windows\System32\msonpmon.dll
+ 2008-12-27 10:57 . 2009-04-29 14:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-27 10:57 . 2009-04-29 10:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-27 10:57 . 2009-04-29 10:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-27 10:57 . 2009-04-29 14:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-27 10:57 . 2009-04-29 10:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-27 10:57 . 2009-04-29 14:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-05 18:07 . 2009-04-23 10:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-05 18:07 . 2009-04-29 14:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-05 18:07 . 2009-04-29 14:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-05 18:07 . 2009-04-23 10:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-05 18:07 . 2009-04-23 10:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-05 18:07 . 2009-04-29 14:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-11 13:35 . 2009-04-29 14:05 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-07-24 06:50 . 2006-07-24 06:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2006-07-24 06:50 . 2006-07-24 06:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2006-10-26 17:13 . 2006-10-26 17:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2008-12-27 12:28 . 2008-12-27 12:28 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPOL.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 12080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 64288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2006-10-26 15:59 . 2006-10-26 15:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-26 15:49 . 2006-10-26 15:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-26 16:55 . 2006-10-26 16:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-26 16:55 . 2006-10-26 16:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-26 16:12 . 2006-10-26 16:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-26 16:55 . 2006-10-26 16:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-26 16:09 . 2006-10-26 16:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2008-12-27 12:28 . 2008-12-27 12:28 12112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPOL.DLL
+ 2006-10-26 16:55 . 2006-10-26 16:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-26 15:59 . 2006-10-26 15:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-26 15:59 . 2006-10-26 15:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-26 16:00 . 2006-10-26 16:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 11:11 . 2006-10-27 11:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 11544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 12104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 20280 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2006-10-26 15:59 . 2006-10-26 15:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-26 15:58 . 2006-10-26 15:58 20776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPGIMME.DLL
+ 2006-10-27 11:26 . 2006-10-27 11:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-26 15:56 . 2006-10-26 15:56 67408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPUI.DLL
+ 2006-10-26 15:56 . 2006-10-26 15:56 32592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPMON.DLL
+ 2006-10-26 15:52 . 2006-10-26 15:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-26 16:12 . 2006-10-26 16:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 11:01 . 2006-10-27 11:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-26 15:59 . 2006-10-26 15:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-26 15:52 . 2006-10-26 15:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-26 16:55 . 2006-10-26 16:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-26 16:12 . 2006-10-26 16:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2006-10-26 17:41 . 2006-10-26 17:41 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INLAUNCH.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
+ 2006-10-26 16:55 . 2006-10-26 16:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-26 16:12 . 2006-10-26 16:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-26 17:18 . 2006-10-26 17:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCOLK.DLL
+ 2009-04-29 14:02 . 2009-04-29 14:02 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2009-04-29 14:03 . 2009-04-29 14:03 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 182784 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\xmllite.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 218624 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wdscore.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 744448 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcore.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 357888 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcomn.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 116736 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smipi.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 139264 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\SmiInstaller.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 705536 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smiengine.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 126464 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\rescinst.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\repdrvfs.dll
+ 2009-04-29 14:14 . 2009-04-11 06:27 119296 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe
+ 2009-04-29 14:14 . 2009-04-11 06:27 130560 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\PkgMgr.exe
+ 2009-04-29 14:14 . 2009-04-11 06:28 146432 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\OEMHelpIns.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 305152 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\msdelta.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 102400 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofinstall.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 189440 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofd.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 222720 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\locdrv.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\helpcins.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 614912 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\fastprox.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\esscli.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 247808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\drvstore.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\DrUpdate.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 258048 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\dpx.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 243712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CntrtextInstaller.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 271360 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmitrust.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 119808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiadapter.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 535040 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsCore.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 199168 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apss.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 222208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apircl.dll
+ 2008-03-16 19:29 . 2008-11-10 07:41 864144 c:\windows\System32\spool\drivers\w32x86\msonpdrv.dll
+ 2008-03-16 19:29 . 2008-11-10 07:41 864144 c:\windows\System32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2006-11-02 10:33 . 2009-04-29 14:14 600026 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-29 10:03 600026 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-29 14:14 102704 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-04-29 10:03 102704 c:\windows\System32\perfc009.dat
- 2009-01-12 06:32 . 2009-01-12 06:32 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-04-29 14:05 . 2009-04-29 14:05 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-06-07 15:51 . 2007-06-07 15:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SSGEN.DLL
+ 2007-06-07 15:51 . 2007-06-07 15:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLFLTR.DLL
+ 2006-07-24 06:50 . 2006-07-24 06:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSSTDFMT.DLL
+ 2006-10-26 16:49 . 2006-10-26 16:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2006-10-27 11:16 . 2006-10-27 11:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-26 17:07 . 2006-10-26 17:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 11:16 . 2006-10-27 11:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-26 16:55 . 2006-10-26 16:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-20 04:37 . 2006-10-20 04:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 416544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICE.DLL
+ 2006-10-26 15:55 . 2006-10-26 15:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-26 10:47 . 2006-10-26 10:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 15:56 . 2006-10-26 15:56 864080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPDRV.DLL
+ 2006-10-26 09:58 . 2006-10-26 09:58 290576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCDM.DLL
+ 2006-10-26 15:52 . 2006-10-26 15:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-26 15:58 . 2006-10-26 15:58 525664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIVWCTL.DLL
+ 2006-10-26 16:00 . 2006-10-26 16:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 150320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
+ 2006-10-26 16:55 . 2006-10-26 16:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-26 16:55 . 2006-10-26 16:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2006-10-26 16:12 . 2006-10-26 16:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2009-04-29 14:03 . 2009-04-29 14:03 609160 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2009-04-29 14:03 . 2009-04-29 14:03 118176 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-04-29 14:02 . 2009-04-29 14:02 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-04-29 14:03 . 2009-04-29 14:03 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 1835520 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wcp.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 2032640 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiv2.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 1744384 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apds.dll
+ 2006-11-02 10:22 . 2009-04-29 14:12 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-04-23 18:27 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:47 . 2009-04-29 14:09 2313080 c:\windows\System32\FNTCACHE.DAT
+ 2008-11-20 19:06 . 2008-11-20 19:06 1194848 c:\windows\System32\FM20.DLL
+ 2009-01-11 13:35 . 2009-04-29 14:05 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-10-26 10:47 . 2006-10-26 10:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 1276720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPIA.DLL
+ 2009-04-29 14:34 . 2009-04-29 14:34 6258688 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-04-29 14:02 . 2009-04-29 14:02 1279848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-03-16 19:09 . 2009-04-29 14:12 66165311 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-01-02 11:57 204248 ----a-w c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-07 203296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-21 206088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

