Eset Smart Security 4.0:
Scan Log
Version of virus signature database: 4043 (20090429)
Date: 4/29/2009 Time: 10:46:05 PM
Scanned disks, folders and files: Operating memory
Operating memory - Win32/Rootkit.Agent.ODG trojan - unable to clean
Number of scanned objects: 369
Number of threats found: 1
Number of cleaned objects: 0
Time of completion: 10:46:09 PM Total scanning time: 4 sec (00:00:04)
I Scanned with Malware Bytes,Combo Fix,Gmer and also Kaspersky Internet Security 2009.
Malware bytes, Kaspersky internet security and Gmer did not detect anything. Here is the Combofix Log:
----------------------------------------------------------------------------------------------------------------
ComboFix 09-04-28.05 - Roy 04/29/2009 18:34.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3071.1761 [GMT 4:00]
Running from: c:\users\Roy\Desktop\ComboFix.exe
Command switches used :: c:\users\Roy\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
FILE ::
I:\rtyb.cmd
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.
2009-04-28 14:14 . 2009-04-28 14:14 -------- d-----w c:\program files\Sophos
2009-04-24 12:07 . 2009-04-24 12:08 -------- d-----w c:\program files\Counter-Strike 1.6
2009-04-24 09:03 . 2009-04-24 09:03 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-24 07:07 . 2009-04-24 07:07 687104 ----a-w c:\windows\is-PAC6P.exe
2009-04-24 06:35 . 2009-04-24 06:35 -------- d-----w c:\users\Roy\AppData\Roaming\Malwarebytes
2009-04-24 06:35 . 2009-04-06 11:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-24 06:35 . 2009-04-06 11:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 06:35 . 2009-04-24 06:35 -------- d-----w c:\progra~2\Malwarebytes
2009-04-24 06:35 . 2009-04-24 06:35 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-24 06:35 . 2009-04-24 09:02 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 18:02 . 2009-04-24 07:12 -------- d-----w c:\program files\TCalls
2009-04-22 17:01 . 2009-04-22 17:01 -------- d-----w c:\progra~2\SUPERAntiSpyware.com
2009-04-22 17:01 . 2009-04-22 17:01 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-04-22 17:01 . 2009-04-24 06:38 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-22 17:01 . 2009-04-24 06:38 -------- d-----w c:\users\Roy\AppData\Roaming\SUPERAntiSpyware.com
2009-04-21 17:09 . 2009-04-21 17:35 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-21 17:09 . 2009-04-21 17:35 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-21 17:08 . 2009-04-29 14:31 720928 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-21 17:08 . 2009-04-29 14:06 8146464 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-21 17:08 . 2009-04-21 17:08 -------- d-----w c:\program files\Kaspersky Lab
2009-04-21 17:08 . 2009-04-29 14:10 -------- d-----w c:\progra~2\Kaspersky Lab
2009-04-21 17:08 . 2009-04-29 14:10 -------- d-----w c:\users\All Users\Kaspersky Lab
2009-04-19 10:15 . 2009-04-19 10:18 -------- d-----w c:\program files\MagicISO
2009-04-15 17:43 . 2009-04-15 17:43 643801 ----a-w c:\windows\Condition Zero - Xtreme Edition Uninstaller.exe
2009-04-15 10:09 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-15 10:09 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-15 10:09 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-15 10:09 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-15 10:08 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-15 10:08 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-15 10:08 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-15 10:08 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-15 10:08 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-15 10:08 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-15 10:08 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-15 10:08 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-15 10:08 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-15 10:08 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-15 10:04 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 10:04 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 10:04 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-14 12:44 . 2008-08-18 07:39 117760 ----a-w c:\windows\system32\hpzll64X.dll
2009-04-12 16:55 . 2009-04-18 17:34 -------- d-----w c:\users\Roy\AppData\Local\Fallout3
2009-04-11 15:01 . 2009-04-03 18:18 33256 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-04-10 10:22 . 2009-04-10 10:21 737280 ----a-w c:\windows\iun6002.exe
2009-04-08 17:55 . 2009-04-08 17:56 -------- d--h--w c:\progra~2\ActiveSMART
2009-04-08 17:55 . 2009-04-08 17:56 -------- d--h--w c:\users\All Users\ActiveSMART
2009-04-08 17:52 . 2009-04-08 17:52 -------- d-----w c:\users\Roy\AppData\Local\Apple Computer
2009-04-08 17:52 . 2009-04-08 17:52 -------- d-----w c:\users\Roy\AppData\Roaming\Apple Computer
2009-04-06 10:28 . 2009-04-06 10:28 22328 ----a-w c:\users\Roy\AppData\Roaming\PnkBstrK.sys
2009-04-06 10:28 . 2009-04-06 10:28 107832 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-06 10:28 . 2009-04-06 10:28 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-06 10:28 . 2009-04-06 10:28 2250024 ----a-w c:\windows\system32\pbsvc.exe
2009-04-06 10:21 . 2009-04-06 10:21 -------- d-----w c:\program files\Ubisoft
2009-04-06 10:09 . 2009-04-06 10:09 -------- d-----w c:\users\Roy\AppData\Roaming\vlc
2009-04-04 18:23 . 2009-04-04 18:23 -------- d-----w c:\users\Roy\AppData\Roaming\Ethereal
2009-04-04 18:22 . 2009-04-04 18:22 -------- d-----w C:\Temp
2009-04-04 09:47 . 2009-03-09 11:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-04-04 09:47 . 2009-03-09 11:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-04-04 09:47 . 2009-03-09 11:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-04-04 09:47 . 2009-03-16 10:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-04-04 09:47 . 2009-03-16 10:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-04-04 09:47 . 2009-03-16 10:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-04-04 09:47 . 2009-03-16 10:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-04-04 07:03 . 2009-04-24 06:39 -------- d-----w c:\users\Roy\AppData\Roaming\DMCache
2009-04-02 17:16 . 2008-05-07 12:44 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-02 17:16 . 2008-12-11 10:40 15464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-02 16:36 . 2009-04-02 16:36 -------- d-----w c:\users\Roy\AppData\Local\Symantec_Corporation
2009-04-02 15:46 . 2008-01-19 16:12 128104 ----a-w c:\windows\system32\drivers\WimFltr.sys
2009-04-02 15:46 . 2009-04-02 15:46 -------- d-----w C:\Symantec
2009-03-31 19:29 . 2009-03-31 19:29 -------- d-----w c:\users\Roy\Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 14:10 . 2008-12-27 11:00 103792 ----a-w c:\users\Roy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-29 14:06 . 2009-04-21 17:08 66820 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-29 14:06 . 2009-04-21 17:08 5612 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-29 14:02 . 2008-03-16 19:29 -------- d-----w c:\program files\Microsoft Works
2009-04-27 10:07 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-27 10:07 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-25 12:51 . 2009-04-25 12:51 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-04-25 12:51 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-24 06:38 . 2009-01-30 14:40 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-22 17:10 . 2008-12-28 10:44 -------- d-----w c:\program files\Common Files\Nero
2009-04-22 17:09 . 2008-12-28 10:45 -------- d-----w c:\program files\Nero
2009-04-21 17:35 . 2008-01-29 13:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-19 11:03 . 2008-03-16 19:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-19 10:39 . 2009-01-10 11:54 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-18 10:00 . 2009-03-06 08:06 -------- d-----w c:\program files\Nicknames for Messenger
2009-04-15 10:31 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-11 15:19 . 2008-12-27 12:49 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-11 15:01 . 2008-12-29 17:31 -------- d-----w c:\program files\Hotspot Shield
2009-04-10 12:47 . 2009-03-15 09:03 -------- d-----w c:\program files\Nokia
2009-04-09 10:02 . 2008-12-28 09:23 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-30 08:00 . 2008-12-28 14:07 -------- d-----w c:\program files\Java
2009-03-27 14:48 . 2009-03-27 14:17 253952 ------w c:\windows\Setup1.exe
2009-03-27 14:48 . 2009-03-27 14:17 74752 ----a-w c:\windows\ST6UNST.EXE
2009-03-25 09:53 . 2009-03-25 07:30 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-25 07:32 . 2009-03-25 07:32 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-25 07:03 . 2009-02-25 10:17 -------- d-----w c:\program files\Rockstar Games
2009-03-19 08:27 . 2009-03-19 08:23 -------- d-----w c:\program files\FrostWire
2009-03-19 08:23 . 2009-03-19 08:23 -------- d-----w c:\program files\AskSBar
2009-03-18 06:55 . 2009-03-18 06:54 -------- d-----w c:\program files\Microsoft Virtual PC
2009-03-17 03:38 . 2009-04-15 10:09 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-16 14:04 . 2009-03-16 14:04 -------- d-----w c:\program files\EA GAMES
2009-03-15 13:14 . 2009-03-15 13:14 -------- d-----w c:\program files\ESET
2009-03-15 09:19 . 2009-03-15 09:19 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-15 09:11 . 2009-03-15 09:11 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-03-15 09:10 . 2009-03-15 09:10 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-15 09:07 . 2009-03-15 09:07 -------- d-----w c:\program files\DIFX
2009-03-15 09:06 . 2009-03-15 09:06 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-11 12:46 . 2009-03-11 12:46 -------- d-----w c:\program files\VideoLAN
2009-03-11 09:28 . 2009-02-03 16:46 -------- d-----w c:\program files\Sony