c:\users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
uTorrent Turbo Booster.lnk - c:\program files\uTorrent Turbo Booster\uTorrent Turbo Booster.exe [2008-8-25 371712]
ćTorrent.lnk - c:\program files\uTorrent\uTorrent.exe [2008-12-28 270128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Sitelong"="c:\programdata\Bookinsideinside.z7kb3f8"
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"style cool 2 city"="c:\programdata\Book idol bolt.j2dyejx"
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Window Washer"=c:\program files\Webroot\Washer\wwDisp.exe
"InterVoip"="c:\program files\InterVoip.com\InterVoip\InterVoip.exe" -nosplash -minimized
"EA Core"=c:\program files\Electronic Arts\EADM\Core.exe -silent
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"Acer Empowering Technology Monitor"=c:\acer\Empowering Technology\SysMonitor.exe
"PCMMediaSharing"=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{89EC6C5A-4AB0-4332-8222-0B151E8A8E96}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C318B0A4-B2D0-4D2E-9441-555DC11A8A75}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{39863CA9-3184-4F99-9510-39E313EE846B}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{A95B326A-DD98-4550-8653-CE41D482B8FA}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{70441C18-3E53-4EFF-B676-D2C732DCB557}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{D52CFDD6-C3D4-44F3-9F34-B99DF7B00499}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{70A681AB-1376-4036-BEEE-22E2F04AFFDC}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5CD9B186-7BAB-41CF-B764-9503F2FBADB0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{695D558B-FA60-4C24-B962-AA4AD7D4F469}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8B6B0D21-FC9A-49EB-8F8D-81FEA564D1A8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F65FDB2B-C98F-4F37-B955-9E2592410C66}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{1C62C19D-8C8B-4B16-A6F6-E55242ACD9A4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{FABF2AA2-F611-472B-9703-C1BB414DE1F9}"= UDP:5353:Adobe CSI CS4
"{B0F13D60-90FE-4AAB-861B-E9665CB505C9}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{E76CAF20-8F2B-42CD-9A58-C18DD7C740ED}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{60AF8B25-CBFB-4655-ADBD-5B12F0891B7A}"= UDP:c:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout™ Paradise The Ultimate Box
"{DB3D00A0-116B-49B1-9B6B-67EF9E57E4C4}"= TCP:c:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout™ Paradise The Ultimate Box
"{B08FDF0E-D1D3-407B-8A55-454E25ACF6D7}"= UDP:c:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout™ Paradise The Ultimate Box
"{EC4F7035-9D63-46E9-9490-F63859CE939F}"= TCP:c:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout™ Paradise The Ultimate Box
"{E0E76E56-F792-4401-B6B9-376B3EDA14B1}"= UDP:c:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe:Burnout™ Paradise The Ultimate Box
"{A94B9BE6-58BA-456B-9BDA-A44384F24D39}"= TCP:c:\program files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe:Burnout™ Paradise The Ultimate Box
"{F50722D0-FD05-49B1-B0F8-AE021E7569D4}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{8546FF98-F045-4C3F-81B8-D41B30235018}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{1642B354-3031-4C7D-9D58-543780F9602A}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{9A1E6564-231A-4D36-9E18-D7A6A1C09A2D}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{B5E91339-2ED7-4B87-BC83-9234C375AAB3}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{2750F848-E7EE-4B59-A6AF-60B46BF0B751}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{CC4A53F6-380D-44FC-BC6B-4F9C99D678C1}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{421F6EB9-0A53-4D3C-83B8-0C077632CC7A}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{9DD53602-8519-4B7A-BCED-0D6492558449}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{1A687A44-9FFD-48FA-A63B-24D72AE21664}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{2F10E555-7D4A-41A7-B431-A2480509B0C1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{54A211DF-4AD4-4398-96BD-00FA53229E12}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{46BA82F3-5D33-4056-85A3-6BC380FBE7A9}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{9E68902A-010D-436A-900B-D4178453D82A}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{1C5AFED9-0548-4AE9-A39A-01E7BD3ACF33}c:\\users\\roy\\games\\tom clancy's h.a.w.x\\hawx.exe"= UDP:c:\users\roy\games\tom clancy's h.a.w.x\hawx.exe:hawx.exe