2009-03-09 01:19 . 2008-12-28 14:07 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-03-31 19:26 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-31 19:26 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-31 19:26 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-31 19:26 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-31 19:26 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-31 19:26 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-31 19:26 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-31 19:26 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-31 19:26 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-31 19:26 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-31 19:26 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-31 19:26 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-31 19:26 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-31 19:26 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-31 19:26 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-31 19:26 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-31 19:26 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-31 19:26 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 05:40 . 2009-01-30 14:43 7592 ----a-w c:\users\Roy\AppData\Local\d3d9caps.dat
2009-03-03 15:11 . 2009-03-03 15:11 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-03 04:10 . 2009-03-02 18:10 -------- d-----w c:\program files\Winamp
2009-02-15 14:37 . 2009-02-15 11:09 1752 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-02-09 18:56 . 2009-02-14 14:21 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 03:10 . 2009-03-11 02:45 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 14:52 . 2009-02-06 14:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 14:08 . 2009-02-21 09:27 55280 ----a-w c:\windows\system32\drivers\fssfltr.sys
2009-02-06 10:24 . 2009-02-06 10:24 38240 ----a-w c:\windows\system32\drivers\epfwwfp.sys
2009-02-06 10:24 . 2009-02-06 10:24 130952 ----a-w c:\windows\system32\drivers\epfw.sys
2009-02-06 10:23 . 2009-02-06 10:23 106208 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-02-06 10:19 . 2009-02-06 10:19 113448 ----a-w c:\windows\system32\drivers\eamon.sys
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-12-29 18:34 . 2008-12-28 09:19 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2008-12-29 18:34 . 2008-12-28 09:19 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-29_10.14.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 14:14 . 2009-04-11 06:28 51712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wrpint.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 83968 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wmiutils.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 30208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemprox.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 35328 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mspatcha.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 22016 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsMsg.dll
+ 2008-01-21 01:58 . 2009-04-29 14:11 58922 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-29 14:11 88296 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-27 11:00 . 2009-04-29 14:11 10538 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1627708264-3230918077-3475700443-1000_UserData.bin
+ 2008-03-16 19:29 . 2008-11-10 07:41 67472 c:\windows\System32\spool\drivers\w32x86\msonpui.dll
+ 2008-03-16 19:29 . 2008-11-10 07:41 67472 c:\windows\System32\spool\drivers\w32x86\3\msonpui.dll
+ 2008-03-16 19:29 . 2008-11-10 07:41 32656 c:\windows\System32\msonpmon.dll
+ 2008-12-27 10:57 . 2009-04-29 14:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-27 10:57 . 2009-04-29 10:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-27 10:57 . 2009-04-29 10:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-27 10:57 . 2009-04-29 14:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-27 10:57 . 2009-04-29 10:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-27 10:57 . 2009-04-29 14:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-05 18:07 . 2009-04-23 10:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-05 18:07 . 2009-04-29 14:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-05 18:07 . 2009-04-29 14:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-05 18:07 . 2009-04-23 10:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-05 18:07 . 2009-04-23 10:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-05 18:07 . 2009-04-29 14:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-11 13:35 . 2009-04-29 14:05 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-07-24 06:50 . 2006-07-24 06:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2006-07-24 06:50 . 2006-07-24 06:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2006-10-26 17:13 . 2006-10-26 17:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2008-12-27 12:28 . 2008-12-27 12:28 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPOL.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 12080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 64288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2006-10-26 15:59 . 2006-10-26 15:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-26 15:49 . 2006-10-26 15:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-26 16:55 . 2006-10-26 16:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-26 16:55 . 2006-10-26 16:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-26 16:12 . 2006-10-26 16:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-26 16:55 . 2006-10-26 16:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-26 16:09 . 2006-10-26 16:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2008-12-27 12:28 . 2008-12-27 12:28 12112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPOL.DLL
+ 2006-10-26 16:55 . 2006-10-26 16:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-26 15:59 . 2006-10-26 15:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-26 15:59 . 2006-10-26 15:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-26 16:00 . 2006-10-26 16:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 11:11 . 2006-10-27 11:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 11544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 12104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 20280 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2006-10-26 15:59 . 2006-10-26 15:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-26 15:58 . 2006-10-26 15:58 20776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPGIMME.DLL
+ 2006-10-27 11:26 . 2006-10-27 11:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-26 15:56 . 2006-10-26 15:56 67408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPUI.DLL
+ 2006-10-26 15:56 . 2006-10-26 15:56 32592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPMON.DLL
+ 2006-10-26 15:52 . 2006-10-26 15:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-26 16:12 . 2006-10-26 16:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 11:01 . 2006-10-27 11:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-26 15:59 . 2006-10-26 15:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-26 15:52 . 2006-10-26 15:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-26 16:55 . 2006-10-26 16:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-26 16:12 . 2006-10-26 16:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2006-10-26 17:41 . 2006-10-26 17:41 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INLAUNCH.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
+ 2006-10-26 16:55 . 2006-10-26 16:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-26 16:12 . 2006-10-26 16:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-26 17:18 . 2006-10-26 17:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCOLK.DLL
+ 2009-04-29 14:02 . 2009-04-29 14:02 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2009-04-29 14:03 . 2009-04-29 14:03 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 182784 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\xmllite.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 218624 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wdscore.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 744448 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcore.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 357888 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcomn.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 116736 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smipi.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 139264 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\SmiInstaller.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 705536 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smiengine.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 126464 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\rescinst.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\repdrvfs.dll
+ 2009-04-29 14:14 . 2009-04-11 06:27 119296 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe
+ 2009-04-29 14:14 . 2009-04-11 06:27 130560 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\PkgMgr.exe
+ 2009-04-29 14:14 . 2009-04-11 06:28 146432 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\OEMHelpIns.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 305152 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\msdelta.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 102400 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofinstall.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 189440 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofd.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 222720 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\locdrv.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\helpcins.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 614912 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\fastprox.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\esscli.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 247808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\drvstore.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\DrUpdate.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 258048 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\dpx.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 243712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CntrtextInstaller.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 271360 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmitrust.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 119808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiadapter.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 535040 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsCore.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 199168 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apss.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 222208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apircl.dll