"UDP Query User{556392D8-606C-4D84-9BF1-F554DD79BA61}c:\\users\\roy\\games\\tom clancy's h.a.w.x\\hawx.exe"= TCP:c:\users\roy\games\tom clancy's h.a.w.x\hawx.exe:hawx.exe
"TCP Query User{271BA4D4-9C46-4150-B414-BAD44A2631C6}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{F7C6DFBC-F3F6-4F46-86C4-149F60A3FA6D}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{1D9B81F5-7A51-4DD3-BE53-40FB23DE3859}c:\\program files\\intervoip.com\\intervoip\\intervoip.exe"= UDP:c:\program files\intervoip.com\intervoip\intervoip.exe:Client to make VoIP calls.
"UDP Query User{E890BE1D-F9AD-4C83-88EE-AA17F836553A}c:\\program files\\intervoip.com\\intervoip\\intervoip.exe"= TCP:c:\program files\intervoip.com\intervoip\intervoip.exe:Client to make VoIP calls.
"TCP Query User{F6C692F4-3189-4D01-957B-5FC859E2549A}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{F5C200F9-0FDD-4639-88E7-B1C5AF425DC6}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{BAAC80D4-9BD0-4B0B-9515-B44F098D568E}d:\\program files\\condition zero - xtreme edition\\czero.exe"= UDP:d:\program files\condition zero - xtreme edition\czero.exe:Condition Zero Launcher
"UDP Query User{590380E7-C110-44F6-9D39-DF04BB4B1977}d:\\program files\\condition zero - xtreme edition\\czero.exe"= TCP:d:\program files\condition zero - xtreme edition\czero.exe:Condition Zero Launcher
"TCP Query User{92E97F72-F2E7-46E2-93C3-49388D4D698A}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{5D15C81E-9A57-473D-B476-9AC8B70E4360}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{1BA000AE-293B-416E-9C04-A07CA29B23F7}c:\\program files\\tcalls\\tcalls.exe"= UDP:c:\program files\tcalls\tcalls.exe:tcalls.exe
"UDP Query User{B5E4A7FA-DF01-4988-A064-EEF2BE3756D4}c:\\program files\\tcalls\\tcalls.exe"= TCP:c:\program files\tcalls\tcalls.exe:tcalls.exe
"TCP Query User{1A1E099C-9EEC-4BCB-873E-DE018D1B5F3F}c:\\program files\\tcalls\\vtc.exe"= UDP:c:\program files\tcalls\vtc.exe:VoipTunnel
"UDP Query User{7498A218-106C-4AFE-9B28-05E7D785FF70}c:\\program files\\tcalls\\vtc.exe"= TCP:c:\program files\tcalls\vtc.exe:VoipTunnel
"TCP Query User{EBCAA41B-2A38-4E54-AFC4-B540EEA10928}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{C2ED9072-932F-42B5-93B1-403647D10C35}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{BEE5C8BA-D354-4FC6-AE19-A04BEA5577B1}c:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"UDP Query User{1B9B75C7-C55E-487D-AB09-88C8E1314593}c:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"TCP Query User{9703C048-F29D-4192-B4F4-099ADED95E5B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{7B30451F-3D1C-4FC7-BA96-EE7C1A7C361C}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2);c:\windows\system32\DRIVERS\idcphid.sys [2008-12-11 16256]
R4 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-21 33808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-04-03 364008]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-27 603904]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\DRIVERS\HssDrv.sys [2009-04-03 33256]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-28 42528]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
\shell\AutoRun\command - P:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64d75a14-3312-11de-96c7-0021853b3ce8}]
\shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fa6b629-db45-11dd-aef5-0021853b3ce8}]
\shell\AutoRun\command - P:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2009-04-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]