+ 2008-03-16 19:29 . 2008-11-10 07:41 864144 c:\windows\System32\spool\drivers\w32x86\msonpdrv.dll
+ 2008-03-16 19:29 . 2008-11-10 07:41 864144 c:\windows\System32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2006-11-02 10:33 . 2009-04-29 14:14 600026 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-29 10:03 600026 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-29 14:14 102704 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-04-29 10:03 102704 c:\windows\System32\perfc009.dat
- 2009-01-12 06:32 . 2009-01-12 06:32 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-04-29 14:05 . 2009-04-29 14:05 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-06-07 15:51 . 2007-06-07 15:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SSGEN.DLL
+ 2007-06-07 15:51 . 2007-06-07 15:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLFLTR.DLL
+ 2006-07-24 06:50 . 2006-07-24 06:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSSTDFMT.DLL
+ 2006-10-26 16:49 . 2006-10-26 16:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2006-10-27 11:16 . 2006-10-27 11:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-26 17:07 . 2006-10-26 17:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 11:16 . 2006-10-27 11:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-26 16:55 . 2006-10-26 16:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-20 04:37 . 2006-10-20 04:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 416544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICE.DLL
+ 2006-10-26 15:55 . 2006-10-26 15:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-26 10:47 . 2006-10-26 10:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 15:56 . 2006-10-26 15:56 864080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPDRV.DLL
+ 2006-10-26 09:58 . 2006-10-26 09:58 290576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCDM.DLL
+ 2006-10-26 15:52 . 2006-10-26 15:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-26 15:58 . 2006-10-26 15:58 525664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIVWCTL.DLL
+ 2006-10-26 16:00 . 2006-10-26 16:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 150320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
+ 2006-10-26 16:55 . 2006-10-26 16:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-26 16:55 . 2006-10-26 16:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2006-10-26 16:12 . 2006-10-26 16:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2009-04-29 14:03 . 2009-04-29 14:03 609160 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2009-04-29 14:03 . 2009-04-29 14:03 118176 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-04-29 14:02 . 2009-04-29 14:02 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-04-29 14:03 . 2009-04-29 14:03 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-04-29 14:02 . 2009-04-29 14:02 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 1835520 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wcp.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 2032640 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiv2.dll
+ 2009-04-29 14:14 . 2009-04-11 06:28 1744384 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apds.dll
+ 2006-11-02 10:22 . 2009-04-29 14:12 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-04-23 18:27 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:47 . 2009-04-29 14:09 2313080 c:\windows\System32\FNTCACHE.DAT
+ 2008-11-20 19:06 . 2008-11-20 19:06 1194848 c:\windows\System32\FM20.DLL
+ 2009-01-11 13:35 . 2009-04-29 14:05 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-01-11 13:35 . 2009-04-15 10:18 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-01-11 13:35 . 2009-04-29 14:05 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-10-26 10:47 . 2006-10-26 10:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2008-12-27 12:27 . 2008-12-27 12:27 1276720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPIA.DLL
+ 2009-04-29 14:34 . 2009-04-29 14:34 6258688 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-04-29 14:02 . 2009-04-29 14:02 1279848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2008-03-16 19:09 . 2009-04-29 14:12 66165311 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-01-02 11:57 204248 ----a-w c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-07 203296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-21 206088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]
c:\users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
uTorrent Turbo Booster.lnk - c:\program files\uTorrent Turbo Booster\uTorrent Turbo Booster.exe [2008-8-25 371712]
ćTorrent.lnk - c:\program files\uTorrent\uTorrent.exe [2008-12-28 270128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Sitelong"="c:\programdata\Bookinsideinside.z7kb3f8"
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"style cool 2 city"="c:\programdata\Book idol bolt.j2dyejx"
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Window Washer"=c:\program files\Webroot\Washer\wwDisp.exe
"InterVoip"="c:\program files\InterVoip.com\InterVoip\InterVoip.exe" -nosplash -minimized
"EA Core"=c:\program files\Electronic Arts\EADM\Core.exe -silent
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"Acer Empowering Technology Monitor"=c:\acer\Empowering Technology\SysMonitor.exe
"PCMMediaSharing"=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{89EC6C5A-4AB0-4332-8222-0B151E8A8E96}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C318B0A4-B2D0-4D2E-9441-555DC11A8A75}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{39863CA9-3184-4F99-9510-39E313EE846B}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{A95B326A-DD98-4550-8653-CE41D482B8FA}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{70441C18-3E53-4EFF-B676-D2C732DCB557}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{D52CFDD6-C3D4-44F3-9F34-B99DF7B00499}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{70A681AB-1376-4036-BEEE-22E2F04AFFDC}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5CD9B186-7BAB-41CF-B764-9503F2FBADB0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{695D558B-FA60-4C24-B962-AA4AD7D4F469}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8B6B0D21-FC9A-49EB-8F8D-81FEA564D1A8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F65FDB2B-C98F-4F37-B955-9E2592410C66}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{1C62C19D-8C8B-4B16-A6F6-E55242ACD9A4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{FABF2AA2-F611-472B-9703-C1BB414DE1F9}"= UDP:5353:Adobe CSI CS4
"{B0F13D60-90FE-4AAB-861B-E9665CB505C9}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{E76CAF20-8F2B-42CD-9A58-C18DD7C740ED}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{60AF8B25-CBFB-4655-ADBD-5B12F0891B7A}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box
"{DB3D00A0-116B-49B1-9B6B-67EF9E57E4C4}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box
"{B08FDF0E-D1D3-407B-8A55-454E25ACF6D7}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box
"{EC4F7035-9D63-46E9-9490-F63859CE939F}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box
"{E0E76E56-F792-4401-B6B9-376B3EDA14B1}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box
"{A94B9BE6-58BA-456B-9BDA-A44384F24D39}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box
"{F50722D0-FD05-49B1-B0F8-AE021E7569D4}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{8546FF98-F045-4C3F-81B8-D41B30235018}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{1642B354-3031-4C7D-9D58-543780F9602A}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{9A1E6564-231A-4D36-9E18-D7A6A1C09A2D}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{B5E91339-2ED7-4B87-BC83-9234C375AAB3}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{2750F848-E7EE-4B59-A6AF-60B46BF0B751}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{CC4A53F6-380D-44FC-BC6B-4F9C99D678C1}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{421F6EB9-0A53-4D3C-83B8-0C077632CC7A}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{9DD53602-8519-4B7A-BCED-0D6492558449}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{1A687A44-9FFD-48FA-A63B-24D72AE21664}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{2F10E555-7D4A-41A7-B431-A2480509B0C1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{54A211DF-4AD4-4398-96BD-00FA53229E12}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{46BA82F3-5D33-4056-85A3-6BC380FBE7A9}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{9E68902A-010D-436A-900B-D4178453D82A}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{1C5AFED9-0548-4AE9-A39A-01E7BD3ACF33}c:\\users\\roy\\games\\tom clancy's h.a.w.x\\hawx.exe"= UDP:c:\users\roy\games\tom clancy's h.a.w.x\hawx.exe:hawx.exe
"UDP Query User{556392D8-606C-4D84-9BF1-F554DD79BA61}c:\\users\\roy\\games\\tom clancy's h.a.w.x\\hawx.exe"= TCP:c:\users\roy\games\tom clancy's h.a.w.x\hawx.exe:hawx.exe
"TCP Query User{271BA4D4-9C46-4150-B414-BAD44A2631C6}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{F7C6DFBC-F3F6-4F46-86C4-149F60A3FA6D}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{1D9B81F5-7A51-4DD3-BE53-40FB23DE3859}c:\\program files\\intervoip.com\\intervoip\\intervoip.exe"= UDP:c:\program files\intervoip.com\intervoip\intervoip.exe:Client to make VoIP calls.
"UDP Query User{E890BE1D-F9AD-4C83-88EE-AA17F836553A}c:\\program files\\intervoip.com\\intervoip\\intervoip.exe"= TCP:c:\program files\intervoip.com\intervoip\intervoip.exe:Client to make VoIP calls.
"TCP Query User{F6C692F4-3189-4D01-957B-5FC859E2549A}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{F5C200F9-0FDD-4639-88E7-B1C5AF425DC6}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{BAAC80D4-9BD0-4B0B-9515-B44F098D568E}d:\\program files\\condition zero - xtreme edition\\czero.exe"= UDP:d:\program files\condition zero - xtreme edition\czero.exe:Condition Zero Launcher
"UDP Query User{590380E7-C110-44F6-9D39-DF04BB4B1977}d:\\program files\\condition zero - xtreme edition\\czero.exe"= TCP:d:\program files\condition zero - xtreme edition\czero.exe:Condition Zero Launcher
"TCP Query User{92E97F72-F2E7-46E2-93C3-49388D4D698A}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{5D15C81E-9A57-473D-B476-9AC8B70E4360}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{1BA000AE-293B-416E-9C04-A07CA29B23F7}c:\\program files\\tcalls\\tcalls.exe"= UDP:c:\program files\tcalls\tcalls.exe:tcalls.exe
"UDP Query User{B5E4A7FA-DF01-4988-A064-EEF2BE3756D4}c:\\program files\\tcalls\\tcalls.exe"= TCP:c:\program files\tcalls\tcalls.exe:tcalls.exe
"TCP Query User{1A1E099C-9EEC-4BCB-873E-DE018D1B5F3F}c:\\program files\\tcalls\\vtc.exe"= UDP:c:\program files\tcalls\vtc.exe:VoipTunnel
"UDP Query User{7498A218-106C-4AFE-9B28-05E7D785FF70}c:\\program files\\tcalls\\vtc.exe"= TCP:c:\program files\tcalls\vtc.exe:VoipTunnel
"TCP Query User{EBCAA41B-2A38-4E54-AFC4-B540EEA10928}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{C2ED9072-932F-42B5-93B1-403647D10C35}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{BEE5C8BA-D354-4FC6-AE19-A04BEA5577B1}c:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"UDP Query User{1B9B75C7-C55E-487D-AB09-88C8E1314593}c:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"TCP Query User{9703C048-F29D-4192-B4F4-099ADED95E5B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{7B30451F-3D1C-4FC7-BA96-EE7C1A7C361C}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2);c:\windows\system32\DRIVERS\idcphid.sys [2008-12-11 16256]
R4 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-21 33808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-04-03 364008]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-27 603904]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\DRIVERS\HssDrv.sys [2009-04-03 33256]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-28 42528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
\shell\AutoRun\command - P:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64d75a14-3312-11de-96c7-0021853b3ce8}]
\shell\AutoRun\command - M:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fa6b629-db45-11dd-aef5-0021853b3ce8}]
\shell\AutoRun\command - P:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2009-04-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
2009-04-29 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
2009-04-29 c:\windows\Tasks\User_Feed_Synchronization-{E666D5C1-580A-405B-AED1-F3517CEAA08E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-31 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ae/
mStart Page = hxxp://en.us.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {4B89E525-B2FE-4E02-B769-D671257BBDE6} = 213.42.20.20,195.229.241.222
FF - ProfilePath - c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\h1dx7zm1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Webster
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: browser.sessionstore.resume_from_crash - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 18:37
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\drivers\ovfsthxxeqrtvyt.sys 83456 bytes executable
c:\windows\system32\ovfsthxjppdrqyp.dll 60928 bytes executable
c:\windows\system32\ovfsthxnfqkigpm.dat 43 bytes
c:\windows\system32\ovfsthxpcdxvvdf.dll 18432 bytes executable
c:\windows\system32\ovfsthxwwiuuruo.dat 183470 bytes
c:\windows\system32\ovfsthxxtsintfb.dll 18432 bytes executable
scan completed successfully
hidden files: 6
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1627708264-3230918077-3475700443-1000\Software\SecuROM\License information*]
"datasecu"=hex:b8,6a,c8,99,b7,6c,dc,de,4b,f2,3e,ec,72,6d,28,46,3e,e9,e0,4d,f1,
f0,3a,b1,64,8b,2b,63,90,49,ad,5a,13,58,11,c7,ca,d5,df,8a,b8,dc,30,7f,56,9c,\
"rkeysecu"=hex:35,42,02,ba,97,27,71,57,47,c0,eb,57,41,27,f5,b9
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9f.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_USERS\SOFTWARE\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5964)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
Completion time: 2009-04-29 18:39
ComboFix-quarantined-files.txt 2009-04-29 14:39
ComboFix2.txt 2009-04-29 10:17
Pre-Run: 189,050,404,864 bytes free
Post-Run: 189,006,684,160 bytes free
Current=3 Default=3 Failed=5 LastKnownGood=3 Sets=1,2,3,5
673 --- E O F --- 2009-04-29 14:14
------------------------------------------------------------------------------------------
So can you please help me get rid of this virus?. Thanks!