2009-04-29 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]

2009-04-29 c:\windows\Tasks\User_Feed_Synchronization-{E666D5C1-580A-405B-AED1-F3517CEAA08E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-31 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ae/
mStart Page = hxxp://en.us.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {4B89E525-B2FE-4E02-B769-D671257BBDE6} = 213.42.20.20,195.229.241.222
FF - ProfilePath - c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\h1dx7zm1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Webster
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: browser.sessionstore.resume_from_crash - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 18:37
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\ovfsthxxeqrtvyt.sys 83456 bytes executable
c:\windows\system32\ovfsthxjppdrqyp.dll 60928 bytes executable
c:\windows\system32\ovfsthxnfqkigpm.dat 43 bytes
c:\windows\system32\ovfsthxpcdxvvdf.dll 18432 bytes executable
c:\windows\system32\ovfsthxwwiuuruo.dat 183470 bytes
c:\windows\system32\ovfsthxxtsintfb.dll 18432 bytes executable

scan completed successfully
hidden files: 6

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1627708264-3230918077-3475700443-1000\Software\SecuROM\License information*]
"datasecu"=hex:b8,6a,c8,99,b7,6c,dc,de,4b,f2,3e,ec,72,6d,28,46,3e,e9,e0,4d,f1,
f0,3a,b1,64,8b,2b,63,90,49,ad,5a,13,58,11,c7,ca,d5,df,8a,b8,dc,30,7f,56,9c,\
"rkeysecu"=hex:35,42,02,ba,97,27,71,57,47,c0,eb,57,41,27,f5,b9

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5964)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
Completion time: 2009-04-29 18:39
ComboFix-quarantined-files.txt 2009-04-29 14:39
ComboFix2.txt 2009-04-29 10:17

Pre-Run: 189,050,404,864 bytes free
Post-Run: 189,006,684,160 bytes free

Current=3 Default=3 Failed=5 LastKnownGood=3 Sets=1,2,3,5
673 --- E O F --- 2009-04-29 14:14

------------------------------------------------------------------------------------------

So can you please help me get rid of this virus?. Thanks!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP